// Jest Snapshot v1, https://goo.gl/fbAQLP
exports[`M2C2 stack test 1`] = `
Object {
"AWSTemplateFormatVersion": "2010-09-09",
"Conditions": Object {
"CreateKinesisResources": Object {
"Fn::Equals": Array [
Object {
"Ref": "ExistingKinesisStreamName",
},
"",
],
},
"SendAnonymousUsage": Object {
"Fn::Equals": Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"SendAnonymousUsage",
],
},
"Yes",
],
},
"ShouldTeardownDataOnDestroy": Object {
"Fn::Equals": Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"ShouldTeardownDataOnDestroy",
],
},
"Yes",
],
},
"TimestreamCreateTimestreamDatabaseA7576C71": Object {
"Fn::Equals": Array [
Object {
"Ref": "ExistingTimestreamDatabaseName",
},
"",
],
},
},
"Description": "(SO0070) - machine-to-cloud-connectivity-framework Version vTest",
"Mappings": Object {
"Solution": Object {
"Config": Object {
"KeyPrefix": "machine-to-cloud-connectivity-framework/vTest",
"S3Bucket": "test-bucket",
"SendAnonymousUsage": "Yes",
"ShouldTeardownDataOnDestroy": "No",
"SolutionId": "SO0070",
"SolutionName": "machine-to-cloud-connectivity-framework",
"Version": "vTest",
},
},
},
"Metadata": Object {
"AWS::CloudFormation::Interface": Object {
"ParameterGroups": Array [
Object {
"Label": Object {
"default": "Required parameters",
},
"Parameters": Array [
"LoggingLevel",
"UserEmail",
],
},
Object {
"Label": Object {
"default": "(Optional) Using your existing resources",
},
"Parameters": Array [
"ExistingKinesisStreamName",
"ExistingTimestreamDatabaseName",
],
},
],
"ParameterLabels": Object {
"ExistingKinesisStreamName": Object {
"default": "Name of the Existing Kinesis Data Stream",
},
"ExistingTimestreamDatabaseName": Object {
"default": "Name of the Existing Timestream Database",
},
"LoggingLevel": Object {
"default": "* Logging Level",
},
"UserEmail": Object {
"default": "* Initial User Email",
},
},
},
},
"Outputs": Object {
"APIGatewayDomainName": Object {
"Description": "The API Gateway domain name",
"Value": Object {
"Fn::Join": Array [
"",
Array [
"https://",
Object {
"Ref": "ApiRestApiE35FEAFE",
},
".execute-api.",
Object {
"Ref": "AWS::Region",
},
".",
Object {
"Ref": "AWS::URLSuffix",
},
"/",
Object {
"Ref": "ApiRestApiDeploymentStageprodE828476C",
},
"/",
],
],
},
},
"ConnectionControlRequestTopic": Object {
"Description": "IoT Topic where connection controls need to be submitted",
"Value": "m2c2/job/{connectionName}",
},
"ConnectionMetadataTable": Object {
"Description": "The DynamoDB table where the connections metadata will be stored",
"Value": Object {
"Ref": "ConnectionBuilderDynamoTableD71800CE",
},
},
"DataBucket": Object {
"Condition": "CreateKinesisResources",
"Description": "Bucket where the connection telemetry data will be stored",
"Value": Object {
"Ref": "KinesisDataStreamKinesisFirehoseToS3S3Bucket7191FF90",
},
},
"GreengrassCoreDevicesTable": Object {
"Description": "The DynamoDB table where the Greengrass core devices will be stored",
"Value": Object {
"Ref": "ConnectionBuilderGreengrassCoreDevicesTable4F4ABC24",
},
},
"GreengrassResourceBucket": Object {
"Description": "Bucket where the Greengrass v2 resources including installation scripts and component artifacts will be stored",
"Value": Object {
"Ref": "GreengrassResourcesGreengrassResourceBucketC4A4CE77",
},
},
"KinesisStream": Object {
"Description": "The Kinesis Data Stream that sends Greengrass Stream Manager data",
"Value": Object {
"Fn::If": Array [
"CreateKinesisResources",
Object {
"Ref": "KinesisDataStreamKinesisStream19B2CF78",
},
Object {
"Ref": "ExistingKinesisStreamName",
},
],
},
},
"LogsTable": Object {
"Description": "The DynamoDB table where the IoT topic info or error logs will be stored",
"Value": Object {
"Ref": "SQSMessageConsumerLogsDynamoDBDynamoTableC9727E05",
},
},
"TimestreamDatabaseTable": Object {
"Description": "The Timestream database and table where the data will be stored",
"Value": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::If": Array [
"TimestreamCreateTimestreamDatabaseA7576C71",
Object {
"Ref": "TimestreamDatabase8FA26A4B",
},
Object {
"Ref": "ExistingTimestreamDatabaseName",
},
],
},
".",
Object {
"Fn::GetAtt": Array [
"TimestreamTable125AE89A",
"Name",
],
},
],
],
},
},
"TimestreamKinesisStream": Object {
"Description": "The Kinesis Data Stream that sends Greengrass Stream Manager data to Timestream",
"Value": Object {
"Ref": "TimestreamKinesisLambdaKinesisStreamF4535539",
},
},
"UIDomainName": Object {
"Description": "The UI domain name",
"Value": Object {
"Fn::Join": Array [
"",
Array [
"https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
],
],
},
},
"UUID": Object {
"Description": "Solution UUID",
"Value": Object {
"Fn::GetAtt": Array [
"CustomResourcesUUID1685434C",
"UUID",
],
},
},
},
"Parameters": Object {
"ExistingKinesisStreamName": Object {
"AllowedPattern": "[a-zA-Z0-9-_.]*",
"ConstraintDescription": "Kinesis Stream Name should match the allowed pattern: [a-zA-Z0-9-_.]",
"Description": "The Kinesis Data Stream Name can be found in the Data streams in the Amazon Kinesis console.",
"Type": "String",
},
"ExistingTimestreamDatabaseName": Object {
"AllowedPattern": "(^[a-zA-Z0-9-_.]{3,256}|^$)",
"Description": "The Timestream Database Name can be found in the Databases in the Amazon Timestream console.",
"Type": "String",
},
"LoggingLevel": Object {
"AllowedValues": Array [
"VERBOSE",
"DEBUG",
"INFO",
"WARN",
"ERROR",
],
"Default": "ERROR",
"Description": "The logging level of the Lambda functions and the UI",
"Type": "String",
},
"UserEmail": Object {
"AllowedPattern": "^[_A-Za-z0-9-\\\\+]+(\\\\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\\\\.[A-Za-z0-9]+)*(\\\\.[A-Za-z]{2,})$",
"ConstraintDescription": "User E-Mail must be a valid E-Mail address.",
"Description": "The user E-Mail to access the UI",
"Type": "String",
},
},
"Resources": Object {
"ApiApiRequestValidator8CB359D9": Object {
"Properties": Object {
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
"ValidateRequestBody": true,
"ValidateRequestParameters": true,
},
"Type": "AWS::ApiGateway::RequestValidator",
},
"ApiLogsCD139AD4": Object {
"DeletionPolicy": "Delete",
"Metadata": Object {
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W84",
"reason": "CloudWatch Logs are already encrypted by default.",
},
],
},
},
"Properties": Object {
"RetentionInDays": 90,
},
"Type": "AWS::Logs::LogGroup",
"UpdateReplacePolicy": "Delete",
},
"ApiRestApiAccount598A1DA6": Object {
"DependsOn": Array [
"ApiRestApiE35FEAFE",
],
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"CloudWatchRoleArn": Object {
"Fn::GetAtt": Array [
"ApiRestApiCloudWatchRoleB7879BFC",
"Arn",
],
},
},
"Type": "AWS::ApiGateway::Account",
},
"ApiRestApiCloudWatchRoleB7879BFC": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "apigateway.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"ManagedPolicyArns": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs",
],
],
},
],
},
"Type": "AWS::IAM::Role",
},
"ApiRestApiDeploymentDC05A82D7c6b0166987993f80e0b9665706a2d8d": Object {
"DependsOn": Array [
"ApiApiRequestValidator8CB359D9",
"ApiRestApiconnectionsconnectionNameGET68E4CF44",
"ApiRestApiconnectionsconnectionNameOPTIONSCC94ACC7",
"ApiRestApiconnectionsconnectionName194612BA",
"ApiRestApiconnectionsGETA8D25159",
"ApiRestApiconnectionsOPTIONS81E28848",
"ApiRestApiconnectionsPOST67344767",
"ApiRestApiconnectionsF67AF8BE",
"ApiRestApigreengrassGET0EEBC7E2",
"ApiRestApigreengrassOPTIONS3A6BAA38",
"ApiRestApigreengrassPOSTCF84526C",
"ApiRestApigreengrassD1DD8E62",
"ApiRestApigreengrassuserGET12B8D931",
"ApiRestApigreengrassuserOPTIONS5388A09F",
"ApiRestApigreengrassuser61635353",
"ApiRestApilogsconnectionNameGETB5499E4D",
"ApiRestApilogsconnectionNameOPTIONS4424CFFB",
"ApiRestApilogsconnectionName6934D972",
"ApiRestApilogsGETAE5D4A61",
"ApiRestApilogsOPTIONS94602086",
"ApiRestApilogs886CCB80",
"ApiRestApiOPTIONSB925735A",
"ApiRestApisitewiseserverNameGETEF91B11B",
"ApiRestApisitewiseserverNameOPTIONSFC2B26FA",
"ApiRestApisitewiseserverName0BF1052C",
"ApiRestApisitewiseOPTIONS2AD5A3FB",
"ApiRestApisitewise6C92B0BD",
],
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W68",
"reason": "The solution does not require the usage plan.",
},
],
},
},
"Properties": Object {
"Description": "Automatically created by the RestApi construct",
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Deployment",
},
"ApiRestApiDeploymentStageprodE828476C": Object {
"DependsOn": Array [
"ApiRestApiAccount598A1DA6",
],
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W64",
"reason": "The solution does not require the usage plan.",
},
],
},
},
"Properties": Object {
"AccessLogSetting": Object {
"DestinationArn": Object {
"Fn::GetAtt": Array [
"ApiLogsCD139AD4",
"Arn",
],
},
"Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}",
},
"DeploymentId": Object {
"Ref": "ApiRestApiDeploymentDC05A82D7c6b0166987993f80e0b9665706a2d8d",
},
"MethodSettings": Array [
Object {
"DataTraceEnabled": false,
"HttpMethod": "*",
"LoggingLevel": "INFO",
"ResourcePath": "/*",
},
],
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
"StageName": "prod",
"TracingEnabled": true,
},
"Type": "AWS::ApiGateway::Stage",
},
"ApiRestApiE35FEAFE": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"Description": "Machine to Cloud Connectivity Rest API",
"EndpointConfiguration": Object {
"Types": Array [
"REGIONAL",
],
},
"Name": "RestApi",
},
"Type": "AWS::ApiGateway::RestApi",
},
"ApiRestApiOPTIONSB925735A": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "NONE",
"HttpMethod": "OPTIONS",
"Integration": Object {
"IntegrationResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": "'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key'",
"method.response.header.Access-Control-Allow-Methods": "'GET,POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Origin": Object {
"Fn::Join": Array [
"",
Array [
"'https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
"'",
],
],
},
"method.response.header.Vary": "'Origin'",
},
"StatusCode": "200",
},
],
"RequestTemplates": Object {
"application/json": "{ statusCode: 200 }",
},
"Type": "MOCK",
},
"MethodResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": true,
"method.response.header.Access-Control-Allow-Methods": true,
"method.response.header.Access-Control-Allow-Origin": true,
"method.response.header.Vary": true,
},
"StatusCode": "200",
},
],
"ResourceId": Object {
"Fn::GetAtt": Array [
"ApiRestApiE35FEAFE",
"RootResourceId",
],
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApiconnectionsF67AF8BE": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"ParentId": Object {
"Fn::GetAtt": Array [
"ApiRestApiE35FEAFE",
"RootResourceId",
],
},
"PathPart": "connections",
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Resource",
},
"ApiRestApiconnectionsGETA8D25159": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "AWS_IAM",
"HttpMethod": "GET",
"Integration": Object {
"ContentHandling": "CONVERT_TO_TEXT",
"IntegrationHttpMethod": "POST",
"IntegrationResponses": Array [
Object {
"StatusCode": "200",
},
],
"PassthroughBehavior": "WHEN_NO_MATCH",
"RequestParameters": Object {
"integration.request.querystring.nextToken": "method.request.querystring.nextToken",
},
"Type": "AWS_PROXY",
"Uri": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":apigateway:",
Object {
"Ref": "AWS::Region",
},
":lambda:path/2015-03-31/functions/",
Object {
"Fn::GetAtt": Array [
"ConnectionBuilderLambdaFunctionA7314B1C",
"Arn",
],
},
"/invocations",
],
],
},
},
"MethodResponses": Array [
Object {
"ResponseModels": Object {
"application/json": "Empty",
},
"StatusCode": "200",
},
],
"RequestParameters": Object {
"method.request.querystring.nextToken": false,
},
"RequestValidatorId": Object {
"Ref": "ApiApiRequestValidator8CB359D9",
},
"ResourceId": Object {
"Ref": "ApiRestApiconnectionsF67AF8BE",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApiconnectionsOPTIONS81E28848": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "NONE",
"HttpMethod": "OPTIONS",
"Integration": Object {
"IntegrationResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": "'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key'",
"method.response.header.Access-Control-Allow-Methods": "'GET,POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Origin": Object {
"Fn::Join": Array [
"",
Array [
"'https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
"'",
],
],
},
"method.response.header.Vary": "'Origin'",
},
"StatusCode": "200",
},
],
"RequestTemplates": Object {
"application/json": "{ statusCode: 200 }",
},
"Type": "MOCK",
},
"MethodResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": true,
"method.response.header.Access-Control-Allow-Methods": true,
"method.response.header.Access-Control-Allow-Origin": true,
"method.response.header.Vary": true,
},
"StatusCode": "200",
},
],
"ResourceId": Object {
