diff --git a/.viperlightignore b/.viperlightignore index af5c3eb5b..86f6c45f9 100644 --- a/.viperlightignore +++ b/.viperlightignore @@ -145,11 +145,11 @@ source/patterns/@aws-solutions-constructs/aws-alb-lambda/README.md:35 source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/alb-lambda.test.ts:27 source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/alb-lambda.test.ts:680 # These are references to the us-east-1 ELBV2 account (publicly known) -source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApi.expected.json:193 -source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.expected.json:850 -source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.expected.json:188 -source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiNewResources.expected.json:196 -source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiNewResources.expected.json:199 -source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.twoTargets.expected.json:199 -source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiExistingResources.expected.json:1064 -source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiExistingResources.expected.json:1064 +source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApi.expected.json:192 +source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.expected.json:849 +source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.expected.json:187 +source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiNewResources.expected.json:195 +source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiNewResources.expected.json:198 +source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.twoTargets.expected.json:198 +source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiExistingResources.expected.json:1063 +source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiExistingResources.expected.json:1063 diff --git a/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiExistingResources.expected.json b/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiExistingResources.expected.json index 3e91712f2..97882768b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiExistingResources.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiExistingResources.expected.json @@ -1012,7 +1012,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -1023,6 +1023,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "existingalb0F60CC48", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -1036,15 +1042,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "existingalb0F60CC48", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiNewResources.expected.json b/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiNewResources.expected.json index c1e82e767..7c7304eda 100644 --- a/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiNewResources.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.privateApiNewResources.expected.json @@ -144,7 +144,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -155,6 +155,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testoneE6ACFBB6", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -168,15 +174,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testoneE6ACFBB6", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiExistingResources.expected.json b/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiExistingResources.expected.json index 1faf9a970..5357a59a9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiExistingResources.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiExistingResources.expected.json @@ -1012,7 +1012,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -1023,6 +1023,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "existingalb0F60CC48", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -1036,15 +1042,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "existingalb0F60CC48", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiNewResources.expected.json b/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiNewResources.expected.json index 3d88d4375..e026c922c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiNewResources.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.publicApiNewResources.expected.json @@ -147,7 +147,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -158,6 +158,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testoneE6ACFBB6", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -171,15 +177,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testoneE6ACFBB6", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.twoTargets.expected.json b/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.twoTargets.expected.json index e0052d754..03749e9fb 100644 --- a/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.twoTargets.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-alb-lambda/test/integ.twoTargets.expected.json @@ -147,7 +147,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -158,6 +158,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testoneE6ACFBB6", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -171,15 +177,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testoneE6ACFBB6", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.customCloudfrontLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.customCloudfrontLoggingBucket.expected.json index 454bbc76a..0f3ff86ae 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.customCloudfrontLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.customCloudfrontLoggingBucket.expected.json @@ -643,7 +643,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -654,6 +654,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cfapigwlambdaCloudFrontToApiGatewayCloudfrontLoggingBucket2E8E3DC2", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -667,15 +673,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cfapigwlambdaCloudFrontToApiGatewayCloudfrontLoggingBucket2E8E3DC2", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json index 2b7c565dc..e68f46aab 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json @@ -643,7 +643,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -654,6 +654,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -667,15 +673,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.override-behavior.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.override-behavior.expected.json index ea04aa326..aa0f204c2 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.override-behavior.