{ "Description": "(SO0005) - quota-monitor-for-aws version:v6.2.1 - Hub Template", "AWSTemplateFormatVersion": "2010-09-09", "Metadata": { "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "Deployment Configuration" }, "Parameters": [ "DeploymentModel", "RegionsList" ] }, { "Label": { "default": "Stackset Deployment Options" }, "Parameters": [ "RegionConcurrency", "MaxConcurrentPercentage", "FailureTolerancePercentage" ] }, { "Label": { "default": "Notification Configuration" }, "Parameters": [ "SNSEmail", "SlackNotification" ] } ], "ParameterLabels": { "DeploymentModel": { "default": "Do you want to monitor quotas across Organizational Units, Accounts or both?" }, "SNSEmail": { "default": "Email address for notifications" }, "SlackNotification": { "default": "Do you want slack notifications?" }, "RegionsList": { "default": "List of regions to deploy resources to monitor service quotas" }, "RegionConcurrencyType": { "default": "Region Concurrency" }, "MaxConcurrentPercentage": { "default": "Percentage Maximum concurrent accounts" }, "FailureTolerancePercentage": { "default": "Percentage Failure tolerance" } } } }, "Parameters": { "SNSEmail": { "Type": "String", "Default": "", "Description": "To disable email notifications, leave this blank." }, "SlackNotification": { "Type": "String", "Default": "No", "AllowedValues": [ "Yes", "No" ] }, "DeploymentModel": { "Type": "String", "Default": "Organizations", "AllowedValues": [ "Organizations", "Hybrid" ] }, "RegionsList": { "Type": "String", "Default": "ALL", "Description": "Comma separated list of regions like us-east-1,us-east-2 or ALL or leave it blank for ALL" }, "RegionConcurrency": { "Type": "String", "Default": "PARALLEL", "AllowedValues": [ "PARALLEL", "SEQUENTIAL" ], "Description": "Choose to deploy StackSets into regions sequentially or in parallel" }, "MaxConcurrentPercentage": { "Type": "Number", "Default": 100, "Description": "Percentage of accounts per region to which you can deploy stacks at one time. The higher the number, the faster the operation", "MaxValue": 100, "MinValue": 1 }, "FailureTolerancePercentage": { "Type": "Number", "Default": 0, "Description": "Percentage of account, per region, for which stacks can fail before CloudFormation stops the operation in that region. If the operation is stopped in one region, it does not continue in other regions. The lower the number the safer the operation", "MaxValue": 100, "MinValue": 0 } }, "Mappings": { "QuotaMonitorMap": { "Metrics": { "SendAnonymizedData": "Yes", "MetricsEndpoint": "https://metrics.awssolutionsbuilder.com/generic" }, "SSMParameters": { "SlackHook": "/QuotaMonitor/SlackHook", "Accounts": "/QuotaMonitor/Accounts", "OrganizationalUnits": "/QuotaMonitor/OUs", "NotificationMutingConfig": "/QuotaMonitor/NotificationConfiguration", "RegionsList": "/QuotaMonitor/RegionsToDeploy" } } }, "Conditions": { "EmailTrueCondition": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "SNSEmail" }, "" ] } ] }, "SlackTrueCondition": { "Fn::Equals": [ { "Ref": "SlackNotification" }, "Yes" ] }, "AccountDeployCondition": { "Fn::Equals": [ { "Ref": "DeploymentModel" }, "Hybrid" ] }, "CDKMetadataAvailable": { "Fn::Or": [ { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "af-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-north-1" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-northwest-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "sa-east-1" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-2" ] } ] } ] } }, "Resources": { "QMBusFF5C6C0C": { "Type": "AWS::Events::EventBus", "Properties": { "Name": "QuotaMonitorBus" }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Bus/Resource" } }, "KMSHubQMEncryptionKeyA80F8C05": { "Type": "AWS::KMS::Key", "Properties": { "KeyPolicy": { "Statement": [ { "Action": "kms:*", "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::", { "Ref": "AWS::AccountId" }, ":root" ] ] } }, "Resource": "*" }, { "Action": [ "kms:Decrypt", "kms:Encrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*" ], "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Resource": "*" } ], "Version": "2012-10-17" }, "Description": "CMK for AWS resources provisioned by Quota Monitor in this account", "Enabled": true, "EnableKeyRotation": true }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "quota-monitor-hub/KMS-Hub/QM-EncryptionKey/Resource" } }, "KMSHubQMEncryptionKeyAlias6C248240": { "Type": "AWS::KMS::Alias", "Properties": { "AliasName": "alias/CMK-KMS-Hub", "TargetKeyId": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/KMS-Hub/QM-EncryptionKey/Alias/Resource" } }, "QMSlackHook4F1AD495": { "Type": "AWS::SSM::Parameter", "Properties": { "Type": "String", "Value": "NOP", "Description": "Slack Hook URL to send Quota Monitor events", "Name": { "Fn::FindInMap": [ "QuotaMonitorMap", "SSMParameters", "SlackHook" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SlackHook/Resource" }, "Condition": "SlackTrueCondition" }, "QMOUs122D8EB4": { "Type": "AWS::SSM::Parameter", "Properties": { "Type": "StringList", "Value": "NOP", "Description": "List of target Organizational Units", "Name": { "Fn::FindInMap": [ "QuotaMonitorMap", "SSMParameters", "OrganizationalUnits" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-OUs/Resource" } }, "QMAccounts3D743F6B": { "Type": "AWS::SSM::Parameter", "Properties": { "Type": "StringList", "Value": "NOP", "Description": "List of target Accounts", "Name": { "Fn::FindInMap": [ "QuotaMonitorMap", "SSMParameters", "Accounts" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Accounts/Resource" }, "Condition": "AccountDeployCondition" }, "QMNotificationMutingConfig3B7948BA": { "Type": "AWS::SSM::Parameter", "Properties": { "Type": "StringList", "Value": "NOP", "Description": "Muting configuration for services, limits e.g. ec2:L-1216C47A,ec2:Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances,dynamodb,logs:*,geo:L-05EFD12D", "Name": { "Fn::FindInMap": [ "QuotaMonitorMap", "SSMParameters", "NotificationMutingConfig" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-NotificationMutingConfig/Resource" } }, "QMRegionsList17794003": { "Type": "AWS::SSM::Parameter", "Properties": { "Type": "StringList", "Value": { "Ref": "RegionsList" }, "Description": "list of regions to deploy spoke resources (eg. us-east-1,us-west-2)", "Name": { "Fn::FindInMap": [ "QuotaMonitorMap", "SSMParameters", "RegionsList" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-RegionsList/Resource" } }, "QMUtilsLayerQMUtilsLayerLayer80D5D993": { "Type": "AWS::Lambda::LayerVersion", "Properties": { "Content": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "quota-monitor-for-aws/v6.2.1/asset81614929e374f7931dfaaabf04bb969f72fcacc1ee083173711b38ce460307a9.zip" }, "CompatibleRuntimes": [ "nodejs16.x" ], "LayerName": "QM-UtilsLayer" }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-UtilsLayer/QM-UtilsLayer-Layer/Resource", "aws:asset:path": "asset.81614929e374f7931dfaaabf04bb969f72fcacc1ee083173711b38ce460307a9.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Content" } }, "QMHelperQMHelperFunctionServiceRole0506622D": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Helper/QM-Helper-Function/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMHelperQMHelperFunction91954E97": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "quota-monitor-for-aws/v6.2.1/assetbafc67a78bd93e6b69f271fe9a700890ee1719988f867959a90914e0fd18d72c.zip" }, "Role": { "Fn::GetAtt": [ "QMHelperQMHelperFunctionServiceRole0506622D", "Arn" ] }, "Description": "SO0005 quota-monitor-for-aws - QM-Helper-Function", "Environment": { "Variables": { "METRICS_ENDPOINT": { "Fn::FindInMap": [ "QuotaMonitorMap", "Metrics", "MetricsEndpoint" ] }, "SEND_METRIC": { "Fn::FindInMap": [ "QuotaMonitorMap", "Metrics", "SendAnonymizedData" ] }, "QM_STACK_ID": "quota-monitor-hub", "QM_SLACK_NOTIFICATION": { "Ref": "SlackNotification" }, "QM_EMAIL_NOTIFICATION": { "Fn::If": [ "EmailTrueCondition", "Yes", "No" ] }, "LOG_LEVEL": "info", "CUSTOM_SDK_USER_AGENT": "AwsSolution/SO0005/v6.2.1", "VERSION": "v6.2.1", "SOLUTION_ID": "SO0005" } }, "Handler": "index.handler", "Layers": [ { "Ref": "QMUtilsLayerQMUtilsLayerLayer80D5D993" } ], "MemorySize": 128, "Runtime": "nodejs16.x", "Timeout": 5 }, "DependsOn": [ "QMHelperQMHelperFunctionServiceRole0506622D" ], "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Helper/QM-Helper-Function/Resource", "aws:asset:path": "asset.bafc67a78bd93e6b69f271fe9a700890ee1719988f867959a90914e0fd18d72c.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMHelperQMHelperFunctionEventInvokeConfig580F9F5F": { "Type": "AWS::Lambda::EventInvokeConfig", "Properties": { "FunctionName": { "Ref": "QMHelperQMHelperFunction91954E97" }, "Qualifier": "$LATEST", "MaximumEventAgeInSeconds": 14400 }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Helper/QM-Helper-Function/EventInvokeConfig/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMHelperQMHelperProviderframeworkonEventServiceRole4A1EBBAB": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Helper/QM-Helper-Provider/framework-onEvent/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "IAM policy is appropriated scoped, ARN is provided in policy resource, false warning", "id": "AwsSolutions-IAM5" }, { "reason": "Lambda function created by Provider L2 construct uses nodejs 14, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMHelperQMHelperProviderframeworkonEventServiceRoleDefaultPolicy86C1FCC1": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "QMHelperQMHelperFunction91954E97", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "QMHelperQMHelperFunction91954E97", "Arn" ] }, ":*" ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "QMHelperQMHelperProviderframeworkonEventServiceRoleDefaultPolicy86C1FCC1", "Roles": [ { "Ref": "QMHelperQMHelperProviderframeworkonEventServiceRole4A1EBBAB" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Helper/QM-Helper-Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "IAM policy is appropriated scoped, ARN is provided in policy resource, false warning", "id": "AwsSolutions-IAM5" }, { "reason": "Lambda function created by Provider L2 construct uses nodejs 14, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMHelperQMHelperProviderframeworkonEventB1DF6D3F": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "quota-monitor-for-aws/v6.2.1/asset8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip" }, "Role": { "Fn::GetAtt": [ "QMHelperQMHelperProviderframeworkonEventServiceRole4A1EBBAB", "Arn" ] }, "Description": "AWS CDK resource provider framework - onEvent (quota-monitor-hub/QM-Helper/QM-Helper-Provider)", "Environment": { "Variables": { "USER_ON_EVENT_FUNCTION_ARN": { "Fn::GetAtt": [ "QMHelperQMHelperFunction91954E97", "Arn" ] } } }, "Handler": "framework.onEvent", "Runtime": "nodejs14.x", "Timeout": 900 }, "DependsOn": [ "QMHelperQMHelperProviderframeworkonEventServiceRoleDefaultPolicy86C1FCC1", "QMHelperQMHelperProviderframeworkonEventServiceRole4A1EBBAB" ], "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Helper/QM-Helper-Provider/framework-onEvent/Resource", "aws:asset:path": "asset.8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "IAM