"Ref": "ApiRestApiconnectionsF67AF8BE",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApiconnectionsPOST67344767": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "AWS_IAM",
"HttpMethod": "POST",
"Integration": Object {
"ContentHandling": "CONVERT_TO_TEXT",
"IntegrationHttpMethod": "POST",
"IntegrationResponses": Array [
Object {
"StatusCode": "200",
},
],
"PassthroughBehavior": "WHEN_NO_MATCH",
"Type": "AWS_PROXY",
"Uri": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":apigateway:",
Object {
"Ref": "AWS::Region",
},
":lambda:path/2015-03-31/functions/",
Object {
"Fn::GetAtt": Array [
"ConnectionBuilderLambdaFunctionA7314B1C",
"Arn",
],
},
"/invocations",
],
],
},
},
"MethodResponses": Array [
Object {
"ResponseModels": Object {
"application/json": "Empty",
},
"StatusCode": "200",
},
],
"RequestValidatorId": Object {
"Ref": "ApiApiRequestValidator8CB359D9",
},
"ResourceId": Object {
"Ref": "ApiRestApiconnectionsF67AF8BE",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApiconnectionsconnectionName194612BA": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"ParentId": Object {
"Ref": "ApiRestApiconnectionsF67AF8BE",
},
"PathPart": "{connectionName}",
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Resource",
},
"ApiRestApiconnectionsconnectionNameGET68E4CF44": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "AWS_IAM",
"HttpMethod": "GET",
"Integration": Object {
"ContentHandling": "CONVERT_TO_TEXT",
"IntegrationHttpMethod": "POST",
"IntegrationResponses": Array [
Object {
"StatusCode": "200",
},
],
"PassthroughBehavior": "WHEN_NO_MATCH",
"RequestParameters": Object {
"integration.request.path.connectionName": "method.request.path.connectionName",
},
"Type": "AWS_PROXY",
"Uri": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":apigateway:",
Object {
"Ref": "AWS::Region",
},
":lambda:path/2015-03-31/functions/",
Object {
"Fn::GetAtt": Array [
"ConnectionBuilderLambdaFunctionA7314B1C",
"Arn",
],
},
"/invocations",
],
],
},
},
"MethodResponses": Array [
Object {
"ResponseModels": Object {
"application/json": "Empty",
},
"StatusCode": "200",
},
],
"RequestParameters": Object {
"method.request.path.connectionName": true,
},
"RequestValidatorId": Object {
"Ref": "ApiApiRequestValidator8CB359D9",
},
"ResourceId": Object {
"Ref": "ApiRestApiconnectionsconnectionName194612BA",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApiconnectionsconnectionNameOPTIONSCC94ACC7": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "NONE",
"HttpMethod": "OPTIONS",
"Integration": Object {
"IntegrationResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": "'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key'",
"method.response.header.Access-Control-Allow-Methods": "'GET,POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Origin": Object {
"Fn::Join": Array [
"",
Array [
"'https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
"'",
],
],
},
"method.response.header.Vary": "'Origin'",
},
"StatusCode": "200",
},
],
"RequestTemplates": Object {
"application/json": "{ statusCode: 200 }",
},
"Type": "MOCK",
},
"MethodResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": true,
"method.response.header.Access-Control-Allow-Methods": true,
"method.response.header.Access-Control-Allow-Origin": true,
"method.response.header.Vary": true,
},
"StatusCode": "200",
},
],
"ResourceId": Object {
"Ref": "ApiRestApiconnectionsconnectionName194612BA",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApigreengrassD1DD8E62": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"ParentId": Object {
"Fn::GetAtt": Array [
"ApiRestApiE35FEAFE",
"RootResourceId",
],
},
"PathPart": "greengrass",
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Resource",
},
"ApiRestApigreengrassGET0EEBC7E2": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "AWS_IAM",
"HttpMethod": "GET",
"Integration": Object {
"ContentHandling": "CONVERT_TO_TEXT",
"IntegrationHttpMethod": "POST",
"IntegrationResponses": Array [
Object {
"StatusCode": "200",
},
],
"PassthroughBehavior": "WHEN_NO_MATCH",
"RequestParameters": Object {
"integration.request.querystring.nextToken": "method.request.querystring.nextToken",
},
"Type": "AWS_PROXY",
"Uri": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":apigateway:",
Object {
"Ref": "AWS::Region",
},
":lambda:path/2015-03-31/functions/",
Object {
"Fn::GetAtt": Array [
"ConnectionBuilderLambdaFunctionA7314B1C",
"Arn",
],
},
"/invocations",
],
],
},
},
"MethodResponses": Array [
Object {
"ResponseModels": Object {
"application/json": "Empty",
},
"StatusCode": "200",
},
],
"RequestParameters": Object {
"method.request.querystring.nextToken": false,
},
"RequestValidatorId": Object {
"Ref": "ApiApiRequestValidator8CB359D9",
},
"ResourceId": Object {
"Ref": "ApiRestApigreengrassD1DD8E62",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApigreengrassOPTIONS3A6BAA38": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "NONE",
"HttpMethod": "OPTIONS",
"Integration": Object {
"IntegrationResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": "'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key'",
"method.response.header.Access-Control-Allow-Methods": "'GET,POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Origin": Object {
"Fn::Join": Array [
"",
Array [
"'https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
"'",
],
],
},
"method.response.header.Vary": "'Origin'",
},
"StatusCode": "200",
},
],
"RequestTemplates": Object {
"application/json": "{ statusCode: 200 }",
},
"Type": "MOCK",
},
"MethodResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": true,
"method.response.header.Access-Control-Allow-Methods": true,
"method.response.header.Access-Control-Allow-Origin": true,
"method.response.header.Vary": true,
},
"StatusCode": "200",
},
],
"ResourceId": Object {
"Ref": "ApiRestApigreengrassD1DD8E62",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApigreengrassPOSTCF84526C": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "AWS_IAM",
"HttpMethod": "POST",
"Integration": Object {
"ContentHandling": "CONVERT_TO_TEXT",
"IntegrationHttpMethod": "POST",
"IntegrationResponses": Array [
Object {
"StatusCode": "200",
},
],
"PassthroughBehavior": "WHEN_NO_MATCH",
"Type": "AWS_PROXY",
"Uri": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":apigateway:",
Object {
"Ref": "AWS::Region",
},
":lambda:path/2015-03-31/functions/",
Object {
"Fn::GetAtt": Array [
"ConnectionBuilderLambdaFunctionA7314B1C",
"Arn",
],
},
"/invocations",
],
],
},
},
"MethodResponses": Array [
Object {
"ResponseModels": Object {
"application/json": "Empty",
},
"StatusCode": "200",
},
],
"RequestValidatorId": Object {
"Ref": "ApiApiRequestValidator8CB359D9",
},
"ResourceId": Object {
"Ref": "ApiRestApigreengrassD1DD8E62",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApigreengrassuser61635353": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"ParentId": Object {
"Ref": "ApiRestApigreengrassD1DD8E62",
},
"PathPart": "user",
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Resource",
},
"ApiRestApigreengrassuserGET12B8D931": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "AWS_IAM",
"HttpMethod": "GET",
"Integration": Object {
"ContentHandling": "CONVERT_TO_TEXT",
"IntegrationHttpMethod": "POST",
"IntegrationResponses": Array [
Object {
"StatusCode": "200",
},
],
"PassthroughBehavior": "WHEN_NO_MATCH",
"Type": "AWS_PROXY",
"Uri": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":apigateway:",
Object {
"Ref": "AWS::Region",
},
":lambda:path/2015-03-31/functions/",
Object {
"Fn::GetAtt": Array [
"ConnectionBuilderLambdaFunctionA7314B1C",
"Arn",
],
},
"/invocations",
],
],
},
},
"MethodResponses": Array [
Object {
"ResponseModels": Object {
"application/json": "Empty",
},
"StatusCode": "200",
},
],
"RequestValidatorId": Object {
"Ref": "ApiApiRequestValidator8CB359D9",
},
"ResourceId": Object {
"Ref": "ApiRestApigreengrassuser61635353",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApigreengrassuserOPTIONS5388A09F": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "NONE",
"HttpMethod": "OPTIONS",
"Integration": Object {
"IntegrationResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": "'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key'",
"method.response.header.Access-Control-Allow-Methods": "'GET,POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Origin": Object {
"Fn::Join": Array [
"",
Array [
"'https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
"'",
],
],
},
"method.response.header.Vary": "'Origin'",
},
"StatusCode": "200",
},
],
"RequestTemplates": Object {
"application/json": "{ statusCode: 200 }",
},
"Type": "MOCK",
},
"MethodResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": true,
"method.response.header.Access-Control-Allow-Methods": true,
"method.response.header.Access-Control-Allow-Origin": true,
"method.response.header.Vary": true,
},
"StatusCode": "200",
},
],
"ResourceId": Object {
"Ref": "ApiRestApigreengrassuser61635353",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApilogs886CCB80": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"ParentId": Object {
"Fn::GetAtt": Array [
"ApiRestApiE35FEAFE",
"RootResourceId",
],
},
"PathPart": "logs",
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Resource",
},
"ApiRestApilogsGETAE5D4A61": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "AWS_IAM",
"HttpMethod": "GET",
"Integration": Object {
"ContentHandling": "CONVERT_TO_TEXT",
"IntegrationHttpMethod": "POST",
"IntegrationResponses": Array [
Object {
"StatusCode": "200",
},
],
"PassthroughBehavior": "WHEN_NO_MATCH",
"RequestParameters": Object {
"integration.request.querystring.nextToken": "method.request.querystring.nextToken",
},
"Type": "AWS_PROXY",
"Uri": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":apigateway:",
Object {
"Ref": "AWS::Region",
},
":lambda:path/2015-03-31/functions/",
Object {
"Fn::GetAtt": Array [
"ConnectionBuilderLambdaFunctionA7314B1C",
"Arn",
],
},
"/invocations",
],
],
},
},
"MethodResponses": Array [
Object {
"ResponseModels": Object {
"application/json": "Empty",
},
"StatusCode": "200",
},
],
"RequestParameters": Object {
"method.request.querystring.nextToken": false,
},
"RequestValidatorId": Object {
"Ref": "ApiApiRequestValidator8CB359D9",
},
"ResourceId": Object {
"Ref": "ApiRestApilogs886CCB80",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApilogsOPTIONS94602086": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "NONE",
"HttpMethod": "OPTIONS",
"Integration": Object {
"IntegrationResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": "'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key'",
"method.response.header.Access-Control-Allow-Methods": "'GET,POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Origin": Object {
"Fn::Join": Array [
"",
Array [
"'https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
"'",
],
],
},
"method.response.header.Vary": "'Origin'",
},
"StatusCode": "200",
},
],
"RequestTemplates": Object {
"application/json": "{ statusCode: 200 }",
},
"Type": "MOCK",
},
"MethodResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": true,
"method.response.header.Access-Control-Allow-Methods": true,
"method.response.header.Access-Control-Allow-Origin": true,
"method.response.header.Vary": true,
},
"StatusCode": "200",
},
],
"ResourceId": Object {
"Ref": "ApiRestApilogs886CCB80",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApilogsconnectionName6934D972": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"ParentId": Object {
"Ref": "ApiRestApilogs886CCB80",
},
"PathPart": "{connectionName}",
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Resource",
},
"ApiRestApilogsconnectionNameGETB5499E4D": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "AWS_IAM",
"HttpMethod": "GET",
"Integration": Object {
"ContentHandling": "CONVERT_TO_TEXT",
"IntegrationHttpMethod": "POST",
"IntegrationResponses": Array [
Object {
"StatusCode": "200",
},
],
"PassthroughBehavior": "WHEN_NO_MATCH",
"RequestParameters": Object {
"integration.request.path.connectionName": "method.request.path.connectionName",
"integration.request.querystring.nextToken": "method.request.querystring.nextToken",
},
"Type": "AWS_PROXY",
"Uri": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":apigateway:",
Object {
"Ref": "AWS::Region",
},
":lambda:path/2015-03-31/functions/",
Object {
"Fn::GetAtt": Array [
"ConnectionBuilderLambdaFunctionA7314B1C",
"Arn",
],
},
"/invocations",
],
],
},
},
"MethodResponses": Array [
Object {
"ResponseModels": Object {
"application/json": "Empty",
},
"StatusCode": "200",
},
],
"RequestParameters": Object {
"method.request.path.connectionName": true,
"method.request.querystring.nextToken": false,
},
"RequestValidatorId": Object {
"Ref": "ApiApiRequestValidator8CB359D9",
},
"ResourceId": Object {
"Ref": "ApiRestApilogsconnectionName6934D972",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApilogsconnectionNameOPTIONS4424CFFB": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "NONE",