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.override-behavior.expected.json @@ -604,7 +604,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -615,6 +615,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -628,15 +634,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.customCloudfrontLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.customCloudfrontLoggingBucket.expected.json index 6bd0eaf62..a4a7a880d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.customCloudfrontLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.customCloudfrontLoggingBucket.expected.json @@ -643,7 +643,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -654,6 +654,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cfapigwCloudfrontLoggingBucket79FE4195", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -667,15 +673,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cfapigwCloudfrontLoggingBucket79FE4195", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json index eb26d485e..6e15f0d10 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json @@ -643,7 +643,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -654,6 +654,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfrontapigatewayCloudfrontLoggingBucket9811F6E8", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -667,15 +673,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfrontapigatewayCloudfrontLoggingBucket9811F6E8", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.customCloudFrontLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.customCloudFrontLoggingBucket.expected.json index 8d52a17e1..f21603283 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.customCloudFrontLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.customCloudFrontLoggingBucket.expected.json @@ -127,7 +127,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -138,6 +138,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cloudfrontmediastoreCloudfrontLoggingBucketE54A8D50", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -151,15 +157,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cloudfrontmediastoreCloudfrontLoggingBucketE54A8D50", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.default.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.default.expected.json index b6b8466b8..2dcfbbb9f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.default.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.default.expected.json @@ -127,7 +127,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -138,6 +138,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -151,15 +157,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.existingContainer.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.existingContainer.expected.json index fbfaa3c95..bf77e303a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.existingContainer.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.existingContainer.expected.json @@ -52,7 +52,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -63,6 +63,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -76,15 +82,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.overrideProperties.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.overrideProperties.expected.json index c46fd31f2..3714b943e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.overrideProperties.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.overrideProperties.expected.json @@ -91,7 +91,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -102,6 +102,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -115,15 +121,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.withoutHttpSecurityHeaders.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.withoutHttpSecurityHeaders.expected.json index 8aa18d953..463e7677c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.withoutHttpSecurityHeaders.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.withoutHttpSecurityHeaders.expected.json @@ -127,7 +127,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -138,6 +138,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -151,15 +157,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.custom-originPath.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.custom-originPath.expected.json index db8094d0f..3afc70aa2 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.custom-originPath.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.custom-originPath.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3S3LoggingBucket90D239DD", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3S3LoggingBucket90D239DD", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3S3BucketE0C5F76E", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3S3BucketE0C5F76E", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": "s3:GetObject", @@ -269,7 +267,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -280,6 +278,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3CloudfrontLoggingBucket985C0FE8", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -293,15 +297,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3CloudfrontLoggingBucket985C0FE8", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.custom-security-headers.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.custom-security-headers.expected.json index 784fb40e6..9dea28f89 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.custom-security-headers.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.custom-security-headers.expected.json @@ -78,7 +78,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -89,6 +89,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3S3LoggingBucket90D239DD", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -102,15 +108,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3S3LoggingBucket90D239DD", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -169,7 +168,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -180,6 +179,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3S3BucketE0C5F76E", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -193,15 +198,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3S3BucketE0C5F76E", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": "s3:GetObject", @@ -301,7 +299,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -312,6 +310,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3CloudfrontLoggingBucket985C0FE8", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -325,15 +329,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3CloudfrontLoggingBucket985C0FE8", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.customCloudFrontLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.customCloudFrontLoggingBucket.expected.json index 302ba2dcb..0786ac742 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.customCloudFrontLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.customCloudFrontLoggingBucket.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3S3LoggingBucket90D239DD", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3S3LoggingBucket90D239DD", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3S3BucketE0C5F76E", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3S3BucketE0C5F76E", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": "s3:GetObject", @@ -269,7 +267,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -280,6 +278,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3CloudfrontLoggingBucket985C0FE8", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -293,15 +297,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3CloudfrontLoggingBucket985C0FE8", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.customLoggingBucket.expected.json index f78bb60f8..384b8bde7 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.customLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.customLoggingBucket.