policy is appropriated scoped, ARN is provided in policy resource, false warning", "id": "AwsSolutions-IAM5" }, { "reason": "Lambda function created by Provider L2 construct uses nodejs 14, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMHelperCreateUUIDE0D423E6": { "Type": "Custom::CreateUUID", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "QMHelperQMHelperProviderframeworkonEventB1DF6D3F", "Arn" ] } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Helper/CreateUUID/Default" } }, "QMHelperLaunchData6F23B2C3": { "Type": "Custom::LaunchData", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "QMHelperQMHelperProviderframeworkonEventB1DF6D3F", "Arn" ] }, "SOLUTION_UUID": { "Fn::GetAtt": [ "QMHelperCreateUUIDE0D423E6", "UUID" ] } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Helper/LaunchData/Default" } }, "QMSlackNotifierQMSlackNotifierEventsRuleC3528E53": { "Type": "AWS::Events::Rule", "Properties": { "Description": "SO0005 quota-monitor-for-aws - QM-SlackNotifier-EventsRule", "EventBusName": { "Ref": "QMBusFF5C6C0C" }, "EventPattern": { "detail": { "status": [ "WARN", "ERROR" ] }, "detail-type": [ "Trusted Advisor Check Item Refresh Notification", "Service Quotas Utilization Notification" ], "source": [ "aws.trustedadvisor", "aws-solutions.quota-monitor" ] }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "QMSlackNotifierQMSlackNotifierLambda95713661", "Arn" ] }, "Id": "Target0" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SlackNotifier/QM-SlackNotifier-EventsRule/Resource" }, "Condition": "SlackTrueCondition" }, "QMSlackNotifierQMSlackNotifierEventsRuleAllowEventRulequotamonitorhubQMSlackNotifierQMSlackNotifierLambdaA984BF97821BEA4A": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "QMSlackNotifierQMSlackNotifierLambda95713661", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "QMSlackNotifierQMSlackNotifierEventsRuleC3528E53", "Arn" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SlackNotifier/QM-SlackNotifier-EventsRule/AllowEventRulequotamonitorhubQMSlackNotifierQMSlackNotifierLambdaA984BF97" }, "Condition": "SlackTrueCondition" }, "QMSlackNotifierQMSlackNotifierLambdaDeadLetterQueue74B865F7": { "Type": "AWS::SQS::Queue", "Properties": { "KmsMasterKeyId": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SlackNotifier/QM-SlackNotifier-Lambda-Dead-Letter-Queue/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "Queue itself is dead-letter queue", "id": "AwsSolutions-SQS3" } ] } }, "Condition": "SlackTrueCondition" }, "QMSlackNotifierQMSlackNotifierLambdaDeadLetterQueuePolicy719E4C6A": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": { "Fn::GetAtt": [ "QMSlackNotifierQMSlackNotifierLambdaDeadLetterQueue74B865F7", "Arn" ] } } ], "Version": "2012-10-17" }, "Queues": [ { "Ref": "QMSlackNotifierQMSlackNotifierLambdaDeadLetterQueue74B865F7" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SlackNotifier/QM-SlackNotifier-Lambda-Dead-Letter-Queue/Policy/Resource" }, "Condition": "SlackTrueCondition" }, "QMSlackNotifierQMSlackNotifierLambdaServiceRole6342FD1D": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SlackNotifier/QM-SlackNotifier-Lambda/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } }, "Condition": "SlackTrueCondition" }, "QMSlackNotifierQMSlackNotifierLambdaServiceRoleDefaultPolicy4C4D219B": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:SendMessage", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "QMSlackNotifierQMSlackNotifierLambdaDeadLetterQueue74B865F7", "Arn" ] } }, { "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:CreateGrant" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] } }, { "Action": "kms:ListAliases", "Effect": "Allow", "Resource": "*" }, { "Action": "ssm:GetParameter", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ssm:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":parameter", { "Ref": "QMSlackHook4F1AD495" } ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ssm:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":parameter", { "Ref": "QMNotificationMutingConfig3B7948BA" } ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "QMSlackNotifierQMSlackNotifierLambdaServiceRoleDefaultPolicy4C4D219B", "Roles": [ { "Ref": "QMSlackNotifierQMSlackNotifierLambdaServiceRole6342FD1D" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SlackNotifier/QM-SlackNotifier-Lambda/ServiceRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } }, "Condition": "SlackTrueCondition" }, "QMSlackNotifierQMSlackNotifierLambda95713661": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "quota-monitor-for-aws/v6.2.1/assete9f488d448f7734a99cdee3d53b04ef31aa86e92ddb7fced02dc862b28e575dc.zip" }, "Role": { "Fn::GetAtt": [ "QMSlackNotifierQMSlackNotifierLambdaServiceRole6342FD1D", "Arn" ] }, "DeadLetterConfig": { "TargetArn": { "Fn::GetAtt": [ "QMSlackNotifierQMSlackNotifierLambdaDeadLetterQueue74B865F7", "Arn" ] } }, "Description": "SO0005 quota-monitor-for-aws - QM-SlackNotifier-Lambda", "Environment": { "Variables": { "SLACK_HOOK": { "Fn::FindInMap": [ "QuotaMonitorMap", "SSMParameters", "SlackHook" ] }, "QM_NOTIFICATION_MUTING_CONFIG_PARAMETER": { "Ref": "QMNotificationMutingConfig3B7948BA" }, "LOG_LEVEL": "info", "CUSTOM_SDK_USER_AGENT": "AwsSolution/SO0005/v6.2.1", "VERSION": "v6.2.1", "SOLUTION_ID": "SO0005" } }, "Handler": "index.handler", "KmsKeyArn": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] }, "Layers": [ { "Ref": "QMUtilsLayerQMUtilsLayerLayer80D5D993" } ], "MemorySize": 128, "Runtime": "nodejs16.x", "Timeout": 60 }, "DependsOn": [ "QMSlackNotifierQMSlackNotifierLambdaServiceRoleDefaultPolicy4C4D219B", "QMSlackNotifierQMSlackNotifierLambdaServiceRole6342FD1D" ], "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SlackNotifier/QM-SlackNotifier-Lambda/Resource", "aws:asset:path": "asset.e9f488d448f7734a99cdee3d53b04ef31aa86e92ddb7fced02dc862b28e575dc.