"HttpMethod": "OPTIONS",
"Integration": Object {
"IntegrationResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": "'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key'",
"method.response.header.Access-Control-Allow-Methods": "'GET,POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Origin": Object {
"Fn::Join": Array [
"",
Array [
"'https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
"'",
],
],
},
"method.response.header.Vary": "'Origin'",
},
"StatusCode": "200",
},
],
"RequestTemplates": Object {
"application/json": "{ statusCode: 200 }",
},
"Type": "MOCK",
},
"MethodResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": true,
"method.response.header.Access-Control-Allow-Methods": true,
"method.response.header.Access-Control-Allow-Origin": true,
"method.response.header.Vary": true,
},
"StatusCode": "200",
},
],
"ResourceId": Object {
"Ref": "ApiRestApilogsconnectionName6934D972",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApisitewise6C92B0BD": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"ParentId": Object {
"Fn::GetAtt": Array [
"ApiRestApiE35FEAFE",
"RootResourceId",
],
},
"PathPart": "sitewise",
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Resource",
},
"ApiRestApisitewiseOPTIONS2AD5A3FB": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "NONE",
"HttpMethod": "OPTIONS",
"Integration": Object {
"IntegrationResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": "'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key'",
"method.response.header.Access-Control-Allow-Methods": "'GET,POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Origin": Object {
"Fn::Join": Array [
"",
Array [
"'https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
"'",
],
],
},
"method.response.header.Vary": "'Origin'",
},
"StatusCode": "200",
},
],
"RequestTemplates": Object {
"application/json": "{ statusCode: 200 }",
},
"Type": "MOCK",
},
"MethodResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": true,
"method.response.header.Access-Control-Allow-Methods": true,
"method.response.header.Access-Control-Allow-Origin": true,
"method.response.header.Vary": true,
},
"StatusCode": "200",
},
],
"ResourceId": Object {
"Ref": "ApiRestApisitewise6C92B0BD",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApisitewiseserverName0BF1052C": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"ParentId": Object {
"Ref": "ApiRestApisitewise6C92B0BD",
},
"PathPart": "{serverName}",
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Resource",
},
"ApiRestApisitewiseserverNameGETEF91B11B": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "AWS_IAM",
"HttpMethod": "GET",
"Integration": Object {
"ContentHandling": "CONVERT_TO_TEXT",
"IntegrationHttpMethod": "POST",
"IntegrationResponses": Array [
Object {
"StatusCode": "200",
},
],
"PassthroughBehavior": "WHEN_NO_MATCH",
"RequestParameters": Object {
"integration.request.path.serverName": "method.request.path.serverName",
},
"Type": "AWS_PROXY",
"Uri": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":apigateway:",
Object {
"Ref": "AWS::Region",
},
":lambda:path/2015-03-31/functions/",
Object {
"Fn::GetAtt": Array [
"ConnectionBuilderLambdaFunctionA7314B1C",
"Arn",
],
},
"/invocations",
],
],
},
},
"MethodResponses": Array [
Object {
"ResponseModels": Object {
"application/json": "Empty",
},
"StatusCode": "200",
},
],
"RequestParameters": Object {
"method.request.path.serverName": true,
},
"RequestValidatorId": Object {
"Ref": "ApiApiRequestValidator8CB359D9",
},
"ResourceId": Object {
"Ref": "ApiRestApisitewiseserverName0BF1052C",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"ApiRestApisitewiseserverNameOPTIONSFC2B26FA": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-APIG3",
"reason": "No need to enable WAF as it is up to users.",
},
Object {
"id": "AwsSolutions-APIG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-COG4",
"reason": "Authorized by IAM",
},
Object {
"id": "AwsSolutions-IAM4",
"reason": "AmazonAPIGatewayPushToCloudWatchLogs managed policy is used by CDK itself.",
},
],
},
},
"Properties": Object {
"AuthorizationType": "NONE",
"HttpMethod": "OPTIONS",
"Integration": Object {
"IntegrationResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": "'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,X-Api-Key'",
"method.response.header.Access-Control-Allow-Methods": "'GET,POST,OPTIONS'",
"method.response.header.Access-Control-Allow-Origin": Object {
"Fn::Join": Array [
"",
Array [
"'https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
"'",
],
],
},
"method.response.header.Vary": "'Origin'",
},
"StatusCode": "200",
},
],
"RequestTemplates": Object {
"application/json": "{ statusCode: 200 }",
},
"Type": "MOCK",
},
"MethodResponses": Array [
Object {
"ResponseParameters": Object {
"method.response.header.Access-Control-Allow-Headers": true,
"method.response.header.Access-Control-Allow-Methods": true,
"method.response.header.Access-Control-Allow-Origin": true,
"method.response.header.Vary": true,
},
"StatusCode": "200",
},
],
"ResourceId": Object {
"Ref": "ApiRestApisitewiseserverName0BF1052C",
},
"RestApiId": Object {
"Ref": "ApiRestApiE35FEAFE",
},
},
"Type": "AWS::ApiGateway::Method",
},
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
Object {
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
Object {
"id": "AwsSolutions-CFR4",
"reason": "No contorl on the solution side as it is using the CloudFront default certificate.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W70",
"reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion",
},
],
},
},
"Properties": Object {
"DistributionConfig": Object {
"Comment": "Machine to Cloud Connectivity Framework Distribution",
"CustomErrorResponses": Array [
Object {
"ErrorCode": 403,
"ResponseCode": 200,
"ResponsePagePath": "/index.html",
},
Object {
"ErrorCode": 404,
"ResponseCode": 200,
"ResponsePagePath": "/index.html",
},
],
"DefaultCacheBehavior": Object {
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"Compress": true,
"TargetOriginId": "TestStackCloudFrontCloudFrontToS3CloudFrontDistributionOrigin1CE3C5A01",
"ViewerProtocolPolicy": "redirect-to-https",
},
"DefaultRootObject": "index.html",
"Enabled": true,
"HttpVersion": "http2",
"IPV6Enabled": true,
"Logging": Object {
"Bucket": Object {
"Fn::GetAtt": Array [
"LoggingBucketLogBucket34BFFCE4",
"RegionalDomainName",
],
},
"Prefix": "ui-cf/",
},
"Origins": Array [
Object {
"DomainName": Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3S3Bucket7D24549E",
"RegionalDomainName",
],
},
"Id": "TestStackCloudFrontCloudFrontToS3CloudFrontDistributionOrigin1CE3C5A01",
"S3OriginConfig": Object {
"OriginAccessIdentity": Object {
"Fn::Join": Array [
"",
Array [
"origin-access-identity/cloudfront/",
Object {
"Ref": "CloudFrontCloudFrontToS3CloudFrontDistributionOrigin1S3OriginA6611E24",
},
],
],
},
},
},
],
},
},
"Type": "AWS::CloudFront::Distribution",
},
"CloudFrontCloudFrontToS3CloudFrontDistributionOrigin1S3OriginA6611E24": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
Object {
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
Object {
"id": "AwsSolutions-CFR4",
"reason": "No contorl on the solution side as it is using the CloudFront default certificate.",
},
],
},
},
"Properties": Object {
"CloudFrontOriginAccessIdentityConfig": Object {
"Comment": "Identity for TestStackCloudFrontCloudFrontToS3CloudFrontDistributionOrigin1CE3C5A01",
},
},
"Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
},
"CloudFrontCloudFrontToS3S3Bucket7D24549E": Object {
"DeletionPolicy": "Retain",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
Object {
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
Object {
"id": "AwsSolutions-CFR4",
"reason": "No contorl on the solution side as it is using the CloudFront default certificate.",
},
],
},
},
"Properties": Object {
"BucketEncryption": Object {
"ServerSideEncryptionConfiguration": Array [
Object {
"ServerSideEncryptionByDefault": Object {
"SSEAlgorithm": "AES256",
},
},
],
},
"BucketName": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Ref": "AWS::StackName",
},
"-",
Object {
"Ref": "AWS::AccountId",
},
"-ui",
],
],
},
"LifecycleConfiguration": Object {
"Rules": Array [
Object {
"NoncurrentVersionTransitions": Array [
Object {
"StorageClass": "GLACIER",
"TransitionInDays": 90,
},
],
"Status": "Enabled",
},
],
},
"LoggingConfiguration": Object {
"DestinationBucketName": Object {
"Ref": "LoggingBucketLogBucket34BFFCE4",
},
"LogFilePrefix": "ui-s3/",
},
"PublicAccessBlockConfiguration": Object {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true,
},
"VersioningConfiguration": Object {
"Status": "Enabled",
},
},
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Retain",
},
"CloudFrontCloudFrontToS3S3BucketPolicy8C26E73C": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-CFR1",
"reason": "The solution does not control geo restriction.",
},
Object {
"id": "AwsSolutions-CFR2",
"reason": "No need to enable WAF.",
},
Object {
"id": "AwsSolutions-CFR4",
"reason": "No contorl on the solution side as it is using the CloudFront default certificate.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "F16",
"reason": "Public website bucket policy requires a wildcard principal",
},
],
},
},
"Properties": Object {
"Bucket": Object {
"Ref": "CloudFrontCloudFrontToS3S3Bucket7D24549E",
},
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "s3:*",
"Condition": Object {
"Bool": Object {
"aws:SecureTransport": "false",
},
},
"Effect": "Deny",
"Principal": Object {
"AWS": "*",
},
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3S3Bucket7D24549E",
"Arn",
],
},
Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3S3Bucket7D24549E",
"Arn",
],
},
"/*",
],
],
},
],
},
Object {
"Action": "s3:GetObject",
"Effect": "Allow",
"Principal": Object {
"CanonicalUser": Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistributionOrigin1S3OriginA6611E24",
"S3CanonicalUserId",
],
},
},
"Resource": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3S3Bucket7D24549E",
"Arn",
],
},
"/*",
],
],
},
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::S3::BucketPolicy",
},
"CloudFrontTeardownCloudfrontBucket808C2E27": Object {
"Condition": "ShouldTeardownDataOnDestroy",
"DeletionPolicy": "Delete",
"Properties": Object {
"BucketName": Object {
"Ref": "CloudFrontCloudFrontToS3S3Bucket7D24549E",
},
"Resource": "DeleteS3Bucket",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"ConnectionBuilderConnectionBuilderPolicy5A32FBC5": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "iotsitewise:CreateGateway and iotsitewise:ListGateways cannot have specific resources.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W12",
"reason": "iotsitewise:CreateGateway and iotsitewise:ListGateways cannot have specific resources.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "iot:Publish",
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/job/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/info/*",
],
],
},
],
},
Object {
"Action": "lambda:InvokeFunction",
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"ConnectionBuilderGreengrassDeployerD066AF37",
"Arn",
],
},
},
Object {
"Action": Array [
"dynamodb:Scan",
"dynamodb:Query",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerLogsDynamoDBDynamoTableC9727E05",
"Arn",
],
},
},
Object {
"Action": Array [
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Scan",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"ConnectionBuilderGreengrassCoreDevicesTable4F4ABC24",
"Arn",
],
},
},
Object {
"Action": Array [
"iotsitewise:DeleteGateway",
"iotsitewise:DescribeGateway",
"iotsitewise:DescribeGatewayCapabilityConfiguration",
"iotsitewise:UpdateGatewayCapabilityConfiguration",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iotsitewise:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":gateway/*",
],
],
},
},
Object {
"Action": Array [
"iotsitewise:CreateGateway",
"iotsitewise:ListGateways",
],
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"greengrass:DeleteCoreDevice",
"greengrass:ListCoreDevices",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":greengrass:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":coreDevices:*",
],
],
},
},
Object {
"Action": Array [
"iot:CreateThing",
"iot:DescribeThing",
"iot:DeleteThing",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":thing/*",
],
],
},
},
Object {
"Action": Array [
"s3:DeleteObject",
"s3:GetObject",
"s3:ListBucket",
"s3:PutObject",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
"/*",
],
],
},
],
},
Object {
"Action": Array [
"iot:AttachThingPrincipal",
"iot:DetachThingPrincipal",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"CustomResourcesCreateGreengrassInstallationScriptsC730B7A8",
"CertificateArn",
],
},
},
Object {
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iam::",