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3S3LoggingBucket90D239DD", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3S3LoggingBucket90D239DD", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3S3BucketE0C5F76E", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3S3BucketE0C5F76E", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": "s3:GetObject", @@ -269,7 +267,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -280,6 +278,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3CloudfrontLoggingBucket985C0FE8", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -293,15 +297,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3CloudfrontLoggingBucket985C0FE8", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json index d672d7984..7a3409c07 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.existing-bucket.expected.json @@ -169,7 +169,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -180,6 +180,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3CloudfrontLoggingBucket985C0FE8", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -193,15 +199,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3CloudfrontLoggingBucket985C0FE8", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json index 402a314ef..cc22d0b1c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-arguments.expected.json @@ -58,7 +58,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -69,6 +69,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3S3BucketE0C5F76E", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -82,15 +88,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3S3BucketE0C5F76E", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": "s3:GetObject", @@ -190,7 +189,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -201,6 +200,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3CloudfrontLoggingBucket985C0FE8", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -214,15 +219,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3CloudfrontLoggingBucket985C0FE8", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-security-headers.expected.json b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-security-headers.expected.json index 6b8d6e96f..44de4ac82 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-security-headers.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.no-security-headers.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3nosecurityheadersS3LoggingBucketF644B35F", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3nosecurityheadersS3Bucket4D06173D", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3nosecurityheadersS3Bucket4D06173D", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": "s3:GetObject", @@ -257,7 +255,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -268,6 +266,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -281,15 +285,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfronts3nosecurityheadersCloudfrontLoggingBucket92A5E2A5", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json index 5af988e26..1e6467cab 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketCF5B8A5C", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketCF5B8A5C", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3S3Bucket303877FF", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoses3KinesisFirehoseToS3S3Bucket303877FF", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.expected.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.expected.json index ea20e51e2..992df0413 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.expected.json @@ -64,7 +64,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -75,6 +75,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3BucketF3A3F845", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -88,15 +94,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3BucketF3A3F845", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.expected.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.expected.json index 812e0e7e4..1fcb52910 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.expected.json @@ -58,7 +58,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -69,6 +69,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3BucketF3A3F845", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -82,15 +88,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3BucketF3A3F845", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.expected.json index 6a47b62d6..2daff43df 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3BucketF3A3F845", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3BucketF3A3F845", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json index 9681f7a21..b804f8382 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketD6CEA4BD", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketD6CEA4BD", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3BucketABE82A57", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3BucketABE82A57", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.expected.json index 7613a5a16..00b8e76ff 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.expected.json @@ -64,7 +64,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -75,6 +75,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -88,15 +94,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.expected.json index 23fa30863..7b422f263 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketC5C17A3C", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketC5C17A3C", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -147,7 +146,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -158,6 +157,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -171,15 +176,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.expected.json index 879991656..7c55e7332 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketC5C17A3C", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketC5C17A3C", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json index 2b51c2c79..abf3229d3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testiotkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket03F0BA8E", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testiotkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket03F0BA8E", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testiotkinesisfirehoses3KinesisFirehoseToS3S3BucketAEE2D91B", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testiotkinesisfirehoses3KinesisFirehoseToS3S3BucketAEE2D91B", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.no-arguments.expected.json index 32114513f..6e8776b61 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.no-arguments.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testiotfirehoses3KinesisFirehoseToS3S3LoggingBucketC786B050", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testiotfirehoses3KinesisFirehoseToS3S3LoggingBucketC786B050", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testiotfirehoses3KinesisFirehoseToS3S3Bucket19C97D09", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testiotfirehoses3KinesisFirehoseToS3S3Bucket19C97D09", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.noLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.noLoggingBucket.expected.json index daf5619ff..c2d42694e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.noLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/integ.noLoggingBucket.expected.json @@ -57,7 +57,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -68,6 +68,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testiotkinesisfirehoses3KinesisFirehoseToS3S3BucketAEE2D91B", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -81,15 +87,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testiotkinesisfirehoses3KinesisFirehoseToS3S3BucketAEE2D91B", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.customLoggingBucket.expected.json index 1209165dd..c71a37c07 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.customLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.customLoggingBucket.