diff --git a/.versionrc.json b/.versionrc.json index ef0bc2b32..8756cfa8a 100644 --- a/.versionrc.json +++ b/.versionrc.json @@ -1,5 +1,5 @@ { - "skip": { "tag": true }, + "skip": { "tag": true, "commit": true }, "packageFiles": [ { "filename": "source/lerna.json", "type": "json" } ], "bumpFiles": [ { "filename": "source/lerna.json", "type": "json" } ] } diff --git a/.viperlightignore b/.viperlightignore index 8a5582181..fd5747948 100644 --- a/.viperlightignore +++ b/.viperlightignore @@ -11,40 +11,39 @@ source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.n source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/integ.apigateway-dynamodb-existing-table.expected.json:60 CODE_OF_CONDUCT.md:4 CONTRIBUTING.md:244 -source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts:114 -source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts:124 +source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts:107 source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/test.kinesisstream-gluejob.test.ts:126 source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.deployFunction.expected.json:112 source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/integ.existingFunction.expected.json:112 source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/integ.apigateway-sqs-crud.expected.json:201 source/tools/cdk-integ-tools/package-lock.json:373 source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.js:115 -source/patterns/@aws-solutions-constructs/core/test/lambda-helper.test.ts:297 -source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts:102 -source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/dynamodbstreams-lambda.test.ts:102 -source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts:219 -source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts:186 +source/patterns/@aws-solutions-constructs/core/test/lambda-helper.test.ts:233 +source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts:98 +source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/dynamodbstreams-lambda.test.ts:98 +source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts:212 +source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts:180 source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-lambda.test.ts:66 source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-lambda.test.ts:67 -source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts:130 -source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/lambda-stepfunctions.test.ts:130 -source/patterns/@aws-solutions-constructs/aws-events-rule-sns/test/events-rule-sns-topic.test.ts:255 -source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/eventbridge-sns-topic.test.ts:255 -source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/test/events-rule-sqs-queue.test.ts:143 -source/patterns/@aws-solutions-constructs/aws-eventbridge-sqs/test/eventbridge-sqs-queue.test.ts:143 -source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts:105 -source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/dynamodbstreams-lambda.test.ts:105 +source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts:125 +source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/lambda-stepfunctions.test.ts:125 +source/patterns/@aws-solutions-constructs/aws-events-rule-sns/test/events-rule-sns-topic.test.ts:248 +source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/eventbridge-sns-topic.test.ts:248 +source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/test/events-rule-sqs-queue.test.ts:136 +source/patterns/@aws-solutions-constructs/aws-eventbridge-sqs/test/eventbridge-sqs-queue.test.ts:136 +source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts:103 +source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/dynamodbstreams-lambda.test.ts:103 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/README.md:39 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.defaultParams.expected.json:266 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.overrideParams.expected.json:269 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/test.apigateway-iot.test.ts:29 source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.override_auth_api_keys.expected.json:267 -source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts:124 -source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts:171 +source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts:118 +source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts:164 source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/test.s3-sqs.test.ts:251 source/use_cases/aws-custom-glue-etl/stream-producer/generate_data.py:86 source/use_cases/aws-custom-glue-etl/stream-producer/generate_data.py:87 -source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/lambda-secretsmanager.test.ts:480 +source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/lambda-secretsmanager.test.ts:460 source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/integ.deployFunction.expected.json:6 source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/integ.deployFunction.expected.json:9 source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/integ.deployFunction.expected.json:12 @@ -131,7 +130,7 @@ source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/test source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/test-helper.ts:84 source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/integ.existing-s3-bucket.expected.json:33 # This is a test case -source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/test.kinesisstream-gluejob.test.ts:129 +source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/test.kinesisstream-gluejob.test.ts:127 # aws-lambda-eventbridge. Auto generated Ids are ignored & x-ray resource permission with a `*` in test cases is ignored source/patterns/@aws-solutions-constructs/aws-lambda-eventbridge/test/integ.deployFunction.expected.json:122 source/patterns/@aws-solutions-constructs/aws-lambda-eventbridge/test/integ.deployFunctionWithNewEventBus.expected.json:149 diff --git a/CHANGELOG.v2.md b/CHANGELOG.v2.md new file mode 100644 index 000000000..e69de29bb diff --git a/deployment/bump.sh b/deployment/bump.sh index 992461459..c0216b4f3 100755 --- a/deployment/bump.sh +++ b/deployment/bump.sh @@ -14,8 +14,18 @@ # -------------------------------------------------------------------------------------------------- set -euo pipefail version=${1:-minor} +deployment_dir=$(cd $(dirname $0) && pwd) echo "Starting ${version} version bump" # Generate CHANGELOG and create a commit -npx standard-version --release-as ${version} \ No newline at end of file +npx standard-version --release-as ${version} + +# Disabled the autocommit of 'standard-version' due to faulty CHANGELOG.md updates during CDK v2 build +# and hence need to run git add/commit commands outside of 'standard-version' +repoVersion=$(node -p "require('${deployment_dir}/get-version')") +echo "repoVersion=${repoVersion}" + +git add source/lerna.json +git add CHANGELOG.md +git commit -m "chore(release): ${repoVersion}" \ No newline at end of file diff --git a/deployment/v2/align-version.js b/deployment/v2/align-version.js new file mode 100755 index 000000000..6584e853a --- /dev/null +++ b/deployment/v2/align-version.js @@ -0,0 +1,70 @@ +#!/usr/bin/env node +// It will make following updates to package.json +// 1 - align the version in a package.json file to the version of the repo +// 2 - Remove all entries starting with @aws-cdk/* and constructs from "dependencies": { ... } +// 3 - Remove all entries starting with @aws-cdk/* and constructs from "peerDependencies": { ... }, Add { "aws-cdk-lib": "^2.0.0-rc.1", "constructs": "^10.0.0" } +// 4 - Add { "aws-cdk-lib": "2.0.0-rc.1", "constructs": "^10.0.0" } to "devDependencies" +const fs = require('fs'); + +const findVersion = process.argv[2]; +const replaceVersion = process.argv[3]; + +// these versions need to be sourced from a config file +const awsCdkLibVersion = '2.0.0-rc.16'; +const constructsVersion = '10.0.0'; + +for (const file of process.argv.splice(4)) { + const pkg = JSON.parse(fs.readFileSync(file).toString()); + + if (pkg.version !== findVersion && pkg.version !== replaceVersion) { + throw new Error(`unexpected - all package.json files in this repo should have a version of ${findVersion} or ${replaceVersion}: ${file}`); + } + + pkg.version = replaceVersion; + + pkg.dependencies = processDependencies(pkg.dependencies || { }, file); + pkg.peerDependencies = processPeerDependencies(pkg.peerDependencies || { }, file); + pkg.devDependencies = processDevDependencies(pkg.devDependencies || { }, file); + + console.error(`${file} => ${replaceVersion}`); + fs.writeFileSync(file, JSON.stringify(pkg, undefined, 2)); + +} + +function processDependencies(section, file) { + let newdependencies = {}; + for (const [ name, version ] of Object.entries(section)) { + // Remove all entries starting with @aws-cdk/* and constructs + if (!name.startsWith('@aws-cdk/') && !name.startsWith('constructs')) { + newdependencies[name] = version.replace(findVersion, replaceVersion); + } + } + return newdependencies; +} + +function processPeerDependencies(section, file) { + let newdependencies = {}; + for (const [ name, version ] of Object.entries(section)) { + // Remove all entries starting with @aws-cdk/* and constructs + if (!name.startsWith('@aws-cdk/') && !name.startsWith('constructs')) { + newdependencies[name] = version.replace(findVersion, replaceVersion); + } + } + newdependencies["aws-cdk-lib"] = `^${awsCdkLibVersion}`; + newdependencies["constructs"] = `^${constructsVersion}`; + return newdependencies; +} + +function processDevDependencies(section, file) { + let newdependencies = section; + for (const [ name, version ] of Object.entries(newdependencies)) { + // Remove all entries starting with @aws-cdk/* and constructs + if (version === findVersion || version === '^' + findVersion) { + newdependencies[name] = version.replace(findVersion, replaceVersion); + } + } + // note: no ^ to make sure we test against the minimum version + newdependencies["aws-cdk-lib"] = `${awsCdkLibVersion}`; + newdependencies["constructs"] = `^${constructsVersion}`; + return newdependencies; +} diff --git a/deployment/v2/align-version.sh b/deployment/v2/align-version.sh new file mode 100755 index 000000000..521fd4ca8 --- /dev/null +++ b/deployment/v2/align-version.sh @@ -0,0 +1,24 @@ +#!/bin/bash +set -euo pipefail + +deployment_dir=$(cd $(dirname $0) && pwd) +source_dir="$deployment_dir/../../source" + +cd $deployment_dir +# Retrieve version numbers for marker and repo +marker=$(node -p "require('./get-version-marker')") +repoVersion=$(node -p "require('./get-version')") + +cd $source_dir/ + +# Align versions in ALL package.json with the one in lerna.json +files=$(find . -name package.json |\ + grep -v node_modules) + +if [ $# -eq 0 ]; then + echo "Updating ALL package.json for CDK v2" + ${deployment_dir}/align-version.js ${marker} ${repoVersion} ${files} +else + echo "Reverting back CDK v2 updatesfrom ALL package.json files" + git checkout `find . -name package.json | grep -v node_modules` +fi \ No newline at end of file diff --git a/deployment/v2/build-cdk-dist.sh b/deployment/v2/build-cdk-dist.sh new file mode 100755 index 000000000..954d5d591 --- /dev/null +++ b/deployment/v2/build-cdk-dist.sh @@ -0,0 +1,83 @@ +#!/bin/bash +set -euo pipefail + +deployment_dir=$(cd $(dirname $0) && pwd) +source_dir="$deployment_dir/../source" +dist_dir="$deployment_dir/dist" + +cd $source_dir/ +export PATH=$(npm bin):$PATH +export NODE_OPTIONS="--max-old-space-size=4096 ${NODE_OPTIONS:-}" + +cd $deployment_dir/ + +echo "------------------------------------------------------------------------------" +echo "[Copy] CDK templates for all patterns into the deployment dir for CfnNagScan" +echo "------------------------------------------------------------------------------" + +echo "mkdir -p $dist_dir" +mkdir -p $dist_dir + +for subdir in $source_dir/patterns/\@aws-solutions-constructs/* ; do + if [ -d "$subdir" -a `basename $subdir` != "node_modules" ]; then + cd $subdir/test + + echo "Checking integ CFN templates in $subdir/test" + cnt=`find . -name "*expected.json" -type f | wc -l` + prefix=`basename $subdir` + if [ "$prefix" != "core" ] + then + if [ "$cnt" -eq "0" ] + then + echo "************** [ERROR] ************* Did not find any integ CFN templates in $subdir; please add atleast one by writing an integ test case and running cdk-integ command to generate the CFN template for it" + exit 1 + fi + fi + + echo "Copying templates from $subdir/test" + for i in `find . -name "*expected.json" -type f`; do + prefix=`basename $subdir` + suffix=`basename $i` + cp $subdir/test/$i $dist_dir/$prefix-$suffix.template + done + cd $source_dir + fi +done + +echo "------------------------------------------------------------------------------" +echo "[Copy] packages for all patterns into the deployment dir" +echo "------------------------------------------------------------------------------" + +echo "mkdir -p $dist_dir" +mkdir -p $dist_dir + +for dir in $(find $source_dir/patterns/\@aws-solutions-constructs/ -name dist | grep -v node_modules | grep -v coverage); do + echo "Merging ${dir} into ${dist_dir}" >&2 + rsync -a $dir/ ${dist_dir}/ +done + +echo "------------------------------------------------------------------------------" +echo "[Create] build.json file" +echo "------------------------------------------------------------------------------" +# Get commit hash from CodePipeline env variable CODEBUILD_RESOLVED_SOURCE_VERSION +echo $deployment_dir +version=$(node -p "require('$deployment_dir/get-version.js')") +commit="${CODEBUILD_RESOLVED_SOURCE_VERSION:-}" + +cat > ${dist_dir}/build.json < +# +# If a version is not provided, the 'minor' version will be bumped. +# The version can be an explicit version _or_ one of: +# 'major', 'minor', 'patch', 'premajor', 'preminor', 'prepatch', or 'prerelease'. +# +# -------------------------------------------------------------------------------------------------- +set -euo pipefail +version=${1:-prerelease} +deployment_dir=$(cd $(dirname $0) && pwd) + +echo "Starting ${version} version bump" +echo "Loading ${deployment_dir}/get-version" + +# Rename CHANGELOG.md +echo "Rename CHANGELOG.md to CHANGELOG.md.bak" +mv CHANGELOG.md CHANGELOG.md.bak +echo "Rename CHANGELOG.v2.md to CHANGELOG.md" +mv CHANGELOG.v2.md CHANGELOG.md + +# Rename lerna.json +echo "Rename source/lerna.json to source/lerna.json.bak" +mv source/lerna.json source/lerna.json.bak +echo "Rename source/lerna.v2.json to source/lerna.json" +mv source/lerna.v2.json source/lerna.json + +# `standard-release` will -- among other things -- create the changelog. +# However, on the v2 branch, `conventional-changelog` (which `standard-release` uses) gets confused +# and creates really muddled changelogs with both v1 and v2 releases intermingled, and lots of missing data. +# A super HACK here is to locally remove all version tags that don't match this major version prior +# to doing the bump, and then later fetching to restore those tags. +git tag -d `git tag -l | grep -v '^v2.'` + +# Generate CHANGELOG and create a commit +npx standard-version --release-as ${version} + +# fetch back the tags, and only the tags, removed locally above +git fetch origin "refs/tags/*:refs/tags/*" + +# Restore CHANGELOG.md +echo "Rename CHANGELOG.md to CHANGELOG.v2.md" +mv CHANGELOG.md CHANGELOG.v2.md +echo "Rename CHANGELOG.md.bak to CHANGELOG.md" +mv CHANGELOG.md.bak CHANGELOG.md + +# Restore lerna.json +echo "Rename source/lerna.json to source/lerna.v2.json" +mv source/lerna.json source/lerna.v2.json +echo "Rename source/lerna.json.bak to source/lerna.json" +mv source/lerna.json.bak source/lerna.json + +# Disabled the autocommit of 'standard-version' due to faulty CHANGELOG.md updates during CDK v2 build +# and hence need to run git add/commit commands outside of 'standard-version' +repoVersion=$(node -p "require('${deployment_dir}/get-version')") +echo "repoVersion=${repoVersion}" + +git add source/lerna.v2.json +git add CHANGELOG.v2.md +git commit -m "chore(release): ${repoVersion}" \ No newline at end of file diff --git a/deployment/v2/get-version-marker.js b/deployment/v2/get-version-marker.js new file mode 100644 index 000000000..e5f8c4980 --- /dev/null +++ b/deployment/v2/get-version-marker.js @@ -0,0 +1,13 @@ +/** + * Returns the version marker used to indicate this is a local dependency. + * + * Usage: + * + * const version = require('./get-version-marker'); + * + * Or from the command line: + * + * node -p require('./get-version-marker') + * + */ +module.exports = '0.0.0'; diff --git a/deployment/v2/get-version.js b/deployment/v2/get-version.js new file mode 100644 index 000000000..29f5b5717 --- /dev/null +++ b/deployment/v2/get-version.js @@ -0,0 +1,18 @@ +/** + * Returns the current repo version. + * + * Usage: + * + * const version = require('./get-version'); + * + * Or from the command line: + * + * node -p require('./get-version') + * + */ +const versionFile = 'source/lerna.v2.json'; +if (!versionFile) { + throw new Error(`unable to determine version filename from .versionrc.json at the root of the repo`); +} + +module.exports = require(`../../${versionFile}`).version; diff --git a/deployment/v2/rewrite-imports.sh b/deployment/v2/rewrite-imports.sh new file mode 100755 index 000000000..89dcf0308 --- /dev/null +++ b/deployment/v2/rewrite-imports.sh @@ -0,0 +1,32 @@ +#!