// Jest Snapshot v1, https://goo.gl/fbAQLP exports[`creates a KPL instance 1`] = ` Object { "Conditions": Object { "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": Object { "Fn::Or": Array [ Object { "Fn::Equals": Array [ Object { "Ref": "AWS::Region", }, "cn-north-1", ], }, Object { "Fn::Equals": Array [ Object { "Ref": "AWS::Region", }, "cn-northwest-1", ], }, ], }, }, "Resources": Object { "TestProducer63E36A21": Object { "Properties": Object { "IamInstanceProfile": Object { "Ref": "TestProducerInstanceProfile145E74DF", }, "ImageId": "ami-1234", "InstanceType": "t3.small", "SecurityGroupIds": Array [ Object { "Fn::GetAtt": Array [ "TestProducerSecurityGroup159E2ABD", "GroupId", ], }, ], "SubnetId": "subnet-abc", "Tags": Array [ Object { "Key": "Name", "Value": "KplInstance", }, ], "UserData": Object { "Fn::Base64": "#!/bin/bash yum update -y amazon-linux-extras install java-openjdk11 -y java -version aws s3 cp s3://test-bucket/test-key.zip /tmp/producer.zip unzip /tmp/producer.zip -d /tmp && rm -f /tmp/producer.zip", }, }, "Type": "AWS::EC2::Instance", }, "TestProducerCodePolicyC6F00C96": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "s3:GetObjectVersion", "s3:GetObject", "s3:ListBucket", ], "Effect": "Allow", "Resource": Array [ Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::test-bucket/test-key.zip", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::aws-bigdata-blog/*", ], ], }, Object { "Fn::Join": Array [ "", Array [ "arn:", Object { "Ref": "AWS::Partition", }, ":s3:::aws-bigdata-blog", ], ], }, ], }, ], "Version": "2012-10-17", }, "PolicyName": "TestProducerCodePolicyC6F00C96", "Roles": Array [ Object { "Ref": "TestProducerRoleD68492B6", }, ], }, "Type": "AWS::IAM::Policy", }, "TestProducerInstanceProfile145E74DF": Object { "Properties": Object { "Roles": Array [ Object { "Ref": "TestProducerRoleD68492B6", }, ], }, "Type": "AWS::IAM::InstanceProfile", }, "TestProducerMonitoringPolicy7F2E8F61": Object { "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W12", "reason": "PutMetricData action does not support resource level permissions", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": "cloudwatch:PutMetricData", "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "TestProducerMonitoringPolicy7F2E8F61", "Roles": Array [ Object { "Ref": "TestProducerRoleD68492B6", }, ], }, "Type": "AWS::IAM::Policy", }, "TestProducerRoleD68492B6": Object { "Properties": Object { "AssumeRolePolicyDocument": Object { "Statement": Array [ Object { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": Object { "Service": Object { "Fn::Join": Array [ "", Array [ "ec2.", Object { "Ref": "AWS::URLSuffix", }, ], ], }, }, }, ], "Version": "2012-10-17", }, }, "Type": "AWS::IAM::Role", }, "TestProducerRoleDefaultPolicy73CAADAF": Object { "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "kinesis:ListShards", "kinesis:PutRecord", "kinesis:PutRecords", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "TestStreamE6F40222", "Arn", ], }, }, Object { "Action": Array [ "kinesis:DescribeStream", "kinesis:DescribeStreamSummary", "kinesis:DescribeStreamConsumer", "kinesis:RegisterStreamConsumer", "kinesis:SubscribeToShard", ], "Effect": "Allow", "Resource": Object { "Fn::GetAtt": Array [ "TestStreamE6F40222", "Arn", ], }, }, ], "Version": "2012-10-17", }, "PolicyName": "TestProducerRoleDefaultPolicy73CAADAF", "Roles": Array [ Object { "Ref": "TestProducerRoleD68492B6", }, ], }, "Type": "AWS::IAM::Policy", }, "TestProducerSecurityGroup159E2ABD": Object { "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W5", "reason": "Outbound access is allowed to connect to Kinesis", }, ], }, }, "Properties": Object { "GroupDescription": "KPL security group", "SecurityGroupEgress": Array [ Object { "CidrIp": "0.0.0.0/0", "Description": "Allow HTTP outbound traffic", "FromPort": 80, "IpProtocol": "tcp", "ToPort": 80, }, Object { "CidrIp": "0.0.0.0/0", "Description": "Allow HTTPS outbound traffic", "FromPort": 443, "IpProtocol": "tcp", "ToPort": 443, }, ], "VpcId": "vpc-123", }, "Type": "AWS::EC2::SecurityGroup", }, "TestProducerSessionManagerPolicy1CCC3BB8": Object { "Metadata": Object { "cfn_nag": Object { "rules_to_suppress": Array [ Object { "id": "W12", "reason": "Session Manager actions do not support resource level permissions", }, ], }, }, "Properties": Object { "PolicyDocument": Object { "Statement": Array [ Object { "Action": Array [ "ssm:UpdateInstanceInformation", "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", "ssmmessages:OpenDataChannel", ], "Effect": "Allow", "Resource": "*", }, ], "Version": "2012-10-17", }, "PolicyName": "TestProducerSessionManagerPolicy1CCC3BB8", "Roles": Array [ Object { "Ref": "TestProducerRoleD68492B6", }, ], }, "Type": "AWS::IAM::Policy", }, "TestStreamE6F40222": Object { "Properties": Object { "RetentionPeriodHours": 24, "ShardCount": 1, "StreamEncryption": Object { "Fn::If": Array [ "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", Object { "Ref": "AWS::NoValue", }, Object { "EncryptionType": "KMS", "KeyId": "alias/aws/kinesis", }, ], }, "StreamModeDetails": Object { "StreamMode": "PROVISIONED", }, }, "Type": "AWS::Kinesis::Stream", }, }, } `;