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoseanalyticss3KinesisFirehoseToS3S3LoggingBucketE14ECC0A", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoseanalyticss3KinesisFirehoseToS3S3LoggingBucketE14ECC0A", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoseanalyticss3KinesisFirehoseToS3S3BucketA83D2E56", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoseanalyticss3KinesisFirehoseToS3S3BucketA83D2E56", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.no-arguments.expected.json index e290a5129..6e1505b08 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.no-arguments.expected.json @@ -45,7 +45,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -56,6 +56,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3LoggingBucket887A5000", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -69,15 +75,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3LoggingBucket887A5000", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -136,7 +135,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -147,6 +146,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3BucketAE659354", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -160,15 +165,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3BucketAE659354", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.noLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.noLoggingBucket.expected.json index 315a8bb6f..2969bc8d6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.noLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/integ.noLoggingBucket.expected.json @@ -57,7 +57,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -68,6 +68,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoseanalyticss3KinesisFirehoseToS3S3BucketA83D2E56", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -81,15 +87,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoseanalyticss3KinesisFirehoseToS3S3BucketA83D2E56", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json index 7ba2db9f4..b20a82bf0 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3S3LoggingBucketDD0F9F56", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoses3S3LoggingBucketDD0F9F56", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3S3BucketA8942735", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoses3S3BucketA8942735", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.no-arguments.expected.json index fa65e9355..441ab4dac 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.no-arguments.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testfirehoses3S3LoggingBucket31BFDC22", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testfirehoses3S3LoggingBucket31BFDC22", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -137,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -148,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testfirehoses3S3Bucket93480488", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -161,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testfirehoses3S3Bucket93480488", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.noLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.noLoggingBucket.expected.json index 109e76171..b31300484 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.noLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.noLoggingBucket.expected.json @@ -57,7 +57,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -68,6 +68,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3S3BucketA8942735", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -81,15 +87,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoses3S3BucketA8942735", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.pre-existing-logging-bucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.pre-existing-logging-bucket.expected.json index 0cffcc486..27b40751b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.pre-existing-logging-bucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/integ.pre-existing-logging-bucket.expected.json @@ -91,7 +91,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -102,6 +102,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testfirehoses3preexistingloggingbucketstackS3BucketD14D0F4F", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -115,15 +121,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testfirehoses3preexistingloggingbucketstackS3BucketD14D0F4F", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/integ.existing-job.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/integ.existing-job.expected.json index 591142707..e96de9738 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/integ.existing-job.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/integ.existing-job.expected.json @@ -84,8 +84,8 @@ "testkinesisstreamslambdaKinesisStream374D6D56": { "Type": "AWS::Kinesis::Stream", "Properties": { - "ShardCount": 1, "RetentionPeriodHours": 24, + "ShardCount": 1, "StreamEncryption": { "EncryptionType": "KMS", "KeyId": "alias/aws/kinesis" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/integ.no-arguments.expected.json index 4a535153c..01e18d767 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/integ.no-arguments.expected.json @@ -4,8 +4,8 @@ "testkinesisstreamslambdaKinesisStream374D6D56": { "Type": "AWS::Kinesis::Stream", "Properties": { - "ShardCount": 1, "RetentionPeriodHours": 24, + "ShardCount": 1, "StreamEncryption": { "EncryptionType": "KMS", "KeyId": "alias/aws/kinesis" @@ -238,7 +238,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -249,6 +249,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisstreamslambdaS3LoggingBucket48F70267", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -262,15 +268,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisstreamslambdaS3LoggingBucket48F70267", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -329,7 +328,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -340,6 +339,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisstreamslambdaS3Bucket54759F5C", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -353,15 +358,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json index d1dcfab67..0d259e57c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json @@ -3,8 +3,8 @@ "testkinesisfirehoses3KinesisStreamA5D50D48": { "Type": "AWS::Kinesis::Stream", "Properties": { - "ShardCount": 1, "RetentionPeriodHours": 24, + "ShardCount": 1, "StreamEncryption": { "EncryptionType": "KMS", "KeyId": "alias/aws/kinesis" @@ -57,7 +57,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -68,6 +68,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketCF5B8A5C", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -81,15 +87,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketCF5B8A5C", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -148,7 +147,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -159,6 +158,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3S3Bucket303877FF", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -172,15 +177,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testkinesisfirehoses3KinesisFirehoseToS3S3Bucket303877FF", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existing-bucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existing-bucket.expected.json index 84ae3909c..aa938076d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existing-bucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existing-bucket.expected.json @@ -41,8 +41,8 @@ "testexistingbucketfirehoses3stackKinesisStreamCA3487EE": { "Type": "AWS::Kinesis::Stream", "Properties": { - "ShardCount": 1, "RetentionPeriodHours": 24, + "ShardCount": 1, "StreamEncryption": { "EncryptionType": "KMS", "KeyId": "alias/aws/kinesis" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existing-logging-bucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existing-logging-bucket.expected.json index 12298137d..5df9e0950 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existing-logging-bucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existing-logging-bucket.expected.json @@ -42,8 +42,8 @@ "testexistingloggingbucketstreamsfirehoses3stackKinesisStreamDBBCC46F": { "Type": "AWS::Kinesis::Stream", "Properties": { - "ShardCount": 1, "RetentionPeriodHours": 24, + "ShardCount": 1, "StreamEncryption": { "EncryptionType": "KMS", "KeyId": "alias/aws/kinesis" @@ -102,7 +102,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -113,6 +113,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testexistingloggingbucketstreamsfirehoses3stackKinesisFirehoseToS3S3Bucket292E0692", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -126,15 +132,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testexistingloggingbucketstreamsfirehoses3stackKinesisFirehoseToS3S3Bucket292E0692", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existingStreamObj.