/bin/bash +set -euo pipefail + +deployment_dir=$(cd $(dirname $0) && pwd) +source_dir="$deployment_dir/../../source" + +if [ ! -d $source_dir/tools/aws-cdk-migration/node_modules ]; then + echo "=============================================================================================" + echo "building aws-cdk-migration..." + cd $source_dir/tools/aws-cdk-migration + npm install + npm run build + npm link +else + cd $source_dir/tools/aws-cdk-migration + npm link +fi + +cd $source_dir/ + +if [ $# -eq 0 ]; then + echo "Migrating TypeScript import statements from modular CDK (i.e. @aws-cdk/aws-s3) to aws-cdk-lib (i.e. aws-cdk-lib)" + for subdir in $source_dir/patterns/\@aws-solutions-constructs/* ; do + if [ -d "$subdir" -a `basename $subdir` != "node_modules" ]; then + echo $subdir + rewrite-imports-v2 $subdir/**/*.ts + fi + done +else + echo "Reverting back TypeScript import statements for CDK v2" + git checkout `find . -name *.ts | grep -v node_modules | grep -v -F .d.ts` +fi \ No newline at end of file diff --git a/source/lerna.v2.json b/source/lerna.v2.json new file mode 100644 index 000000000..98fd484be --- /dev/null +++ b/source/lerna.v2.json @@ -0,0 +1,10 @@ +{ + "lerna": "3.15.0", + "npmClient": "yarn", + "useWorkspaces": true, + "packages": [ + "./patterns/@aws-solutions-constructs/*" + ], + "rejectCycles": "true", + "version": "2.0.0-rc.0" +} diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/__snapshots__/apigateway-dynamodb.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/__snapshots__/apigateway-dynamodb.test.js.snap deleted file mode 100644 index 5f001ec15..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/__snapshots__/apigateway-dynamodb.test.js.snap +++ /dev/null @@ -1,375 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test ApiGatewayToDynamoDB default params 1`] = ` -Object { - "Outputs": Object { - "testapigatewaydynamodbdefaultRestApiEndpointD5AD8DB9": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "testapigatewaydynamodbdefaultRestApi9102FDF9", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "testapigatewaydynamodbdefaultRestApiDeploymentStageprod7834D304", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "testapigatewaydynamodbdefaultApiAccessLogGroup0192183A": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testapigatewaydynamodbdefaultDynamoTable0720D92C": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AttributeDefinitions": Array [ - Object { - "AttributeName": "id", - "AttributeType": "S", - }, - ], - "BillingMode": "PAY_PER_REQUEST", - "KeySchema": Array [ - Object { - "AttributeName": "id", - "KeyType": "HASH", - }, - ], - "PointInTimeRecoverySpecification": Object { - "PointInTimeRecoveryEnabled": true, - }, - "SSESpecification": Object { - "SSEEnabled": true, - }, - }, - "Type": "AWS::DynamoDB::Table", - "UpdateReplacePolicy": "Retain", - }, - "testapigatewaydynamodbdefaultLambdaRestApiAccountE6585EBB": Object { - "DependsOn": Array [ - "testapigatewaydynamodbdefaultRestApi9102FDF9", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "testapigatewaydynamodbdefaultLambdaRestApiCloudWatchRoleEF1FBFD7", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "testapigatewaydynamodbdefaultLambdaRestApiCloudWatchRoleEF1FBFD7": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewaydynamodbdefaultRestApi9102FDF9": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "testapigatewaydynamodbdefaultRestApiDeploymentFAC726F3818e0ad130f9a49152a4afbd35ada7b6": Object { - "DependsOn": Array [ - "testapigatewaydynamodbdefaultRestApiidGET94B6F433", - "testapigatewaydynamodbdefaultRestApiidFD6A9E91", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "testapigatewaydynamodbdefaultRestApi9102FDF9", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "testapigatewaydynamodbdefaultRestApiDeploymentStageprod7834D304": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "testapigatewaydynamodbdefaultApiAccessLogGroup0192183A", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "testapigatewaydynamodbdefaultRestApiDeploymentFAC726F3818e0ad130f9a49152a4afbd35ada7b6", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "testapigatewaydynamodbdefaultRestApi9102FDF9", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "testapigatewaydynamodbdefaultRestApiUsagePlanA266BB3D": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "testapigatewaydynamodbdefaultRestApi9102FDF9", - }, - "Stage": Object { - "Ref": "testapigatewaydynamodbdefaultRestApiDeploymentStageprod7834D304", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "testapigatewaydynamodbdefaultRestApiidFD6A9E91": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testapigatewaydynamodbdefaultRestApi9102FDF9", - "RootResourceId", - ], - }, - "PathPart": "{id}", - "RestApiId": Object { - "Ref": "testapigatewaydynamodbdefaultRestApi9102FDF9", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewaydynamodbdefaultRestApiidGET94B6F433": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "GET", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewaydynamodbdefaultapigatewayrole0CDF008A", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - }, - "RequestTemplates": Object { - "application/json": Object { - "Fn::Join": Array [ - "", - Array [ - "{ \\"TableName\\": \\"", - Object { - "Ref": "testapigatewaydynamodbdefaultDynamoTable0720D92C", - }, - "\\", \\"KeyConditionExpression\\": \\"id = :v1\\", \\"ExpressionAttributeValues\\": { \\":v1\\": { \\"S\\": \\"$input.params('id')\\" } } }", - ], - ], - }, - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":dynamodb:action/Query", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "ResourceId": Object { - "Ref": "testapigatewaydynamodbdefaultRestApiidFD6A9E91", - }, - "RestApiId": Object { - "Ref": "testapigatewaydynamodbdefaultRestApi9102FDF9", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewaydynamodbdefaultapigatewayrole0CDF008A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewaydynamodbdefaultapigatewayroleDefaultPolicyE0B5E59D": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "dynamodb:Query", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testapigatewaydynamodbdefaultDynamoTable0720D92C", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testapigatewaydynamodbdefaultapigatewayroleDefaultPolicyE0B5E59D", - "Roles": Array [ - Object { - "Ref": "testapigatewaydynamodbdefaultapigatewayrole0CDF008A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/apigateway-dynamodb.test.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/apigateway-dynamodb.test.ts index 4a3f31c51..61e04369a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/apigateway-dynamodb.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-dynamodb/test/apigateway-dynamodb.test.ts @@ -14,18 +14,10 @@ // Imports import { Stack } from "@aws-cdk/core"; import { ApiGatewayToDynamoDB, ApiGatewayToDynamoDBProps } from "../lib"; -import { SynthUtils } from "@aws-cdk/assert"; import "@aws-cdk/assert/jest"; import * as ddb from "@aws-cdk/aws-dynamodb"; import * as api from "@aws-cdk/aws-apigateway"; -test("snapshot test ApiGatewayToDynamoDB default params", () => { - const stack = new Stack(); - const apiGatewayToDynamoDBProps: ApiGatewayToDynamoDBProps = {}; - new ApiGatewayToDynamoDB( stack, "test-api-gateway-dynamodb-default", apiGatewayToDynamoDBProps); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test("check properties", () => { const stack = new Stack(); const apiGatewayToDynamoDBProps: ApiGatewayToDynamoDBProps = {}; diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/__snapshots__/test.apigateway-iot.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/__snapshots__/test.apigateway-iot.test.js.snap deleted file mode 100644 index 6f34d9a86..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/__snapshots__/test.apigateway-iot.test.js.snap +++ /dev/null @@ -1,5173 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test for default Params snapshot match 1`] = ` -Object { - "Outputs": Object { - "testapigatewayiotdefaultsnapshotRestApiEndpointE19F3C9E": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDeploymentStageprodBA2A717D", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "testapigatewayiotdefaultsnapshotApiAccessLogGroup464370B3": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testapigatewayiotdefaultsnapshotLambdaRestApiAccount0E9A4CEA": Object { - "DependsOn": Array [ - "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotLambdaRestApiCloudWatchRole0E997D14", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "testapigatewayiotdefaultsnapshotLambdaRestApiCloudWatchRole0E997D14": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewayiotdefaultsnapshotRestApiDC9777C4": Object { - "Properties": Object { - "BinaryMediaTypes": Array [ - "application/octet-stream", - ], - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "testapigatewayiotdefaultsnapshotRestApiDeployment8CB27899b39b7c498e943e0a0f3f9dedcc29368d": Object { - "DependsOn": Array [ - "testapigatewayiotdefaultsnapshotawsapigatewayiotreqval7E4DADB3", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel7POST12FA075B", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel7A21577AD", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6POST1A2D23AC", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6125BE959", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5POSTEB725944", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel569D7E060", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4POST5DB564D1", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4A9FC5FEA", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3POST7F8BDEE1", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel37F5D8647", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2POSTA7299416", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel205C991F5", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1POSTCE5FA032", - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel14A872FC7", - "testapigatewayiotdefaultsnapshotRestApimessageCFD398D3", - "testapigatewayiotdefaultsnapshotRestApishadowthingNameshadowNamePOSTEE4BA92F", - "testapigatewayiotdefaultsnapshotRestApishadowthingNameshadowNameB5DB1FB8", - "testapigatewayiotdefaultsnapshotRestApishadowthingNamePOSTF30755E9", - "testapigatewayiotdefaultsnapshotRestApishadowthingNameEB5A9762", - "testapigatewayiotdefaultsnapshotRestApishadowEE57C23E", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "testapigatewayiotdefaultsnapshotRestApiDeploymentStageprodBA2A717D": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotApiAccessLogGroup464370B3", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDeployment8CB27899b39b7c498e943e0a0f3f9dedcc29368d", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "testapigatewayiotdefaultsnapshotRestApiUsagePlan2FB8C320": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - "Stage": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDeploymentStageprodBA2A717D", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "testapigatewayiotdefaultsnapshotRestApimessageCFD398D3": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - "RootResourceId", - ], - }, - "PathPart": "message", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel14A872FC7": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessageCFD398D3", - }, - "PathPart": "{topic-level-1}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1POSTCE5FA032": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotapigatewayiotrole117B355A", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultsnapshotawsapigatewayiotreqval7E4DADB3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel14A872FC7", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel205C991F5": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel14A872FC7", - }, - "PathPart": "{topic-level-2}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2POSTA7299416": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotapigatewayiotrole117B355A", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultsnapshotawsapigatewayiotreqval7E4DADB3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel205C991F5", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel37F5D8647": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel205C991F5", - }, - "PathPart": "{topic-level-3}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3POST7F8BDEE1": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotapigatewayiotrole117B355A", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultsnapshotawsapigatewayiotreqval7E4DADB3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel37F5D8647", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4A9FC5FEA": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel37F5D8647", - }, - "PathPart": "{topic-level-4}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4POST5DB564D1": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotapigatewayiotrole117B355A", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultsnapshotawsapigatewayiotreqval7E4DADB3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4A9FC5FEA", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel569D7E060": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4A9FC5FEA", - }, - "PathPart": "{topic-level-5}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5POSTEB725944": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotapigatewayiotrole117B355A", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultsnapshotawsapigatewayiotreqval7E4DADB3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel569D7E060", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6125BE959": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel569D7E060", - }, - "PathPart": "{topic-level-6}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6POST1A2D23AC": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotapigatewayiotrole117B355A", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - "integration.request.path.topic-level-6": "method.request.path.topic-level-6", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}/{topic-level-6}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - "method.request.path.topic-level-6": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultsnapshotawsapigatewayiotreqval7E4DADB3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6125BE959", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel7A21577AD": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6125BE959", - }, - "PathPart": "{topic-level-7}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel7POST12FA075B": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotapigatewayiotrole117B355A", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - "integration.request.path.topic-level-6": "method.request.path.topic-level-6", - "integration.request.path.topic-level-7": "method.request.path.topic-level-7", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}/{topic-level-6}/{topic-level-7}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - "method.request.path.topic-level-6": true, - "method.request.path.topic-level-7": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultsnapshotawsapigatewayiotreqval7E4DADB3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel7A21577AD", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultsnapshotRestApishadowEE57C23E": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - "RootResourceId", - ], - }, - "PathPart": "shadow", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultsnapshotRestApishadowthingNameEB5A9762": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApishadowEE57C23E", - }, - "PathPart": "{thingName}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultsnapshotRestApishadowthingNamePOSTF30755E9": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotapigatewayiotrole117B355A", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.thingName": "method.request.path.thingName", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/things/{thingName}/shadow", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.thingName": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultsnapshotawsapigatewayiotreqval7E4DADB3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApishadowthingNameEB5A9762", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultsnapshotRestApishadowthingNameshadowNameB5DB1FB8": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApishadowthingNameEB5A9762", - }, - "PathPart": "{shadowName}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultsnapshotRestApishadowthingNameshadowNamePOSTEE4BA92F": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultsnapshotapigatewayiotrole117B355A", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.shadowName": "method.request.path.shadowName", - "integration.request.path.thingName": "method.request.path.thingName", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/things/{thingName}/shadow?name={shadowName}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.shadowName": true, - "method.request.path.thingName": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultsnapshotawsapigatewayiotreqval7E4DADB3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApishadowthingNameshadowNameB5DB1FB8", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultsnapshotapigatewayiotrole117B355A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Path": "/", - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "iot:UpdateThingShadow", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:iot:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":thing/*", - ], - ], - }, - }, - Object { - "Action": "iot:Publish", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:iot:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":topic/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "awsapigatewayiotpolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewayiotdefaultsnapshotawsapigatewayiotreqval7E4DADB3": Object { - "Properties": Object { - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultsnapshotRestApiDC9777C4", - }, - "ValidateRequestBody": false, - "ValidateRequestParameters": true, - }, - "Type": "AWS::ApiGateway::RequestValidator", - }, - }, -} -`; - -exports[`Test