From 0af95f58c395f766d29d1ece791d0307621f63e6 Mon Sep 17 00:00:00 2001 From: mickychetta <45010053+mickychetta@users.noreply.github.com> Date: Fri, 5 Nov 2021 14:06:17 -0700 Subject: [PATCH] feat(aws-events-rule-kinesisfirehose-s3): added logS3AccessLogs and loggingBucketProps (#492) * added logS3AccessLogs and loggingBucketProps * added logS3AccessLogs and loggingBucketProps * redeploy stack for cfn nag suppress rule * redeploy stack for cfn nag suppress rule * updated tests for noLoggingBuckets * fixed lint error --- .../README.md | 3 + .../lib/index.ts | 23 +- .../eventbridge-kinesisfirehose-s3.test.ts | 57 +++ .../integ.customLoggingBucket.expected.json | 471 ++++++++++++++++++ .../test/integ.customLoggingBucket.ts | 44 ++ ...irehose-s3-existing-eventbus.expected.json | 107 +--- ...ge-kinesisfirehose-s3-existing-eventbus.ts | 23 +- ...esisfirehose-s3-new-eventbus.expected.json | 107 +--- ...tbridge-kinesisfirehose-s3-new-eventbus.ts | 23 +- ...esisfirehose-s3-no-arguments.expected.json | 12 +- ...tbridge-kinesisfirehose-s3-no-arguments.ts | 8 +- .../README.md | 3 + .../lib/index.ts | 15 + .../events-rule-kinesisfirehose-s3.test.ts | 57 +++ .../integ.customLoggingBucket.expected.json | 471 ++++++++++++++++++ .../test/integ.customLoggingBucket.ts | 44 ++ ...irehose-s3-existing-eventbus.expected.json | 165 ++---- ...le-kinesisfirehose-s3-existing-eventbus.ts | 23 +- ...esisfirehose-s3-new-eventbus.expected.json | 98 ++-- ...ts-rule-kinesisfirehose-s3-new-eventbus.ts | 22 +- ...esisfirehose-s3-no-arguments.expected.json | 12 +- ...ts-rule-kinesisfirehose-s3-no-arguments.ts | 8 +- 22 files changed, 1413 insertions(+), 383 deletions(-) create mode 100644 source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json create mode 100644 source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.ts create mode 100644 source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json create mode 100644 source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.ts diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/README.md b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/README.md index 9fd066a9d..8fe08c6fa 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/README.md @@ -59,6 +59,8 @@ _Parameters_ |existingBucketObj?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Existing instance of S3 Bucket object. If this is provided, then also providing bucketProps is an error. | |bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|User provided props to override the default props for the S3 Bucket.| |logGroupProps?|[`logs.LogGroupProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroupProps.html)|User provided props to override the default props for for the CloudWatchLogs LogGroup.| +|loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.| +|logS3AccessLogs?| boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true| ## Pattern Properties @@ -72,6 +74,7 @@ _Parameters_ |eventsRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for Events Rule| |kinesisFirehoseRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for Kinesis Data Firehose delivery stream| |kinesisFirehoseLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for Kinesis Data Firehose delivery stream| +|s3BucketInterface|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Returns an instance of s3.IBucket created by the construct| ## Default settings diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/lib/index.ts index 2e4180b93..d240150ff 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/lib/index.ts @@ -68,6 +68,19 @@ export interface EventbridgeToKinesisFirehoseToS3Props { * @default - Default props are used */ readonly logGroupProps?: logs.LogGroupProps; + /** + * Optional user provided props to override the default props for the S3 Logging Bucket. + * + * @default - Default props are used + */ + readonly loggingBucketProps?: s3.BucketProps; + /** + * Whether to turn on Access Logs for the S3 bucket with the associated storage costs. + * Enabling Access Logging is a best practice. + * + * @default - true + */ + readonly logS3AccessLogs?: boolean; } export class EventbridgeToKinesisFirehoseToS3 extends Construct { @@ -79,6 +92,7 @@ export class EventbridgeToKinesisFirehoseToS3 extends Construct { public readonly s3Bucket?: s3.Bucket; public readonly s3LoggingBucket?: s3.Bucket; public readonly eventBus?: events.IEventBus; + public readonly s3BucketInterface: s3.IBucket; /** * @summary Constructs a new instance of the EventbridgeToKinesisFirehoseToS3 class. @@ -91,22 +105,21 @@ export class EventbridgeToKinesisFirehoseToS3 extends Construct { super(scope, id); defaults.CheckProps(props); - if (props.existingBucketObj && props.bucketProps) { - throw new Error('Cannot specify both bucket properties and an existing bucket'); - } - // Set up the Kinesis Firehose using KinesisFirehoseToS3 construct const firehoseToS3 = new KinesisFirehoseToS3(this, 'KinesisFirehoseToS3', { kinesisFirehoseProps: props.kinesisFirehoseProps, existingBucketObj: props.existingBucketObj, bucketProps: props.bucketProps, - logGroupProps: props.logGroupProps + logGroupProps: props.logGroupProps, + loggingBucketProps: props.loggingBucketProps, + logS3AccessLogs: props.logS3AccessLogs }); this.kinesisFirehose = firehoseToS3.kinesisFirehose; this.s3Bucket = firehoseToS3.s3Bucket; this.kinesisFirehoseRole = firehoseToS3.kinesisFirehoseRole; this.s3LoggingBucket = firehoseToS3.s3LoggingBucket; this.kinesisFirehoseLogGroup = firehoseToS3.kinesisFirehoseLogGroup; + this.s3BucketInterface = firehoseToS3.s3BucketInterface; // Create an events service role this.eventsRole = new iam.Role(this, 'EventsRuleInvokeKinesisFirehoseRole', { diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/eventbridge-kinesisfirehose-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/eventbridge-kinesisfirehose-s3.test.ts index 2907360e5..9410560b5 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/eventbridge-kinesisfirehose-s3.