// Jest Snapshot v1, https://goo.gl/fbAQLP
exports[`M2C2 Timestream test snapshot and default values 1`] = `
Object {
"Conditions": Object {
"TestTimestreamCreateTimestreamDatabaseDCDEE72E": Object {
"Fn::Equals": Array [
"",
"",
],
},
},
"Resources": Object {
"TestTable": Object {
"DeletionPolicy": "Retain",
"Properties": Object {
"DatabaseName": Object {
"Fn::If": Array [
"TestTimestreamCreateTimestreamDatabaseDCDEE72E",
Object {
"Ref": "TestTimestreamDatabaseD9B9FB32",
},
"",
],
},
"RetentionProperties": Object {
"MagneticStoreRetentionPeriodInDays": 365,
"MemoryStoreRetentionPeriodInHours": 2160,
},
},
"Type": "AWS::Timestream::Table",
},
"TestTimestreamDatabaseD9B9FB32": Object {
"Condition": "TestTimestreamCreateTimestreamDatabaseDCDEE72E",
"DeletionPolicy": "Retain",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-TS3",
"reason": "The default KMS is used by default.",
},
],
},
},
"Properties": Object {
"DatabaseName": Object {
"Fn::Join": Array [
"",
Array [
Object {
"Ref": "AWS::StackName",
},
"-test-uuid",
],
],
},
},
"Type": "AWS::Timestream::Database",
},
"TestTimestreamKinesisLambdaKinesisStreamD9ACCC8B": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"RetentionPeriodHours": 24,
"ShardCount": 1,
"StreamEncryption": Object {
"EncryptionType": "KMS",
"KeyId": "alias/aws/kinesis",
},
"StreamModeDetails": Object {
"StreamMode": "PROVISIONED",
},
},
"Type": "AWS::Kinesis::Stream",
},
"TestTimestreamKinesisLambdaKinesisStreamGetRecordsIteratorAgeAlarm3BF96A2B": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.",
"ComparisonOperator": "GreaterThanOrEqualToThreshold",
"EvaluationPeriods": 1,
"MetricName": "GetRecords.IteratorAgeMilliseconds",
"Namespace": "AWS/Kinesis",
"Period": 300,
"Statistic": "Maximum",
"Threshold": 2592000,
},
"Type": "AWS::CloudWatch::Alarm",
},
"TestTimestreamKinesisLambdaKinesisStreamReadProvisionedThroughputExceededAlarm84FAAD02": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.",
"ComparisonOperator": "GreaterThanThreshold",
"EvaluationPeriods": 1,
"MetricName": "ReadProvisionedThroughputExceeded",
"Namespace": "AWS/Kinesis",
"Period": 300,
"Statistic": "Average",
"Threshold": 0,
},
"Type": "AWS::CloudWatch::Alarm",
},
"TestTimestreamKinesisLambdaLambdaFunctionB7668DD3": Object {
"DependsOn": Array [
"TestTimestreamKinesisLambdaLambdaFunctionServiceRoleDefaultPolicy469FCFC6",
"TestTimestreamKinesisLambdaLambdaFunctionServiceRole1DFBA77A",
],
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W58",
"reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.",
},
Object {
"id": "W89",
"reason": "This is not a rule for the general case, just for specific use cases/industries",
},
Object {
"id": "W92",
"reason": "Impossible for us to define the correct concurrency for clients",
},
],
},
},
"Properties": Object {
"Code": Object {
"S3Bucket": "test-bucket-region",
"S3Key": "machine-to-cloud-connectivity-framework/v0.0.1-test/timestream-writer.zip",
},
"Description": "Machine to Cloud Connectivity Framework Timestream data writer function",
"Environment": Object {
"Variables": Object {
"LOGGING_LEVEL": "ERROR",
"SOLUTION_ID": "SO0070-Test",
"SOLUTION_VERSION": "v0.0.1-test",
"TIMESTREAM_DATABASE": Object {
"Fn::If": Array [
"TestTimestreamCreateTimestreamDatabaseDCDEE72E",
Object {
"Ref": "TestTimestreamDatabaseD9B9FB32",
},
"",
],
},
"TIMESTREAM_TABLE": Object {
"Fn::GetAtt": Array [
"TestTable",
"Name",
],
},
},
},
"Handler": "timestream-writer/index.handler",
"Role": Object {
"Fn::GetAtt": Array [
"TestTimestreamKinesisLambdaLambdaFunctionServiceRole1DFBA77A",
"Arn",
],
},
"Runtime": "nodejs16.x",
"Timeout": 30,
"TracingConfig": Object {
"Mode": "Active",
},
},
"Type": "AWS::Lambda::Function",
},
"TestTimestreamKinesisLambdaLambdaFunctionKinesisEventSourceTestTimestreamKinesisLambdaKinesisStreamE555AD84EA3892B3": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"BatchSize": 100,
"BisectBatchOnFunctionError": true,
"DestinationConfig": Object {
"OnFailure": Object {
"Destination": Object {
"Fn::GetAtt": Array [
"TestTimestreamKinesisLambdaSqsDlqQueue965BC5DD",
"Arn",
],
},
},
},
"EventSourceArn": Object {
"Fn::GetAtt": Array [
"TestTimestreamKinesisLambdaKinesisStreamD9ACCC8B",
"Arn",
],
},
"FunctionName": Object {
"Ref": "TestTimestreamKinesisLambdaLambdaFunctionB7668DD3",
},
"MaximumRecordAgeInSeconds": 86400,
"MaximumRetryAttempts": 500,
"StartingPosition": "TRIM_HORIZON",
},
"Type": "AWS::Lambda::EventSourceMapping",
},
"TestTimestreamKinesisLambdaLambdaFunctionServiceRole1DFBA77A": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"AssumeRolePolicyDocument": Object {
"Statement": Array [
Object {