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existingStreamObj.expected.json index bcfe419ee..8b0150cdc 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existingStreamObj.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.existingStreamObj.expected.json @@ -4,8 +4,8 @@ "testkinesislambdaKinesisStream00F67958": { "Type": "AWS::Kinesis::Stream", "Properties": { - "ShardCount": 1, "RetentionPeriodHours": 24, + "ShardCount": 1, "StreamEncryption": { "EncryptionType": "KMS", "KeyId": "alias/aws/kinesis" @@ -383,7 +383,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -394,6 +394,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testexistingstreamfirehoses3stackKinesisFirehoseToS3S3BucketF4CE72AB", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -407,15 +413,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testexistingstreamfirehoses3stackKinesisFirehoseToS3S3BucketF4CE72AB", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.no-arguments.expected.json index bf2b0df09..288a7876d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/integ.no-arguments.expected.json @@ -4,8 +4,8 @@ "teststreamfirehoses3KinesisStream3165E68E": { "Type": "AWS::Kinesis::Stream", "Properties": { - "ShardCount": 1, "RetentionPeriodHours": 24, + "ShardCount": 1, "StreamEncryption": { "EncryptionType": "KMS", "KeyId": "alias/aws/kinesis" @@ -57,7 +57,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -68,6 +68,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "teststreamfirehoses3KinesisFirehoseToS3S3LoggingBucketFB87BEBC", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -81,15 +87,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "teststreamfirehoses3KinesisFirehoseToS3S3LoggingBucketFB87BEBC", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -148,7 +147,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -159,6 +158,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "teststreamfirehoses3KinesisFirehoseToS3S3Bucket315B67A3", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -172,15 +177,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "teststreamfirehoses3KinesisFirehoseToS3S3Bucket315B67A3", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.customLoggingBucket.expected.json index 6e61f7cd6..f0cf28f76 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.customLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.customLoggingBucket.expected.json @@ -220,7 +220,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -231,6 +231,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testlambdas3S3LoggingBucketD42FC73D", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -244,15 +250,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testlambdas3S3LoggingBucketD42FC73D", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -311,7 +310,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -322,6 +321,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testlambdas3S3Bucket179A52E6", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -335,15 +340,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testlambdas3S3Bucket179A52E6", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json index 0a7e25c90..575d1a044 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunction.expected.json @@ -232,7 +232,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -243,6 +243,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testlambdas3S3Bucket179A52E6", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -256,15 +262,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testlambdas3S3Bucket179A52E6", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunctionWithVpc.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunctionWithVpc.expected.json index 38d0e1b08..b9e4838f2 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunctionWithVpc.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.deployFunctionWithVpc.expected.json @@ -294,7 +294,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -305,6 +305,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testlambdas3S3Bucket179A52E6", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -318,15 +324,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testlambdas3S3Bucket179A52E6", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json index bc2c7fe37..ef8b12cfa 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/integ.existingFunction.expected.json @@ -220,7 +220,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -231,6 +231,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testlambdas3S3LoggingBucketD42FC73D", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -244,15 +250,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testlambdas3S3LoggingBucketD42FC73D", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -311,7 +310,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -322,6 +321,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testlambdas3S3Bucket179A52E6", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -335,15 +340,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testlambdas3S3Bucket179A52E6", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApi.expected.json b/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApi.expected.json index 90b404685..943613867 100644 --- a/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApi.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApi.expected.json @@ -141,7 +141,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -152,6 +152,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "privateapistack09C932BB", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -165,15 +171,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "privateapistack09C932BB", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.expected.json b/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.expected.json index c806e0945..5578eaef1 100644 --- a/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.expected.json @@ -798,7 +798,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -809,6 +809,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "existingzonestackEFB9F5B3", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -822,15 +828,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "existingzonestackEFB9F5B3", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.expected.json b/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.expected.json index 129c1e31f..99b22dc53 100644 --- a/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.expected.json @@ -136,7 +136,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -147,6 +147,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "newalbstackADB02838", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -160,15 +166,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "newalbstackADB02838", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json index 771b72f46..94b6d1ffe 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.no-arguments.expected.json @@ -228,7 +228,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -239,6 +239,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3lambdaS3BucketBE7C1B8E", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -252,15 +258,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3lambdaS3BucketBE7C1B8E", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.creatingNewQueue.