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/eventbridge-kinesisfirehose-s3.test.ts @@ -205,4 +205,61 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: `testeventbus` }); +}); + +// -------------------------------------------------------------- +// s3 bucket with bucket, loggingBucket, and auto delete objects +// -------------------------------------------------------------- +test('s3 bucket with bucket, loggingBucket, and auto delete objects', () => { + const stack = new cdk.Stack(); + + new EventbridgeToKinesisFirehoseToS3(stack, 'kinsisfirehose-s3', { + eventRuleProps: { + description: 'event rule props', + schedule: events.Schedule.rate(cdk.Duration.minutes(5)) + }, + bucketProps: { + removalPolicy: cdk.RemovalPolicy.DESTROY, + }, + loggingBucketProps: { + removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true + } + }); + + expect(stack).toHaveResource("AWS::S3::Bucket", { + AccessControl: "LogDeliveryWrite" + }); + + expect(stack).toHaveResource("Custom::S3AutoDeleteObjects", { + ServiceToken: { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + BucketName: { + Ref: "kinsisfirehoses3KinesisFirehoseToS3S3LoggingBucket1CC9C6B7" + } + }); +}); + +// -------------------------------------------------------------- +// s3 bucket with one content bucket and no logging bucket +// -------------------------------------------------------------- +test('s3 bucket with one content bucket and no logging bucket', () => { + const stack = new cdk.Stack(); + + new EventbridgeToKinesisFirehoseToS3(stack, 'kinsisfirehose-s3', { + eventRuleProps: { + description: 'event rule props', + schedule: events.Schedule.rate(cdk.Duration.minutes(5)) + }, + bucketProps: { + removalPolicy: cdk.RemovalPolicy.DESTROY, + }, + logS3AccessLogs: false + }); + + expect(stack).toCountResources("AWS::S3::Bucket", 1); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json new file mode 100644 index 000000000..348f3d2b5 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json @@ -0,0 +1,471 @@ +{ + "Resources": { + "testkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketCF5B8A5C": { + "Type": "AWS::S3::Bucket", + "Properties": { + "AccessControl": "LogDeliveryWrite", + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + } + ] + }, + "BucketName": "custom-logging-bucket", + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + }, + "VersioningConfiguration": { + "Status": "Enabled" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W35", + "reason": "This S3 bucket is used as the access logging bucket for another bucket" + } + ] + } + } + }, + "testkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketPolicyCF0D71BD": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "testkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketCF5B8A5C" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketCF5B8A5C", + "Arn" + ] + }, + "/*" + ] + ] + }, + { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketCF5B8A5C", + "Arn" + ] + } + ], + "Sid": "HttpsOnly" + } + ], + "Version": "2012-10-17" + } + } + }, + "testkinesisfirehoses3KinesisFirehoseToS3S3Bucket303877FF": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + } + ] + }, + "LifecycleConfiguration": { + "Rules": [ + { + "NoncurrentVersionTransitions": [ + { + "StorageClass": "GLACIER", + "TransitionInDays": 90 + } + ], + "Status": "Enabled" + } + ] + }, + "LoggingConfiguration": { + "DestinationBucketName": { + "Ref": "testkinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketCF5B8A5C" + } + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + }, + "VersioningConfiguration": { + "Status": "Enabled" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "testkinesisfirehoses3KinesisFirehoseToS3S3BucketPolicy46BDB29D": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "testkinesisfirehoses3KinesisFirehoseToS3S3Bucket303877FF" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3S3Bucket303877FF", + "Arn" + ] + }, + "/*" + ] + ] + }, + { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3S3Bucket303877FF", + "Arn" + ] + } + ], + "Sid": "HttpsOnly" + } + ], + "Version": "2012-10-17" + } + } + }, + "testkinesisfirehoses3KinesisFirehoseToS3firehoseloggroupDDB24FE5": { + "Type": "AWS::Logs::LogGroup", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W86", + "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely" + }, + { + "id": "W84", + "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)" + } + ] + } + } + }, + "testkinesisfirehoses3KinesisFirehoseToS3firehoseloggroupfirehoselogstreamEC0EA660": { + "Type": "AWS::Logs::LogStream", + "Properties": { + "LogGroupName": { + "Ref": "testkinesisfirehoses3KinesisFirehoseToS3firehoseloggroupDDB24FE5" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "testkinesisfirehoses3KinesisFirehoseToS3KinesisFirehoseRole18870C08": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "firehose.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "testkinesisfirehoses3KinesisFirehoseToS3KinesisFirehosePolicyD6A1BC51": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:AbortMultipartUpload", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3S3Bucket303877FF", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3S3Bucket303877FF", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "testkinesisfirehoses3KinesisFirehoseToS3firehoseloggroupDDB24FE5" + }, + ":log-stream:", + { + "Ref": "testkinesisfirehoses3KinesisFirehoseToS3firehoseloggroupfirehoselogstreamEC0EA660" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testkinesisfirehoses3KinesisFirehoseToS3KinesisFirehosePolicyD6A1BC51", + "Roles": [ + { + "Ref": "testkinesisfirehoses3KinesisFirehoseToS3KinesisFirehoseRole18870C08" + } + ] + } + }, + "testkinesisfirehoses3KinesisFirehoseToS3KinesisFirehoseEB65C83D": { + "Type": "AWS::KinesisFirehose::DeliveryStream", + "Properties": { + "DeliveryStreamEncryptionConfigurationInput": { + "KeyType": "AWS_OWNED_CMK" + }, + "ExtendedS3DestinationConfiguration": { + "BucketARN": { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3S3Bucket303877FF", + "Arn" + ] + }, + "BufferingHints": { + "IntervalInSeconds": 300, + "SizeInMBs": 5 + }, + "CloudWatchLoggingOptions": { + "Enabled": true, + "LogGroupName": { + "Ref": "testkinesisfirehoses3KinesisFirehoseToS3firehoseloggroupDDB24FE5" + }, + "LogStreamName": { + "Ref": "testkinesisfirehoses3KinesisFirehoseToS3firehoseloggroupfirehoselogstreamEC0EA660" + } + }, + "CompressionFormat": "GZIP", + "EncryptionConfiguration": { + "KMSEncryptionConfig": { + "AWSKMSKeyARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":alias/aws/s3" + ] + ] + } + } + }, + "RoleARN": { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3KinesisFirehoseRole18870C08", + "Arn" + ] + } + } + } + }, + "testkinesisfirehoses3EventsRuleInvokeKinesisFirehoseRole0D8588E2": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Description": "Events Rule To Kinesis Firehose Role" + } + }, + "testkinesisfirehoses3EventsRuleInvokeKinesisFirehosePolicy88CA86C4": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "firehose:PutRecord", + "firehose:PutRecordBatch" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3KinesisFirehoseEB65C83D", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testkinesisfirehoses3EventsRuleInvokeKinesisFirehosePolicy88CA86C4", + "Roles": [ + { + "Ref": "testkinesisfirehoses3EventsRuleInvokeKinesisFirehoseRole0D8588E2" + } + ] + } + }, + "testkinesisfirehoses3EventsRule05D717D1": { + "Type": "AWS::Events::Rule", + "Properties": { + "ScheduleExpression": "rate(5 minutes)", + "State": "ENABLED", + "Targets": [ + { + "Arn": { + "Fn::GetAtt": [ + "testkinesisfirehoses3KinesisFirehoseToS3KinesisFirehoseEB65C83D", + "Arn" + ] + }, + "Id": "Target0", + "RoleArn": { + "Fn::GetAtt": [ + "testkinesisfirehoses3EventsRuleInvokeKinesisFirehoseRole0D8588E2", + "Arn" + ] + } + } + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store." + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.ts new file mode 100644 index 000000000..b035a6a16 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.customLoggingBucket.ts @@ -0,0 +1,44 @@ +/** + * Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +/// !cdk-integ * +import { App, Stack, RemovalPolicy, Duration } from "@aws-cdk/core"; +import { EventbridgeToKinesisFirehoseToS3 } from "../lib"; +import { generateIntegStackName } from '@aws-solutions-constructs/core'; +import * as s3 from "@aws-cdk/aws-s3"; +import * as events from '@aws-cdk/aws-events'; + +const app = new App(); + +// Empty arguments +const stack = new Stack(app, generateIntegStackName(__filename)); + +new EventbridgeToKinesisFirehoseToS3(stack, 'test-kinesisfirehose-s3', { + eventRuleProps: { + schedule: events.Schedule.rate(Duration.minutes(5)) + }, + bucketProps: { + removalPolicy: RemovalPolicy.DESTROY, + }, + loggingBucketProps: { + removalPolicy: RemovalPolicy.DESTROY, + bucketName: 'custom-logging-bucket', + encryption: s3.BucketEncryption.S3_MANAGED, + versioned: true + }, + logGroupProps: { + removalPolicy: RemovalPolicy.DESTROY + } +}); + +app.synth(); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.expected.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.expected.json index d8942a620..e248febfa 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.expected.json @@ -7,90 +7,6 @@ "Name": "eventbridgekinesisfirehoses3existingeventbustestexistingeventbus435085E6" } }, - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "SSEAlgorithm": "AES256" - } - } - ] - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true - }, - "VersioningConfiguration": { - "Status": "Enabled" - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", - "Metadata": { - "cfn_nag": { - "rules_to_suppress": [ - { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket" - } - ] - } - } - }, - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketPolicy1A5A1E6B": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": "*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44", - "Arn" - ] - }, - "/*" - ] - ] - }, - { - "Fn::GetAtt": [ - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44", - "Arn" - ] - } - ], - "Sid": "HttpsOnly" - } - ], - "Version": "2012-10-17" - } - } - }, "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3BucketF3A3F845": { "Type": "AWS::S3::Bucket", "Properties": { @@ -116,11 +32,6 @@ } ] }, - "LoggingConfiguration": { - "DestinationBucketName": { - "Ref": "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44" - } - }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, @@ -131,8 +42,18 @@ "Status": "Enabled" } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W35", + "reason": "This S3 bucket is created for unit/ integration testing purposes only." + } + ] + } + } }, "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3BucketPolicy6ECA7017": { "Type": "AWS::S3::BucketPolicy", @@ -184,8 +105,8 @@ }, "testeventbridgekinesisfirehoses3KinesisFirehoseToS3firehoseloggroupA843D276": { "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", "Metadata": { "cfn_nag": { "rules_to_suppress": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.ts index 3ac97e437..7ef117844 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.ts +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-existing-eventbus.ts @@ -12,9 +12,11 @@ */ import * as events from '@aws-cdk/aws-events'; -import { App, Stack } from '@aws-cdk/core'; +import { App, Stack, RemovalPolicy } from '@aws-cdk/core'; import { EventbridgeToKinesisFirehoseToS3, EventbridgeToKinesisFirehoseToS3Props } from '../lib'; import { generateIntegStackName } from '@aws-solutions-constructs/core'; +import * as defaults from '@aws-solutions-constructs/core'; +import * as s3 from "@aws-cdk/aws-s3"; const app = new App(); const stack = new Stack(app, generateIntegStackName(__filename)); @@ -26,9 +28,24 @@ const props: EventbridgeToKinesisFirehoseToS3Props = { source: ['solutionsconstructs'] } }, - existingEventBusInterface: existingEventBus + existingEventBusInterface: existingEventBus, + bucketProps: { + removalPolicy: RemovalPolicy.DESTROY + }, + logGroupProps: { + removalPolicy: RemovalPolicy.DESTROY + }, + logS3AccessLogs: false }; -new EventbridgeToKinesisFirehoseToS3(stack, 'test-eventbridge-kinesisfirehose-s3', props); +const construct = new EventbridgeToKinesisFirehoseToS3(stack, 'test-eventbridge-kinesisfirehose-s3', props); +const s3Bucket = construct.s3Bucket as s3.Bucket; + +defaults.addCfnSuppressRules(s3Bucket, [ + { + id: 'W35', + reason: 'This S3 bucket is created for unit/ integration testing purposes only.' + }, +]); app.synth(); diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.expected.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.expected.json index fb34f08bb..2c4239278 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.expected.json @@ -1,90 +1,6 @@ { "Description": "Integration Test for aws-eventbridge-kinesisfirehose-s3", "Resources": { - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "SSEAlgorithm": "AES256" - } - } - ] - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true - }, - "VersioningConfiguration": { - "Status": "Enabled" - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", - "Metadata": { - "cfn_nag": { - "rules_to_suppress": [ - { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket" - } - ] - } - } - }, - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucketPolicy1A5A1E6B": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": "*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44", - "Arn" - ] - }, - "/*" - ] - ] - }, - { - "Fn::GetAtt": [ - "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44", - "Arn" - ] - } - ], - "Sid": "HttpsOnly" - } - ], - "Version": "2012-10-17" - } - } - }, "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3BucketF3A3F845": { "Type": "AWS::S3::Bucket", "Properties": { @@ -110,11 +26,6 @@ } ] }, - "LoggingConfiguration": { - "DestinationBucketName": { - "Ref": "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3LoggingBucket703E6C44" - } - }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, @@ -125,8 +36,18 @@ "Status": "Enabled" } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W35", + "reason": "This S3 bucket is created for unit/ integration testing purposes only." + } + ] + } + } }, "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3BucketPolicy6ECA7017": { "Type": "AWS::S3::BucketPolicy", @@ -178,8 +99,8 @@ }, "testeventbridgekinesisfirehoses3KinesisFirehoseToS3firehoseloggroupA843D276": { "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", "Metadata": { "cfn_nag": { "rules_to_suppress": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.ts index 141f215a5..20cc214e6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.ts +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-new-eventbus.ts @@ -11,9 +11,11 @@ * and limitations under the License. */ -import { App, Stack } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack } from '@aws-cdk/core'; import { EventbridgeToKinesisFirehoseToS3, EventbridgeToKinesisFirehoseToS3Props } from '../lib'; import { generateIntegStackName } from '@aws-solutions-constructs/core'; +import * as defaults from '@aws-solutions-constructs/core'; +import * as s3 from "@aws-cdk/aws-s3"; const app = new App(); const stack = new Stack(app, generateIntegStackName(__filename)); @@ -25,9 +27,24 @@ const props: EventbridgeToKinesisFirehoseToS3Props = { source: ['solutionsconstructs'] } }, - eventBusProps: {} + eventBusProps: {}, + bucketProps: { + removalPolicy: RemovalPolicy.DESTROY + }, + logGroupProps: { + removalPolicy: RemovalPolicy.DESTROY + }, + logS3AccessLogs: false }; -new EventbridgeToKinesisFirehoseToS3(stack, 'test-eventbridge-kinesisfirehose-s3', props); +const construct = new EventbridgeToKinesisFirehoseToS3(stack, 'test-eventbridge-kinesisfirehose-s3', props); +const s3Bucket = construct.s3Bucket as s3.Bucket; + +defaults.addCfnSuppressRules(s3Bucket, [ + { + id: 'W35', + reason: 'This S3 bucket is created for unit/ integration testing purposes only.' + }, +]); app.synth(); diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.expected.json index eb051e06a..5e792492e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.expected.json @@ -24,8 +24,8 @@ "Status": "Enabled" } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", "Metadata": { "cfn_nag": { "rules_to_suppress": [ @@ -125,8 +125,8 @@ "Status": "Enabled" } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "testeventbridgekinesisfirehoses3KinesisFirehoseToS3S3BucketPolicy6ECA7017": { "Type": "AWS::S3::BucketPolicy", @@ -178,8 +178,8 @@ }, "testeventbridgekinesisfirehoses3KinesisFirehoseToS3firehoseloggroupA843D276": { "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", "Metadata": { "cfn_nag": { "rules_to_suppress": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.ts index c73a050f1..d98324c9c 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.ts +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/integ.eventbridge-kinesisfirehose-s3-no-arguments.ts @@ -12,7 +12,7 @@ */ import * as events from '@aws-cdk/aws-events'; -import { App, Stack, Duration } from '@aws-cdk/core'; +import { App, Stack, Duration, RemovalPolicy } from '@aws-cdk/core'; import { EventbridgeToKinesisFirehoseToS3, EventbridgeToKinesisFirehoseToS3Props } from '../lib'; import { generateIntegStackName } from '@aws-solutions-constructs/core'; @@ -23,6 +23,12 @@ stack.templateOptions.description = 'Integration Test for aws-eventbridge-kinesi const props: EventbridgeToKinesisFirehoseToS3Props = { eventRuleProps: { schedule: events.Schedule.rate(Duration.minutes(5)) + }, + logGroupProps: { + removalPolicy: RemovalPolicy.DESTROY + }, + bucketProps: { + removalPolicy: RemovalPolicy.DESTROY } }; diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/README.md b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/README.md index 600f65ea6..5c1c36d2b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/README.md @@ -61,6 +61,8 @@ _Parameters_ |existingBucketObj?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Existing instance of S3 Bucket object. If this is provided, then also providing bucketProps is an error. | |bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|User provided props to override the default props for the S3 Bucket.| |logGroupProps?|[`logs.LogGroupProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroupProps.html)|User provided props to override the default props for for the CloudWatchLogs LogGroup.| +|loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.| +|logS3AccessLogs?| boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true| ## Pattern Properties @@ -74,6 +76,7 @@ _Parameters_ |eventsRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for Events Rule| |kinesisFirehoseRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for Kinesis Data Firehose delivery stream| |kinesisFirehoseLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for Kinesis Data Firehose delivery stream| +|s3BucketInterface|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Returns an instance of s3.IBucket created by the construct| ## Default settings diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/lib/index.ts index e844e1f55..839d028f3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/lib/index.ts @@ -66,6 +66,19 @@ export interface EventsRuleToKinesisFirehoseToS3Props { * @default - Default props are used */ readonly logGroupProps?: logs.LogGroupProps; + /** + * Optional user provided props to override the default props for the S3 Logging Bucket. + * + * @default - Default props are used + */ + readonly loggingBucketProps?: s3.BucketProps; + /** + * Whether to turn on Access Logs for the S3 bucket with the associated storage costs. + * Enabling Access Logging is a best practice. + * + * @default - true + */ + readonly logS3AccessLogs?: boolean; } export class EventsRuleToKinesisFirehoseToS3 extends Construct { @@ -77,6 +90,7 @@ export class EventsRuleToKinesisFirehoseToS3 extends Construct { public readonly s3Bucket?: s3.Bucket; public readonly s3LoggingBucket?: s3.Bucket; public readonly eventBus?: events.IEventBus; + public readonly s3BucketInterface: s3.IBucket; /** * @summary Constructs a new instance of the EventsRuleToKinesisFirehoseToS3 class. @@ -102,5 +116,6 @@ export class EventsRuleToKinesisFirehoseToS3 extends Construct { this.s3Bucket = wrappedConstruct.s3Bucket; this.s3LoggingBucket = wrappedConstruct.s3LoggingBucket; this.eventBus = wrappedConstruct.eventBus; + this.s3BucketInterface = wrappedConstruct.s3BucketInterface; } } \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/events-rule-kinesisfirehose-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/events-rule-kinesisfirehose-s3.test.ts index b0771826a..2f35063ed 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/events-rule-kinesisfirehose-s3.