Object {
"Ref": "AWS::AccountId",
},
":role/aws-service-role/iotsitewise.amazonaws.com/AWSServiceRoleForIoTSiteWise",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "ConnectionBuilderConnectionBuilderPolicy5A32FBC5",
"Roles": Array [
Object {
"Ref": "ConnectionBuilderLambdaFunctionServiceRole8C610888",
},
],
},
"Type": "AWS::IAM::Policy",
},
"ConnectionBuilderDynamoTableD71800CE": Object {
"DeletionPolicy": "Delete",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
],
},
},
"Properties": Object {
"AttributeDefinitions": Array [
Object {
"AttributeName": "connectionName",
"AttributeType": "S",
},
],
"BillingMode": "PAY_PER_REQUEST",
"KeySchema": Array [
Object {
"AttributeName": "connectionName",
"KeyType": "HASH",
},
],
"PointInTimeRecoverySpecification": Object {
"PointInTimeRecoveryEnabled": true,
},
"SSESpecification": Object {
"SSEEnabled": true,
},
},
"Type": "AWS::DynamoDB::Table",
"UpdateReplacePolicy": "Retain",
},
"ConnectionBuilderGreengrassCoreDevicesTable4F4ABC24": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"AttributeDefinitions": Array [
Object {
"AttributeName": "name",
"AttributeType": "S",
},
],
"BillingMode": "PAY_PER_REQUEST",
"KeySchema": Array [
Object {
"AttributeName": "name",
"KeyType": "HASH",
},
],
"PointInTimeRecoverySpecification": Object {
"PointInTimeRecoveryEnabled": true,
},
"SSESpecification": Object {
"SSEEnabled": true,
},
},
"Type": "AWS::DynamoDB::Table",
"UpdateReplacePolicy": "Retain",
},
"ConnectionBuilderGreengrassDeployerD066AF37": Object {
"DependsOn": Array [
"ConnectionBuilderGreengrassDeployerRole3F2DCB13",
],
"Properties": Object {
"Code": Object {
"S3Bucket": Object {
"Fn::Join": Array [
"-",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"S3Bucket",
],
},
Object {
"Ref": "AWS::Region",
},
],
],
},
"S3Key": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"KeyPrefix",
],
},
"/greengrass-deployer.zip",
],
],
},
},
"Description": "Machine to Cloud Connectivity Greengrass deployer function",
"Environment": Object {
"Variables": Object {
"ARTIFACT_BUCKET": Object {
"Ref": "GreengrassResourcesGreengrassResourceBucketC4A4CE77",
},
"COLLECTOR_ID": Object {
"Fn::Join": Array [
"",
Array [
"SO0070-",
Object {
"Ref": "AWS::StackName",
},
],
],
},
"COMPONENT_VERSION": Object {
"Fn::Select": Array [
1,
Object {
"Fn::Split": Array [
"v",
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"Version",
],
},
],
},
],
},
"CONNECTION_DYNAMODB_TABLE": Object {
"Ref": "ConnectionBuilderDynamoTableD71800CE",
},
"GREENGRASS_CORE_DEVICES_DYNAMODB_TABLE": Object {
"Ref": "ConnectionBuilderGreengrassCoreDevicesTable4F4ABC24",
},
"IOT_ENDPOINT": Object {
"Fn::GetAtt": Array [
"CustomResourcesDescribeIoTEndpoint46C0C3F1",
"DataAtsEndpoint",
],
},
"KINESIS_STREAM": Object {
"Fn::If": Array [
"CreateKinesisResources",
Object {
"Ref": "KinesisDataStreamKinesisStream19B2CF78",
},
Object {
"Ref": "ExistingKinesisStreamName",
},
],
},
"LOGGING_LEVEL": Object {
"Ref": "LoggingLevel",
},
"SEND_ANONYMOUS_METRIC": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"SendAnonymousUsage",
],
},
"SOLUTION_ID": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"SolutionId",
],
},
"SOLUTION_UUID": Object {
"Fn::GetAtt": Array [
"CustomResourcesUUID1685434C",
"UUID",
],
},
"SOLUTION_VERSION": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"Version",
],
},
"TIMESTREAM_KINESIS_STREAM": Object {
"Ref": "TimestreamKinesisLambdaKinesisStreamF4535539",
},
},
},
"Handler": "greengrass-deployer/index.handler",
"ReservedConcurrentExecutions": 1,
"Role": Object {
"Fn::GetAtt": Array [
"ConnectionBuilderGreengrassDeployerRole3F2DCB13",
"Arn",
],
},
"Runtime": "nodejs16.x",
"Timeout": 600,
},
"Type": "AWS::Lambda::Function",
},
"ConnectionBuilderGreengrassDeployerEventInvokeConfig67A450FB": Object {
"Properties": Object {
"FunctionName": Object {
"Ref": "ConnectionBuilderGreengrassDeployerD066AF37",
},
"MaximumRetryAttempts": 0,
"Qualifier": "$LATEST",
},
"Type": "AWS::Lambda::EventInvokeConfig",
},
"ConnectionBuilderGreengrassDeployerRole3F2DCB13": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "The * resource is needed to control Greengrass resources and other IoT actions.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W11",
"reason": "The * resource is needed to control Greengrass resources and other IoT actions.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"greengrass:CreateComponentVersion",
"greengrass:CreateDeployment",
"greengrass:DeleteComponent",
"greengrass:GetDeployment",
"greengrass:ListComponents",
"greengrass:ListDeployments",
"iot:CancelJob",
"iot:CreateJob",
"iot:DeleteThingShadow",
"iot:DescribeJob",
"iot:DescribeThing",
"iot:DescribeThingGroup",
"iot:GetThingShadow",
"iot:UpdateJob",
"iot:UpdateThingShadow",
],
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": "iot:Publish",
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/job/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/info/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/error/*",
],
],
},
],
},
Object {
"Action": "iot:DescribeThing",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":thing/*",
],
],
},
},
Object {
"Action": Array [
"iotsitewise:DescribeGatewayCapabilityConfiguration",
"iotsitewise:UpdateGatewayCapabilityConfiguration",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iotsitewise:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":gateway/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "GreengrassIoTPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Scan",
"dynamodb:UpdateItem",
"dynamodb:Query",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"ConnectionBuilderDynamoTableD71800CE",
"Arn",
],
},
},
Object {
"Action": Array [
"dynamodb:GetItem",
"dynamodb:UpdateItem",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"ConnectionBuilderGreengrassCoreDevicesTable4F4ABC24",
"Arn",
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "DynamoDBPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
"/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "S3Policy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"secretsmanager:CreateSecret",
"secretsmanager:DeleteSecret",
"secretsmanager:PutSecretValue",
"secretsmanager:UpdateSecret",
"secretsmanager:RestoreSecret",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":secretsmanager:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":secret:m2c2-*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "SecretsManagerPolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"ConnectionBuilderLambdaFunctionA7314B1C": Object {
"DependsOn": Array [
"ConnectionBuilderLambdaFunctionServiceRoleDefaultPolicyD3D224F0",
"ConnectionBuilderLambdaFunctionServiceRole8C610888",
],
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W58",
"reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.",
},
Object {
"id": "W89",
"reason": "This is not a rule for the general case, just for specific use cases/industries",
},
Object {
"id": "W92",
"reason": "Impossible for us to define the correct concurrency for clients",
},
],
},
},
"Properties": Object {
"Code": Object {
"S3Bucket": Object {
"Fn::Join": Array [
"-",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"S3Bucket",
],
},
Object {
"Ref": "AWS::Region",
},
],
],
},
"S3Key": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"KeyPrefix",
],
},
"/connection-builder.zip",
],
],
},
},
"Description": "Machine to Cloud Connectivity connection builder function",
"Environment": Object {
"Variables": Object {
"API_ENDPOINT": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Ref": "ApiRestApiE35FEAFE",
},
".execute-api.",
Object {
"Ref": "AWS::Region",
},
".amazonaws.com",
],
],
},
"CONNECTION_DYNAMODB_TABLE": Object {
"Ref": "ConnectionBuilderDynamoTableD71800CE",
},
"GREENGRASS_CORE_DEVICES_DYNAMODB_TABLE": Object {
"Ref": "ConnectionBuilderGreengrassCoreDevicesTable4F4ABC24",
},
"GREENGRASS_DEPLOYER_LAMBDA_FUNCTION": Object {
"Ref": "ConnectionBuilderGreengrassDeployerD066AF37",
},
"GREENGRASS_RESOURCE_BUCKET": Object {
"Ref": "GreengrassResourcesGreengrassResourceBucketC4A4CE77",
},
"IOT_CERTIFICATE_ARN": Object {
"Fn::GetAtt": Array [
"CustomResourcesCreateGreengrassInstallationScriptsC730B7A8",
"CertificateArn",
],
},
"IOT_ENDPOINT": Object {
"Fn::GetAtt": Array [
"CustomResourcesDescribeIoTEndpoint46C0C3F1",
"DataAtsEndpoint",
],
},
"LOGGING_LEVEL": Object {
"Ref": "LoggingLevel",
},
"LOGS_DYNAMODB_TABLE": Object {
"Ref": "SQSMessageConsumerLogsDynamoDBDynamoTableC9727E05",
},
"PAGE_SIZE": "20",
"SEND_ANONYMOUS_METRIC": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"SendAnonymousUsage",
],
},
"SOLUTION_ID": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"SolutionId",
],
},
"SOLUTION_UUID": Object {
"Fn::GetAtt": Array [
"CustomResourcesUUID1685434C",
"UUID",
],
},
"SOLUTION_VERSION": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"Version",
],
},
},
},
"Handler": "connection-builder/index.handler",
"Role": Object {
"Fn::GetAtt": Array [
"ConnectionBuilderLambdaFunctionServiceRole8C610888",
"Arn",
],
},
"Runtime": "nodejs16.x",
"Timeout": 60,
"TracingConfig": Object {
"Mode": "Active",
},
},
"Type": "AWS::Lambda::Function",
},
"ConnectionBuilderLambdaFunctionApiLambdaInvokePermission3316B343": Object {
"Properties": Object {
"Action": "lambda:InvokeFunction",
"FunctionName": Object {
"Fn::GetAtt": Array [
"ConnectionBuilderLambdaFunctionA7314B1C",
"Arn",
],
},
"Principal": "apigateway.amazonaws.com",
"SourceArn": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":execute-api:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":",
Object {
"Ref": "ApiRestApiE35FEAFE",
},
"/*/*/*",
],
],
},
},
"Type": "AWS::Lambda::Permission",
},
"ConnectionBuilderLambdaFunctionServiceRole8C610888": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "LambdaFunctionServiceRolePolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"ConnectionBuilderLambdaFunctionServiceRoleDefaultPolicyD3D224F0": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W12",
"reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
],
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"dynamodb:BatchGetItem",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:Query",
"dynamodb:GetItem",
"dynamodb:Scan",
"dynamodb:ConditionCheckItem",
"dynamodb:BatchWriteItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:DescribeTable",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"ConnectionBuilderDynamoTableD71800CE",
"Arn",
],
},
Object {
"Ref": "AWS::NoValue",
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "ConnectionBuilderLambdaFunctionServiceRoleDefaultPolicyD3D224F0",
"Roles": Array [
Object {
"Ref": "ConnectionBuilderLambdaFunctionServiceRole8C610888",
},
],
},
"Type": "AWS::IAM::Policy",
},
"CustomResourcesCopyGreengrassComponentsArtifact0F79990E": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Artifacts": Object {
"ModbusTcpConnectorArtifact": "m2c2_modbus_tcp_connector.zip",
"OpcDaConnectorArtifact": "m2c2_opcda_connector.zip",
"OsiPiConnectorArtifact": "m2c2_osipi_connector.zip",
"PublisherArtifact": "m2c2_publisher.zip",
},
"DestinationBucket": Object {
"Ref": "GreengrassResourcesGreengrassResourceBucketC4A4CE77",
},
"Resource": "CopyGreengrassComponentsArtifact",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
"SourceBucket": Object {
"Fn::Join": Array [
"-",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"S3Bucket",
],
},
Object {
"Ref": "AWS::Region",
},
],
],
},
"SourcePrefix": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"KeyPrefix",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CustomResourcesCopyUiAssets45C36D78": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"DestinationBucket": Object {
"Ref": "CloudFrontCloudFrontToS3S3Bucket7D24549E",
},
"ManifestFile": "manifest.json",
"Resource": "CopyUIAssets",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
"SourceBucket": Object {
"Fn::Join": Array [
"-",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"S3Bucket",
],
},
Object {
"Ref": "AWS::Region",
},
],
],
},
"SourcePrefix": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"KeyPrefix",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CustomResourcesCreateGreengrassInstallationScriptsC730B7A8": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"CredentialProviderEndpoint": Object {
"Fn::GetAtt": Array [
"CustomResourcesDescribeIoTEndpoint46C0C3F1",
"CredentialProviderEndpoint",
],
},
"DataAtsEndpoint": Object {
"Fn::GetAtt": Array [
"CustomResourcesDescribeIoTEndpoint46C0C3F1",
"DataAtsEndpoint",
],
},
"DestinationBucket": Object {
"Ref": "GreengrassResourcesGreengrassResourceBucketC4A4CE77",
},
"IoTRoleAlias": Object {
"Fn::Join": Array [
"",
Array [
"m2c2-role-alias-",
Object {
"Fn::GetAtt": Array [
"CustomResourcesUUID1685434C",
"UUID",
],
},
],
],
},