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.creatingNewQueue.expected.json index cb7b2cab6..0985d6bce 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.creatingNewQueue.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.creatingNewQueue.expected.json @@ -142,7 +142,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -153,6 +153,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3sqsS3BucketFF76CDA6", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -166,15 +172,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3sqsS3BucketFF76CDA6", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.customLoggingBucket.expected.json index 8a19aafa5..2e7b3bb22 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.customLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.customLoggingBucket.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3sqsS3LoggingBucket0B0BC86A", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3sqsS3LoggingBucket0B0BC86A", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -171,7 +170,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -182,6 +181,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3sqsS3BucketFF76CDA6", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -195,15 +200,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3sqsS3BucketFF76CDA6", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.existingQueue.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.existingQueue.expected.json index 510b610f3..1d55d8ff9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.existingQueue.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.existingQueue.expected.json @@ -272,7 +272,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -283,6 +283,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3sqsS3BucketFF76CDA6", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -296,15 +302,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3sqsS3BucketFF76CDA6", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.existingS3Bucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.existingS3Bucket.expected.json index c26dcd5c1..c171654d7 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.existingS3Bucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.existingS3Bucket.expected.json @@ -45,7 +45,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -56,6 +56,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "S3LoggingBucket800A2B27", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -69,15 +75,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "S3LoggingBucket800A2B27", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -170,7 +169,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -181,6 +180,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "S3Bucket07682993", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -194,15 +199,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "S3Bucket07682993", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.noArguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.noArguments.expected.json index a65cdb852..80f9150d4 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.noArguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/integ.noArguments.expected.json @@ -45,7 +45,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -56,6 +56,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3sqsS3LoggingBucket0B0BC86A", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -69,15 +75,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3sqsS3LoggingBucket0B0BC86A", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -170,7 +169,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -181,6 +180,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3sqsS3BucketFF76CDA6", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -194,15 +199,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3sqsS3BucketFF76CDA6", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/integ.customLoggingBucket.expected.json index 2d123e176..7ad5b828c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/integ.customLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/integ.customLoggingBucket.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3stepfunctiontests3stepfunctionWS3LoggingBucketB716417C", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3stepfunctiontests3stepfunctionWS3LoggingBucketB716417C", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -142,7 +141,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -153,6 +152,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3stepfunctiontests3stepfunctionWS3Bucket9BE64924", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -166,15 +171,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3stepfunctiontests3stepfunctionWS3Bucket9BE64924", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/integ.s3-step-function-no-argument.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/integ.s3-step-function-no-argument.expected.json index 66919993c..1f8dcdb88 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/integ.s3-step-function-no-argument.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/integ.s3-step-function-no-argument.expected.json @@ -62,7 +62,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -73,6 +73,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3stepfunctionconstructtests3stepfunctionconstructWS3Bucket474FE3A1", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -86,15 +92,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3stepfunctionconstructtests3stepfunctionconstructWS3Bucket474FE3A1", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.customLoggingBucket.expected.json index fb569d26c..3938fc47f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.customLoggingBucket.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.customLoggingBucket.expected.json @@ -46,7 +46,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -57,6 +57,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3stepfunctionsS3LoggingBucketF7586A92", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -70,15 +76,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3stepfunctionsS3LoggingBucketF7586A92", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -142,7 +141,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -153,6 +152,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3stepfunctionsS3Bucket2B08AD28", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -166,15 +171,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3stepfunctionsS3Bucket2B08AD28", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3-stepfunctions-no-argument.expected.json b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3-stepfunctions-no-argument.expected.json index 68bfd5365..75c32b5df 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3-stepfunctions-no-argument.