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } }, "Condition": "SlackTrueCondition" }, "QMSlackNotifierQMSlackNotifierLambdaEventInvokeConfig5340A982": { "Type": "AWS::Lambda::EventInvokeConfig", "Properties": { "FunctionName": { "Ref": "QMSlackNotifierQMSlackNotifierLambda95713661" }, "Qualifier": "$LATEST", "MaximumEventAgeInSeconds": 14400 }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SlackNotifier/QM-SlackNotifier-Lambda/EventInvokeConfig/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } }, "Condition": "SlackTrueCondition" }, "QMSNSPublisherQMSNSPublisherSNSTopic7EE2EBF4": { "Type": "AWS::SNS::Topic", "Properties": { "KmsMasterKeyId": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SNSPublisher/QM-SNSPublisher-SNSTopic/Resource" } }, "QMSNSPublisherFunctionQMSNSPublisherFunctionEventsRule5BDCD4FD": { "Type": "AWS::Events::Rule", "Properties": { "Description": "SO0005 quota-monitor-for-aws - QM-SNSPublisherFunction-EventsRule", "EventBusName": { "Ref": "QMBusFF5C6C0C" }, "EventPattern": { "detail": { "status": [ "WARN", "ERROR" ] }, "detail-type": [ "Trusted Advisor Check Item Refresh Notification", "Service Quotas Utilization Notification" ], "source": [ "aws.trustedadvisor", "aws-solutions.quota-monitor" ] }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "QMSNSPublisherFunctionQMSNSPublisherFunctionLambda8BD2DBC1", "Arn" ] }, "Id": "Target0" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SNSPublisherFunction/QM-SNSPublisherFunction-EventsRule/Resource" } }, "QMSNSPublisherFunctionQMSNSPublisherFunctionEventsRuleAllowEventRulequotamonitorhubQMSNSPublisherFunctionQMSNSPublisherFunctionLambda63811E436D38C90C": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "QMSNSPublisherFunctionQMSNSPublisherFunctionLambda8BD2DBC1", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "QMSNSPublisherFunctionQMSNSPublisherFunctionEventsRule5BDCD4FD", "Arn" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SNSPublisherFunction/QM-SNSPublisherFunction-EventsRule/AllowEventRulequotamonitorhubQMSNSPublisherFunctionQMSNSPublisherFunctionLambda63811E43" } }, "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaDeadLetterQueue72FF519A": { "Type": "AWS::SQS::Queue", "Properties": { "KmsMasterKeyId": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SNSPublisherFunction/QM-SNSPublisherFunction-Lambda-Dead-Letter-Queue/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "Queue itself is dead-letter queue", "id": "AwsSolutions-SQS3" } ] } } }, "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaDeadLetterQueuePolicyBA6A8707": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": { "Fn::GetAtt": [ "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaDeadLetterQueue72FF519A", "Arn" ] } } ], "Version": "2012-10-17" }, "Queues": [ { "Ref": "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaDeadLetterQueue72FF519A" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SNSPublisherFunction/QM-SNSPublisherFunction-Lambda-Dead-Letter-Queue/Policy/Resource" } }, "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaServiceRoleA2F00B10": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SNSPublisherFunction/QM-SNSPublisherFunction-Lambda/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaServiceRoleDefaultPolicy1E6E152C": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:SendMessage", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaDeadLetterQueue72FF519A", "Arn" ] } }, { "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:CreateGrant" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] } }, { "Action": "kms:ListAliases", "Effect": "Allow", "Resource": "*" }, { "Action": "SNS:Publish", "Effect": "Allow", "Resource": { "Ref": "QMSNSPublisherQMSNSPublisherSNSTopic7EE2EBF4" } }, { "Action": "kms:GenerateDataKey", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] } }, { "Action": "ssm:GetParameter", "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ssm:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":parameter", { "Ref": "QMNotificationMutingConfig3B7948BA" } ] ] } } ], "Version": "2012-10-17" }, "PolicyName": "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaServiceRoleDefaultPolicy1E6E152C", "Roles": [ { "Ref": "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaServiceRoleA2F00B10" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SNSPublisherFunction/QM-SNSPublisherFunction-Lambda/ServiceRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMSNSPublisherFunctionQMSNSPublisherFunctionLambda8BD2DBC1": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "quota-monitor-for-aws/v6.2.1/asset1bfa0e5f1118cfcb001d118fe35942ca947c2e6ae31671605111ebec0c712e72.zip" }, "Role": { "Fn::GetAtt": [ "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaServiceRoleA2F00B10", "Arn" ] }, "DeadLetterConfig": { "TargetArn": { "Fn::GetAtt": [ "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaDeadLetterQueue72FF519A", "Arn" ] } }, "Description": "SO0005 quota-monitor-for-aws - QM-SNSPublisherFunction-Lambda", "Environment": { "Variables": { "QM_NOTIFICATION_MUTING_CONFIG_PARAMETER": { "Ref": "QMNotificationMutingConfig3B7948BA" }, "SOLUTION_UUID": { "Fn::GetAtt": [ "QMHelperCreateUUIDE0D423E6", "UUID" ] }, "METRICS_ENDPOINT": { "Fn::FindInMap": [ "QuotaMonitorMap", "Metrics", "MetricsEndpoint" ] }, "SEND_METRIC": { "Fn::FindInMap": [ "QuotaMonitorMap", "Metrics", "SendAnonymizedData" ] }, "TOPIC_ARN": { "Ref": "QMSNSPublisherQMSNSPublisherSNSTopic7EE2EBF4" }, "LOG_LEVEL": "info", "CUSTOM_SDK_USER_AGENT": "AwsSolution/SO0005/v6.2.1", "VERSION": "v6.2.1", "SOLUTION_ID": "SO0005" } }, "Handler": "index.handler", "KmsKeyArn": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] }, "Layers": [ { "Ref": "QMUtilsLayerQMUtilsLayerLayer80D5D993" } ], "MemorySize": 128, "Runtime": "nodejs16.x", "Timeout": 60 }, "DependsOn": [ "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaServiceRoleDefaultPolicy1E6E152C", "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaServiceRoleA2F00B10" ], "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SNSPublisherFunction/QM-SNSPublisherFunction-Lambda/Resource", "aws:asset:path": "asset.1bfa0e5f1118cfcb001d118fe35942ca947c2e6ae31671605111ebec0c712e72.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMSNSPublisherFunctionQMSNSPublisherFunctionLambdaEventInvokeConfig7A963AA0": { "Type": "AWS::Lambda::EventInvokeConfig", "Properties": { "FunctionName": { "Ref": "QMSNSPublisherFunctionQMSNSPublisherFunctionLambda8BD2DBC1" }, "Qualifier": "$LATEST", "MaximumEventAgeInSeconds": 14400 }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SNSPublisherFunction/QM-SNSPublisherFunction-Lambda/EventInvokeConfig/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMEmailSubscription32E71F90": { "Type": "AWS::SNS::Subscription", "Properties": { "Protocol": "email", "TopicArn": { "Ref": "QMSNSPublisherQMSNSPublisherSNSTopic7EE2EBF4" }, "Endpoint": { "Ref": "SNSEmail" } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-EmailSubscription/Resource" }, "Condition": "EmailTrueCondition" }, "QMSummarizerEventQueueQMSummarizerEventQueueEventsRuleE50B8D7C": { "Type": "AWS::Events::Rule", "Properties": { "Description": "SO0005 quota-monitor-for-aws - QM-Summarizer-EventQueue-EventsRule", "EventBusName": { "Ref": "QMBusFF5C6C0C" }, "EventPattern": { "detail": { "status": [ "OK", "WARN", "ERROR" ] }, "detail-type": [ "Trusted Advisor Check Item Refresh Notification", "Service Quotas Utilization Notification" ], "source": [ "aws.trustedadvisor", "aws-solutions.quota-monitor" ] }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "QMSummarizerEventQueueQMSummarizerEventQueueQueue95FCCD2A", "Arn" ] }, "Id": "Target0" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Summarizer-EventQueue/QM-Summarizer-EventQueue-EventsRule/Resource" } }, "QMSummarizerEventQueueQMSummarizerEventQueueQueue95FCCD2A": { "Type": "AWS::SQS::Queue", "Properties": { "KmsMasterKeyId": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] }, "VisibilityTimeout": 60 }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Summarizer-EventQueue/QM-Summarizer-EventQueue-Queue/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "dlq not implemented on sqs, will evaluate in future if there is need", "id": "AwsSolutions-SQS3" } ] } } }, "QMSummarizerEventQueueQMSummarizerEventQueueQueuePolicyE7E1F6D8": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": { "Fn::GetAtt": [ "QMSummarizerEventQueueQMSummarizerEventQueueQueue95FCCD2A", "Arn" ] } }, { "Action": [ "sqs:SendMessage", "sqs:GetQueueAttributes", "sqs:GetQueueUrl" ], "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" }, "Resource": { "Fn::GetAtt": [ "QMSummarizerEventQueueQMSummarizerEventQueueQueue95FCCD2A", "Arn" ] } } ], "Version": "2012-10-17" }, "Queues": [ { "Ref": "QMSummarizerEventQueueQMSummarizerEventQueueQueue95FCCD2A" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Summarizer-EventQueue/QM-Summarizer-EventQueue-Queue/Policy/Resource" } }, "QMTable336670B0": { "Type": "AWS::DynamoDB::Table", "Properties": { "KeySchema": [ { "AttributeName": "MessageId", "KeyType": "HASH" }, { "AttributeName": "TimeStamp", "KeyType": "RANGE" } ], "AttributeDefinitions": [ { "AttributeName": "MessageId", "AttributeType": "S" }, { "AttributeName": "TimeStamp", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "SSESpecification": { "KMSMasterKeyId": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] }, "SSEEnabled": true, "SSEType": "KMS" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Table/Resource" } }, "QMReporterQMReporterEventsRule0BF77282": { "Type": "AWS::Events::Rule", "Properties": { "Description": "SO0005 quota-monitor-for-aws - QM-Reporter-EventsRule", "ScheduleExpression": "rate(5 minutes)", "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "QMReporterQMReporterLambda7D98A6E4", "Arn" ] }, "Id": "Target0" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Reporter/QM-Reporter-EventsRule/Resource" } }, "QMReporterQMReporterEventsRuleAllowEventRulequotamonitorhubQMReporterQMReporterLambda676D2E786A3BE915": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "QMReporterQMReporterLambda7D98A6E4", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "QMReporterQMReporterEventsRule0BF77282", "Arn" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Reporter/QM-Reporter-EventsRule/AllowEventRulequotamonitorhubQMReporterQMReporterLambda676D2E78" } }, "QMReporterQMReporterLambdaDeadLetterQueueA0C464BC": { "Type": "AWS::SQS::Queue", "Properties": { "KmsMasterKeyId": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Reporter/QM-Reporter-Lambda-Dead-Letter-Queue/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "Queue itself is dead-letter queue", "id": "AwsSolutions-SQS3" } ] } } }, "QMReporterQMReporterLambdaDeadLetterQueuePolicyE714847D": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": { "Fn::GetAtt": [ "QMReporterQMReporterLambdaDeadLetterQueueA0C464BC", "Arn" ] } } ], "Version": "2012-10-17" }, "Queues": [ { "Ref": "QMReporterQMReporterLambdaDeadLetterQueueA0C464BC" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Reporter/QM-Reporter-Lambda-Dead-Letter-Queue/Policy/Resource" } }, "QMReporterQMReporterLambdaServiceRoleBA4CED84": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Reporter/QM-Reporter-Lambda/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMReporterQMReporterLambdaServiceRoleDefaultPolicyC6B87A76": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:SendMessage", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "QMReporterQMReporterLambdaDeadLetterQueueA0C464BC", "Arn" ] } }, { "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:CreateGrant" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] } }, { "Action": "kms:ListAliases", "Effect": "Allow", "Resource": "*" }, { "Action": [ "sqs:DeleteMessage", "sqs:ReceiveMessage" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "QMSummarizerEventQueueQMSummarizerEventQueueQueue95FCCD2A", "Arn" ] } }, { "Action": [ "dynamodb:GetItem", "dynamodb:PutItem" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "QMTable336670B0", "Arn" ] } } ], "Version": "2012-10-17" }, "PolicyName": "QMReporterQMReporterLambdaServiceRoleDefaultPolicyC6B87A76", "Roles": [ { "Ref": "QMReporterQMReporterLambdaServiceRoleBA4CED84" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Reporter/QM-Reporter-Lambda/ServiceRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMReporterQMReporterLambda7D98A6E4": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "quota-monitor-for-aws/v6.2.1/asset2138eaa657692b8299e14a5ca8dfc9d275d35daa5c2e9fbf2596ebb50bdd323a.zip" }, "Role": { "Fn::GetAtt": [ "QMReporterQMReporterLambdaServiceRoleBA4CED84", "Arn" ] }, "DeadLetterConfig": { "TargetArn": { "Fn::GetAtt": [ "QMReporterQMReporterLambdaDeadLetterQueueA0C464BC", "Arn" ] } }, "Description": "SO0005 quota-monitor-for-aws - QM-Reporter-Lambda", "Environment": { "Variables": { "QUOTA_TABLE": { "Ref": "QMTable336670B0" }, "SQS_URL": { "Ref": "QMSummarizerEventQueueQMSummarizerEventQueueQueue95FCCD2A" }, "MAX_MESSAGES": "10", "MAX_LOOPS": "10", "LOG_LEVEL": "info", "CUSTOM_SDK_USER_AGENT": "AwsSolution/SO0005/v6.2.1", "VERSION": "v6.2.1", "SOLUTION_ID": "SO0005" } }, "Handler": "index.handler", "KmsKeyArn": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] }, "Layers": [ { "Ref": "QMUtilsLayerQMUtilsLayerLayer80D5D993" } ], "MemorySize": 512, "Runtime": "nodejs16.x", "Timeout": 10 }, "DependsOn": [ "QMReporterQMReporterLambdaServiceRoleDefaultPolicyC6B87A76", "QMReporterQMReporterLambdaServiceRoleBA4CED84" ], "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Reporter/QM-Reporter-Lambda/Resource", "aws:asset:path": "asset.2138eaa657692b8299e14a5ca8dfc9d275d35daa5c2e9fbf2596ebb50bdd323a.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMReporterQMReporterLambdaEventInvokeConfig07548BFA": { "Type": "AWS::Lambda::EventInvokeConfig", "Properties": { "FunctionName": { "Ref": "QMReporterQMReporterLambda7D98A6E4" }, "Qualifier": "$LATEST", "MaximumEventAgeInSeconds": 14400 }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Reporter/QM-Reporter-Lambda/EventInvokeConfig/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMTAStackSet": { "Type": "AWS::CloudFormation::StackSet", "Properties": { "PermissionModel": "SERVICE_MANAGED", "StackSetName": "QM-TA-Spoke-StackSet", "AutoDeployment": { "Enabled": true, "RetainStacksOnAccountRemoval": false }, "CallAs": "DELEGATED_ADMIN", "Capabilities": [ "CAPABILITY_IAM" ], "Description": "StackSet for deploying Quota Monitor Trusted Advisor spokes in Organization", "ManagedExecution": { "Active": true }, "Parameters": [ { "ParameterKey": "EventBusArn", "ParameterValue": { "Fn::GetAtt": [ "QMBusFF5C6C0C", "Arn" ] } } ], "TemplateURL": { "Fn::Sub": "https://solutions-${AWS::Region}.s3.${AWS::Region}.amazonaws.com/quota-monitor-for-aws/v6.2.1/quota-monitor-ta-spoke.template" } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-TA-StackSet" } }, "QMSQStackSet": { "Type": "AWS::CloudFormation::StackSet", "Properties": { "PermissionModel": "SERVICE_MANAGED", "StackSetName": "QM-SQ-Spoke-StackSet", "AutoDeployment": { "Enabled": true, "RetainStacksOnAccountRemoval": false }, "CallAs": "DELEGATED_ADMIN", "Capabilities": [ "CAPABILITY_IAM" ], "Description": "StackSet for deploying Quota Monitor Service Quota spokes in Organization", "ManagedExecution": { "Active": true }, "Parameters": [ { "ParameterKey": "EventBusArn", "ParameterValue": { "Fn::GetAtt": [ "QMBusFF5C6C0C", "Arn" ] } } ], "TemplateURL": { "Fn::Sub": "https://solutions-${AWS::Region}.s3.