"Resource": "CreateGreengrassInstallationScripts",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CustomResourcesCreateUiConfig2DC7F6E7": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"ApiEndpoint": Object {
"Fn::Join": Array [
"",
Array [
"https://",
Object {
"Ref": "ApiRestApiE35FEAFE",
},
".execute-api.",
Object {
"Ref": "AWS::Region",
},
".amazonaws.com/prod",
],
],
},
"ConfigFileName": "aws-exports.js",
"DestinationBucket": Object {
"Ref": "CloudFrontCloudFrontToS3S3Bucket7D24549E",
},
"IdentityPoolId": Object {
"Ref": "UiIdentityPool51844CCB",
},
"LoggingLevel": Object {
"Ref": "LoggingLevel",
},
"Resource": "CreateUIConfig",
"S3Bucket": Object {
"Ref": "GreengrassResourcesGreengrassResourceBucketC4A4CE77",
},
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
"UserPoolId": Object {
"Ref": "UiUserPool65C512AC",
},
"WebClientId": Object {
"Ref": "UiUserPoolClient2B11BEC3",
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CustomResourcesCustomResourceFunction1AA6557C": Object {
"DependsOn": Array [
"CustomResourcesCustomResourceFunctionRoleDefaultPolicyD7E8C892",
"CustomResourcesCustomResourceFunctionRole4A79416A",
],
"Properties": Object {
"Code": Object {
"S3Bucket": Object {
"Fn::Join": Array [
"-",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"S3Bucket",
],
},
Object {
"Ref": "AWS::Region",
},
],
],
},
"S3Key": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"KeyPrefix",
],
},
"/custom-resource.zip",
],
],
},
},
"Description": "Machine to Cloud Connectivity custom resource function",
"Environment": Object {
"Variables": Object {
"LOGGING_LEVEL": Object {
"Ref": "LoggingLevel",
},
"SOLUTION_ID": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"SolutionId",
],
},
"SOLUTION_VERSION": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"Version",
],
},
},
},
"Handler": "custom-resource/index.handler",
"Role": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunctionRole4A79416A",
"Arn",
],
},
"Runtime": "nodejs16.x",
"Timeout": 240,
},
"Type": "AWS::Lambda::Function",
},
"CustomResourcesCustomResourceFunctionRole4A79416A": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "IoT actions cannot specify the resource. It does not allow wildcard permissions either.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W11",
"reason": "IoT actions cannot specify the resource.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Path": "/",
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"iot:CreateKeysAndCertificate",
"iot:DescribeEndpoint",
"iot:UpdateCertificate",
"iot:UpdateThingShadow",
"iot:DeleteCertificate",
],
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"iot:CreateRoleAlias",
"iot:DeleteRoleAlias",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":rolealias/*",
],
],
},
},
Object {
"Action": Array [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "GreengrassIoTPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"s3:List*",
"s3:GetObject",
"s3:GetObjectVersion",
"s3:PutObject",
"s3:Delete*",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:aws:s3:::",
Object {
"Ref": "AWS::StackName",
},
"*",
],
],
},
},
Object {
"Action": Array [
"timestream:DescribeEndpoints",
"timestream:ListTables",
"timestream:DescribeTable",
"timestream:DeleteTable",
"timestream:DeleteDatabase",
"timestream:DescribeDatabase",
],
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "TeardownPolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"CustomResourcesCustomResourceFunctionRoleDefaultPolicyD7E8C892": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "IoT actions cannot specify the resource. It does not allow wildcard permissions either.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::",
Object {
"Fn::Join": Array [
"-",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"S3Bucket",
],
},
Object {
"Ref": "AWS::Region",
},
],
],
},
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":s3:::",
Object {
"Fn::Join": Array [
"-",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"S3Bucket",
],
},
Object {
"Ref": "AWS::Region",
},
],
],
},
"/",
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"KeyPrefix",
],
},
"/*",
],
],
},
],
},
Object {
"Action": Array [
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:PutObjectTagging",
"s3:PutObjectVersionTagging",
"s3:Abort*",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
"/*",
],
],
},
},
Object {
"Action": Array [
"s3:GetObject*",
"s3:GetBucket*",
"s3:List*",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
"/*",
],
],
},
],
},
Object {
"Action": Array [
"s3:PutObject",
"s3:PutObjectLegalHold",
"s3:PutObjectRetention",
"s3:PutObjectTagging",
"s3:PutObjectVersionTagging",
"s3:Abort*",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3S3Bucket7D24549E",
"Arn",
],
},
"/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CustomResourcesCustomResourceFunctionRoleDefaultPolicyD7E8C892",
"Roles": Array [
Object {
"Ref": "CustomResourcesCustomResourceFunctionRole4A79416A",
},
],
},
"Type": "AWS::IAM::Policy",
},
"CustomResourcesDeleteIoTCertificate3B8809C1": Object {
"DeletionPolicy": "Delete",
"DependsOn": Array [
"CustomResourcesGreengrassV2DeletePolicyFD2CC7BF",
],
"Properties": Object {
"CertificateArn": Object {
"Fn::GetAtt": Array [
"CustomResourcesCreateGreengrassInstallationScriptsC730B7A8",
"CertificateArn",
],
},
"CertificateId": Object {
"Fn::GetAtt": Array [
"CustomResourcesCreateGreengrassInstallationScriptsC730B7A8",
"CertificateId",
],
},
"Resource": "DeleteIoTCertificate",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CustomResourcesDescribeIoTEndpoint46C0C3F1": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Resource": "DescribeIoTEndpoint",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CustomResourcesGreengrassPolicyPrincipalAttachment5934B0A9": Object {
"Properties": Object {
"PolicyName": Object {
"Ref": "GreengrassResourcesGreengrassIoTPolicy27BFF2A3",
},
"Principal": Object {
"Fn::GetAtt": Array [
"CustomResourcesCreateGreengrassInstallationScriptsC730B7A8",
"CertificateArn",
],
},
},
"Type": "AWS::IoT::PolicyPrincipalAttachment",
},
"CustomResourcesGreengrassV2CustomResourcePolicy2878C4F5": Object {
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "iam:PassRole",
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"GreengrassResourcesIoTCredentialsRole90379835",
"Arn",
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CustomResourcesGreengrassV2CustomResourcePolicy2878C4F5",
"Roles": Array [
Object {
"Ref": "CustomResourcesCustomResourceFunctionRole4A79416A",
},
],
},
"Type": "AWS::IAM::Policy",
},
"CustomResourcesGreengrassV2DeletePolicyFD2CC7BF": Object {
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"iot:DetachThingPrincipal",
"iot:ListPrincipalThings",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"CustomResourcesCreateGreengrassInstallationScriptsC730B7A8",
"CertificateArn",
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CustomResourcesGreengrassV2DeletePolicyFD2CC7BF",
"Roles": Array [
Object {
"Ref": "CustomResourcesCustomResourceFunctionRole4A79416A",
},
],
},
"Type": "AWS::IAM::Policy",
},
"CustomResourcesManageIoTRoleAlias3486F7B6": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Resource": "ManageIoTRoleAlias",
"RoleAliasName": Object {
"Fn::Join": Array [
"",
Array [
"m2c2-role-alias-",
Object {
"Fn::GetAtt": Array [
"CustomResourcesUUID1685434C",
"UUID",
],
},
],
],
},
"RoleArn": Object {
"Fn::GetAtt": Array [
"GreengrassResourcesIoTCredentialsRole90379835",
"Arn",
],
},
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CustomResourcesPolicyPrincipalAttachment99A50BE1": Object {
"Properties": Object {
"PolicyName": Object {
"Ref": "GreengrassResourcesIoTPolicy1A8F20FA",
},
"Principal": Object {
"Fn::GetAtt": Array [
"CustomResourcesCreateGreengrassInstallationScriptsC730B7A8",
"CertificateArn",
],
},
},
"Type": "AWS::IoT::PolicyPrincipalAttachment",
},
"CustomResourcesSendAnonymousMetricsF7B9CE55": Object {
"Condition": "SendAnonymousUsage",
"DeletionPolicy": "Delete",
"Properties": Object {
"ExistingKinesisStream": Object {
"Ref": "ExistingKinesisStreamName",
},
"ExistingTimestreamDatabase": Object {
"Ref": "ExistingTimestreamDatabaseName",
},
"Resource": "SendAnonymousMetrics",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
"SolutionUUID": Object {
"Fn::GetAtt": Array [
"CustomResourcesUUID1685434C",
"UUID",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"CustomResourcesUUID1685434C": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"Resource": "CreateUUID",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"GreengrassResourcesGreengrassIoTPolicy27BFF2A3": Object {
"Metadata": Object {
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W39",
"reason": "The * resource for Greengrass actions is the minimum requirement.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"greengrass:GetComponentVersionArtifact",
"greengrass:ResolveComponentCandidates",
"greengrass:GetDeploymentConfiguration",
"greengrass:ListThingGroupsForCoreDevice",
"greengrass:PutCertificateAuthorities",
"greengrass:VerifyClientDeviceIdentity",
],
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"greengrass:VerifyClientDeviceIoTCertificateAssociation",
"greengrass:Discover",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":thing/*",
],
],
},
},
Object {
"Action": Array [
"greengrass:GetConnectivityInfo",
"greengrass:UpdateConnectivityInfo",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":greengrass:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":/greengrass/things/*",
],
],
},
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::IoT::Policy",
},
"GreengrassResourcesGreengrassResourceBucketC4A4CE77": Object {
"DeletionPolicy": "Retain",
"Properties": Object {
"BucketEncryption": Object {
"ServerSideEncryptionConfiguration": Array [
Object {
"ServerSideEncryptionByDefault": Object {
"SSEAlgorithm": "AES256",
},
},
],
},
"BucketName": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Ref": "AWS::StackName",
},
"-",
Object {
"Ref": "AWS::AccountId",
},
"-gg",
],
],
},
"CorsConfiguration": Object {
"CorsRules": Array [
Object {
"AllowedHeaders": Array [
"*",
],
"AllowedMethods": Array [
"GET",
],
"AllowedOrigins": Array [
Object {
"Fn::Join": Array [
"",
Array [
"https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
],
],
},
],
"ExposedHeaders": Array [
"ETag",
],
},
],
},
"LoggingConfiguration": Object {
"LogFilePrefix": "m2c2/",
},
"PublicAccessBlockConfiguration": Object {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true,
},
},
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Retain",
},
"GreengrassResourcesGreengrassResourceBucketPolicy52E1FF86": Object {
"Properties": Object {
"Bucket": Object {
"Ref": "GreengrassResourcesGreengrassResourceBucketC4A4CE77",
},
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "s3:*",
"Condition": Object {
"Bool": Object {
"aws:SecureTransport": "false",
},
},
"Effect": "Deny",
"Principal": Object {
"AWS": "*",
},
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
"/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::S3::BucketPolicy",
},
"GreengrassResourcesIoTCredentialsRole90379835": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "The * action/resource is required to control Greengrass resources fully. The * resource is required for iotsitewise:BatchPutAssetPropertyValue for Greengrass v2.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "F3",
"reason": "The * action is required to control Greengrass resources fully.",
},
Object {
"id": "W11",
"reason": "The * resource is required to control Greengrass resources fully and iotsitewise:BatchPutAssetPropertyValue actions for Greengrass v2.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "credentials.iot.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:/aws/greengrass/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "CloudWatchPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "greengrass:*",
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "GreengrassPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"iot:GetThingShadow",
"iot:UpdateThingShadow",
"iot:DeleteThingShadow",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":thing/GG_*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":thing/*-gcm",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":thing/*-gda",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":thing/*-gci",
],
],
},
],
},
Object {
"Action": "iot:Publish",
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/info/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/error/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/data/*",
],
],
},
],
},
Object {
"Action": "iot:DescribeThing",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":thing/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "IoTPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "iotsitewise:BatchPutAssetPropertyValue",