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/integ.s3-stepfunctions-no-argument.expected.json @@ -62,7 +62,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -73,6 +73,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "tests3stepfunctionsconstructS3Bucket78CA0724", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -86,15 +92,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "tests3stepfunctionsconstructS3Bucket78CA0724", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.existing-waf-to-multiple-cloudfront.expected.json b/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.existing-waf-to-multiple-cloudfront.expected.json index 2fdd74498..62c952646 100644 --- a/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.existing-waf-to-multiple-cloudfront.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.existing-waf-to-multiple-cloudfront.expected.json @@ -45,7 +45,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -56,6 +56,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cloudfrontoneS3LoggingBucket041CDC82", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -69,15 +75,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cloudfrontoneS3LoggingBucket041CDC82", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -136,7 +135,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -147,6 +146,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cloudfrontoneS3BucketC79BB1EE", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -160,15 +165,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cloudfrontoneS3BucketC79BB1EE", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": "s3:GetObject", @@ -268,7 +266,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -279,6 +277,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cloudfrontoneCloudfrontLoggingBucketC123015E", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -292,15 +296,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cloudfrontoneCloudfrontLoggingBucketC123015E", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -436,7 +433,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -447,6 +444,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cloudfronttwoS3LoggingBucketF462FE8C", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -460,15 +463,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cloudfronttwoS3LoggingBucketF462FE8C", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -527,7 +523,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -538,6 +534,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cloudfronttwoS3Bucket09AD9E6D", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -551,15 +553,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cloudfronttwoS3Bucket09AD9E6D", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": "s3:GetObject", @@ -659,7 +654,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -670,6 +665,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cloudfronttwoCloudfrontLoggingBucketE367ED41", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -683,15 +684,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cloudfronttwoCloudfrontLoggingBucketE367ED41", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.no-arguments.expected.json index e86e701c2..7bb76ddd0 100644 --- a/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.no-arguments.expected.json @@ -45,7 +45,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -56,6 +56,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cloudfronts3S3LoggingBucket52EEB708", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -69,15 +75,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cloudfronts3S3LoggingBucket52EEB708", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" @@ -136,7 +135,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -147,6 +146,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cloudfronts3S3BucketF86A1C7E", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -160,15 +165,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cloudfronts3S3BucketF86A1C7E", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] }, { "Action": "s3:GetObject", @@ -268,7 +266,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -279,6 +277,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "cloudfronts3CloudfrontLoggingBucket5B845143", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -292,15 +296,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "cloudfronts3CloudfrontLoggingBucket5B845143", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.wafwebacl-cloudfront-apigateway-lambda.expected.json b/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.wafwebacl-cloudfront-apigateway-lambda.expected.json index 45f987361..60128215b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.wafwebacl-cloudfront-apigateway-lambda.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.wafwebacl-cloudfront-apigateway-lambda.expected.json @@ -643,7 +643,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -654,6 +654,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -667,15 +673,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.wafwebacl-cloudfront-mediastore.expected.json b/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.wafwebacl-cloudfront-mediastore.expected.json index cb677af8c..fd42fdbc1 100644 --- a/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.wafwebacl-cloudfront-mediastore.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-wafwebacl-cloudfront/test/integ.wafwebacl-cloudfront-mediastore.expected.json @@ -127,7 +127,7 @@ "PolicyDocument": { "Statement": [ { - "Action": "*", + "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" @@ -138,6 +138,12 @@ "AWS": "*" }, "Resource": [ + { + "Fn::GetAtt": [ + "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -151,15 +157,8 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", - "Arn" - ] } - ], - "Sid": "HttpsOnly" + ] } ], "Version": "2012-10-17" diff --git a/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-defaults.ts b/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-defaults.ts index 8a4ef323e..a44d64a0a 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-defaults.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-defaults.ts @@ -21,6 +21,7 @@ export function DefaultS3Props(loggingBucket?: Bucket, lifecycleRules?: s3.Lifec versioned: true, blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, removalPolicy: RemovalPolicy.RETAIN, + enforceSSL: true, ...((lifecycleRules !== undefined) && { lifecycleRules }), ...((loggingBucket !