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/events-rule-kinesisfirehose-s3.test.ts @@ -205,4 +205,61 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: `testeventbus` }); +}); + +// -------------------------------------------------------------- +// s3 bucket with bucket, loggingBucket, and auto delete objects +// -------------------------------------------------------------- +test('s3 bucket with bucket, loggingBucket, and auto delete objects', () => { + const stack = new cdk.Stack(); + + new EventsRuleToKinesisFirehoseToS3(stack, 'events-rule-kinsisfirehose-s3', { + eventRuleProps: { + description: 'event rule props', + schedule: events.Schedule.rate(cdk.Duration.minutes(5)) + }, + bucketProps: { + removalPolicy: cdk.RemovalPolicy.DESTROY, + }, + loggingBucketProps: { + removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true + } + }); + + expect(stack).toHaveResource("AWS::S3::Bucket", { + AccessControl: "LogDeliveryWrite" + }); + + expect(stack).toHaveResource("Custom::S3AutoDeleteObjects", { + ServiceToken: { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn" + ] + }, + BucketName: { + Ref: "eventsrulekinsisfirehoses3eventsrulekinsisfirehoses3WKinesisFirehoseToS3S3LoggingBucket9FCAE876" + } + }); +}); + +// -------------------------------------------------------------- +// s3 bucket with one content bucket and no logging bucket +// -------------------------------------------------------------- +test('s3 bucket with one content bucket and no logging bucket', () => { + const stack = new cdk.Stack(); + + new EventsRuleToKinesisFirehoseToS3(stack, 'events-rule-kinsisfirehose-s3', { + eventRuleProps: { + description: 'event rule props', + schedule: events.Schedule.rate(cdk.Duration.minutes(5)) + }, + bucketProps: { + removalPolicy: cdk.RemovalPolicy.DESTROY, + }, + logS3AccessLogs: false + }); + + expect(stack).toCountResources("AWS::S3::Bucket", 1); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json new file mode 100644 index 000000000..500e89c51 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.expected.json @@ -0,0 +1,471 @@ +{ + "Resources": { + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketD6CEA4BD": { + "Type": "AWS::S3::Bucket", + "Properties": { + "AccessControl": "LogDeliveryWrite", + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + } + ] + }, + "BucketName": "custom-logging-bucket", + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + }, + "VersioningConfiguration": { + "Status": "Enabled" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W35", + "reason": "This S3 bucket is used as the access logging bucket for another bucket" + } + ] + } + } + }, + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketPolicyB40035A4": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketD6CEA4BD" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketD6CEA4BD", + "Arn" + ] + }, + "/*" + ] + ] + }, + { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketD6CEA4BD", + "Arn" + ] + } + ], + "Sid": "HttpsOnly" + } + ], + "Version": "2012-10-17" + } + } + }, + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3BucketABE82A57": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + } + ] + }, + "LifecycleConfiguration": { + "Rules": [ + { + "NoncurrentVersionTransitions": [ + { + "StorageClass": "GLACIER", + "TransitionInDays": 90 + } + ], + "Status": "Enabled" + } + ] + }, + "LoggingConfiguration": { + "DestinationBucketName": { + "Ref": "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketD6CEA4BD" + } + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + }, + "VersioningConfiguration": { + "Status": "Enabled" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3BucketPolicy2FE60F1B": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3BucketABE82A57" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3BucketABE82A57", + "Arn" + ] + }, + "/*" + ] + ] + }, + { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3BucketABE82A57", + "Arn" + ] + } + ], + "Sid": "HttpsOnly" + } + ], + "Version": "2012-10-17" + } + } + }, + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup60013F58": { + "Type": "AWS::Logs::LogGroup", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W86", + "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely" + }, + { + "id": "W84", + "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)" + } + ] + } + } + }, + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream91EDBE9A": { + "Type": "AWS::Logs::LogStream", + "Properties": { + "LogGroupName": { + "Ref": "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup60013F58" + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole42437673": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "firehose.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3KinesisFirehosePolicy303B897A": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:AbortMultipartUpload", + "s3:GetBucketLocation", + "s3:GetObject", + "s3:ListBucket", + "s3:ListBucketMultipartUploads", + "s3:PutObject" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3BucketABE82A57", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3BucketABE82A57", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": "logs:PutLogEvents", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":logs:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":log-group:", + { + "Ref": "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup60013F58" + }, + ":log-stream:", + { + "Ref": "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream91EDBE9A" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3KinesisFirehosePolicy303B897A", + "Roles": [ + { + "Ref": "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole42437673" + } + ] + } + }, + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose91CEF175": { + "Type": "AWS::KinesisFirehose::DeliveryStream", + "Properties": { + "DeliveryStreamEncryptionConfigurationInput": { + "KeyType": "AWS_OWNED_CMK" + }, + "ExtendedS3DestinationConfiguration": { + "BucketARN": { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3S3BucketABE82A57", + "Arn" + ] + }, + "BufferingHints": { + "IntervalInSeconds": 300, + "SizeInMBs": 5 + }, + "CloudWatchLoggingOptions": { + "Enabled": true, + "LogGroupName": { + "Ref": "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup60013F58" + }, + "LogStreamName": { + "Ref": "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream91EDBE9A" + } + }, + "CompressionFormat": "GZIP", + "EncryptionConfiguration": { + "KMSEncryptionConfig": { + "AWSKMSKeyARN": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":alias/aws/s3" + ] + ] + } + } + }, + "RoleARN": { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole42437673", + "Arn" + ] + } + } + } + }, + "testkinesisfirehoses3testkinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRoleBE3A1A3D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "events.