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "IoTSiteWisePolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"kinesis:PutRecords",
"kinesis:PutRecord",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":kinesis:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":stream/",
Object {
"Fn::If": Array [
"CreateKinesisResources",
Object {
"Ref": "KinesisDataStreamKinesisStream19B2CF78",
},
Object {
"Ref": "ExistingKinesisStreamName",
},
],
},
],
],
},
Object {
"Fn::GetAtt": Array [
"TimestreamKinesisLambdaKinesisStreamF4535539",
"Arn",
],
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "KinesisPolicy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"s3:GetBucketLocation",
"s3:GetObject",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
"/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "S3Policy",
},
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "secretsmanager:GetSecretValue",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":secretsmanager:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":secret:m2c2-*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "SecretsManagerPolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"GreengrassResourcesIoTPolicy1A8F20FA": Object {
"Metadata": Object {
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W39",
"reason": "The * resource for iot:Connect is required for the solution.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "iot:Connect",
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"iot:GetThingShadow",
"iot:UpdateThingShadow",
"iot:DeleteThingShadow",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":thing/*",
],
],
},
},
Object {
"Action": Array [
"iot:Publish",
"iot:Receive",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/$aws/things/*/greengrass/health/json",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/$aws/things/*/greengrassv2/health/json",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/job/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/info/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/error/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/m2c2/data/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/$aws/things/*/jobs/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/$aws/things/*/shadow/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/$aws/sitewise/gateways/*/diagnostics",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topic/$aws/sitewise/things/*/connectors/*/configuration/*",
],
],
},
],
},
Object {
"Action": "iot:Subscribe",
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topicfilter/m2c2/job/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topicfilter/$aws/things/*/jobs/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topicfilter/$aws/things/*/shadow/*",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topicfilter/$aws/sitewise/gateways/*/diagnostics",
],
],
},
Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":topicfilter/$aws/sitewise/things/*/connectors/*/configuration/*",
],
],
},
],
},
Object {
"Action": "iot:AssumeRoleWithCertificate",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iot:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":rolealias/m2c2-role-alias-",
Object {
"Fn::GetAtt": Array [
"CustomResourcesUUID1685434C",
"UUID",
],
},
],
],
},
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::IoT::Policy",
},
"GreengrassResourcesTeardownGreengrassResourcesBucketFD2D5392": Object {
"Condition": "ShouldTeardownDataOnDestroy",
"DeletionPolicy": "Delete",
"Properties": Object {
"BucketName": Object {
"Ref": "GreengrassResourcesGreengrassResourceBucketC4A4CE77",
},
"Resource": "DeleteS3Bucket",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"KinesisDataStreamKinesisFirehoseToS3KinesisFirehoseFC793760": Object {
"Condition": "CreateKinesisResources",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It specifies a bucket, so it is not a wildcard permission.",
},
Object {
"id": "AwsSolutions-KDF1",
"reason": "The data stream is encrypted.",
},
],
},
},
"Properties": Object {
"DeliveryStreamType": "KinesisStreamAsSource",
"ExtendedS3DestinationConfiguration": Object {
"BucketARN": Object {
"Fn::GetAtt": Array [
"KinesisDataStreamKinesisFirehoseToS3S3Bucket7191FF90",
"Arn",
],
},
"BufferingHints": Object {
"IntervalInSeconds": 300,
"SizeInMBs": 5,
},
"CloudWatchLoggingOptions": Object {
"Enabled": true,
"LogGroupName": Object {
"Ref": "KinesisDataStreamKinesisFirehoseToS3firehoseloggroupA8F4B00F",
},
"LogStreamName": Object {
"Ref": "KinesisDataStreamKinesisFirehoseToS3firehoseloggroupfirehoselogstreamC402231D",
},
},
"CompressionFormat": "GZIP",
"EncryptionConfiguration": Object {
"KMSEncryptionConfig": Object {
"AWSKMSKeyARN": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":kms:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":alias/aws/s3",
],
],
},
},
},
"RoleARN": Object {
"Fn::GetAtt": Array [
"KinesisDataStreamKinesisFirehoseToS3KinesisFirehoseRole7066EEA5",
"Arn",
],
},
},
"KinesisStreamSourceConfiguration": Object {
"KinesisStreamARN": Object {
"Fn::GetAtt": Array [
"KinesisDataStreamKinesisStream19B2CF78",
"Arn",
],
},
"RoleARN": Object {
"Fn::GetAtt": Array [
"KinesisKinesisStreamsRole997B5919",
"Arn",
],
},
},
},
"Type": "AWS::KinesisFirehose::DeliveryStream",
},
"KinesisDataStreamKinesisFirehoseToS3KinesisFirehosePolicyE637F8AB": Object {
"Condition": "CreateKinesisResources",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It specifies a bucket, so it is not a wildcard permission.",
},
Object {
"id": "AwsSolutions-KDF1",
"reason": "The data stream is encrypted.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"s3:AbortMultipartUpload",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:PutObject",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"KinesisDataStreamKinesisFirehoseToS3S3Bucket7191FF90",
"Arn",
],
},
Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"KinesisDataStreamKinesisFirehoseToS3S3Bucket7191FF90",
"Arn",
],
},
"/*",
],
],
},
],
},
Object {
"Action": "logs:PutLogEvents",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:",
Object {
"Ref": "KinesisDataStreamKinesisFirehoseToS3firehoseloggroupA8F4B00F",
},
":log-stream:",
Object {
"Ref": "KinesisDataStreamKinesisFirehoseToS3firehoseloggroupfirehoselogstreamC402231D",
},
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "KinesisDataStreamKinesisFirehoseToS3KinesisFirehosePolicyE637F8AB",
"Roles": Array [
Object {
"Ref": "KinesisDataStreamKinesisFirehoseToS3KinesisFirehoseRole7066EEA5",
},
],
},
"Type": "AWS::IAM::Policy",
},
"KinesisDataStreamKinesisFirehoseToS3KinesisFirehoseRole7066EEA5": Object {
"Condition": "CreateKinesisResources",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It specifies a bucket, so it is not a wildcard permission.",
},
Object {
"id": "AwsSolutions-KDF1",
"reason": "The data stream is encrypted.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "firehose.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::IAM::Role",
},
"KinesisDataStreamKinesisFirehoseToS3S3Bucket7191FF90": Object {
"Condition": "CreateKinesisResources",
"DeletionPolicy": "Retain",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It specifies a bucket, so it is not a wildcard permission.",
},
Object {
"id": "AwsSolutions-KDF1",
"reason": "The data stream is encrypted.",
},
],
},
},
"Properties": Object {
"BucketEncryption": Object {
"ServerSideEncryptionConfiguration": Array [
Object {
"ServerSideEncryptionByDefault": Object {
"SSEAlgorithm": "AES256",
},
},
],
},
"BucketName": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Ref": "AWS::StackName",
},
"-",
Object {
"Ref": "AWS::AccountId",
},
"-kds",
],
],
},
"LifecycleConfiguration": Object {
"Rules": Array [
Object {
"NoncurrentVersionTransitions": Array [
Object {
"StorageClass": "GLACIER",
"TransitionInDays": 90,
},
],
"Status": "Enabled",
},
],
},
"LoggingConfiguration": Object {
"DestinationBucketName": Object {
"Ref": "LoggingBucketLogBucket34BFFCE4",
},
"LogFilePrefix": "m2c2data/",
},
"PublicAccessBlockConfiguration": Object {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
"IgnorePublicAcls": true,
"RestrictPublicBuckets": true,
},
"VersioningConfiguration": Object {
"Status": "Enabled",
},
},
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Retain",
},
"KinesisDataStreamKinesisFirehoseToS3S3BucketPolicy17066DB1": Object {
"Condition": "CreateKinesisResources",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It specifies a bucket, so it is not a wildcard permission.",
},
Object {
"id": "AwsSolutions-KDF1",
"reason": "The data stream is encrypted.",
},
],
},
},
"Properties": Object {
"Bucket": Object {
"Ref": "KinesisDataStreamKinesisFirehoseToS3S3Bucket7191FF90",
},
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "s3:*",
"Condition": Object {
"Bool": Object {
"aws:SecureTransport": "false",
},
},
"Effect": "Deny",
"Principal": Object {
"AWS": "*",
},
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"KinesisDataStreamKinesisFirehoseToS3S3Bucket7191FF90",
"Arn",
],
},
Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"KinesisDataStreamKinesisFirehoseToS3S3Bucket7191FF90",
"Arn",
],
},
"/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::S3::BucketPolicy",
},
"KinesisDataStreamKinesisFirehoseToS3firehoseloggroupA8F4B00F": Object {
"Condition": "CreateKinesisResources",
"DeletionPolicy": "Retain",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It specifies a bucket, so it is not a wildcard permission.",
},
Object {
"id": "AwsSolutions-KDF1",
"reason": "The data stream is encrypted.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W86",
"reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely",
},
Object {
"id": "W84",
"reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)",
},
],
},
},
"Type": "AWS::Logs::LogGroup",
"UpdateReplacePolicy": "Retain",
},
"KinesisDataStreamKinesisFirehoseToS3firehoseloggroupfirehoselogstreamC402231D": Object {
"Condition": "CreateKinesisResources",
"DeletionPolicy": "Retain",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It specifies a bucket, so it is not a wildcard permission.",
},
Object {
"id": "AwsSolutions-KDF1",
"reason": "The data stream is encrypted.",
},
],
},
},
"Properties": Object {
"LogGroupName": Object {
"Ref": "KinesisDataStreamKinesisFirehoseToS3firehoseloggroupA8F4B00F",
},
},
"Type": "AWS::Logs::LogStream",
"UpdateReplacePolicy": "Retain",
},
"KinesisDataStreamKinesisStream19B2CF78": Object {
"Condition": "CreateKinesisResources",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It specifies a bucket, so it is not a wildcard permission.",
},
Object {
"id": "AwsSolutions-KDF1",
"reason": "The data stream is encrypted.",
},
],
},
},
"Properties": Object {
"RetentionPeriodHours": 24,
"ShardCount": 1,
"StreamEncryption": Object {
"EncryptionType": "KMS",
"KeyId": "alias/aws/kinesis",
},
"StreamModeDetails": Object {
"StreamMode": "PROVISIONED",
},
},
"Type": "AWS::Kinesis::Stream",
},
"KinesisDataStreamKinesisStreamGetRecordsIteratorAgeAlarm714667AF": Object {
"Condition": "CreateKinesisResources",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It specifies a bucket, so it is not a wildcard permission.",
},
Object {
"id": "AwsSolutions-KDF1",
"reason": "The data stream is encrypted.",
},
],
},
},
"Properties": Object {
"AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.",
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"EvaluationPeriods": 1,
"MetricName": "GetRecords.IteratorAgeMilliseconds",
"Namespace": "AWS/Kinesis",
"Period": 300,
"Statistic": "Maximum",
"Threshold": 2592000,
},
"Type": "AWS::CloudWatch::Alarm",
},
"KinesisDataStreamKinesisStreamReadProvisionedThroughputExceededAlarmC0BF102A": Object {
"Condition": "CreateKinesisResources",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It specifies a bucket, so it is not a wildcard permission.",
},
Object {
"id": "AwsSolutions-KDF1",
"reason": "The data stream is encrypted.",
},
],
},
},
"Properties": Object {
"AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.",
"ComparisonOperator": "GreaterThanThreshold",
"EvaluationPeriods": 1,
"MetricName": "ReadProvisionedThroughputExceeded",
"Namespace": "AWS/Kinesis",
"Period": 300,
"Statistic": "Average",
"Threshold": 0,
},
"Type": "AWS::CloudWatch::Alarm",
},
"KinesisKinesisStreamsRole997B5919": Object {
"Condition": "CreateKinesisResources",
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "firehose.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"kinesis:DescribeStream",
"kinesis:GetShardIterator",
"kinesis:GetRecords",
"kinesis:ListShards",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"KinesisDataStreamKinesisStream19B2CF78",
"Arn",
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "KinesisStreamsRoleRolePolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"KinesisTeardownKinesisBucket8EB05EB7": Object {
"Condition": "CreateKinesisResources",