for multiple constructs usage 1`] = ` -Object { - "Outputs": Object { - "testapigatewayiotdefaultparams1RestApiEndpointCB332132": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "testapigatewayiotdefaultparams1RestApiDeploymentStageprod34C92BCF", - }, - "/", - ], - ], - }, - }, - "testapigatewayiotdefaultparamsRestApiEndpoint5FF11751": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "testapigatewayiotdefaultparamsRestApiDeploymentStageprodFB3B03DE", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "testapigatewayiotdefaultparams1ApiAccessLogGroup417958B5": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testapigatewayiotdefaultparams1LambdaRestApiAccount1310B62A": Object { - "DependsOn": Array [ - "testapigatewayiotdefaultparams1RestApi8E1D271C", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1LambdaRestApiCloudWatchRole967CACD1", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "testapigatewayiotdefaultparams1LambdaRestApiCloudWatchRole967CACD1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewayiotdefaultparams1RestApi8E1D271C": Object { - "Properties": Object { - "BinaryMediaTypes": Array [ - "application/octet-stream", - ], - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "testapigatewayiotdefaultparams1RestApiDeploymentA41826E8e39ca7e089a812d3e472c9f3a4f54ab6": Object { - "DependsOn": Array [ - "testapigatewayiotdefaultparams1awsapigatewayiotreqval77A8A6B3", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel7POSTEA8D5DCC", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel798FBBC25", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6POSTBA2DBBA3", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6DF081F2E", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5POSTB3407233", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5F3111EBE", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4POST75E1FEE4", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4CE9742F2", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3POSTD197CD77", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel34413B12A", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2POSTBA40480B", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel252A12E9B", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1POST6D2C1AA5", - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1FE4F6AC8", - "testapigatewayiotdefaultparams1RestApimessage1DFD47AD", - "testapigatewayiotdefaultparams1RestApishadowthingNameshadowNamePOST2730C619", - "testapigatewayiotdefaultparams1RestApishadowthingNameshadowName9B6DFC56", - "testapigatewayiotdefaultparams1RestApishadowthingNamePOST914429F7", - "testapigatewayiotdefaultparams1RestApishadowthingName3F998396", - "testapigatewayiotdefaultparams1RestApishadow32BEE5C4", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "testapigatewayiotdefaultparams1RestApiDeploymentStageprod34C92BCF": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1ApiAccessLogGroup417958B5", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApiDeploymentA41826E8e39ca7e089a812d3e472c9f3a4f54ab6", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "testapigatewayiotdefaultparams1RestApiUsagePlan1144E9EE": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - "Stage": Object { - "Ref": "testapigatewayiotdefaultparams1RestApiDeploymentStageprod34C92BCF", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "testapigatewayiotdefaultparams1RestApimessage1DFD47AD": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1RestApi8E1D271C", - "RootResourceId", - ], - }, - "PathPart": "message", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1FE4F6AC8": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessage1DFD47AD", - }, - "PathPart": "{topic-level-1}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1POST6D2C1AA5": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1apigatewayiotrole098D3AB5", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparams1awsapigatewayiotreqval77A8A6B3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1FE4F6AC8", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel252A12E9B": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1FE4F6AC8", - }, - "PathPart": "{topic-level-2}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2POSTBA40480B": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1apigatewayiotrole098D3AB5", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparams1awsapigatewayiotreqval77A8A6B3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel252A12E9B", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel34413B12A": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel252A12E9B", - }, - "PathPart": "{topic-level-3}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3POSTD197CD77": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1apigatewayiotrole098D3AB5", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparams1awsapigatewayiotreqval77A8A6B3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel34413B12A", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4CE9742F2": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel34413B12A", - }, - "PathPart": "{topic-level-4}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4POST75E1FEE4": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1apigatewayiotrole098D3AB5", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparams1awsapigatewayiotreqval77A8A6B3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4CE9742F2", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5F3111EBE": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4CE9742F2", - }, - "PathPart": "{topic-level-5}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5POSTB3407233": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1apigatewayiotrole098D3AB5", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparams1awsapigatewayiotreqval77A8A6B3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5F3111EBE", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6DF081F2E": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5F3111EBE", - }, - "PathPart": "{topic-level-6}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6POSTBA2DBBA3": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1apigatewayiotrole098D3AB5", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - "integration.request.path.topic-level-6": "method.request.path.topic-level-6", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}/{topic-level-6}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - "method.request.path.topic-level-6": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparams1awsapigatewayiotreqval77A8A6B3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6DF081F2E", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel798FBBC25": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6DF081F2E", - }, - "PathPart": "{topic-level-7}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel7POSTEA8D5DCC": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1apigatewayiotrole098D3AB5", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - "integration.request.path.topic-level-6": "method.request.path.topic-level-6", - "integration.request.path.topic-level-7": "method.request.path.topic-level-7", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}/{topic-level-6}/{topic-level-7}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - "method.request.path.topic-level-6": true, - "method.request.path.topic-level-7": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparams1awsapigatewayiotreqval77A8A6B3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel798FBBC25", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparams1RestApishadow32BEE5C4": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1RestApi8E1D271C", - "RootResourceId", - ], - }, - "PathPart": "shadow", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparams1RestApishadowthingName3F998396": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApishadow32BEE5C4", - }, - "PathPart": "{thingName}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparams1RestApishadowthingNamePOST914429F7": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1apigatewayiotrole098D3AB5", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.thingName": "method.request.path.thingName", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/things/{thingName}/shadow", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.thingName": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparams1awsapigatewayiotreqval77A8A6B3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApishadowthingName3F998396", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparams1RestApishadowthingNameshadowName9B6DFC56": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApishadowthingName3F998396", - }, - "PathPart": "{shadowName}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparams1RestApishadowthingNameshadowNamePOST2730C619": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparams1apigatewayiotrole098D3AB5", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.shadowName": "method.request.path.shadowName", - "integration.request.path.thingName": "method.request.path.thingName", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/things/{thingName}/shadow?name={shadowName}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.shadowName": true, - "method.request.path.thingName": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparams1awsapigatewayiotreqval77A8A6B3", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApishadowthingNameshadowName9B6DFC56", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparams1apigatewayiotrole098D3AB5": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Path": "/", - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "iot:UpdateThingShadow", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:iot:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":thing/*", - ], - ], - }, - }, - Object { - "Action": "iot:Publish", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:iot:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":topic/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "awsapigatewayiotpolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewayiotdefaultparams1awsapigatewayiotreqval77A8A6B3": Object { - "Properties": Object { - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparams1RestApi8E1D271C", - }, - "ValidateRequestBody": false, - "ValidateRequestParameters": true, - }, - "Type": "AWS::ApiGateway::RequestValidator", - }, - "testapigatewayiotdefaultparamsApiAccessLogGroup6D42A60F": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testapigatewayiotdefaultparamsLambdaRestApiAccount4FD79541": Object { - "DependsOn": Array [ - "testapigatewayiotdefaultparamsRestApi60BDAFC6", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsLambdaRestApiCloudWatchRole46E28386", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "testapigatewayiotdefaultparamsLambdaRestApiCloudWatchRole46E28386": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewayiotdefaultparamsRestApi60BDAFC6": Object { - "Properties": Object { - "BinaryMediaTypes": Array [ - "application/octet-stream", - ], - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "testapigatewayiotdefaultparamsRestApiDeployment6F0A72642be191b13419704d5b213ba9355d9e2c": Object { - "DependsOn": Array [ - "testapigatewayiotdefaultparamsawsapigatewayiotreqval9B598042", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel7POST9DC33B4A", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel722AC8ACD", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6POST84605425", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6169DC584", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5POSTD665540A", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5CA89C513", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4POST63898F3D", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel451B45682", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3POST1515A0DE", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel30FD0D51F", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2POSTB6132F2F", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel26A08E917", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1POST97F7F22F", - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1BB89F7DA", - "testapigatewayiotdefaultparamsRestApimessageB517A3BA", - "testapigatewayiotdefaultparamsRestApishadowthingNameshadowNamePOST8938C0DC", - "testapigatewayiotdefaultparamsRestApishadowthingNameshadowNameB680902D", - "testapigatewayiotdefaultparamsRestApishadowthingNamePOST10BEBA62", - "testapigatewayiotdefaultparamsRestApishadowthingNameA1B3998C", - "testapigatewayiotdefaultparamsRestApishadow5B41C79D", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "testapigatewayiotdefaultparamsRestApiDeploymentStageprodFB3B03DE": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsApiAccessLogGroup6D42A60F", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApiDeployment6F0A72642be191b13419704d5b213ba9355d9e2c", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "testapigatewayiotdefaultparamsRestApiUsagePlan0513E4B1": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - "Stage": Object { - "Ref": "testapigatewayiotdefaultparamsRestApiDeploymentStageprodFB3B03DE", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "testapigatewayiotdefaultparamsRestApimessageB517A3BA": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsRestApi60BDAFC6", - "RootResourceId", - ], - }, - "PathPart": "message", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1BB89F7DA": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessageB517A3BA", - }, - "PathPart": "{topic-level-1}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1POST97F7F22F": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsapigatewayiotroleD0FFF789", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparamsawsapigatewayiotreqval9B598042", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1BB89F7DA", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel26A08E917": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1BB89F7DA", - }, - "PathPart": "{topic-level-2}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2POSTB6132F2F": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsapigatewayiotroleD0FFF789", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparamsawsapigatewayiotreqval9B598042", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel26A08E917", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel30FD0D51F": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel26A08E917", - }, - "PathPart": "{topic-level-3}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3POST1515A0DE": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsapigatewayiotroleD0FFF789", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparamsawsapigatewayiotreqval9B598042", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel30FD0D51F", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel451B45682": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel30FD0D51F", - }, - "PathPart": "{topic-level-4}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4POST63898F3D": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsapigatewayiotroleD0FFF789", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparamsawsapigatewayiotreqval9B598042", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel451B45682", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5CA89C513": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel451B45682", - }, - "PathPart": "{topic-level-5}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5POSTD665540A": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsapigatewayiotroleD0FFF789", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparamsawsapigatewayiotreqval9B598042", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5CA89C513", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6169DC584": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5CA89C513", - }, - "PathPart": "{topic-level-6}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6POST84605425": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsapigatewayiotroleD0FFF789", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - "integration.request.path.topic-level-6": "method.request.path.topic-level-6", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}/{topic-level-6}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - "method.request.path.topic-level-6": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparamsawsapigatewayiotreqval9B598042", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6169DC584", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel722AC8ACD": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6169DC584", - }, - "PathPart": "{topic-level-7}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel7POST9DC33B4A": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsapigatewayiotroleD0FFF789", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - "integration.request.path.topic-level-6": "method.request.path.topic-level-6", - "integration.request.path.topic-level-7": "method.request.path.topic-level-7", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}/{topic-level-6}/{topic-level-7}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - "method.request.path.topic-level-6": true, - "method.request.path.topic-level-7": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparamsawsapigatewayiotreqval9B598042", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel722AC8ACD", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparamsRestApishadow5B41C79D": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsRestApi60BDAFC6", - "RootResourceId", - ], - }, - "PathPart": "shadow", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparamsRestApishadowthingNameA1B3998C": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApishadow5B41C79D", - }, - "PathPart": "{thingName}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparamsRestApishadowthingNamePOST10BEBA62": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsapigatewayiotroleD0FFF789", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.thingName": "method.request.path.thingName", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/things/{thingName}/shadow", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.thingName": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparamsawsapigatewayiotreqval9B598042", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApishadowthingNameA1B3998C", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparamsRestApishadowthingNameshadowNameB680902D": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApishadowthingNameA1B3998C", - }, - "PathPart": "{shadowName}", - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotdefaultparamsRestApishadowthingNameshadowNamePOST8938C0DC": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotdefaultparamsapigatewayiotroleD0FFF789", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.shadowName": "method.request.path.shadowName", - "integration.request.path.thingName": "method.request.path.thingName", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/things/{thingName}/shadow?name={shadowName}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.shadowName": true, - "method.request.path.thingName": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotdefaultparamsawsapigatewayiotreqval9B598042", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApishadowthingNameshadowNameB680902D", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotdefaultparamsapigatewayiotroleD0FFF789": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Path": "/", - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "iot:UpdateThingShadow", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:iot:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":thing/*", - ], - ], - }, - }, - Object { - "Action": "iot:Publish", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:iot:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":topic/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "awsapigatewayiotpolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewayiotdefaultparamsawsapigatewayiotreqval9B598042": Object { - "Properties": Object { - "RestApiId": Object { - "Ref": "testapigatewayiotdefaultparamsRestApi60BDAFC6", - }, - "ValidateRequestBody": false, - "ValidateRequestParameters": true, - }, - "Type": "AWS::ApiGateway::RequestValidator", - }, - }, -} -`; - -exports[`Test for overriden props snapshot 1`] = ` -Object { - "Outputs": Object { - "testapigatewayiotoverridenparamsRestApiEndpoint81A0469B": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "testapigatewayiotoverridenparamsRestApiDeploymentStageprod6C6F5AF2", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "apigatewayiotrole39B3B182": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Path": "/", - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "iot:UpdateThingShadow", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:iot:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":thing/*", - ], - ], - }, - }, - Object { - "Action": "iot:Publish", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:iot:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":topic/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testPolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewayiotoverridenparamsApiAccessLogGroup1441C739": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testapigatewayiotoverridenparamsLambdaRestApiAccountA712A24B": Object { - "DependsOn": Array [ - "testapigatewayiotoverridenparamsRestApi30D747C3", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotoverridenparamsLambdaRestApiCloudWatchRoleDCA94398", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "testapigatewayiotoverridenparamsLambdaRestApiCloudWatchRoleDCA94398": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewayiotoverridenparamsRestApi30D747C3": Object { - "Properties": Object { - "ApiKeySourceType": "HEADER", - "BinaryMediaTypes": Array [ - "application/octet-stream", - ], - "Description": "Description for the Regional Rest Api", - "EndpointConfiguration": Object { - "Types": Array [ - "REGIONAL", - ], - }, - "Name": "RestApi-Regional", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "testapigatewayiotoverridenparamsRestApiApiKey00A9BE26": Object { - "Properties": Object { - "Enabled": true, - "StageKeys": Array [ - Object { - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - "StageName": Object { - "Ref": "testapigatewayiotoverridenparamsRestApiDeploymentStageprod6C6F5AF2", - }, - }, - ], - }, - "Type": "AWS::ApiGateway::ApiKey", - }, - "testapigatewayiotoverridenparamsRestApiDeployment447F79B761c5af75443406b18218017d90499171": Object { - "DependsOn": Array [ - "testapigatewayiotoverridenparamsawsapigatewayiotreqval6F651A38", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel7POST78BF6C48", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel711E7D42F", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6POST03EED79D", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel66256AA13", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5POSTD4CCE443", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5E9A3CC98", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4POSTE9C69A8C", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel45D056F82", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3POST67DEDF1F", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel32F319AA0", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2POSTAED0B4BF", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2A0ED2131", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1POST37ECFE98", - "testapigatewayiotoverridenparamsRestApimessagetopiclevel18B083B80", - "testapigatewayiotoverridenparamsRestApimessageF0C148D3", - "testapigatewayiotoverridenparamsRestApishadowthingNameshadowNamePOST0450BB44", - "testapigatewayiotoverridenparamsRestApishadowthingNameshadowNameEB7E83A8", - "testapigatewayiotoverridenparamsRestApishadowthingNamePOST050ECC4D", - "testapigatewayiotoverridenparamsRestApishadowthingName455DD73D", - "testapigatewayiotoverridenparamsRestApishadow6F67A57F", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "testapigatewayiotoverridenparamsRestApiDeploymentStageprod6C6F5AF2": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotoverridenparamsApiAccessLogGroup1441C739", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApiDeployment447F79B761c5af75443406b18218017d90499171", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "testapigatewayiotoverridenparamsRestApiUsagePlanA409DD06": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - "Stage": Object { - "Ref": "testapigatewayiotoverridenparamsRestApiDeploymentStageprod6C6F5AF2", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "testapigatewayiotoverridenparamsRestApiUsagePlanUsagePlanKeyResource2127D8B5": Object { - "Properties": Object { - "KeyId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApiApiKey00A9BE26", - }, - "KeyType": "API_KEY", - "UsagePlanId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApiUsagePlanA409DD06", - }, - }, - "Type": "AWS::ApiGateway::UsagePlanKey", - }, - "testapigatewayiotoverridenparamsRestApimessageF0C148D3": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotoverridenparamsRestApi30D747C3", - "RootResourceId", - ], - }, - "PathPart": "message", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel18B083B80": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessageF0C148D3", - }, - "PathPart": "{topic-level-1}", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1POST37ECFE98": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W59", - "reason": "When ApiKey is being created, we also set apikeyRequired to true, so techincally apiGateway still looks for apiKey even though user specified AuthorizationType to NONE", - }, - ], - }, - }, - "Properties": Object { - "ApiKeyRequired": true, - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayiotrole39B3B182", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotoverridenparamsawsapigatewayiotreqval6F651A38", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel18B083B80", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2A0ED2131": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel18B083B80", - }, - "PathPart": "{topic-level-2}", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2POSTAED0B4BF": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W59", - "reason": "When ApiKey is being created, we also set apikeyRequired to true, so techincally apiGateway still looks for apiKey even though user specified AuthorizationType to NONE", - }, - ], - }, - }, - "Properties": Object { - "ApiKeyRequired": true, - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayiotrole39B3B182", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotoverridenparamsawsapigatewayiotreqval6F651A38", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2A0ED2131", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel32F319AA0": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2A0ED2131", - }, - "PathPart": "{topic-level-3}", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3POST67DEDF1F": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W59", - "reason": "When ApiKey is being created, we also set apikeyRequired to true, so techincally apiGateway still looks for apiKey even though user specified AuthorizationType to NONE", - }, - ], - }, - }, - "Properties": Object { - "ApiKeyRequired": true, - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayiotrole39B3B182", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotoverridenparamsawsapigatewayiotreqval6F651A38", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel32F319AA0", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel45D056F82": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel32F319AA0", - }, - "PathPart": "{topic-level-4}", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4POSTE9C69A8C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W59", - "reason": "When ApiKey is being created, we also set apikeyRequired to true, so techincally apiGateway still looks for apiKey even though user specified AuthorizationType to NONE", - }, - ], - }, - }, - "Properties": Object { - "ApiKeyRequired": true, - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayiotrole39B3B182", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotoverridenparamsawsapigatewayiotreqval6F651A38", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel45D056F82", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5E9A3CC98": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel45D056F82", - }, - "PathPart": "{topic-level-5}", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5POSTD4CCE443": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W59", - "reason": "When ApiKey is being created, we also set apikeyRequired to true, so techincally apiGateway still looks for apiKey even though user specified AuthorizationType to NONE", - }, - ], - }, - }, - "Properties": Object { - "ApiKeyRequired": true, - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayiotrole39B3B182", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotoverridenparamsawsapigatewayiotreqval6F651A38", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5E9A3CC98", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel66256AA13": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5E9A3CC98", - }, - "PathPart": "{topic-level-6}", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6POST03EED79D": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W59", - "reason": "When ApiKey is being created, we also set apikeyRequired to true, so techincally apiGateway still looks for apiKey even though user specified AuthorizationType to NONE", - }, - ], - }, - }, - "Properties": Object { - "ApiKeyRequired": true, - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayiotrole39B3B182", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - "integration.request.path.topic-level-6": "method.request.path.topic-level-6", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}/{topic-level-6}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - "method.request.path.topic-level-6": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotoverridenparamsawsapigatewayiotreqval6F651A38", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel66256AA13", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel711E7D42F": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel66256AA13", - }, - "PathPart": "{topic-level-7}", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel7POST78BF6C48": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W59", - "reason": "When ApiKey is being created, we also set apikeyRequired to true, so techincally apiGateway still looks for apiKey even though user specified AuthorizationType to NONE", - }, - ], - }, - }, - "Properties": Object { - "ApiKeyRequired": true, - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayiotrole39B3B182", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.topic-level-1": "method.request.path.topic-level-1", - "integration.request.path.topic-level-2": "method.request.path.topic-level-2", - "integration.request.path.topic-level-3": "method.request.path.topic-level-3", - "integration.request.path.topic-level-4": "method.request.path.topic-level-4", - "integration.request.path.topic-level-5": "method.request.path.topic-level-5", - "integration.request.path.topic-level-6": "method.request.path.topic-level-6", - "integration.request.path.topic-level-7": "method.request.path.topic-level-7", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/topics/{topic-level-1}/{topic-level-2}/{topic-level-3}/{topic-level-4}/{topic-level-5}/{topic-level-6}/{topic-level-7}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.topic-level-1": true, - "method.request.path.topic-level-2": true, - "method.request.path.topic-level-3": true, - "method.request.path.topic-level-4": true, - "method.request.path.topic-level-5": true, - "method.request.path.topic-level-6": true, - "method.request.path.topic-level-7": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotoverridenparamsawsapigatewayiotreqval6F651A38", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApimessagetopiclevel1topiclevel2topiclevel3topiclevel4topiclevel5topiclevel6topiclevel711E7D42F", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotoverridenparamsRestApishadow6F67A57F": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testapigatewayiotoverridenparamsRestApi30D747C3", - "RootResourceId", - ], - }, - "PathPart": "shadow", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotoverridenparamsRestApishadowthingName455DD73D": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApishadow6F67A57F", - }, - "PathPart": "{thingName}", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotoverridenparamsRestApishadowthingNamePOST050ECC4D": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W59", - "reason": "When ApiKey is being created, we also set apikeyRequired to true, so techincally apiGateway still looks for apiKey even though user specified AuthorizationType to NONE", - }, - ], - }, - }, - "Properties": Object { - "ApiKeyRequired": true, - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayiotrole39B3B182", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.thingName": "method.request.path.thingName", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/things/{thingName}/shadow", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.thingName": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotoverridenparamsawsapigatewayiotreqval6F651A38", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApishadowthingName455DD73D", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotoverridenparamsRestApishadowthingNameshadowNameEB7E83A8": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApishadowthingName455DD73D", - }, - "PathPart": "{shadowName}", - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewayiotoverridenparamsRestApishadowthingNameshadowNamePOST0450BB44": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W59", - "reason": "When ApiKey is being created, we also set apikeyRequired to true, so techincally apiGateway still looks for apiKey even though user specified AuthorizationType to NONE", - }, - ], - }, - }, - "Properties": Object { - "ApiKeyRequired": true, - "AuthorizationType": "NONE", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayiotrole39B3B182", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "2\\\\d{2}", - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "ResponseTemplates": Object { - "application/json": "$input.json('$')", - }, - "StatusCode": "403", - }, - ], - "PassthroughBehavior": "WHEN_NO_MATCH", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - "integration.request.path.shadowName": "method.request.path.shadowName", - "integration.request.path.thingName": "method.request.path.thingName", - }, - "RequestTemplates": Object { - "application/json": "$input.json('$')", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":a1234567890123-ats.iotdata:path/things/{thingName}/shadow?name={shadowName}", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "403", - }, - ], - "RequestParameters": Object { - "method.request.path.shadowName": true, - "method.request.path.thingName": true, - }, - "RequestValidatorId": Object { - "Ref": "testapigatewayiotoverridenparamsawsapigatewayiotreqval6F651A38", - }, - "ResourceId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApishadowthingNameshadowNameEB7E83A8", - }, - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewayiotoverridenparamsawsapigatewayiotreqval6F651A38": Object { - "Properties": Object { - "RestApiId": Object { - "Ref": "testapigatewayiotoverridenparamsRestApi30D747C3", - }, - "ValidateRequestBody": false, - "ValidateRequestParameters": true, - }, - "Type": "AWS::ApiGateway::RequestValidator", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/test.apigateway-iot.test.