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "Description": "Events Rule To Kinesis Firehose Role" + } + }, + "testkinesisfirehoses3testkinesisfirehoses3WEventsRuleInvokeKinesisFirehosePolicy9214702E": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "firehose:PutRecord", + "firehose:PutRecordBatch" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose91CEF175", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "testkinesisfirehoses3testkinesisfirehoses3WEventsRuleInvokeKinesisFirehosePolicy9214702E", + "Roles": [ + { + "Ref": "testkinesisfirehoses3testkinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRoleBE3A1A3D" + } + ] + } + }, + "testkinesisfirehoses3testkinesisfirehoses3WEventsRule1604FC0D": { + "Type": "AWS::Events::Rule", + "Properties": { + "ScheduleExpression": "rate(5 minutes)", + "State": "ENABLED", + "Targets": [ + { + "Arn": { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose91CEF175", + "Arn" + ] + }, + "Id": "Target0", + "RoleArn": { + "Fn::GetAtt": [ + "testkinesisfirehoses3testkinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRoleBE3A1A3D", + "Arn" + ] + } + } + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store." + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.ts new file mode 100644 index 000000000..cebc498d8 --- /dev/null +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.customLoggingBucket.ts @@ -0,0 +1,44 @@ +/** + * Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance + * with the License. A copy of the License is located at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES + * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions + * and limitations under the License. + */ + +/// !cdk-integ * +import { App, Stack, RemovalPolicy, Duration } from "@aws-cdk/core"; +import { EventsRuleToKinesisFirehoseToS3 } from "../lib"; +import { generateIntegStackName } from '@aws-solutions-constructs/core'; +import { BucketEncryption } from "@aws-cdk/aws-s3"; +import * as events from '@aws-cdk/aws-events'; + +const app = new App(); + +// Empty arguments +const stack = new Stack(app, generateIntegStackName(__filename)); + +new EventsRuleToKinesisFirehoseToS3(stack, 'test-kinesisfirehose-s3', { + eventRuleProps: { + schedule: events.Schedule.rate(Duration.minutes(5)) + }, + bucketProps: { + removalPolicy: RemovalPolicy.DESTROY, + }, + loggingBucketProps: { + removalPolicy: RemovalPolicy.DESTROY, + bucketName: 'custom-logging-bucket', + encryption: BucketEncryption.S3_MANAGED, + versioned: true + }, + logGroupProps: { + removalPolicy: RemovalPolicy.DESTROY + } +}); + +app.synth(); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.expected.json index acce46b18..375e81099 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.expected.json @@ -7,91 +7,7 @@ "Name": "eventsrulekinesisfirehoses3existingeventbustestexistingeventbus60C95343" } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketF39FAD06": { - "Type": "AWS::S3::Bucket", - "Properties": { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "SSEAlgorithm": "AES256" - } - } - ] - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true - }, - "VersioningConfiguration": { - "Status": "Enabled" - } - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", - "Metadata": { - "cfn_nag": { - "rules_to_suppress": [ - { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket" - } - ] - } - } - }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketPolicyF9460CFD": { - "Type": "AWS::S3::BucketPolicy", - "Properties": { - "Bucket": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketF39FAD06" - }, - "PolicyDocument": { - "Statement": [ - { - "Action": "*", - "Condition": { - "Bool": { - "aws:SecureTransport": "false" - } - }, - "Effect": "Deny", - "Principal": { - "AWS": "*" - }, - "Resource": [ - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketF39FAD06", - "Arn" - ] - }, - "/*" - ] - ] - }, - { - "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketF39FAD06", - "Arn" - ] - } - ], - "Sid": "HttpsOnly" - } - ], - "Version": "2012-10-17" - } - } - }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC": { "Type": "AWS::S3::Bucket", "Properties": { "BucketEncryption": { @@ -116,11 +32,6 @@ } ] }, - "LoggingConfiguration": { - "DestinationBucketName": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketF39FAD06" - } - }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, @@ -131,14 +42,24 @@ "Status": "Enabled" } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W35", + "reason": "This S3 bucket is created for unit/ integration testing purposes only." + } + ] + } + } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketPolicy908B8F80": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketPolicyB5F556D0": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC" }, "PolicyDocument": { "Statement": [ @@ -160,7 +81,7 @@ [ { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", "Arn" ] }, @@ -170,7 +91,7 @@ }, { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", "Arn" ] } @@ -182,10 +103,10 @@ } } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup7B174BA1": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup9EE85371": { "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", "Metadata": { "cfn_nag": { "rules_to_suppress": [ @@ -201,17 +122,17 @@ } } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream6FA9D51F": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream0ECFD952": { "Type": "AWS::Logs::LogStream", "Properties": { "LogGroupName": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup7B174BA1" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup9EE85371" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole7326FCDB": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole39C4193F": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -228,7 +149,7 @@ } } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehosePolicyFD980509": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehosePolicy6BDAC476": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -246,7 +167,7 @@ "Resource": [ { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", "Arn" ] }, @@ -256,7 +177,7 @@ [ { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", "Arn" ] }, @@ -287,11 +208,11 @@ }, ":log-group:", { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup7B174BA1" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup9EE85371" }, ":log-stream:", { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream6FA9D51F" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream0ECFD952" } ] ] @@ -300,15 +221,15 @@ ], "Version": "2012-10-17" }, - "PolicyName": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehosePolicyFD980509", + "PolicyName": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehosePolicy6BDAC476", "Roles": [ { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole7326FCDB" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole39C4193F" } ] } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose9AE5A31E": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose30C8ED9D": { "Type": "AWS::KinesisFirehose::DeliveryStream", "Properties": { "DeliveryStreamEncryptionConfigurationInput": { @@ -317,7 +238,7 @@ "ExtendedS3DestinationConfiguration": { "BucketARN": { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", "Arn" ] }, @@ -328,10 +249,10 @@ "CloudWatchLoggingOptions": { "Enabled": true, "LogGroupName": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup7B174BA1" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup9EE85371" }, "LogStreamName": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream6FA9D51F" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream0ECFD952" } }, "CompressionFormat": "GZIP", @@ -361,14 +282,14 @@ }, "RoleARN": { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole7326FCDB", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole39C4193F", "Arn" ] } } } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRole09EB34EE": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRoleAF132B5A": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -386,7 +307,7 @@ "Description": "Events Rule To Kinesis Firehose Role" } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehosePolicyF2F1B017": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehosePolicyC8498865": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -399,7 +320,7 @@ "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose9AE5A31E", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose30C8ED9D", "Arn" ] } @@ -407,15 +328,15 @@ ], "Version": "2012-10-17" }, - "PolicyName": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehosePolicyF2F1B017", + "PolicyName": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehosePolicyC8498865", "Roles": [ { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRole09EB34EE" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRoleAF132B5A" } ] } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRule71C353D5": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRule5A650994": { "Type": "AWS::Events::Rule", "Properties": { "EventBusName": { @@ -431,14 +352,14 @@ { "Arn": { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose9AE5A31E", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose30C8ED9D", "Arn" ] }, "Id": "Target0", "RoleArn": { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRole09EB34EE", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRoleAF132B5A", "Arn" ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.ts index bd99739d9..ad39f29bc 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-existing-eventbus.ts @@ -12,9 +12,11 @@ */ import * as events from '@aws-cdk/aws-events'; -import { App, Stack } from '@aws-cdk/core'; +import { App, RemovalPolicy, Stack } from '@aws-cdk/core'; import { EventsRuleToKinesisFirehoseToS3, EventsRuleToKinesisFirehoseToS3Props } from '../lib'; import { generateIntegStackName } from '@aws-solutions-constructs/core'; +import * as defaults from '@aws-solutions-constructs/core'; +import * as s3 from "@aws-cdk/aws-s3"; const app = new App(); const stack = new Stack(app, generateIntegStackName(__filename)); @@ -26,9 +28,24 @@ const props: EventsRuleToKinesisFirehoseToS3Props = { source: ['solutionsconstructs'] } }, - existingEventBusInterface: existingEventBus + existingEventBusInterface: existingEventBus, + bucketProps: { + removalPolicy: RemovalPolicy.DESTROY + }, + logGroupProps: { + removalPolicy: RemovalPolicy.DESTROY + }, + logS3AccessLogs: false }; -new EventsRuleToKinesisFirehoseToS3(stack, 'test-eventsrule-kinesisfirehose-s3', props); +const construct = new EventsRuleToKinesisFirehoseToS3(stack, 'test-events-rule-kinesisfirehose-s3', props); +const s3Bucket = construct.s3Bucket as s3.Bucket; + +defaults.addCfnSuppressRules(s3Bucket, [ + { + id: 'W35', + reason: 'This S3 bucket is created for unit/ integration testing purposes only.' + }, +]); app.synth(); diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.expected.json index bea3f836d..85ef330a8 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.expected.json @@ -1,7 +1,7 @@ { "Description": "Integration Test for aws-eventsrule-kinesisfirehose-s3", "Resources": { - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketF39FAD06": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketC5C17A3C": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "LogDeliveryWrite", @@ -24,8 +24,8 @@ "Status": "Enabled" } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", "Metadata": { "cfn_nag": { "rules_to_suppress": [ @@ -37,11 +37,11 @@ } } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketPolicyF9460CFD": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketPolicyB9D88D03": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketF39FAD06" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketC5C17A3C" }, "PolicyDocument": { "Statement": [ @@ -63,7 +63,7 @@ [ { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketF39FAD06", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketC5C17A3C", "Arn" ] }, @@ -73,7 +73,7 @@ }, { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketF39FAD06", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketC5C17A3C", "Arn" ] } @@ -85,7 +85,7 @@ } } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC": { "Type": "AWS::S3::Bucket", "Properties": { "BucketEncryption": { @@ -112,7 +112,7 @@ }, "LoggingConfiguration": { "DestinationBucketName": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketF39FAD06" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3LoggingBucketC5C17A3C" } }, "PublicAccessBlockConfiguration": { @@ -125,14 +125,24 @@ "Status": "Enabled" } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W35", + "reason": "This S3 bucket is created for unit/ integration testing purposes only." + } + ] + } + } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketPolicy908B8F80": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketPolicyB5F556D0": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC" }, "PolicyDocument": { "Statement": [ @@ -154,7 +164,7 @@ [ { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", "Arn" ] }, @@ -164,7 +174,7 @@ }, { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", "Arn" ] } @@ -176,10 +186,10 @@ } } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup7B174BA1": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup9EE85371": { "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", "Metadata": { "cfn_nag": { "rules_to_suppress": [ @@ -195,17 +205,17 @@ } } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream6FA9D51F": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream0ECFD952": { "Type": "AWS::Logs::LogStream", "Properties": { "LogGroupName": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup7B174BA1" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup9EE85371" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain" }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole7326FCDB": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole39C4193F": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -222,7 +232,7 @@ } } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehosePolicyFD980509": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehosePolicy6BDAC476": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -240,7 +250,7 @@ "Resource": [ { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", "Arn" ] }, @@ -250,7 +260,7 @@ [ { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", "Arn" ] }, @@ -281,11 +291,11 @@ }, ":log-group:", { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup7B174BA1" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup9EE85371" }, ":log-stream:", { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream6FA9D51F" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream0ECFD952" } ] ] @@ -294,15 +304,15 @@ ], "Version": "2012-10-17" }, - "PolicyName": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehosePolicyFD980509", + "PolicyName": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehosePolicy6BDAC476", "Roles": [ { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole7326FCDB" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole39C4193F" } ] } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose9AE5A31E": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose30C8ED9D": { "Type": "AWS::KinesisFirehose::DeliveryStream", "Properties": { "DeliveryStreamEncryptionConfigurationInput": { @@ -311,7 +321,7 @@ "ExtendedS3DestinationConfiguration": { "BucketARN": { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketF9EB0248", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3Bucket099FD6EC", "Arn" ] }, @@ -322,10 +332,10 @@ "CloudWatchLoggingOptions": { "Enabled": true, "LogGroupName": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup7B174BA1" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup9EE85371" }, "LogStreamName": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream6FA9D51F" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroupfirehoselogstream0ECFD952" } }, "CompressionFormat": "GZIP", @@ -355,14 +365,14 @@ }, "RoleARN": { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole7326FCDB", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehoseRole39C4193F", "Arn" ] } } } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRole09EB34EE": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRoleAF132B5A": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { @@ -380,7 +390,7 @@ "Description": "Events Rule To Kinesis Firehose Role" } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehosePolicyF2F1B017": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehosePolicyC8498865": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { @@ -393,7 +403,7 @@ "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose9AE5A31E", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose30C8ED9D", "Arn" ] } @@ -401,25 +411,25 @@ ], "Version": "2012-10-17" }, - "PolicyName": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehosePolicyF2F1B017", + "PolicyName": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehosePolicyC8498865", "Roles": [ { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRole09EB34EE" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRoleAF132B5A" } ] } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WCustomEventBusC937349B": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WCustomEventBusB74FE76C": { "Type": "AWS::Events::EventBus", "Properties": { - "Name": "eventsrulekinesisfirehoses3neweventbustesteventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WCustomEventBus13FD48C9" + "Name": "eventsrulekinesisfirehoses3neweventbustesteventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WCustomEventBusAAD2F943" } }, - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRule71C353D5": { + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRule5A650994": { "Type": "AWS::Events::Rule", "Properties": { "EventBusName": { - "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WCustomEventBusC937349B" + "Ref": "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WCustomEventBusB74FE76C" }, "EventPattern": { "source": [ @@ -431,14 +441,14 @@ { "Arn": { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose9AE5A31E", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3KinesisFirehose30C8ED9D", "Arn" ] }, "Id": "Target0", "RoleArn": { "Fn::GetAtt": [ - "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRole09EB34EE", + "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WEventsRuleInvokeKinesisFirehoseRoleAF132B5A", "Arn" ] } diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.ts index 4b7842b92..338415e85 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-new-eventbus.ts @@ -11,9 +11,11 @@ * and limitations under the License. */ -import { App, Stack } from '@aws-cdk/core'; +import { App, Stack, RemovalPolicy } from '@aws-cdk/core'; import { EventsRuleToKinesisFirehoseToS3, EventsRuleToKinesisFirehoseToS3Props } from '../lib'; import { generateIntegStackName } from '@aws-solutions-constructs/core'; +import * as defaults from '@aws-solutions-constructs/core'; +import * as s3 from "@aws-cdk/aws-s3"; const app = new App(); const stack = new Stack(app, generateIntegStackName(__filename)); @@ -25,9 +27,23 @@ const props: EventsRuleToKinesisFirehoseToS3Props = { source: ['solutionsconstructs'] } }, - eventBusProps: {} + eventBusProps: {}, + bucketProps: { + removalPolicy: RemovalPolicy.DESTROY + }, + logGroupProps: { + removalPolicy: RemovalPolicy.DESTROY + } }; -new EventsRuleToKinesisFirehoseToS3(stack, 'test-eventsrule-kinesisfirehose-s3', props); +const construct = new EventsRuleToKinesisFirehoseToS3(stack, 'test-events-rule-kinesisfirehose-s3', props); +const s3Bucket = construct.s3Bucket as s3.Bucket; + +defaults.addCfnSuppressRules(s3Bucket, [ + { + id: 'W35', + reason: 'This S3 bucket is created for unit/ integration testing purposes only.' + }, +]); app.synth(); diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.expected.json index 2fb6de7fd..847df6498 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.expected.json @@ -24,8 +24,8 @@ "Status": "Enabled" } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", "Metadata": { "cfn_nag": { "rules_to_suppress": [ @@ -125,8 +125,8 @@ "Status": "Enabled" } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3S3BucketPolicyB5F556D0": { "Type": "AWS::S3::BucketPolicy", @@ -178,8 +178,8 @@ }, "testeventsrulekinesisfirehoses3testeventsrulekinesisfirehoses3WKinesisFirehoseToS3firehoseloggroup9EE85371": { "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete", "Metadata": { "cfn_nag": { "rules_to_suppress": [ diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.ts index f4918ad45..09eedeef5 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/integ.events-rule-kinesisfirehose-s3-no-arguments.ts @@ -12,7 +12,7 @@ */ import * as events from '@aws-cdk/aws-events'; -import { App, Stack, Duration } from '@aws-cdk/core'; +import { App, Stack, Duration, RemovalPolicy } from '@aws-cdk/core'; import {EventsRuleToKinesisFirehoseToS3, EventsRuleToKinesisFirehoseToS3Props} from '../lib'; import { generateIntegStackName } from '@aws-solutions-constructs/core'; @@ -23,6 +23,12 @@ stack.templateOptions.description = 'Integration Test for aws-events-rule-kinesi const props: EventsRuleToKinesisFirehoseToS3Props = { eventRuleProps: { schedule: events.Schedule.rate(Duration.minutes(5)) + }, + bucketProps: { + removalPolicy: RemovalPolicy.DESTROY + }, + logGroupProps: { + removalPolicy: RemovalPolicy.DESTROY } };