// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`msam-iam-roles snapshot test 1`] = ` { "Description": "Media Services Application Mapper IAM Roles %%VERSION%%", "Outputs": { "MediaServicesApplicationMapperIAMModuleStackCoreRole5F5FCFE3Arn": { "Value": { "Fn::GetAtt": [ "CoreRoleDEAD5A5F", "Arn", ], }, }, "MediaServicesApplicationMapperIAMModuleStackDynamoDBRole0562A431Arn": { "Value": { "Fn::GetAtt": [ "DynamoDBRoleF375A6C0", "Arn", ], }, }, "MediaServicesApplicationMapperIAMModuleStackEventsRole2AFF40D1Arn": { "Value": { "Fn::GetAtt": [ "EventsRoleE25E4B25", "Arn", ], }, }, "MediaServicesApplicationMapperIAMModuleStackWebRole1122C569Arn": { "Value": { "Fn::GetAtt": [ "WebRoleCD6F4B98", "Arn", ], }, }, }, "Resources": { "CoreRoleDEAD5A5F": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "This role is used by a scanner requiring access to all resources within these services.", }, ], }, "cfn_nag": { "rules_to_suppress": [ { "id": "W11", "reason": "This role is used by a scanner requiring access to all resources within these services.", }, { "id": "W76", "reason": "This role is used by a scanner requiring access to all resources within these services.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "acm:ListCertificates", "application-autoscaling:DescribeScalableTargets", "application-autoscaling:DescribeScalingActivities", "application-autoscaling:DescribeScalingPolicies", "cloudfront:Get*", "cloudfront:List*", "cloudwatch:Describe*", "cloudwatch:DescribeAlarmHistory", "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmsForMetric", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics", "cloudwatch:PutMetricData", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:Scan", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", "ec2:DescribeVpcs", "iam:GetRole", "iam:ListRoles", "iam:ListServerCertificates", "lambda:Get*", "lambda:List*", "logs:CreateLogGroup", "logs:CreateLogStream", "logs:GetLogEvents", "logs:PutLogEvents", "route53:List*", "s3:Get*", "s3:List*", "sns:ListSubscriptions", "sns:ListSubscriptionsByTopic", "sns:ListTopics", "waf:GetWebACL", "waf:ListWebACLs", "ec2:Describe*", "lambda:InvokeFunction", "mediaconnect:Describe*", "mediaconnect:List*", "medialive:Describe*", "medialive:List*", "mediapackage:Describe*", "mediapackage:List*", "mediastore:Get*", "mediastore:List*", "mediatailor:Get*", "mediatailor:List*", "ssm:Get*", "ssm:List*", "ssm:SendCommand", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "CoreRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "DynamoDBRoleF375A6C0": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Resource ARNs are not known in advance.", }, { "id": "AwsSolutions-IAM5", "reason": "Resource ARNs are not known in advance.", }, ], }, "cfn_nag": { "rules_to_suppress": [ { "id": "W11", "reason": "Resource ARNs are not known in advance.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "dynamodb:PutItem", "dynamodb:GetItem", "ec2:DescribeRegions", ], "Effect": "Allow", "Resource": "*", "Sid": "VisualEditor0", }, ], "Version": "2012-10-17", }, "PolicyName": "DynamoDBRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "EventsRoleE25E4B25": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Resource ARNs are not known in advance.", }, { "id": "AwsSolutions-IAM5", "reason": "Resource ARNs are not known in advance.", }, ], }, "cfn_nag": { "rules_to_suppress": [ { "id": "W11", "reason": "Resource ARNs are not known in advance.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "cloudwatch:DescribeAlarms", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:UpdateItem", "mediapackage:Describe*", "medialive:Describe*", ], "Effect": "Allow", "Resource": "*", "Sid": "VisualEditor0", }, ], "Version": "2012-10-17", }, "PolicyName": "EventsRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, "InstallationGroup24D9ABEE": { "Type": "AWS::IAM::Group", }, "InstallationManagedPolicyDefinition92555B09": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Resource ARNs are not known in advance.", }, ], }, "cfn_nag": { "rules_to_suppress": [ { "id": "W13", "reason": "Resource ARNs are not known in advance.", }, { "id": "F5", "reason": "This policy is used by compartmentalized teams to install the solution.", }, { "id": "F39", "reason": "This policy is used by compartmentalized teams to install the solution.", }, ], }, }, "Properties": { "Description": "", "Path": "/", "PolicyDocument": { "Statement": [ { "Action": [ "apigateway:*", "cloudformation:*", "cloudfront:*", "cloudwatch:*", "dynamodb:*", "events:*", "lambda:*", "s3:*", "sns:*", "ssm:*", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::ManagedPolicy", }, "InstallationPolicy2BCFA67F": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "reason": "Resource ARNs are not known in advance.", }, ], }, "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Resource ARNs are not known in advance.", }, { "id": "F39", "reason": "Resource ARNs are not known in advance.", }, { "id": "F4", "reason": "This policy is used by compartmentalized teams to install the solution.", }, { "id": "F4", "reason": "This policy is used by compartmentalized teams to install the solution.", }, ], }, }, "Properties": { "Groups": [ { "Ref": "InstallationGroup24D9ABEE", }, ], "PolicyDocument": { "Statement": [ { "Action": [ "apigateway:*", "cloudformation:*", "cloudfront:*", "cloudwatch:*", "dynamodb:*", "events:*", "iam:*", "lambda:*", "s3:*", "sns:*", "ssm:*", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "MSAM-Installation-Policy", }, "Type": "AWS::IAM::Policy", }, "WebRoleCD6F4B98": { "Metadata": { "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "reason": "Resource ARNs are not known in advance.", }, { "id": "AwsSolutions-IAM5", "reason": "Resource ARNs are not known in advance.", }, ], }, "cfn_nag": { "rules_to_suppress": [ { "id": "W11", "reason": "Resource ARNs are not known in advance.", }, ], }, }, "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com", }, }, ], "Version": "2012-10-17", }, "ManagedPolicyArns": [ "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", ], "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "s3:PutObject", "s3:ListBucket", "s3:DeleteObject", "s3:PutObjectAcl", "cloudfront:CreateInvalidation", ], "Effect": "Allow", "Resource": "*", "Sid": "VisualEditor0", }, ], "Version": "2012-10-17", }, "PolicyName": "WebRolePolicy", }, ], }, "Type": "AWS::IAM::Role", }, }, } `;