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": Object {
"Service": "lambda.amazonaws.com",
},
},
],
"Version": "2012-10-17",
},
"Policies": Array [
Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
],
"Effect": "Allow",
"Resource": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":logs:",
Object {
"Ref": "AWS::Region",
},
":",
Object {
"Ref": "AWS::AccountId",
},
":log-group:/aws/lambda/*",
],
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "LambdaFunctionServiceRolePolicy",
},
],
},
"Type": "AWS::IAM::Role",
},
"TestTimestreamKinesisLambdaLambdaFunctionServiceRoleDefaultPolicy469FCFC6": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W12",
"reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"xray:PutTraceSegments",
"xray:PutTelemetryRecords",
],
"Effect": "Allow",
"Resource": "*",
},
Object {
"Action": Array [
"kinesis:DescribeStreamSummary",
"kinesis:GetRecords",
"kinesis:GetShardIterator",
"kinesis:ListShards",
"kinesis:SubscribeToShard",
"kinesis:DescribeStream",
"kinesis:ListStreams",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"TestTimestreamKinesisLambdaKinesisStreamD9ACCC8B",
"Arn",
],
},
},
Object {
"Action": Array [
"sqs:SendMessage",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
],
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"TestTimestreamKinesisLambdaSqsDlqQueue965BC5DD",
"Arn",
],
},
},
Object {
"Action": "kinesis:DescribeStream",
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"TestTimestreamKinesisLambdaKinesisStreamD9ACCC8B",
"Arn",
],
},
},
],
"Version": "2012-10-17",
},
"PolicyName": "TestTimestreamKinesisLambdaLambdaFunctionServiceRoleDefaultPolicy469FCFC6",
"Roles": Array [
Object {
"Ref": "TestTimestreamKinesisLambdaLambdaFunctionServiceRole1DFBA77A",
},
],
},
"Type": "AWS::IAM::Policy",
},
"TestTimestreamKinesisLambdaSqsDlqQueue965BC5DD": Object {
"DeletionPolicy": "Delete",
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"KmsMasterKeyId": "alias/aws/sqs",
},
"Type": "AWS::SQS::Queue",
"UpdateReplacePolicy": "Delete",
},
"TestTimestreamKinesisLambdaSqsDlqQueuePolicy5A20611D": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "It does not allow wildcard permissions.",
},
Object {
"id": "AwsSolutions-SQS3",
"reason": "SqsDlqQueue is the dead letter queue.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": Array [
"sqs:DeleteMessage",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:GetQueueAttributes",
"sqs:RemovePermission",
"sqs:AddPermission",
"sqs:SetQueueAttributes",
],
"Effect": "Allow",
"Principal": Object {
"AWS": Object {
"Fn::Join": Array [
"",
Array [
"arn:",
Object {
"Ref": "AWS::Partition",
},
":iam::",
Object {
"Ref": "AWS::AccountId",
},
":root",
],
],
},
},
"Resource": Object {
"Fn::GetAtt": Array [
"TestTimestreamKinesisLambdaSqsDlqQueue965BC5DD",
"Arn",
],
},
"Sid": "QueueOwnerOnlyAccess",
},
Object {
"Action": "SQS:*",
"Condition": Object {
"Bool": Object {
"aws:SecureTransport": "false",
},
},
"Effect": "Deny",
"Principal": Object {
"AWS": "*",
},
"Resource": Object {
"Fn::GetAtt": Array [
"TestTimestreamKinesisLambdaSqsDlqQueue965BC5DD",
"Arn",
],
},
"Sid": "HttpsOnly",
},
],
"Version": "2012-10-17",
},
"Queues": Array [
Object {
"Ref": "TestTimestreamKinesisLambdaSqsDlqQueue965BC5DD",
},
],
},
"Type": "AWS::SQS::QueuePolicy",
},
"TestTimestreamTimestreamPolicy68B07AB6": Object {
"Metadata": Object {
"cdk_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "AwsSolutions-IAM5",
"reason": "timestream:DescribeEndpoints cannot have specific resources.",
},
],
},
"cfn_nag": Object {
"rules_to_suppress": Array [
Object {
"id": "W12",
"reason": "timestream:DescribeEndpoints cannot have specific resources.",
},
],
},
},
"Properties": Object {
"PolicyDocument": Object {
"Statement": Array [
Object {
"Action": "timestream:WriteRecords",
"Effect": "Allow",
"Resource": Object {
"Fn::GetAtt": Array [
"TestTable",
"Arn",
],
},
},
Object {
"Action": "timestream:DescribeEndpoints",
"Effect": "Allow",
"Resource": "*",
},
],
"Version": "2012-10-17",
},
"PolicyName": "TestTimestreamTimestreamPolicy68B07AB6",
"Roles": Array [
Object {
"Ref": "TestTimestreamKinesisLambdaLambdaFunctionServiceRole1DFBA77A",
},
],
},
"Type": "AWS::IAM::Policy",
},
"TestTimestreamteardownTimestreamDatabase098BBBB7": Object {
"Condition": "TestCondition",
"DeletionPolicy": "Delete",
"Properties": Object {
"DatabaseName": Object {
"Fn::If": Array [
"TestTimestreamCreateTimestreamDatabaseDCDEE72E",
Object {
"Ref": "TestTimestreamDatabaseD9B9FB32",
},
"",
],
},
"Resource": "DeleteTimestreamDatabase",
"ServiceToken": "",
},
"Type": "AWS::CloudFormation::CustomResource",
"UpdateReplacePolicy": "Delete",
},
},
}
`;