== undefined) && { serverAccessLogsBucket: loggingBucket }) } as BucketProps; @@ -32,6 +33,7 @@ export function DefaultLoggingBucketProps(): s3.BucketProps { versioned: true, blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, removalPolicy: RemovalPolicy.RETAIN, + enforceSSL: true, } as BucketProps; } diff --git a/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts index e20a3d20a..7e1a21ebc 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts @@ -17,7 +17,6 @@ import * as s3 from '@aws-cdk/aws-s3'; import * as cdk from '@aws-cdk/core'; import { DefaultS3Props } from './s3-bucket-defaults'; import { overrideProps, addCfnSuppressRules } from './utils'; -import { PolicyStatement, Effect, AnyPrincipal } from '@aws-cdk/aws-iam'; import { StorageClass } from '@aws-cdk/aws-s3'; import { Duration } from '@aws-cdk/core'; // Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate @@ -45,28 +44,6 @@ export interface BuildS3BucketProps { readonly logS3AccessLogs?: boolean; } -export function applySecureBucketPolicy(s3Bucket: s3.Bucket): void { - // Apply bucket policy to enforce encryption of data in transit - s3Bucket.addToResourcePolicy( - new PolicyStatement({ - sid: 'HttpsOnly', - resources: [ - `${s3Bucket.bucketArn}/*`, - `${s3Bucket.bucketArn}` - ], - actions: ['*'], - principals: [new AnyPrincipal()], - effect: Effect.DENY, - conditions: - { - Bool: { - 'aws:SecureTransport': 'false' - } - } - }) - ); -} - export function createLoggingBucket(scope: Construct, bucketId: string, loggingBucketProps: s3.BucketProps): s3.Bucket { @@ -74,8 +51,6 @@ export function createLoggingBucket(scope: Construct, // Create the Logging Bucket const loggingBucket: s3.Bucket = new s3.Bucket(scope, bucketId, loggingBucketProps); - applySecureBucketPolicy(loggingBucket); - // Extract the CfnBucket from the loggingBucket const loggingBucketResource = loggingBucket.node.findChild('Resource') as s3.CfnBucket; @@ -108,8 +83,6 @@ export function createAlbLoggingBucket(scope: Construct, // Create the Logging Bucket const loggingBucket: s3.Bucket = new s3.Bucket(scope, bucketId, loggingBucketProps); - applySecureBucketPolicy(loggingBucket); - // Extract the CfnBucket from the loggingBucket const loggingBucketResource = loggingBucket.node.findChild('Resource') as s3.CfnBucket; @@ -166,9 +139,7 @@ export function buildS3Bucket(scope: Construct, customBucketProps = props.bucketProps ? overrideProps(customBucketProps, props.bucketProps) : customBucketProps; - const s3Bucket: s3.Bucket = new s3.Bucket(scope, _bucketId, customBucketProps); - - applySecureBucketPolicy(s3Bucket); + const s3Bucket: s3.Bucket = new s3.Bucket(scope, _bucketId, customBucketProps ); return [s3Bucket, loggingBucket]; } diff --git a/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts index ce907b2d8..d26d7e10b 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts @@ -68,7 +68,7 @@ test('test cloudfront check bucket policy', () => { PolicyDocument: { Statement: [ { - Action: "*", + Action: "s3:*", Condition: { Bool: { "aws:SecureTransport": "false" @@ -79,24 +79,53 @@ test('test cloudfront check bucket policy', () => { AWS: "*" }, Resource: [ + { + "Fn::GetAtt": [ + "S3Bucket07682993", + "Arn" + ] + }, { "Fn::Join": [ "", [ { - "Fn::GetAtt": ["S3Bucket07682993", "Arn"], + "Fn::GetAtt": [ + "S3Bucket07682993", + "Arn" + ] }, - "/*", - ], - ], - }, - { - "Fn::GetAtt": [ - "S3Bucket07682993", - "Arn" + "/*" + ] ] } ] + }, + { + Action: "s3:GetObject", + Effect: "Allow", + Principal: { + CanonicalUser: { + "Fn::GetAtt": [ + "CloudFrontDistributionOrigin1S3Origin3D9CA0E9", + "S3CanonicalUserId" + ] + } + }, + Resource: { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "S3Bucket07682993", + "Arn" + ] + }, + "/*" + ] + ] + } } ], Version: "2012-10-17" @@ -234,7 +263,7 @@ test('test cloudfront override properties', () => { const [sourceBucket] = buildS3Bucket(stack, {}); const props: cloudfront.DistributionProps = { defaultBehavior: { - origin: new origins.S3Origin(sourceBucket, {originPath: '/testPath'}), + origin: new origins.S3Origin(sourceBucket, { originPath: '/testPath' }), viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS, allowedMethods: cloudfront.AllowedMethods.ALLOW_ALL, cachedMethods: cloudfront.CachedMethods.CACHE_GET_HEAD_OPTIONS diff --git a/source/patterns/@aws-solutions-constructs/core/test/s3-bucket-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/s3-bucket-helper.test.ts index 45c0baa5c..fe1e22153 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/s3-bucket-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/s3-bucket-helper.test.ts @@ -155,8 +155,7 @@ test('Check S3 Bucket policy', () => { PolicyDocument: { Statement: [ { - Sid: "HttpsOnly", - Action: "*", + Action: "s3:*", Condition: { Bool: { "aws:SecureTransport": "false", @@ -167,21 +166,24 @@ test('Check S3 Bucket policy', () => { AWS: "*" }, Resource: [ + { + "Fn::GetAtt": [ + "S3Bucket07682993", + "Arn" + ] + }, { "Fn::Join": [ "", [ { - "Fn::GetAtt": ["S3Bucket07682993", "Arn"], + "Fn::GetAtt": [ + "S3Bucket07682993", + "Arn" + ] }, - "/*", - ], - ], - }, - { - "Fn::GetAtt": [ - "S3Bucket07682993", - "Arn" + "/*" + ] ] } ] diff --git a/source/patterns/@aws-solutions-constructs/core/test/s3-bucket.test.ts b/source/patterns/@aws-solutions-constructs/core/test/s3-bucket.test.ts index 996dc03f3..f3c4fe97d 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/s3-bucket.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/s3-bucket.test.ts @@ -154,3 +154,208 @@ test('test createAlbLoggingBucket()', () => { BucketName: 'test-name' }); }); + +test('Test bucket policy that only accepts SSL requests only', () => { + const stack = new Stack(); + + defaults.buildS3Bucket(stack, { + bucketProps: { + enforceSSL: true + } + }, 'test-bucket'); + + expect(stack).toHaveResource("AWS::S3::BucketPolicy", { + PolicyDocument: { + Statement: [ + { + Action: "s3:*", + Condition: { + Bool: { + "aws:SecureTransport": "false" + } + }, + Effect: "Deny", + Principal: { + AWS: "*" + }, + Resource: [ + { + "Fn::GetAtt": [ + "testbucketS3Bucket87F6BFFC", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testbucketS3Bucket87F6BFFC", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + Version: "2012-10-17" + } + }); +}); + +test('Test bucket policy that accepts any requests', () => { + const stack = new Stack(); + + defaults.buildS3Bucket(stack, { + bucketProps: { + enforceSSL: false + } + }, 'test-bucket'); + + expect(stack).not.toHaveResource("AWS::S3::BucketPolicy", { + PolicyDocument: { + Statement: [ + { + Action: "s3:*", + Condition: { + Bool: { + "aws:SecureTransport": "false" + } + }, + Effect: "Deny", + Principal: { + AWS: "*" + }, + Resource: [ + { + "Fn::GetAtt": [ + "testbucketS3Bucket87F6BFFC", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testbucketS3Bucket87F6BFFC", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + Version: "2012-10-17" + } + }); +}); + +test('Test enforcing SSL when bucketProps is not provided', () => { + const stack = new Stack(); + + defaults.buildS3Bucket(stack, {}, 'test-bucket'); + + expect(stack).toHaveResource("AWS::S3::BucketPolicy", { + PolicyDocument: { + Statement: [ + { + Action: "s3:*", + Condition: { + Bool: { + "aws:SecureTransport": "false" + } + }, + Effect: "Deny", + Principal: { + AWS: "*" + }, + Resource: [ + { + "Fn::GetAtt": [ + "testbucketS3Bucket87F6BFFC", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testbucketS3Bucket87F6BFFC", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + Version: "2012-10-17" + } + }); +}); + +test('Test enforcing SSL when bucketProps is provided and enforceSSL is not set', () => { + const stack = new Stack(); + + defaults.buildS3Bucket(stack, { + bucketProps: { + versioned: false, + publicReadAccess: false + } + }, 'test-bucket'); + + expect(stack).toHaveResource("AWS::S3::BucketPolicy", { + PolicyDocument: { + Statement: [ + { + Action: "s3:*", + Condition: { + Bool: { + "aws:SecureTransport": "false" + } + }, + Effect: "Deny", + Principal: { + AWS: "*" + }, + Resource: [ + { + "Fn::GetAtt": [ + "testbucketS3Bucket87F6BFFC", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testbucketS3Bucket87F6BFFC", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + Version: "2012-10-17" + } + }); +}); \ No newline at end of file