${AWS::Region}.amazonaws.com/quota-monitor-for-aws/v6.2.1/quota-monitor-sq-spoke.template" } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-SQ-StackSet" } }, "QMDeploymentManagerQMDeploymentManagerEventsRule53DB2DA9": { "Type": "AWS::Events::Rule", "Properties": { "Description": "SO0005 quota-monitor-for-aws - QM-Deployment-Manager-EventsRule", "EventPattern": { "detail-type": [ "Parameter Store Change" ], "source": [ "aws.ssm" ], "resources": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ssm:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":parameter", { "Ref": "QMOUs122D8EB4" } ] ] }, { "Fn::If": [ "AccountDeployCondition", { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ssm:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":parameter", { "Ref": "QMAccounts3D743F6B" } ] ] }, { "Ref": "AWS::NoValue" } ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ssm:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":parameter", { "Ref": "QMRegionsList17794003" } ] ] } ] }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "QMDeploymentManagerQMDeploymentManagerLambdaB36F1B21", "Arn" ] }, "Id": "Target0" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Deployment-Manager/QM-Deployment-Manager-EventsRule/Resource" } }, "QMDeploymentManagerQMDeploymentManagerEventsRuleAllowEventRulequotamonitorhubQMDeploymentManagerQMDeploymentManagerLambda8FAD8D8E9E4893B8": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "QMDeploymentManagerQMDeploymentManagerLambdaB36F1B21", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "QMDeploymentManagerQMDeploymentManagerEventsRule53DB2DA9", "Arn" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Deployment-Manager/QM-Deployment-Manager-EventsRule/AllowEventRulequotamonitorhubQMDeploymentManagerQMDeploymentManagerLambda8FAD8D8E" } }, "QMDeploymentManagerQMDeploymentManagerLambdaDeadLetterQueue9B4636C2": { "Type": "AWS::SQS::Queue", "Properties": { "KmsMasterKeyId": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Deployment-Manager/QM-Deployment-Manager-Lambda-Dead-Letter-Queue/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "Queue itself is dead-letter queue", "id": "AwsSolutions-SQS3" } ] } } }, "QMDeploymentManagerQMDeploymentManagerLambdaDeadLetterQueuePolicy6B59E185": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": { "Fn::GetAtt": [ "QMDeploymentManagerQMDeploymentManagerLambdaDeadLetterQueue9B4636C2", "Arn" ] } } ], "Version": "2012-10-17" }, "Queues": [ { "Ref": "QMDeploymentManagerQMDeploymentManagerLambdaDeadLetterQueue9B4636C2" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Deployment-Manager/QM-Deployment-Manager-Lambda-Dead-Letter-Queue/Policy/Resource" } }, "QMDeploymentManagerQMDeploymentManagerLambdaServiceRole84304F72": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Deployment-Manager/QM-Deployment-Manager-Lambda/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMDeploymentManagerQMDeploymentManagerLambdaServiceRoleDefaultPolicy7E3D0777": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sqs:SendMessage", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "QMDeploymentManagerQMDeploymentManagerLambdaDeadLetterQueue9B4636C2", "Arn" ] } }, { "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:CreateGrant" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] } }, { "Action": "kms:ListAliases", "Effect": "Allow", "Resource": "*" }, { "Action": [ "events:PutPermission", "events:RemovePermission" ], "Effect": "Allow", "Resource": "*" }, { "Action": "events:DescribeEventBus", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "QMBusFF5C6C0C", "Arn" ] } }, { "Action": "ssm:GetParameter", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ssm:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":parameter", { "Ref": "QMOUs122D8EB4" } ] ] }, { "Fn::If": [ "AccountDeployCondition", { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ssm:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":parameter", { "Ref": "QMAccounts3D743F6B" } ] ] }, { "Ref": "AWS::NoValue" } ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ssm:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":parameter", { "Ref": "QMRegionsList17794003" } ] ] } ] }, { "Action": [ "organizations:DescribeOrganization", "organizations:ListRoots", "organizations:ListDelegatedAdministrators", "organizations:ListAccounts", "organizations:ListAccountsForParent" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ "cloudformation:DescribeStackSet", "cloudformation:CreateStackInstances", "cloudformation:DeleteStackInstances", "cloudformation:ListStackInstances" ], "Effect": "Allow", "Resource": "*" }, { "Action": "ec2:DescribeRegions", "Effect": "Allow", "Resource": "*" }, { "Action": "support:DescribeTrustedAdvisorChecks", "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "QMDeploymentManagerQMDeploymentManagerLambdaServiceRoleDefaultPolicy7E3D0777", "Roles": [ { "Ref": "QMDeploymentManagerQMDeploymentManagerLambdaServiceRole84304F72" } ] }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Deployment-Manager/QM-Deployment-Manager-Lambda/ServiceRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "AWSLambdaBasicExecutionRole added by cdk only gives write permissions for CW logs", "id": "AwsSolutions-IAM4" }, { "reason": "Actions restricted on kms key ARN. Only actions that do not support resource-level permissions have * in resource", "id": "AwsSolutions-IAM5" }, { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMDeploymentManagerQMDeploymentManagerLambdaB36F1B21": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "quota-monitor-for-aws/v6.2.1/assete0f373e9ac52ab723ca1f33ddfa549e07e471bd43689db5224a8b484ae5b31f6.zip" }, "Role": { "Fn::GetAtt": [ "QMDeploymentManagerQMDeploymentManagerLambdaServiceRole84304F72", "Arn" ] }, "DeadLetterConfig": { "TargetArn": { "Fn::GetAtt": [ "QMDeploymentManagerQMDeploymentManagerLambdaDeadLetterQueue9B4636C2", "Arn" ] } }, "Description": "SO0005 quota-monitor-for-aws - QM-Deployment-Manager-Lambda", "Environment": { "Variables": { "EVENT_BUS_NAME": { "Ref": "QMBusFF5C6C0C" }, "EVENT_BUS_ARN": { "Fn::GetAtt": [ "QMBusFF5C6C0C", "Arn" ] }, "TA_STACKSET_ID": { "Fn::GetAtt": [ "QMTAStackSet", "StackSetId" ] }, "SQ_STACKSET_ID": { "Fn::GetAtt": [ "QMSQStackSet", "StackSetId" ] }, "QM_OU_PARAMETER": { "Ref": "QMOUs122D8EB4" }, "QM_ACCOUNT_PARAMETER": { "Fn::If": [ "AccountDeployCondition", { "Ref": "QMAccounts3D743F6B" }, { "Ref": "AWS::NoValue" } ] }, "DEPLOYMENT_MODEL": { "Ref": "DeploymentModel" }, "REGIONS_LIST": { "Ref": "RegionsList" }, "QM_REGIONS_LIST_PARAMETER": { "Ref": "QMRegionsList17794003" }, "REGIONS_CONCURRENCY_TYPE": { "Ref": "RegionConcurrency" }, "MAX_CONCURRENT_PERCENTAGE": { "Ref": "MaxConcurrentPercentage" }, "FAILURE_TOLERANCE_PERCENTAGE": { "Ref": "FailureTolerancePercentage" }, "SOLUTION_UUID": { "Fn::GetAtt": [ "QMHelperCreateUUIDE0D423E6", "UUID" ] }, "METRICS_ENDPOINT": { "Fn::FindInMap": [ "QuotaMonitorMap", "Metrics", "MetricsEndpoint" ] }, "SEND_METRIC": { "Fn::FindInMap": [ "QuotaMonitorMap", "Metrics", "SendAnonymizedData" ] }, "LOG_LEVEL": "info", "CUSTOM_SDK_USER_AGENT": "AwsSolution/SO0005/v6.2.1", "VERSION": "v6.2.1", "SOLUTION_ID": "SO0005" } }, "Handler": "index.handler", "KmsKeyArn": { "Fn::GetAtt": [ "KMSHubQMEncryptionKeyA80F8C05", "Arn" ] }, "Layers": [ { "Ref": "QMUtilsLayerQMUtilsLayerLayer80D5D993" } ], "MemorySize": 512, "Runtime": "nodejs16.x", "Timeout": 60 }, "DependsOn": [ "QMDeploymentManagerQMDeploymentManagerLambdaServiceRoleDefaultPolicy7E3D0777", "QMDeploymentManagerQMDeploymentManagerLambdaServiceRole84304F72" ], "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Deployment-Manager/QM-Deployment-Manager-Lambda/Resource", "aws:asset:path": "asset.e0f373e9ac52ab723ca1f33ddfa549e07e471bd43689db5224a8b484ae5b31f6.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "QMDeploymentManagerQMDeploymentManagerLambdaEventInvokeConfig4C3821AB": { "Type": "AWS::Lambda::EventInvokeConfig", "Properties": { "FunctionName": { "Ref": "QMDeploymentManagerQMDeploymentManagerLambdaB36F1B21" }, "Qualifier": "$LATEST", "MaximumEventAgeInSeconds": 14400 }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/QM-Deployment-Manager/QM-Deployment-Manager-Lambda/EventInvokeConfig/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "GovCloud regions support only up to nodejs 16, risk is tolerable", "id": "AwsSolutions-L1" } ] } } }, "HubAppRegistryApplication3E8980C3": { "Type": "AWS::ServiceCatalogAppRegistry::Application", "Properties": { "Name": { "Fn::Join": [ "-", [ "QM_Hub_Org", { "Ref": "AWS::Region" }, { "Ref": "AWS::AccountId" } ] ] }, "Description": "Service Catalog application to track and manage all your resources for the solution quota-monitor-for-aws", "Tags": { "ApplicationType": "AWS-Solutions", "SolutionID": "SO0005", "SolutionName": "quota-monitor-for-aws", "SolutionVersion": "v6.2.1" } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/HubAppRegistryApplication/AppRegistryApplication/Resource" } }, "HubAppRegistryApplicationApplicationAttributeGroup9173E29C": { "Type": "AWS::ServiceCatalogAppRegistry::AttributeGroup", "Properties": { "Attributes": { "solutionID": "SO0005", "solutionName": "quota-monitor-for-aws", "version": "v6.2.1", "applicationType": "AWS-Solutions" }, "Name": { "Fn::Join": [ "-", [ "QM_Hub_Org", { "Ref": "AWS::Region" }, { "Ref": "AWS::AccountId" } ] ] }, "Description": "Attribute group for application information", "Tags": { "ApplicationType": "AWS-Solutions", "SolutionID": "SO0005", "SolutionName": "quota-monitor-for-aws", "SolutionVersion": "v6.2.1" } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/HubAppRegistryApplication/AppRegistryApplication/ApplicationAttributeGroup/Resource" } }, "HubAppRegistryApplicationAttributeGroupAssociation083d99b9aef56A56CAA1": { "Type": "AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation", "Properties": { "Application": { "Fn::GetAtt": [ "HubAppRegistryApplication3E8980C3", "Id" ] }, "AttributeGroup": { "Fn::GetAtt": [ "HubAppRegistryApplicationApplicationAttributeGroup9173E29C", "Id" ] } }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/HubAppRegistryApplication/AppRegistryApplication/AttributeGroupAssociation083d99b9aef5" } }, "AppRegistryAssociation": { "Type": "AWS::ServiceCatalogAppRegistry::ResourceAssociation", "Properties": { "Application": { "Fn::GetAtt": [ "HubAppRegistryApplication3E8980C3", "Id" ] }, "Resource": { "Ref": "AWS::StackId" }, "ResourceType": "CFN_STACK" }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/AppRegistryAssociation" } }, "CDKMetadata": { "Type": "AWS::CDK::Metadata", "Properties": { "Analytics": "v2:deflate64:H4sIAAAAAAAA/3VSTW/bMAz9LbkratoOxY5LinYo1mJZUuwa0DLjqbYkTx8eAsP/faTtuE6HXcRH8knkI3UjP3+S7WoBf8JS5eWy0pls9xFUKe6PdgseDEb07LxAXWtbMLx3NtdROyvo3qHFBm0Msn1gu0mBKRPepQo5wLYTpSHeNzxxhM260tDze9CJEAzX91Toovi7MySfdYhTrBMVmCwH2T7DCf1P9IF7o2sX/mOyKo6JCfd9PtnGlUiqjrqYmv8Y3KI3OvBL1ObtAUJAEr1mQ77cJFVi3EBAoYFE7Nyom+3WVVr1ogdEL/ymQfxImHrSAPrznTpziW+J/+pqrTg1gH3KgvK6Poua+53ITxaMy2mfr5ANvfSgE6pyKT86b4CZkm/yxvcsBH2jFSqIULmCNu6xoFH7k2x5SXVN3cC53jrSLrIU8at3qf43QrNxSk/0HQaXvMJZuOtEP0CqX/DfOlOESiE6c/CjH+TWu0bn/Bn6zEScvcv4e4p1ip1YLaGqf4FcLb6MX/uK7X/ljfR2rvBSDLVqXY7yLVw113fyZiWvF29B66VPNmqDcjfYv6A/F9FSAwAA" }, "Metadata": { "aws:cdk:path": "quota-monitor-hub/CDKMetadata/Default" }, "Condition": "CDKMetadataAvailable" } }, "Outputs": { "SlackHookKey": { "Description": "SSM parameter for Slack Web Hook, change the value for your slack workspace", "Value": { "Fn::FindInMap": [ "QuotaMonitorMap", "SSMParameters", "SlackHook" ] }, "Condition": "SlackTrueCondition" }, "UUID": { "Description": "UUID for the deployment", "Value": { "Fn::GetAtt": [ "QMHelperCreateUUIDE0D423E6", "UUID" ] } }, "EventBus": { "Description": "Event Bus Arn in hub", "Value": { "Fn::GetAtt": [ "QMBusFF5C6C0C", "Arn" ] } }, "SNSTopic": { "Description": "The SNS Topic where notifications are published to", "Value": { "Ref": "QMSNSPublisherQMSNSPublisherSNSTopic7EE2EBF4" } } } }