"DeletionPolicy": "Delete",
"Properties": Object {
"BucketName": Object {
"Ref": "KinesisDataStreamKinesisFirehoseToS3S3Bucket7191FF90",
},
"Resource": "DeleteS3Bucket",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"LoggingBucketLogBucket34BFFCE4": Object {
"DeletionPolicy": "Retain",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-S1",
"reason": "This bucket is to store S3 logs, so it does not require access logs.",
},
Object {
"id": "AwsSolutions-S2",
"reason": "Public Access Blocking is handled by objectOwnership",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W35",
"reason": "This bucket is to store S3 logs, so it does not require access logs.",
},
],
},
},
"Properties": Object {
"AccessControl": "LogDeliveryWrite",
"BucketEncryption": Object {
"ServerSideEncryptionConfiguration": Array [
Object {
"ServerSideEncryptionByDefault": Object {
"SSEAlgorithm": "AES256",
},
},
],
},
"BucketName": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Ref": "AWS::StackName",
},
"-",
Object {
"Ref": "AWS::AccountId",
},
"-log",
],
],
},
"OwnershipControls": Object {
"Rules": Array [
Object {
"ObjectOwnership": "ObjectWriter",
},
],
},
},
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Retain",
},
"LoggingBucketLogBucketPolicy95173867": Object {
"Properties": Object {
"Bucket": Object {
"Ref": "LoggingBucketLogBucket34BFFCE4",
},
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "s3:*",
"Condition": Object {
"Bool": Object {
"aws:SecureTransport": "false",
},
},
"Effect": "Deny",
"Principal": Object {
"AWS": "*",
},
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"LoggingBucketLogBucket34BFFCE4",
"Arn",
],
},
Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"LoggingBucketLogBucket34BFFCE4",
"Arn",
],
},
"/*",
],
],
},
],
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::S3::BucketPolicy",
},
"SQSMessageConsumerErrorLogsRuleIotTopicRule59B8BAD2": Object {
"Properties": Object {
"TopicRulePayload": Object {
"Actions": Array [
Object {
"Sqs": Object {
"QueueUrl": Object {
"Ref": "SQSMessageConsumerqueueE61E6A01",
},
"RoleArn": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerErrorLogsRuleiotactionsrole0E20762C",
"Arn",
],
},
},
},
],
"AwsIotSqlVersion": "2016-03-23",
"Description": "Processing connection error logs",
"RuleDisabled": false,
"Sql": "SELECT topic(3) as connectionName, topic(2) as logType, timestamp() as timestamp, * FROM 'm2c2/error/+'",
},
},
"Type": "AWS::IoT::TopicRule",
},
"SQSMessageConsumerErrorLogsRuleiotactionsrole0E20762C": Object {
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "iot.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::IAM::Role",
},
"SQSMessageConsumerErrorLogsRuleiotactionsroleDefaultPolicy2D7480C7": Object {
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"sqs:SendMessage",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerqueueE61E6A01",
"Arn",
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "SQSMessageConsumerErrorLogsRuleiotactionsroleDefaultPolicy2D7480C7",
"Roles": Array [
Object {
"Ref": "SQSMessageConsumerErrorLogsRuleiotactionsrole0E20762C",
},
],
},
"Type": "AWS::IAM::Policy",
},
"SQSMessageConsumerInfoLogsRuleIotTopicRule7D0D973E": Object {
"Properties": Object {
"TopicRulePayload": Object {
"Actions": Array [
Object {
"Sqs": Object {
"QueueUrl": Object {
"Ref": "SQSMessageConsumerqueueE61E6A01",
},
"RoleArn": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerInfoLogsRuleiotactionsrole088B8868",
"Arn",
],
},
},
},
],
"AwsIotSqlVersion": "2016-03-23",
"Description": "Processing connection info logs",
"RuleDisabled": false,
"Sql": "SELECT topic(3) as connectionName, topic(2) as logType, timestamp() as timestamp, * FROM 'm2c2/info/+'",
},
},
"Type": "AWS::IoT::TopicRule",
},
"SQSMessageConsumerInfoLogsRuleiotactionsrole088B8868": Object {
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "iot.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
},
"Type": "AWS::IAM::Role",
},
"SQSMessageConsumerInfoLogsRuleiotactionsroleDefaultPolicyC2373FD3": Object {
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"sqs:SendMessage",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerqueueE61E6A01",
"Arn",
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "SQSMessageConsumerInfoLogsRuleiotactionsroleDefaultPolicyC2373FD3",
"Roles": Array [
Object {
"Ref": "SQSMessageConsumerInfoLogsRuleiotactionsrole088B8868",
},
],
},
"Type": "AWS::IAM::Policy",
},
"SQSMessageConsumerLambdaFunctionD43D4536": Object {
"DependsOn": Array [
"SQSMessageConsumerLambdaFunctionServiceRoleDefaultPolicy3EE42D42",
"SQSMessageConsumerLambdaFunctionServiceRole78A3F720",
],
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "deadLetterQueue is the dead letter queue.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W58",
"reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.",
},
Object {
"id": "W89",
"reason": "This is not a rule for the general case, just for specific use cases/industries",
},
Object {
"id": "W92",
"reason": "Impossible for us to define the correct concurrency for clients",
},
],
},
},
"Properties": Object {
"Code": Object {
"S3Bucket": Object {
"Fn::Join": Array [
"-",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"S3Bucket",
],
},
Object {
"Ref": "AWS::Region",
},
],
],
},
"S3Key": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"KeyPrefix",
],
},
"/sqs-message-consumer.zip",
],
],
},
},
"Description": "Machine to Cloud Connectivity SQS message consumer function",
"Environment": Object {
"Variables": Object {
"LOGGING_LEVEL": Object {
"Ref": "LoggingLevel",
},
"LOGS_DYNAMODB_TABLE": Object {
"Ref": "SQSMessageConsumerLogsDynamoDBDynamoTableC9727E05",
},
"SOLUTION_ID": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"SolutionId",
],
},
"SOLUTION_VERSION": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"Version",
],
},
},
},
"Handler": "sqs-message-consumer/index.handler",
"Role": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerLambdaFunctionServiceRole78A3F720",
"Arn",
],
},
"Runtime": "nodejs16.x",
"Timeout": 60,
"TracingConfig": Object {
"Mode": "Active",
},
},
"Type": "AWS::Lambda::Function",
},
"SQSMessageConsumerLambdaFunctionEventInvokeConfigE5E1A79F": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "deadLetterQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"FunctionName": Object {
"Ref": "SQSMessageConsumerLambdaFunctionD43D4536",
},
"MaximumRetryAttempts": 0,
"Qualifier": "$LATEST",
},
"Type": "AWS::Lambda::EventInvokeConfig",
},
"SQSMessageConsumerLambdaFunctionServiceRole78A3F720": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "deadLetterQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "LambdaFunctionServiceRolePolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"SQSMessageConsumerLambdaFunctionServiceRoleDefaultPolicy3EE42D42": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "deadLetterQueue is the dead letter queue.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W12",
"reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
],
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"sqs:ReceiveMessage",
"sqs:ChangeMessageVisibility",
"sqs:GetQueueUrl",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerqueueE61E6A01",
"Arn",
],
},
},
Object {
"Action": Array [
"dynamodb:BatchGetItem",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:Query",
"dynamodb:GetItem",
"dynamodb:Scan",
"dynamodb:ConditionCheckItem",
"dynamodb:BatchWriteItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
"dynamodb:DescribeTable",
],
"Effect": "Allow",
"Resource": Array [
Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerLogsDynamoDBDynamoTableC9727E05",
"Arn",
],
},
Object {
"Ref": "AWS::NoValue",
},
],
},
],
"Version": "2012-10-17",
},
"PolicyName": "SQSMessageConsumerLambdaFunctionServiceRoleDefaultPolicy3EE42D42",
"Roles": Array [
Object {
"Ref": "SQSMessageConsumerLambdaFunctionServiceRole78A3F720",
},
],
},
"Type": "AWS::IAM::Policy",
},
"SQSMessageConsumerLambdaFunctionSqsEventSourceTestStackSQSMessageConsumerqueueDA8D7678FF0402A6": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "deadLetterQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"EventSourceArn": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerqueueE61E6A01",
"Arn",
],
},
"FunctionName": Object {
"Ref": "SQSMessageConsumerLambdaFunctionD43D4536",
},
},
"Type": "AWS::Lambda::EventSourceMapping",
},
"SQSMessageConsumerLogsDynamoDBDynamoTableC9727E05": Object {
"DeletionPolicy": "Delete",
"Properties": Object {
"AttributeDefinitions": Array [
Object {
"AttributeName": "connectionName",
"AttributeType": "S",
},
Object {
"AttributeName": "timestamp",
"AttributeType": "N",
},
],
"BillingMode": "PAY_PER_REQUEST",
"KeySchema": Array [
Object {
"AttributeName": "connectionName",
"KeyType": "HASH",
},
Object {
"AttributeName": "timestamp",
"KeyType": "RANGE",
},
],
"PointInTimeRecoverySpecification": Object {
"PointInTimeRecoveryEnabled": true,
},
"SSESpecification": Object {
"SSEEnabled": true,
},
"TimeToLiveSpecification": Object {
"AttributeName": "ttl",
"Enabled": true,
},
},
"Type": "AWS::DynamoDB::Table",
"UpdateReplacePolicy": "Retain",
},
"SQSMessageConsumerdeadLetterQueue7326D371": Object {
"DeletionPolicy": "Delete",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "deadLetterQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"KmsMasterKeyId": "alias/aws/sqs",
},
"Type": "AWS::SQS::Queue",
"UpdateReplacePolicy": "Delete",
},
"SQSMessageConsumerdeadLetterQueuePolicy10D24585": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "deadLetterQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"sqs:DeleteMessage",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:GetQueueAttributes",
"sqs:RemovePermission",
"sqs:AddPermission",
"sqs:SetQueueAttributes",
],
"Effect": "Allow",
"Principal": Object {
"AWS": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iam::",
Object {
"Ref": "AWS::AccountId",
},
":root",
],
],
},
},
"Resource": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerdeadLetterQueue7326D371",
"Arn",
],
},
"Sid": "QueueOwnerOnlyAccess",
},
Object {
"Action": "SQS:*",
"Condition": Object {
"Bool": Object {
"aws:SecureTransport": "false",
},
},
"Effect": "Deny",
"Principal": Object {
"AWS": "*",
},
"Resource": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerdeadLetterQueue7326D371",
"Arn",
],
},
"Sid": "HttpsOnly",
},
],
"Version": "2012-10-17",
},
"Queues": Array [
Object {
"Ref": "SQSMessageConsumerdeadLetterQueue7326D371",
},
],
},
"Type": "AWS::SQS::QueuePolicy",
},
"SQSMessageConsumerqueueE61E6A01": Object {
"DeletionPolicy": "Delete",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "deadLetterQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"KmsMasterKeyId": "alias/aws/sqs",
"RedrivePolicy": Object {
"deadLetterTargetArn": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerdeadLetterQueue7326D371",
"Arn",
],
},
"maxReceiveCount": 3,
},
"VisibilityTimeout": 60,
},
"Type": "AWS::SQS::Queue",
"UpdateReplacePolicy": "Delete",
},
"SQSMessageConsumerqueuePolicy821A82C9": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "deadLetterQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"sqs:DeleteMessage",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:GetQueueAttributes",
"sqs:RemovePermission",
"sqs:AddPermission",
"sqs:SetQueueAttributes",
],
"Effect": "Allow",
"Principal": Object {
"AWS": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iam::",
Object {
"Ref": "AWS::AccountId",
},
":root",
],
],
},
},
"Resource": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerqueueE61E6A01",
"Arn",
],
},
"Sid": "QueueOwnerOnlyAccess",
},
Object {
"Action": "SQS:*",
"Condition": Object {
"Bool": Object {
"aws:SecureTransport": "false",
},
},
"Effect": "Deny",
"Principal": Object {
"AWS": "*",
},
"Resource": Object {
"Fn::GetAtt": Array [
"SQSMessageConsumerqueueE61E6A01",
"Arn",
],
},
"Sid": "HttpsOnly",
},
],
"Version": "2012-10-17",
},
"Queues": Array [
Object {
"Ref": "SQSMessageConsumerqueueE61E6A01",
},
],
},
"Type": "AWS::SQS::QueuePolicy",
},
"TeardownS3LoggingBucket": Object {
"Condition": "ShouldTeardownDataOnDestroy",
"DeletionPolicy": "Delete",
"Properties": Object {
"BucketName": Object {
"Ref": "LoggingBucketLogBucket34BFFCE4",
},
"Resource": "DeleteS3Bucket",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"TimestreamDatabase8FA26A4B": Object {
"Condition": "TimestreamCreateTimestreamDatabaseA7576C71",
"DeletionPolicy": "Retain",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-TS3",
"reason": "The default KMS is used by default.",
},
],
},
},
"Properties": Object {
"DatabaseName": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Ref": "AWS::StackName",
},
"-",
Object {
"Fn::GetAtt": Array [
"CustomResourcesUUID1685434C",
"UUID",
],
},
],
],
},
},
"Type": "AWS::Timestream::Database",
},
"TimestreamKinesisLambdaKinesisStreamF4535539": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"RetentionPeriodHours": 24,
"ShardCount": 1,
"StreamEncryption": Object {
"EncryptionType": "KMS",
"KeyId": "alias/aws/kinesis",
},
"StreamModeDetails": Object {
"StreamMode": "PROVISIONED",
},
},
"Type": "AWS::Kinesis::Stream",
},
"TimestreamKinesisLambdaKinesisStreamGetRecordsIteratorAgeAlarm59EDEC34": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.",
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"EvaluationPeriods": 1,
"MetricName": "GetRecords.IteratorAgeMilliseconds",
"Namespace": "AWS/Kinesis",
"Period": 300,
"Statistic": "Maximum",
"Threshold": 2592000,
},
"Type": "AWS::CloudWatch::Alarm",
},
"TimestreamKinesisLambdaKinesisStreamReadProvisionedThroughputExceededAlarm79FBEB27": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.",
"ComparisonOperator": "GreaterThanThreshold",
"EvaluationPeriods": 1,
"MetricName": "ReadProvisionedThroughputExceeded",
"Namespace": "AWS/Kinesis",
"Period": 300,
"Statistic": "Average",
"Threshold": 0,
},
"Type": "AWS::CloudWatch::Alarm",
},
"TimestreamKinesisLambdaLambdaFunction8650147E": Object {
"DependsOn": Array [
"TimestreamKinesisLambdaLambdaFunctionServiceRoleDefaultPolicy9E793F58",
"TimestreamKinesisLambdaLambdaFunctionServiceRole0805B8A4",
],
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W58",
"reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.",
},
Object {
"id": "W89",
"reason": "This is not a rule for the general case, just for specific use cases/industries",
},
Object {
"id": "W92",
"reason": "Impossible for us to define the correct concurrency for clients",
},
],
},
},
"Properties": Object {
"Code": Object {
"S3Bucket": Object {
"Fn::Join": Array [
"-",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"S3Bucket",
],
},
Object {
"Ref": "AWS::Region",
},
],
],
},
"S3Key": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"KeyPrefix",
],
},
"/timestream-writer.zip",
],
],
},
},
"Description": "Machine to Cloud Connectivity Framework Timestream data writer function",
"Environment": Object {
"Variables": Object {
"LOGGING_LEVEL": Object {
"Ref": "LoggingLevel",
},
"SOLUTION_ID": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"SolutionId",
],
},
"SOLUTION_VERSION": Object {
"Fn::FindInMap": Array [
"Solution",
"Config",
"Version",
],
},
"TIMESTREAM_DATABASE": Object {
"Fn::If": Array [
"TimestreamCreateTimestreamDatabaseA7576C71",
Object {
"Ref": "TimestreamDatabase8FA26A4B",
},
Object {
"Ref": "ExistingTimestreamDatabaseName",
},
],
},
"TIMESTREAM_TABLE": Object {
"Fn::GetAtt": Array [
"TimestreamTable125AE89A",
"Name",
],
},
},
},
"Handler": "timestream-writer/index.handler",
"Role": Object {
"Fn::GetAtt": Array [
"TimestreamKinesisLambdaLambdaFunctionServiceRole0805B8A4",
"Arn",
],
},
"Runtime": "nodejs16.x",
"Timeout": 30,
"TracingConfig": Object {
"Mode": "Active",
},
},
"Type": "AWS::Lambda::Function",
},
"TimestreamKinesisLambdaLambdaFunctionKinesisEventSourceTestStackTimestreamKinesisLambdaKinesisStream4CCE346B315C5FE2": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"BatchSize": 100,
"BisectBatchOnFunctionError": true,
"DestinationConfig": Object {
"OnFailure": Object {
"Destination": Object {
"Fn::GetAtt": Array [
"TimestreamKinesisLambdaSqsDlqQueueD2C34EA9",
"Arn",
],
},
},
},
"EventSourceArn": Object {
"Fn::GetAtt": Array [
"TimestreamKinesisLambdaKinesisStreamF4535539",
"Arn",
],
},
"FunctionName": Object {
"Ref": "TimestreamKinesisLambdaLambdaFunction8650147E",
},
"MaximumRecordAgeInSeconds": 86400,
"MaximumRetryAttempts": 500,
"StartingPosition": "TRIM_HORIZON",
},
"Type": "AWS::Lambda::EventSourceMapping",
},
"TimestreamKinesisLambdaLambdaFunctionServiceRole0805B8A4": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "LambdaFunctionServiceRolePolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"TimestreamKinesisLambdaLambdaFunctionServiceRoleDefaultPolicy9E793F58": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W12",
"reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
],
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"kinesis:DescribeStreamSummary",
"kinesis:GetRecords",
"kinesis:GetShardIterator",
"kinesis:ListShards",
"kinesis:SubscribeToShard",
"kinesis:DescribeStream",
"kinesis:ListStreams",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"TimestreamKinesisLambdaKinesisStreamF4535539",
"Arn",
],
},
},
Object {
"Action": Array [
"sqs:SendMessage",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"TimestreamKinesisLambdaSqsDlqQueueD2C34EA9",
"Arn",
],
},
},
Object {
"Action": "kinesis:DescribeStream",
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"TimestreamKinesisLambdaKinesisStreamF4535539",
"Arn",
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "TimestreamKinesisLambdaLambdaFunctionServiceRoleDefaultPolicy9E793F58",
"Roles": Array [
Object {
"Ref": "TimestreamKinesisLambdaLambdaFunctionServiceRole0805B8A4",
},
],
},
"Type": "AWS::IAM::Policy",
},
"TimestreamKinesisLambdaSqsDlqQueueD2C34EA9": Object {
"DeletionPolicy": "Delete",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"KmsMasterKeyId": "alias/aws/sqs",
},
"Type": "AWS::SQS::Queue",
"UpdateReplacePolicy": "Delete",
},
"TimestreamKinesisLambdaSqsDlqQueuePolicyE46C38D6": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"sqs:DeleteMessage",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:GetQueueAttributes",
"sqs:RemovePermission",
"sqs:AddPermission",
"sqs:SetQueueAttributes",
],
"Effect": "Allow",
"Principal": Object {
"AWS": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iam::",
Object {
"Ref": "AWS::AccountId",
},
":root",
],
],
},
},
"Resource": Object {
"Fn::GetAtt": Array [
"TimestreamKinesisLambdaSqsDlqQueueD2C34EA9",
"Arn",
],
},
"Sid": "QueueOwnerOnlyAccess",
},
Object {
"Action": "SQS:*",
"Condition": Object {
"Bool": Object {
"aws:SecureTransport": "false",
},
},
"Effect": "Deny",
"Principal": Object {
"AWS": "*",
},
"Resource": Object {
"Fn::GetAtt": Array [
"TimestreamKinesisLambdaSqsDlqQueueD2C34EA9",
"Arn",
],
},
"Sid": "HttpsOnly",
},
],
"Version": "2012-10-17",
},
"Queues": Array [
Object {
"Ref": "TimestreamKinesisLambdaSqsDlqQueueD2C34EA9",
},
],
},
"Type": "AWS::SQS::QueuePolicy",
},
"TimestreamTable125AE89A": Object {
"DeletionPolicy": "Retain",
"Properties": Object {
"DatabaseName": Object {
"Fn::If": Array [
"TimestreamCreateTimestreamDatabaseA7576C71",
Object {
"Ref": "TimestreamDatabase8FA26A4B",
},
Object {
"Ref": "ExistingTimestreamDatabaseName",
},
],
},
"RetentionProperties": Object {
"MagneticStoreRetentionPeriodInDays": 365,
"MemoryStoreRetentionPeriodInHours": 2160,
},
},
"Type": "AWS::Timestream::Table",
},
"TimestreamTimestreamPolicyB0D033E3": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "timestream:DescribeEndpoints cannot have specific resources.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W12",
"reason": "timestream:DescribeEndpoints cannot have specific resources.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "timestream:WriteRecords",
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"TimestreamTable125AE89A",
"Arn",
],
},
},
Object {
"Action": "timestream:DescribeEndpoints",
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "TimestreamTimestreamPolicyB0D033E3",
"Roles": Array [
Object {
"Ref": "TimestreamKinesisLambdaLambdaFunctionServiceRole0805B8A4",
},
],
},
"Type": "AWS::IAM::Policy",
},
"TimestreamteardownTimestreamDatabaseA467782A": Object {
"Condition": "ShouldTeardownDataOnDestroy",
"DeletionPolicy": "Delete",
"Properties": Object {
"DatabaseName": Object {
"Fn::If": Array [
"TimestreamCreateTimestreamDatabaseA7576C71",
Object {
"Ref": "TimestreamDatabase8FA26A4B",
},
Object {
"Ref": "ExistingTimestreamDatabaseName",
},
],
},
"Resource": "DeleteTimestreamDatabase",
"ServiceToken": Object {
"Fn::GetAtt": Array [
"CustomResourcesCustomResourceFunction1AA6557C",
"Arn",
],
},
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
"UiIdentityPool51844CCB": Object {
"Properties": Object {
"AllowUnauthenticatedIdentities": false,
"CognitoIdentityProviders": Array [
Object {
"ClientId": Object {
"Ref": "UiUserPoolClient2B11BEC3",
},
"ProviderName": Object {
"Fn::GetAtt": Array [
"UiUserPool65C512AC",
"ProviderName",
],
},
"ServerSideTokenCheck": false,
},
],
},
"Type": "AWS::Cognito::IdentityPool",
},
"UiIdentityPoolAuthenticatedRole209833D1": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": Object {
"ForAnyValue:StringLike": Object {
"cognito-identity.amazonaws.com:amr": "authenticated",
},
"StringEquals": Object {
"cognito-identity.amazonaws.com:aud": Object {
"Ref": "UiIdentityPool51844CCB",
},
},
},
"Effect": "Allow",
"Principal": Object {
"Federated": "cognito-identity.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Description": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Ref": "AWS::StackName",
},
" Identity Pool authenticated role",
],
],
},
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "execute-api:Invoke",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":execute-api:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":",
Object {
"Ref": "ApiRestApiE35FEAFE",
},
"/prod/*",
],
],
},
},
Object {
"Action": "s3:GetObject",
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Fn::GetAtt": Array [
"GreengrassResourcesGreengrassResourceBucketC4A4CE77",
"Arn",
],
},
"/public/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "ExecuteApiPolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"UiIdentityPoolRoleAttachmentE03FE345": Object {
"Properties": Object {
"IdentityPoolId": Object {
"Ref": "UiIdentityPool51844CCB",
},
"Roles": Object {
"authenticated": Object {
"Fn::GetAtt": Array [
"UiIdentityPoolAuthenticatedRole209833D1",
"Arn",
],
},
},
},
"Type": "AWS::Cognito::IdentityPoolRoleAttachment",
},
"UiUser0723E55D": Object {
"Properties": Object {
"DesiredDeliveryMediums": Array [
"EMAIL",
],
"ForceAliasCreation": true,
"UserAttributes": Array [
Object {
"Name": "email",
"Value": Object {
"Ref": "UserEmail",
},
},
Object {
"Name": "email_verified",
"Value": "true",
},
],
"UserPoolId": Object {
"Ref": "UiUserPool65C512AC",
},
"Username": Object {
"Ref": "UserEmail",
},
},
"Type": "AWS::Cognito::UserPoolUser",
},
"UiUserPool65C512AC": Object {
"DeletionPolicy": "Delete",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-COG2",
"reason": "No need to enable MFA as that is option for users.",
},
],
},
},
"Properties": Object {
"AccountRecoverySetting": Object {
"RecoveryMechanisms": Array [
Object {
"Name": "verified_phone_number",
"Priority": 1,
},
Object {
"Name": "verified_email",
"Priority": 2,
},
],
},
"AdminCreateUserConfig": Object {
"AllowAdminCreateUserOnly": true,
"InviteMessageTemplate": Object {
"EmailMessage": Object {
"Fn::Join": Array [
"",
Array [
"
You are invited to join Machine to Cloud Connectivity Framework.
https://",
Object {
"Fn::GetAtt": Array [
"CloudFrontCloudFrontToS3CloudFrontDistribution057B07F7",
"DomainName",
],
},
"
Please sign in to Machine to Cloud Connectivity Framework using the temporary credentials below:
Username: {username}
Password: {####}
",
],
],
},
"EmailSubject": "[Machine to Cloud Connectivity Framework] Login information",
},
},
"AutoVerifiedAttributes": Array [
"email",
],
"EmailVerificationMessage": "The verification code to your new account is {####}",
"EmailVerificationSubject": "Verify your new account",
"Policies": Object {
"PasswordPolicy": Object {
"MinimumLength": 12,
"RequireLowercase": true,
"RequireNumbers": true,
"RequireSymbols": true,
"RequireUppercase": true,
},
},
"SmsVerificationMessage": "The verification code to your new account is {####}",
"UserPoolAddOns": Object {
"AdvancedSecurityMode": "ENFORCED",
},
"UserPoolName": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Ref": "AWS::StackName",
},
"-user-pool",
],
],
},
"UsernameAttributes": Array [
"email",
],
"VerificationMessageTemplate": Object {
"DefaultEmailOption": "CONFIRM_WITH_CODE",
"EmailMessage": "The verification code to your new account is {####}",
"EmailSubject": "Verify your new account",
"SmsMessage": "The verification code to your new account is {####}",
},
},
"Type": "AWS::Cognito::UserPool",
"UpdateReplacePolicy": "Delete",
},
"UiUserPoolClient2B11BEC3": Object {
"Properties": Object {
"AllowedOAuthFlows": Array [
"implicit",
"code",
],
"AllowedOAuthFlowsUserPoolClient": true,
"AllowedOAuthScopes": Array [
"profile",
"phone",
"email",
"openid",
"aws.cognito.signin.user.admin",
],
"CallbackURLs": Array [
"https://example.com",
],
"ClientName": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Ref": "AWS::StackName",
},
"-userpool-client",
],
],
},
"GenerateSecret": false,
"PreventUserExistenceErrors": "ENABLED",
"RefreshTokenValidity": 1440,
"SupportedIdentityProviders": Array [
"COGNITO",
],
"TokenValidityUnits": Object {
"RefreshToken": "minutes",
},
"UserPoolId": Object {
"Ref": "UiUserPool65C512AC",
},
},
"Type": "AWS::Cognito::UserPoolClient",
},
},
}
`;