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/test.apigateway-iot.test.ts index 2f9872724..25326c221 100755 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/test.apigateway-iot.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/test.apigateway-iot.test.ts @@ -16,23 +16,9 @@ import * as cdk from "@aws-cdk/core"; import { ApiGatewayToIot, ApiGatewayToIotProps } from "../lib"; import * as api from '@aws-cdk/aws-apigateway'; import * as iam from '@aws-cdk/aws-iam'; -import { ResourcePart, SynthUtils } from '@aws-cdk/assert'; +import { ResourcePart } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; -// -------------------------------------------------------------- -// Snapshot matching -// -------------------------------------------------------------- -test('Test for default Params snapshot match', () => { - // Initial Setup - const stack = new cdk.Stack(); - const props: ApiGatewayToIotProps = { - iotEndpoint: `a1234567890123-ats` - }; - new ApiGatewayToIot(stack, 'test-apigateway-iot-default-snapshot', props); - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Check for ApiGateway params // -------------------------------------------------------------- @@ -275,80 +261,6 @@ test('Test for Binary Media types', () => { }); }); -// -------------------------------------------------------------- -// Check for multiple constructs -// -------------------------------------------------------------- -test('Test for multiple constructs usage', () => { - // Initial Setup - const stack = new cdk.Stack(); - const props: ApiGatewayToIotProps = { - iotEndpoint: `a1234567890123-ats` - }; - new ApiGatewayToIot(stack, 'test-apigateway-iot-default-params', props); - new ApiGatewayToIot(stack, 'test-apigateway-iot-default-params-1', props); - - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Check for ApiGateway Overriden Props Snapshot match -// -------------------------------------------------------------- -test('Test for overriden props snapshot', () => { - // Initial Setup - const stack = new cdk.Stack(); - const apiGatewayProps = { - restApiName: 'RestApi-Regional', - description: 'Description for the Regional Rest Api', - endpointConfiguration: {types: [api.EndpointType.REGIONAL]}, - apiKeySourceType: api.ApiKeySourceType.HEADER, - defaultMethodOptions: { - authorizationType: api.AuthorizationType.NONE, - } - }; - - const policyJSON = { - Version: "2012-10-17", - Statement: [ - { - Action: [ - "iot:UpdateThingShadow" - ], - Resource: `arn:aws:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:thing/*`, - Effect: "Allow" - }, - { - Action: [ - "iot:Publish" - ], - Resource: `arn:aws:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:topic/*`, - Effect: "Allow" - } - ] - }; - const policyDocument: iam.PolicyDocument = iam.PolicyDocument.fromJson(policyJSON); - const iamRoleProps: iam.RoleProps = { - assumedBy: new iam.ServicePrincipal('apigateway.amazonaws.com'), - path: '/', - inlinePolicies: {testPolicy: policyDocument} - }; - - // Create a policy that overrides the default policy that gets created with the construct - const apiGatewayExecutionRole: iam.Role = new iam.Role(stack, 'apigateway-iot-role', iamRoleProps); - - // Api gateway setup - const props: ApiGatewayToIotProps = { - iotEndpoint: `a1234567890123-ats`, - apiGatewayCreateApiKey: true, - apiGatewayExecutionRole, - apiGatewayProps - }; - new ApiGatewayToIot(stack, 'test-apigateway-iot-overriden-params', props); - - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Check for Api Name and Desc // -------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/test/__snapshots__/apigateway-kinesis.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/test/__snapshots__/apigateway-kinesis.test.js.snap deleted file mode 100644 index 21e8caab8..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/test/__snapshots__/apigateway-kinesis.test.js.snap +++ /dev/null @@ -1,1650 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment w/ existing stream 1`] = ` -Object { - "Conditions": Object { - "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": Object { - "Fn::Or": Array [ - Object { - "Fn::Equals": Array [ - Object { - "Ref": "AWS::Region", - }, - "cn-north-1", - ], - }, - Object { - "Fn::Equals": Array [ - Object { - "Ref": "AWS::Region", - }, - "cn-northwest-1", - ], - }, - ], - }, - }, - "Outputs": Object { - "apigatewaykinesisRestApiEndpoint0C8E406E": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "apigatewaykinesisRestApiDeploymentStageprod015090BD", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "ExistingStreamE527A562": Object { - "Properties": Object { - "RetentionPeriodHours": 96, - "ShardCount": 5, - "StreamEncryption": Object { - "Fn::If": Array [ - "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", - Object { - "Ref": "AWS::NoValue", - }, - Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - ], - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "apigatewaykinesisApiAccessLogGroup65465AAF": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "apigatewaykinesisLambdaRestApiAccount3F075103": Object { - "DependsOn": Array [ - "apigatewaykinesisRestApi0DCC9877", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisLambdaRestApiCloudWatchRoleB7706361", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "apigatewaykinesisLambdaRestApiCloudWatchRoleB7706361": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaykinesisRestApi0DCC9877": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "apigatewaykinesisRestApiDeployment10E9BBA500f91055d8a8b2b3fed1250a8f7422a0": Object { - "DependsOn": Array [ - "apigatewaykinesisRestApirecordPOST833DA459", - "apigatewaykinesisRestApirecord3F4EC064", - "apigatewaykinesisRestApirecordsPOST08A9BEAD", - "apigatewaykinesisRestApirecordsE5337BB6", - "apigatewaykinesisRestApiPutRecordModel55C7723E", - "apigatewaykinesisRestApiPutRecordsModel217E2E73", - "apigatewaykinesisRestApirequestvalidator4482E7FC", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "apigatewaykinesisRestApiDeploymentStageprod015090BD": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisApiAccessLogGroup65465AAF", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "apigatewaykinesisRestApiDeployment10E9BBA500f91055d8a8b2b3fed1250a8f7422a0", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "apigatewaykinesisRestApiPutRecordModel55C7723E": Object { - "Properties": Object { - "ContentType": "application/json", - "Description": "PutRecord proxy single-record payload", - "Name": "PutRecordModel", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "Schema": Object { - "$schema": "http://json-schema.org/draft-04/schema#", - "properties": Object { - "data": Object { - "type": "string", - }, - "partitionKey": Object { - "type": "string", - }, - }, - "required": Array [ - "data", - "partitionKey", - ], - "title": "PutRecord proxy single-record payload", - "type": "object", - }, - }, - "Type": "AWS::ApiGateway::Model", - }, - "apigatewaykinesisRestApiPutRecordsModel217E2E73": Object { - "Properties": Object { - "ContentType": "application/json", - "Description": "PutRecords proxy payload data", - "Name": "PutRecordsModel", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "Schema": Object { - "$schema": "http://json-schema.org/draft-04/schema#", - "properties": Object { - "records": Object { - "items": Object { - "properties": Object { - "data": Object { - "type": "string", - }, - "partitionKey": Object { - "type": "string", - }, - }, - "required": Array [ - "data", - "partitionKey", - ], - "type": "object", - }, - "type": "array", - }, - }, - "required": Array [ - "records", - ], - "title": "PutRecords proxy payload data", - "type": "object", - }, - }, - "Type": "AWS::ApiGateway::Model", - }, - "apigatewaykinesisRestApiUsagePlan40457E86": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "Stage": Object { - "Ref": "apigatewaykinesisRestApiDeploymentStageprod015090BD", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "apigatewaykinesisRestApirecord3F4EC064": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisRestApi0DCC9877", - "RootResourceId", - ], - }, - "PathPart": "record", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaykinesisRestApirecordPOST833DA459": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisapigatewayrole9271A0CE", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'x-amz-json-1.1'", - }, - "RequestTemplates": Object { - "application/json": Object { - "Fn::Join": Array [ - "", - Array [ - "{ \\"StreamName\\": \\"", - Object { - "Ref": "ExistingStreamE527A562", - }, - "\\", \\"Data\\": \\"$util.base64Encode($input.json('$.data'))\\", \\"PartitionKey\\": \\"$input.path('$.partitionKey')\\" }", - ], - ], - }, - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":kinesis:action/PutRecord", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "RequestModels": Object { - "application/json": Object { - "Ref": "apigatewaykinesisRestApiPutRecordModel55C7723E", - }, - }, - "RequestValidatorId": Object { - "Ref": "apigatewaykinesisRestApirequestvalidator4482E7FC", - }, - "ResourceId": Object { - "Ref": "apigatewaykinesisRestApirecord3F4EC064", - }, - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaykinesisRestApirecordsE5337BB6": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisRestApi0DCC9877", - "RootResourceId", - ], - }, - "PathPart": "records", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaykinesisRestApirecordsPOST08A9BEAD": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisapigatewayrole9271A0CE", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'x-amz-json-1.1'", - }, - "RequestTemplates": Object { - "application/json": Object { - "Fn::Join": Array [ - "", - Array [ - "{ \\"StreamName\\": \\"", - Object { - "Ref": "ExistingStreamE527A562", - }, - "\\", \\"Records\\": [ #foreach($elem in $input.path('$.records')) { \\"Data\\": \\"$util.base64Encode($elem.data)\\", \\"PartitionKey\\": \\"$elem.partitionKey\\"}#if($foreach.hasNext),#end #end ] }", - ], - ], - }, - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":kinesis:action/PutRecords", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "RequestModels": Object { - "application/json": Object { - "Ref": "apigatewaykinesisRestApiPutRecordsModel217E2E73", - }, - }, - "RequestValidatorId": Object { - "Ref": "apigatewaykinesisRestApirequestvalidator4482E7FC", - }, - "ResourceId": Object { - "Ref": "apigatewaykinesisRestApirecordsE5337BB6", - }, - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaykinesisRestApirequestvalidator4482E7FC": Object { - "Properties": Object { - "Name": "request-body-validator", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "ValidateRequestBody": true, - }, - "Type": "AWS::ApiGateway::RequestValidator", - }, - "apigatewaykinesisapigatewayrole9271A0CE": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaykinesisapigatewayroleDefaultPolicy6E8D093B": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "ExistingStreamE527A562", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "apigatewaykinesisapigatewayroleDefaultPolicy6E8D093B", - "Roles": Array [ - Object { - "Ref": "apigatewaykinesisapigatewayrole9271A0CE", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`Test deployment w/ overwritten properties 1`] = ` -Object { - "Outputs": Object { - "apigatewaykinesisRestApiEndpoint0C8E406E": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "apigatewaykinesisRestApiDeploymentStageprod015090BD", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "KinesisStream46752A3E": Object { - "Properties": Object { - "Name": "my-stream", - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "apigatewaykinesisApiAccessLogGroup65465AAF": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "apigatewaykinesisLambdaRestApiAccount3F075103": Object { - "DependsOn": Array [ - "apigatewaykinesisRestApi0DCC9877", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisLambdaRestApiCloudWatchRoleB7706361", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "apigatewaykinesisLambdaRestApiCloudWatchRoleB7706361": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaykinesisRestApi0DCC9877": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "my-api", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "apigatewaykinesisRestApiDeployment10E9BBA592f6dffe73c609db3a34add9add8b26e": Object { - "DependsOn": Array [ - "apigatewaykinesisRestApirecordPOST833DA459", - "apigatewaykinesisRestApirecord3F4EC064", - "apigatewaykinesisRestApirecordsPOST08A9BEAD", - "apigatewaykinesisRestApirecordsE5337BB6", - "apigatewaykinesisRestApiPutRecordModel55C7723E", - "apigatewaykinesisRestApiPutRecordsModel217E2E73", - "apigatewaykinesisRestApirequestvalidator4482E7FC", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "apigatewaykinesisRestApiDeploymentStageprod015090BD": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisApiAccessLogGroup65465AAF", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "apigatewaykinesisRestApiDeployment10E9BBA592f6dffe73c609db3a34add9add8b26e", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - Object { - "HttpMethod": "*", - "ResourcePath": "/*", - "ThrottlingBurstLimit": 25, - "ThrottlingRateLimit": 100, - }, - ], - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "apigatewaykinesisRestApiPutRecordModel55C7723E": Object { - "Properties": Object { - "ContentType": "application/json", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "Schema": Object { - "$schema": "http://json-schema.org/draft-04/schema#", - }, - }, - "Type": "AWS::ApiGateway::Model", - }, - "apigatewaykinesisRestApiPutRecordsModel217E2E73": Object { - "Properties": Object { - "ContentType": "application/json", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "Schema": Object { - "$schema": "http://json-schema.org/draft-04/schema#", - }, - }, - "Type": "AWS::ApiGateway::Model", - }, - "apigatewaykinesisRestApiUsagePlan40457E86": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "Stage": Object { - "Ref": "apigatewaykinesisRestApiDeploymentStageprod015090BD", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "apigatewaykinesisRestApirecord3F4EC064": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisRestApi0DCC9877", - "RootResourceId", - ], - }, - "PathPart": "record", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaykinesisRestApirecordPOST833DA459": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisapigatewayrole9271A0CE", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'x-amz-json-1.1'", - }, - "RequestTemplates": Object { - "application/json": "{ \\"Data\\": \\"$util.base64Encode($input.json('$.foo'))\\", \\"PartitionKey\\": \\"$input.path('$.bar')\\" }", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":kinesis:action/PutRecord", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "RequestModels": Object { - "application/json": Object { - "Ref": "apigatewaykinesisRestApiPutRecordModel55C7723E", - }, - }, - "RequestValidatorId": Object { - "Ref": "apigatewaykinesisRestApirequestvalidator4482E7FC", - }, - "ResourceId": Object { - "Ref": "apigatewaykinesisRestApirecord3F4EC064", - }, - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaykinesisRestApirecordsE5337BB6": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisRestApi0DCC9877", - "RootResourceId", - ], - }, - "PathPart": "records", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaykinesisRestApirecordsPOST08A9BEAD": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisapigatewayrole9271A0CE", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'x-amz-json-1.1'", - }, - "RequestTemplates": Object { - "application/json": "{ \\"Records\\": [ #foreach($elem in $input.path('$.records')) { \\"Data\\": \\"$util.base64Encode($elem.foo)\\", \\"PartitionKey\\": \\"$elem.bar\\"}#if($foreach.hasNext),#end #end ] }", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":kinesis:action/PutRecords", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "RequestModels": Object { - "application/json": Object { - "Ref": "apigatewaykinesisRestApiPutRecordsModel217E2E73", - }, - }, - "RequestValidatorId": Object { - "Ref": "apigatewaykinesisRestApirequestvalidator4482E7FC", - }, - "ResourceId": Object { - "Ref": "apigatewaykinesisRestApirecordsE5337BB6", - }, - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaykinesisRestApirequestvalidator4482E7FC": Object { - "Properties": Object { - "Name": "request-body-validator", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "ValidateRequestBody": true, - }, - "Type": "AWS::ApiGateway::RequestValidator", - }, - "apigatewaykinesisapigatewayrole9271A0CE": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaykinesisapigatewayroleDefaultPolicy6E8D093B": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "KinesisStream46752A3E", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "apigatewaykinesisapigatewayroleDefaultPolicy6E8D093B", - "Roles": Array [ - Object { - "Ref": "apigatewaykinesisapigatewayrole9271A0CE", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`Test minimal deployment snapshot 1`] = ` -Object { - "Outputs": Object { - "apigatewaykinesisRestApiEndpoint0C8E406E": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "apigatewaykinesisRestApiDeploymentStageprod015090BD", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "KinesisStream46752A3E": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "apigatewaykinesisApiAccessLogGroup65465AAF": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "apigatewaykinesisLambdaRestApiAccount3F075103": Object { - "DependsOn": Array [ - "apigatewaykinesisRestApi0DCC9877", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisLambdaRestApiCloudWatchRoleB7706361", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "apigatewaykinesisLambdaRestApiCloudWatchRoleB7706361": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaykinesisRestApi0DCC9877": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "apigatewaykinesisRestApiDeployment10E9BBA50145d52c9739e1665f76481cf8f4c3ef": Object { - "DependsOn": Array [ - "apigatewaykinesisRestApirecordPOST833DA459", - "apigatewaykinesisRestApirecord3F4EC064", - "apigatewaykinesisRestApirecordsPOST08A9BEAD", - "apigatewaykinesisRestApirecordsE5337BB6", - "apigatewaykinesisRestApiPutRecordModel55C7723E", - "apigatewaykinesisRestApiPutRecordsModel217E2E73", - "apigatewaykinesisRestApirequestvalidator4482E7FC", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "apigatewaykinesisRestApiDeploymentStageprod015090BD": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisApiAccessLogGroup65465AAF", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "apigatewaykinesisRestApiDeployment10E9BBA50145d52c9739e1665f76481cf8f4c3ef", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "apigatewaykinesisRestApiPutRecordModel55C7723E": Object { - "Properties": Object { - "ContentType": "application/json", - "Description": "PutRecord proxy single-record payload", - "Name": "PutRecordModel", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "Schema": Object { - "$schema": "http://json-schema.org/draft-04/schema#", - "properties": Object { - "data": Object { - "type": "string", - }, - "partitionKey": Object { - "type": "string", - }, - }, - "required": Array [ - "data", - "partitionKey", - ], - "title": "PutRecord proxy single-record payload", - "type": "object", - }, - }, - "Type": "AWS::ApiGateway::Model", - }, - "apigatewaykinesisRestApiPutRecordsModel217E2E73": Object { - "Properties": Object { - "ContentType": "application/json", - "Description": "PutRecords proxy payload data", - "Name": "PutRecordsModel", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "Schema": Object { - "$schema": "http://json-schema.org/draft-04/schema#", - "properties": Object { - "records": Object { - "items": Object { - "properties": Object { - "data": Object { - "type": "string", - }, - "partitionKey": Object { - "type": "string", - }, - }, - "required": Array [ - "data", - "partitionKey", - ], - "type": "object", - }, - "type": "array", - }, - }, - "required": Array [ - "records", - ], - "title": "PutRecords proxy payload data", - "type": "object", - }, - }, - "Type": "AWS::ApiGateway::Model", - }, - "apigatewaykinesisRestApiUsagePlan40457E86": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "Stage": Object { - "Ref": "apigatewaykinesisRestApiDeploymentStageprod015090BD", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "apigatewaykinesisRestApirecord3F4EC064": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisRestApi0DCC9877", - "RootResourceId", - ], - }, - "PathPart": "record", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaykinesisRestApirecordPOST833DA459": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisapigatewayrole9271A0CE", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'x-amz-json-1.1'", - }, - "RequestTemplates": Object { - "application/json": Object { - "Fn::Join": Array [ - "", - Array [ - "{ \\"StreamName\\": \\"", - Object { - "Ref": "KinesisStream46752A3E", - }, - "\\", \\"Data\\": \\"$util.base64Encode($input.json('$.data'))\\", \\"PartitionKey\\": \\"$input.path('$.partitionKey')\\" }", - ], - ], - }, - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":kinesis:action/PutRecord", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "RequestModels": Object { - "application/json": Object { - "Ref": "apigatewaykinesisRestApiPutRecordModel55C7723E", - }, - }, - "RequestValidatorId": Object { - "Ref": "apigatewaykinesisRestApirequestvalidator4482E7FC", - }, - "ResourceId": Object { - "Ref": "apigatewaykinesisRestApirecord3F4EC064", - }, - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaykinesisRestApirecordsE5337BB6": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisRestApi0DCC9877", - "RootResourceId", - ], - }, - "PathPart": "records", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaykinesisRestApirecordsPOST08A9BEAD": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaykinesisapigatewayrole9271A0CE", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'x-amz-json-1.1'", - }, - "RequestTemplates": Object { - "application/json": Object { - "Fn::Join": Array [ - "", - Array [ - "{ \\"StreamName\\": \\"", - Object { - "Ref": "KinesisStream46752A3E", - }, - "\\", \\"Records\\": [ #foreach($elem in $input.path('$.records')) { \\"Data\\": \\"$util.base64Encode($elem.data)\\", \\"PartitionKey\\": \\"$elem.partitionKey\\"}#if($foreach.hasNext),#end #end ] }", - ], - ], - }, - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":kinesis:action/PutRecords", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "RequestModels": Object { - "application/json": Object { - "Ref": "apigatewaykinesisRestApiPutRecordsModel217E2E73", - }, - }, - "RequestValidatorId": Object { - "Ref": "apigatewaykinesisRestApirequestvalidator4482E7FC", - }, - "ResourceId": Object { - "Ref": "apigatewaykinesisRestApirecordsE5337BB6", - }, - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaykinesisRestApirequestvalidator4482E7FC": Object { - "Properties": Object { - "Name": "request-body-validator", - "RestApiId": Object { - "Ref": "apigatewaykinesisRestApi0DCC9877", - }, - "ValidateRequestBody": true, - }, - "Type": "AWS::ApiGateway::RequestValidator", - }, - "apigatewaykinesisapigatewayrole9271A0CE": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaykinesisapigatewayroleDefaultPolicy6E8D093B": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "KinesisStream46752A3E", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "apigatewaykinesisapigatewayroleDefaultPolicy6E8D093B", - "Roles": Array [ - Object { - "Ref": "apigatewaykinesisapigatewayrole9271A0CE", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/test/apigateway-kinesis.test.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/test/apigateway-kinesis.test.ts index 7c47c6b0a..0c589fe73 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/test/apigateway-kinesis.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-kinesisstreams/test/apigateway-kinesis.test.ts @@ -14,19 +14,9 @@ // Imports import { Stack, Duration } from '@aws-cdk/core'; import { ApiGatewayToKinesisStreams } from '../lib'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import * as kinesis from '@aws-cdk/aws-kinesis'; -// -------------------------------------------------------------- -// Test minimal deployment snapshot -// -------------------------------------------------------------- -test('Test minimal deployment snapshot', () => { - const stack = new Stack(); - new ApiGatewayToKinesisStreams(stack, 'api-gateway-kinesis', {}); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test construct properties // -------------------------------------------------------------- @@ -69,8 +59,6 @@ test('Test deployment w/ overwritten properties', () => { putRecordsRequestModel: { schema: {} } }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - expect(stack).toHaveResourceLike('AWS::ApiGateway::Stage', { MethodSettings: [ { @@ -108,8 +96,6 @@ test('Test deployment w/ existing stream', () => { }) }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - expect(stack).toHaveResource('AWS::Kinesis::Stream', { ShardCount: 5, RetentionPeriodHours: 96 diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/__snapshots__/test.apigateway-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/__snapshots__/test.apigateway-lambda.test.js.snap deleted file mode 100644 index eae434cd0..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/__snapshots__/test.apigateway-lambda.test.js.snap +++ /dev/null @@ -1,2477 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Pattern deployment with existing Lambda function 1`] = ` -Object { - "Outputs": Object { - "testapigatewaylambdaLambdaRestApiEndpoint2EF0B753": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiDeploymentStageprod4EBF7247", - }, - "/", - ], - ], - }, - }, - }, - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "ExistingLambdaFunctionF606C520": Object { - "DependsOn": Array [ - "ExistingLambdaFunctionServiceRole7CC6DE65", - ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "ExistingLambdaFunctionServiceRole7CC6DE65", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - }, - "Type": "AWS::Lambda::Function", - }, - "ExistingLambdaFunctionServiceRole7CC6DE65": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewaylambdaApiAccessLogGroupEB3253A2": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testapigatewaylambdaLambdaRestApiANY1FACA749": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "ExistingLambdaFunctionF606C520", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaRestApiE957E944", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewaylambdaLambdaRestApiANYApiPermissionTesttestapigatewaylambdaLambdaRestApi5DDE3360ANYF71F5CAC": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "ExistingLambdaFunctionF606C520", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "/test-invoke-stage/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testapigatewaylambdaLambdaRestApiANYApiPermissiontestapigatewaylambdaLambdaRestApi5DDE3360ANY0CAB129B": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "ExistingLambdaFunctionF606C520", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "/", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiDeploymentStageprod4EBF7247", - }, - "/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testapigatewaylambdaLambdaRestApiAccount0D88B6B8": Object { - "DependsOn": Array [ - "testapigatewaylambdaLambdaRestApiE957E944", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaRestApiCloudWatchRole6D45E039", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "testapigatewaylambdaLambdaRestApiCloudWatchRole6D45E039": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewaylambdaLambdaRestApiDeployment85334BB3ec6848f57ed1b1aac179df734f57dcaa": Object { - "DependsOn": Array [ - "testapigatewaylambdaLambdaRestApiproxyANYF6150927", - "testapigatewaylambdaLambdaRestApiproxy2C2C544E", - "testapigatewaylambdaLambdaRestApiANY1FACA749", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "testapigatewaylambdaLambdaRestApiDeploymentStageprod4EBF7247": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaApiAccessLogGroupEB3253A2", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiDeployment85334BB3ec6848f57ed1b1aac179df734f57dcaa", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "testapigatewaylambdaLambdaRestApiE957E944": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "LambdaRestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "testapigatewaylambdaLambdaRestApiUsagePlan658131E3": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "Stage": Object { - "Ref": "testapigatewaylambdaLambdaRestApiDeploymentStageprod4EBF7247", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "testapigatewaylambdaLambdaRestApiproxy2C2C544E": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaRestApiE957E944", - "RootResourceId", - ], - }, - "PathPart": "{proxy+}", - "RestApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewaylambdaLambdaRestApiproxyANYApiPermissionTesttestapigatewaylambdaLambdaRestApi5DDE3360ANYproxyBA241600": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "ExistingLambdaFunctionF606C520", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "/test-invoke-stage/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testapigatewaylambdaLambdaRestApiproxyANYApiPermissiontestapigatewaylambdaLambdaRestApi5DDE3360ANYproxyCC830169": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "ExistingLambdaFunctionF606C520", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "/", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiDeploymentStageprod4EBF7247", - }, - "/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testapigatewaylambdaLambdaRestApiproxyANYF6150927": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "ExistingLambdaFunctionF606C520", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiproxy2C2C544E", - }, - "RestApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - }, -} -`; - -exports[`Pattern deployment with new Lambda function 1`] = ` -Object { - "Outputs": Object { - "testapigatewaylambdaLambdaRestApiEndpoint2EF0B753": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiDeploymentStageprod4EBF7247", - }, - "/", - ], - ], - }, - }, - }, - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testapigatewaylambdaApiAccessLogGroupEB3253A2": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testapigatewaylambdaLambdaFunction18FF222F": Object { - "DependsOn": Array [ - "testapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyA5D0BE32", - "testapigatewaylambdaLambdaFunctionServiceRole5CD2E9F7", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaFunctionServiceRole5CD2E9F7", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testapigatewaylambdaLambdaFunctionServiceRole5CD2E9F7": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyA5D0BE32": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyA5D0BE32", - "Roles": Array [ - Object { - "Ref": "testapigatewaylambdaLambdaFunctionServiceRole5CD2E9F7", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testapigatewaylambdaLambdaRestApiANY1FACA749": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaFunction18FF222F", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaRestApiE957E944", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testapigatewaylambdaLambdaRestApiANYApiPermissionTesttestapigatewaylambdaLambdaRestApi5DDE3360ANYF71F5CAC": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaFunction18FF222F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "/test-invoke-stage/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testapigatewaylambdaLambdaRestApiANYApiPermissiontestapigatewaylambdaLambdaRestApi5DDE3360ANY0CAB129B": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaFunction18FF222F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "/", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiDeploymentStageprod4EBF7247", - }, - "/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testapigatewaylambdaLambdaRestApiAccount0D88B6B8": Object { - "DependsOn": Array [ - "testapigatewaylambdaLambdaRestApiE957E944", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaRestApiCloudWatchRole6D45E039", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "testapigatewaylambdaLambdaRestApiCloudWatchRole6D45E039": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testapigatewaylambdaLambdaRestApiDeployment85334BB3a1765c45928980e423727978265730d1": Object { - "DependsOn": Array [ - "testapigatewaylambdaLambdaRestApiproxyANYF6150927", - "testapigatewaylambdaLambdaRestApiproxy2C2C544E", - "testapigatewaylambdaLambdaRestApiANY1FACA749", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "testapigatewaylambdaLambdaRestApiDeploymentStageprod4EBF7247": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaApiAccessLogGroupEB3253A2", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiDeployment85334BB3a1765c45928980e423727978265730d1", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "testapigatewaylambdaLambdaRestApiE957E944": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "LambdaRestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "testapigatewaylambdaLambdaRestApiUsagePlan658131E3": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "Stage": Object { - "Ref": "testapigatewaylambdaLambdaRestApiDeploymentStageprod4EBF7247", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "testapigatewaylambdaLambdaRestApiproxy2C2C544E": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaRestApiE957E944", - "RootResourceId", - ], - }, - "PathPart": "{proxy+}", - "RestApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testapigatewaylambdaLambdaRestApiproxyANYApiPermissionTesttestapigatewaylambdaLambdaRestApi5DDE3360ANYproxyBA241600": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaFunction18FF222F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "/test-invoke-stage/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testapigatewaylambdaLambdaRestApiproxyANYApiPermissiontestapigatewaylambdaLambdaRestApi5DDE3360ANYproxyCC830169": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaFunction18FF222F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - "/", - Object { - "Ref": "testapigatewaylambdaLambdaRestApiDeploymentStageprod4EBF7247", - }, - "/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testapigatewaylambdaLambdaRestApiproxyANYF6150927": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaLambdaFunction18FF222F", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiproxy2C2C544E", - }, - "RestApiId": Object { - "Ref": "testapigatewaylambdaLambdaRestApiE957E944", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - }, -} -`; - -exports[`Pattern deployment with two ApiGatewayToLambda constructs 1`] = ` -Object { - "Outputs": Object { - "pattern1LambdaRestApiEndpointECE66433": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "pattern1LambdaRestApi6083801A", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "pattern1LambdaRestApiDeploymentStageprodFF2B9A97", - }, - "/", - ], - ], - }, - }, - "pattern2LambdaRestApiEndpoint47B2C6C6": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "pattern2LambdaRestApi7106C394", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "pattern2LambdaRestApiDeploymentStageprod134BC514", - }, - "/", - ], - ], - }, - }, - }, - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "pattern1ApiAccessLogGroupE3E8C305": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "pattern1LambdaFunction4AE2BC2A": Object { - "DependsOn": Array [ - "pattern1LambdaFunctionServiceRoleDefaultPolicy3DAB9197", - "pattern1LambdaFunctionServiceRoleEEE9B913", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "pattern1LambdaFunctionServiceRoleEEE9B913", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "pattern1LambdaFunctionServiceRoleDefaultPolicy3DAB9197": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "pattern1LambdaFunctionServiceRoleDefaultPolicy3DAB9197", - "Roles": Array [ - Object { - "Ref": "pattern1LambdaFunctionServiceRoleEEE9B913", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "pattern1LambdaFunctionServiceRoleEEE9B913": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "pattern1LambdaRestApi6083801A": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "LambdaRestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "pattern1LambdaRestApiANY1CAD2ADA": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "pattern1LambdaFunction4AE2BC2A", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Fn::GetAtt": Array [ - "pattern1LambdaRestApi6083801A", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "pattern1LambdaRestApi6083801A", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "pattern1LambdaRestApiANYApiPermissionTestpattern1LambdaRestApi3E9A122CANYFC4F7B13": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "pattern1LambdaFunction4AE2BC2A", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "pattern1LambdaRestApi6083801A", - }, - "/test-invoke-stage/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "pattern1LambdaRestApiANYApiPermissionpattern1LambdaRestApi3E9A122CANY5D85A817": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "pattern1LambdaFunction4AE2BC2A", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "pattern1LambdaRestApi6083801A", - }, - "/", - Object { - "Ref": "pattern1LambdaRestApiDeploymentStageprodFF2B9A97", - }, - "/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "pattern1LambdaRestApiAccount52947E66": Object { - "DependsOn": Array [ - "pattern1LambdaRestApi6083801A", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "pattern1LambdaRestApiCloudWatchRole41F462A6", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "pattern1LambdaRestApiCloudWatchRole41F462A6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "pattern1LambdaRestApiDeployment20DFD9B2573799e20d1a348378b393327f9c6e15": Object { - "DependsOn": Array [ - "pattern1LambdaRestApiproxyANY9D2D185B", - "pattern1LambdaRestApiproxy6E65FF1B", - "pattern1LambdaRestApiANY1CAD2ADA", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "pattern1LambdaRestApi6083801A", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "pattern1LambdaRestApiDeploymentStageprodFF2B9A97": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "pattern1ApiAccessLogGroupE3E8C305", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "pattern1LambdaRestApiDeployment20DFD9B2573799e20d1a348378b393327f9c6e15", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "pattern1LambdaRestApi6083801A", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "pattern1LambdaRestApiUsagePlan77521F91": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "pattern1LambdaRestApi6083801A", - }, - "Stage": Object { - "Ref": "pattern1LambdaRestApiDeploymentStageprodFF2B9A97", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "pattern1LambdaRestApiproxy6E65FF1B": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "pattern1LambdaRestApi6083801A", - "RootResourceId", - ], - }, - "PathPart": "{proxy+}", - "RestApiId": Object { - "Ref": "pattern1LambdaRestApi6083801A", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "pattern1LambdaRestApiproxyANY9D2D185B": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "pattern1LambdaFunction4AE2BC2A", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Ref": "pattern1LambdaRestApiproxy6E65FF1B", - }, - "RestApiId": Object { - "Ref": "pattern1LambdaRestApi6083801A", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "pattern1LambdaRestApiproxyANYApiPermissionTestpattern1LambdaRestApi3E9A122CANYproxy0211E18E": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "pattern1LambdaFunction4AE2BC2A", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "pattern1LambdaRestApi6083801A", - }, - "/test-invoke-stage/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "pattern1LambdaRestApiproxyANYApiPermissionpattern1LambdaRestApi3E9A122CANYproxy35F22AD4": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "pattern1LambdaFunction4AE2BC2A", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "pattern1LambdaRestApi6083801A", - }, - "/", - Object { - "Ref": "pattern1LambdaRestApiDeploymentStageprodFF2B9A97", - }, - "/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "pattern2ApiAccessLogGroup6E2029E1": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "pattern2LambdaFunction20E7E90C": Object { - "DependsOn": Array [ - "pattern2LambdaFunctionServiceRoleDefaultPolicyB413F001", - "pattern2LambdaFunctionServiceRoleF8D0D0F1", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "pattern2LambdaFunctionServiceRoleF8D0D0F1", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "pattern2LambdaFunctionServiceRoleDefaultPolicyB413F001": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "pattern2LambdaFunctionServiceRoleDefaultPolicyB413F001", - "Roles": Array [ - Object { - "Ref": "pattern2LambdaFunctionServiceRoleF8D0D0F1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "pattern2LambdaFunctionServiceRoleF8D0D0F1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "pattern2LambdaRestApi7106C394": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "LambdaRestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "pattern2LambdaRestApiANY3965E74E": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "pattern2LambdaFunction20E7E90C", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Fn::GetAtt": Array [ - "pattern2LambdaRestApi7106C394", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "pattern2LambdaRestApi7106C394", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "pattern2LambdaRestApiANYApiPermissionTestpattern2LambdaRestApiA2DE99CBANY576A0FE3": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "pattern2LambdaFunction20E7E90C", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "pattern2LambdaRestApi7106C394", - }, - "/test-invoke-stage/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "pattern2LambdaRestApiANYApiPermissionpattern2LambdaRestApiA2DE99CBANYBCC44A2F": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "pattern2LambdaFunction20E7E90C", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "pattern2LambdaRestApi7106C394", - }, - "/", - Object { - "Ref": "pattern2LambdaRestApiDeploymentStageprod134BC514", - }, - "/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "pattern2LambdaRestApiAccount4E75931C": Object { - "DependsOn": Array [ - "pattern2LambdaRestApi7106C394", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "pattern2LambdaRestApiCloudWatchRoleCF2A5520", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "pattern2LambdaRestApiCloudWatchRoleCF2A5520": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "pattern2LambdaRestApiDeployment016BF0A2ac361352807d6a8d0a15c582caf0e0e8": Object { - "DependsOn": Array [ - "pattern2LambdaRestApiproxyANY4C5559C6", - "pattern2LambdaRestApiproxy541AAB3E", - "pattern2LambdaRestApiANY3965E74E", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "pattern2LambdaRestApi7106C394", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "pattern2LambdaRestApiDeploymentStageprod134BC514": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "pattern2ApiAccessLogGroup6E2029E1", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "pattern2LambdaRestApiDeployment016BF0A2ac361352807d6a8d0a15c582caf0e0e8", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "pattern2LambdaRestApi7106C394", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "pattern2LambdaRestApiUsagePlanBA5CA2BD": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "pattern2LambdaRestApi7106C394", - }, - "Stage": Object { - "Ref": "pattern2LambdaRestApiDeploymentStageprod134BC514", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "pattern2LambdaRestApiproxy541AAB3E": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "pattern2LambdaRestApi7106C394", - "RootResourceId", - ], - }, - "PathPart": "{proxy+}", - "RestApiId": Object { - "Ref": "pattern2LambdaRestApi7106C394", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "pattern2LambdaRestApiproxyANY4C5559C6": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "pattern2LambdaFunction20E7E90C", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Ref": "pattern2LambdaRestApiproxy541AAB3E", - }, - "RestApiId": Object { - "Ref": "pattern2LambdaRestApi7106C394", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "pattern2LambdaRestApiproxyANYApiPermissionTestpattern2LambdaRestApiA2DE99CBANYproxy309B7F1D": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "pattern2LambdaFunction20E7E90C", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "pattern2LambdaRestApi7106C394", - }, - "/test-invoke-stage/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "pattern2LambdaRestApiproxyANYApiPermissionpattern2LambdaRestApiA2DE99CBANYproxyD2FED300": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "pattern2LambdaFunction20E7E90C", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "pattern2LambdaRestApi7106C394", - }, - "/", - Object { - "Ref": "pattern2LambdaRestApiDeploymentStageprod134BC514", - }, - "/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/test.apigateway-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/test.apigateway-lambda.test.ts index 9d48e2e5a..3fab28f12 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/test.apigateway-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-lambda/test/test.apigateway-lambda.test.ts @@ -16,46 +16,8 @@ import { Stack } from "@aws-cdk/core"; import { ApiGatewayToLambda, ApiGatewayToLambdaProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; import * as api from '@aws-cdk/aws-apigateway'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; -// -------------------------------------------------------------- -// Pattern deployment with new Lambda function -// -------------------------------------------------------------- -test('Pattern deployment with new Lambda function', () => { - // Initial Setup - const stack = new Stack(); - const props: ApiGatewayToLambdaProps = { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - } - }; - new ApiGatewayToLambda(stack, 'test-apigateway-lambda', props); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Pattern deployment with existing Lambda function -// -------------------------------------------------------------- -test('Pattern deployment with existing Lambda function', () => { - // Initial Setup - const stack = new Stack(); - const fn = new lambda.Function(stack, 'ExistingLambdaFunction', { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }); - const props: ApiGatewayToLambdaProps = { - existingLambdaObj: fn - }; - new ApiGatewayToLambda(stack, 'test-apigateway-lambda', props); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test for error with existingLambdaObj=undefined (not supplied by user). // -------------------------------------------------------------- @@ -139,34 +101,6 @@ test('Error on lambdaFunctionProps=undefined', () => { expect(app).toThrowError(); }); -// -------------------------------------------------------------- -// Pattern deployment with two ApiGatewayToLambda constructs -// -------------------------------------------------------------- -test('Pattern deployment with two ApiGatewayToLambda constructs', () => { - // Initial Setup - const stack = new Stack(); - const props1: ApiGatewayToLambdaProps = { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - } - }; - new ApiGatewayToLambda(stack, 'pattern1', props1); - - const props2: ApiGatewayToLambdaProps = { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - } - }; - new ApiGatewayToLambda(stack, 'pattern2', props2); - - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // ----------------------------------------------------------------- // Test deployment for override ApiGateway AuthorizationType to NONE // ----------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/test/__snapshots__/apigateway-sagemakerendpoint.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/test/__snapshots__/apigateway-sagemakerendpoint.test.js.snap deleted file mode 100644 index 11bf55b81..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/test/__snapshots__/apigateway-sagemakerendpoint.test.js.snap +++ /dev/null @@ -1,744 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment w/ overwritten properties 1`] = ` -Object { - "Outputs": Object { - "apigatewaysagemakerendpointRestApiEndpointEF77C139": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "apigatewaysagemakerendpointRestApiDeploymentStageprod45323140", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "apigatewayroleE6D48DBD": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "existing role for SageMaker integration", - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sagemaker:InvokeEndpoint", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":endpoint/my-endpoint", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "InvokePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysagemakerendpointApiAccessLogGroupDBD19445": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "apigatewaysagemakerendpointLambdaRestApiAccount1E510B70": Object { - "DependsOn": Array [ - "apigatewaysagemakerendpointRestApiF430F7C7", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysagemakerendpointLambdaRestApiCloudWatchRole6C816D4C", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "apigatewaysagemakerendpointLambdaRestApiCloudWatchRole6C816D4C": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysagemakerendpointRestApiDeployment6524D6DC087faef8ff6b595bfd57b5ff8e9e5cc7": Object { - "DependsOn": Array [ - "apigatewaysagemakerendpointRestApimyresourcemyparamGETD236BC79", - "apigatewaysagemakerendpointRestApimyresourcemyparam67E19507", - "apigatewaysagemakerendpointRestApimyresourceB85831BC", - "apigatewaysagemakerendpointRestApirequestvalidator390ABFEC", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "apigatewaysagemakerendpointRestApiDeploymentStageprod45323140": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysagemakerendpointApiAccessLogGroupDBD19445", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "apigatewaysagemakerendpointRestApiDeployment6524D6DC087faef8ff6b595bfd57b5ff8e9e5cc7", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - Object { - "HttpMethod": "*", - "ResourcePath": "/*", - "ThrottlingBurstLimit": 25, - "ThrottlingRateLimit": 100, - }, - ], - "RestApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "apigatewaysagemakerendpointRestApiF430F7C7": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "my-api", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "apigatewaysagemakerendpointRestApiUsagePlanBD6781A3": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - "Stage": Object { - "Ref": "apigatewaysagemakerendpointRestApiDeploymentStageprod45323140", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "apigatewaysagemakerendpointRestApimyresourceB85831BC": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaysagemakerendpointRestApiF430F7C7", - "RootResourceId", - ], - }, - "PathPart": "my-resource", - "RestApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaysagemakerendpointRestApimyresourcemyparam67E19507": Object { - "Properties": Object { - "ParentId": Object { - "Ref": "apigatewaysagemakerendpointRestApimyresourceB85831BC", - }, - "PathPart": "{my_param}", - "RestApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaysagemakerendpointRestApimyresourcemyparamGETD236BC79": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "GET", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayroleE6D48DBD", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "application/json": "my-response-vtl-template", - }, - "StatusCode": "200", - }, - Object { - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "SelectionPattern": "4\\\\d{2}", - "StatusCode": "400", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - }, - "RequestTemplates": Object { - "application/json": "my-request-vtl-template", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":runtime.sagemaker:path/endpoints/my-endpoint/invocations", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "400", - }, - ], - "RequestValidatorId": Object { - "Ref": "apigatewaysagemakerendpointRestApirequestvalidator390ABFEC", - }, - "ResourceId": Object { - "Ref": "apigatewaysagemakerendpointRestApimyresourcemyparam67E19507", - }, - "RestApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaysagemakerendpointRestApirequestvalidator390ABFEC": Object { - "Properties": Object { - "Name": "request-param-validator", - "RestApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - "ValidateRequestParameters": true, - }, - "Type": "AWS::ApiGateway::RequestValidator", - }, - }, -} -`; - -exports[`Test minimal deployment snapshot 1`] = ` -Object { - "Outputs": Object { - "apigatewaysagemakerendpointRestApiEndpointEF77C139": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "apigatewaysagemakerendpointRestApiDeploymentStageprod45323140", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "apigatewaysagemakerendpointApiAccessLogGroupDBD19445": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "apigatewaysagemakerendpointInvokeEndpointPolicyCF496123": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sagemaker:InvokeEndpoint", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":endpoint/my-endpoint", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "apigatewaysagemakerendpointInvokeEndpointPolicyCF496123", - "Roles": Array [ - Object { - "Ref": "apigatewaysagemakerendpointapigatewayrole5B5E1DAC", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "apigatewaysagemakerendpointLambdaRestApiAccount1E510B70": Object { - "DependsOn": Array [ - "apigatewaysagemakerendpointRestApiF430F7C7", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysagemakerendpointLambdaRestApiCloudWatchRole6C816D4C", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "apigatewaysagemakerendpointLambdaRestApiCloudWatchRole6C816D4C": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysagemakerendpointRestApiDeployment6524D6DCb0047bb01eb8788f969621dc25119fb9": Object { - "DependsOn": Array [ - "apigatewaysagemakerendpointRestApimyparamGET9A23305A", - "apigatewaysagemakerendpointRestApimyparam824FE1D8", - "apigatewaysagemakerendpointRestApirequestvalidator390ABFEC", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "apigatewaysagemakerendpointRestApiDeploymentStageprod45323140": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysagemakerendpointApiAccessLogGroupDBD19445", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "apigatewaysagemakerendpointRestApiDeployment6524D6DCb0047bb01eb8788f969621dc25119fb9", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "apigatewaysagemakerendpointRestApiF430F7C7": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "apigatewaysagemakerendpointRestApiUsagePlanBD6781A3": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - "Stage": Object { - "Ref": "apigatewaysagemakerendpointRestApiDeploymentStageprod45323140", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "apigatewaysagemakerendpointRestApimyparam824FE1D8": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaysagemakerendpointRestApiF430F7C7", - "RootResourceId", - ], - }, - "PathPart": "{my_param}", - "RestApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaysagemakerendpointRestApimyparamGET9A23305A": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "GET", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaysagemakerendpointapigatewayrole5B5E1DAC", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "SelectionPattern": "5\\\\d{2}", - "StatusCode": "500", - }, - Object { - "SelectionPattern": "4\\\\d{2}", - "StatusCode": "400", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - }, - "RequestTemplates": Object { - "application/json": "my-request-vtl-template", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":runtime.sagemaker:path/endpoints/my-endpoint/invocations", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "StatusCode": "500", - }, - Object { - "StatusCode": "400", - }, - ], - "RequestValidatorId": Object { - "Ref": "apigatewaysagemakerendpointRestApirequestvalidator390ABFEC", - }, - "ResourceId": Object { - "Ref": "apigatewaysagemakerendpointRestApimyparam824FE1D8", - }, - "RestApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaysagemakerendpointRestApirequestvalidator390ABFEC": Object { - "Properties": Object { - "Name": "request-param-validator", - "RestApiId": Object { - "Ref": "apigatewaysagemakerendpointRestApiF430F7C7", - }, - "ValidateRequestParameters": true, - }, - "Type": "AWS::ApiGateway::RequestValidator", - }, - "apigatewaysagemakerendpointapigatewayrole5B5E1DAC": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/test/apigateway-sagemakerendpoint.test.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/test/apigateway-sagemakerendpoint.test.ts index 96db3aaf4..03dbcd5e9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/test/apigateway-sagemakerendpoint.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-sagemakerendpoint/test/apigateway-sagemakerendpoint.test.ts @@ -15,22 +15,8 @@ import { Stack, Aws } from '@aws-cdk/core'; import { ApiGatewayToSageMakerEndpoint } from '../lib'; import * as iam from '@aws-cdk/aws-iam'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; -// -------------------------------------------------------------- -// Test minimal deployment snapshot -// -------------------------------------------------------------- -test('Test minimal deployment snapshot', () => { - const stack = new Stack(); - new ApiGatewayToSageMakerEndpoint(stack, 'api-gateway-sagemakerendpoint', { - endpointName: 'my-endpoint', - resourcePath: '{my_param}', - requestMappingTemplate: 'my-request-vtl-template' - }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test construct properties // -------------------------------------------------------------- @@ -88,8 +74,6 @@ test('Test deployment w/ overwritten properties', () => { responseMappingTemplate: 'my-response-vtl-template' }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - expect(stack).toHaveResourceLike('AWS::ApiGateway::Stage', { MethodSettings: [ { diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/__snapshots__/apigateway-sqs.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/__snapshots__/apigateway-sqs.test.js.snap deleted file mode 100644 index 35fb53f98..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/__snapshots__/apigateway-sqs.test.js.snap +++ /dev/null @@ -1,2687 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment w/ DLQ 1`] = ` -Object { - "Outputs": Object { - "apigatewaysqsRestApiEndpointD55C9F0A": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "apigatewaysqsApiAccessLogGroup4D14D1D7": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "apigatewaysqsLambdaRestApiAccount8FA59342": Object { - "DependsOn": Array [ - "apigatewaysqsRestApi03BFD711", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsLambdaRestApiCloudWatchRoleB51EDA01", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "apigatewaysqsLambdaRestApiCloudWatchRoleB51EDA01": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysqsRestApi03BFD711": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "apigatewaysqsRestApiDeployment823C310Bb3eb8381f81a14298ee8e133d94084e4": Object { - "DependsOn": Array [ - "apigatewaysqsRestApiGET13C64342", - "apigatewaysqsRestApimessageDELETE46195B92", - "apigatewaysqsRestApimessageC2D606D3", - "apigatewaysqsRestApiPOST3638C367", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsApiAccessLogGroup4D14D1D7", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "apigatewaysqsRestApiDeployment823C310Bb3eb8381f81a14298ee8e133d94084e4", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "apigatewaysqsRestApiGET13C64342": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "GET", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsapigatewayrole2BA120D3", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/x-www-form-urlencoded'", - }, - "RequestTemplates": Object { - "application/json": "Action=ReceiveMessage", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":sqs:path/", - Object { - "Ref": "AWS::AccountId", - }, - "/", - Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "QueueName", - ], - }, - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "ResourceId": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsRestApi03BFD711", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaysqsRestApiPOST3638C367": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsapigatewayrole2BA120D3", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/x-www-form-urlencoded'", - }, - "RequestTemplates": Object { - "application/json": "Action=SendMessage&MessageBody=$util.urlEncode(\\"$input.body\\")", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":sqs:path/", - Object { - "Ref": "AWS::AccountId", - }, - "/", - Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "QueueName", - ], - }, - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "ResourceId": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsRestApi03BFD711", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaysqsRestApiUsagePlan744FD0EB": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - "Stage": Object { - "Ref": "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "apigatewaysqsRestApimessageC2D606D3": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsRestApi03BFD711", - "RootResourceId", - ], - }, - "PathPart": "message", - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaysqsRestApimessageDELETE46195B92": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "DELETE", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsapigatewayrole2BA120D3", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/x-www-form-urlencoded'", - }, - "RequestTemplates": Object { - "application/json": "Action=DeleteMessage&ReceiptHandle=$util.urlEncode($input.params('receiptHandle'))", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":sqs:path/", - Object { - "Ref": "AWS::AccountId", - }, - "/", - Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "QueueName", - ], - }, - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "ResourceId": Object { - "Ref": "apigatewaysqsRestApimessageC2D606D3", - }, - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaysqsapigatewayrole2BA120D3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysqsapigatewayroleDefaultPolicyD83F1724": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sqs:SendMessage", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - }, - Object { - "Action": "sqs:ReceiveMessage", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - }, - Object { - "Action": "sqs:DeleteMessage", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "apigatewaysqsapigatewayroleDefaultPolicyD83F1724", - "Roles": Array [ - Object { - "Ref": "apigatewaysqsapigatewayrole2BA120D3", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "apigatewaysqsdeadLetterQueue25B510FA": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "apigatewaysqsdeadLetterQueuePolicy55247071": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "apigatewaysqsdeadLetterQueue25B510FA", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "apigatewaysqsqueueE186B895": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "apigatewaysqsqueuePolicy2A16DE42": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "apigatewaysqsqueueE186B895", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test deployment w/ allowReadOperation 1`] = ` -Object { - "Outputs": Object { - "apigatewaysqsRestApiEndpointD55C9F0A": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "apigatewaysqsApiAccessLogGroup4D14D1D7": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "apigatewaysqsLambdaRestApiAccount8FA59342": Object { - "DependsOn": Array [ - "apigatewaysqsRestApi03BFD711", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsLambdaRestApiCloudWatchRoleB51EDA01", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "apigatewaysqsLambdaRestApiCloudWatchRoleB51EDA01": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysqsRestApi03BFD711": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "apigatewaysqsRestApiDeployment823C310B81c8c99dceff06c656282a644dc22b99": Object { - "DependsOn": Array [ - "apigatewaysqsRestApiGET13C64342", - "apigatewaysqsRestApimessageC2D606D3", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsApiAccessLogGroup4D14D1D7", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "apigatewaysqsRestApiDeployment823C310B81c8c99dceff06c656282a644dc22b99", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "apigatewaysqsRestApiGET13C64342": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "GET", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsapigatewayrole2BA120D3", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/x-www-form-urlencoded'", - }, - "RequestTemplates": Object { - "application/json": "Action=ReceiveMessage", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":sqs:path/", - Object { - "Ref": "AWS::AccountId", - }, - "/", - Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "QueueName", - ], - }, - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "ResourceId": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsRestApi03BFD711", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaysqsRestApiUsagePlan744FD0EB": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - "Stage": Object { - "Ref": "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "apigatewaysqsRestApimessageC2D606D3": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsRestApi03BFD711", - "RootResourceId", - ], - }, - "PathPart": "message", - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaysqsapigatewayrole2BA120D3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysqsapigatewayroleDefaultPolicyD83F1724": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sqs:ReceiveMessage", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "apigatewaysqsapigatewayroleDefaultPolicyD83F1724", - "Roles": Array [ - Object { - "Ref": "apigatewaysqsapigatewayrole2BA120D3", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "apigatewaysqsdeadLetterQueue25B510FA": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "apigatewaysqsdeadLetterQueuePolicy55247071": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "apigatewaysqsdeadLetterQueue25B510FA", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "apigatewaysqsqueueE186B895": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "apigatewaysqsqueuePolicy2A16DE42": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "apigatewaysqsqueueE186B895", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test deployment w/o DLQ 1`] = ` -Object { - "Outputs": Object { - "apigatewaysqsRestApiEndpointD55C9F0A": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "apigatewaysqsApiAccessLogGroup4D14D1D7": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "apigatewaysqsLambdaRestApiAccount8FA59342": Object { - "DependsOn": Array [ - "apigatewaysqsRestApi03BFD711", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsLambdaRestApiCloudWatchRoleB51EDA01", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "apigatewaysqsLambdaRestApiCloudWatchRoleB51EDA01": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysqsRestApi03BFD711": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "apigatewaysqsRestApiDeployment823C310B81c8c99dceff06c656282a644dc22b99": Object { - "DependsOn": Array [ - "apigatewaysqsRestApiGET13C64342", - "apigatewaysqsRestApimessageC2D606D3", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsApiAccessLogGroup4D14D1D7", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "apigatewaysqsRestApiDeployment823C310B81c8c99dceff06c656282a644dc22b99", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "apigatewaysqsRestApiGET13C64342": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "GET", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsapigatewayrole2BA120D3", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/x-www-form-urlencoded'", - }, - "RequestTemplates": Object { - "application/json": "Action=ReceiveMessage", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":sqs:path/", - Object { - "Ref": "AWS::AccountId", - }, - "/", - Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "QueueName", - ], - }, - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "ResourceId": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsRestApi03BFD711", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaysqsRestApiUsagePlan744FD0EB": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - "Stage": Object { - "Ref": "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "apigatewaysqsRestApimessageC2D606D3": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsRestApi03BFD711", - "RootResourceId", - ], - }, - "PathPart": "message", - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaysqsapigatewayrole2BA120D3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysqsapigatewayroleDefaultPolicyD83F1724": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sqs:ReceiveMessage", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "apigatewaysqsapigatewayroleDefaultPolicyD83F1724", - "Roles": Array [ - Object { - "Ref": "apigatewaysqsapigatewayrole2BA120D3", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "apigatewaysqsqueueE186B895": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "apigatewaysqsqueuePolicy2A16DE42": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "apigatewaysqsqueueE186B895", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test deployment w/o allowReadOperation 1`] = ` -Object { - "Outputs": Object { - "apigatewaysqsRestApiEndpointD55C9F0A": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "apigatewaysqsApiAccessLogGroup4D14D1D7": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "apigatewaysqsLambdaRestApiAccount8FA59342": Object { - "DependsOn": Array [ - "apigatewaysqsRestApi03BFD711", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsLambdaRestApiCloudWatchRoleB51EDA01", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "apigatewaysqsLambdaRestApiCloudWatchRoleB51EDA01": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysqsRestApi03BFD711": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "apigatewaysqsRestApiDeployment823C310B30d11fbd9e73b3db4ad8ab3529931324": Object { - "DependsOn": Array [ - "apigatewaysqsRestApimessageC2D606D3", - "apigatewaysqsRestApiPOST3638C367", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsApiAccessLogGroup4D14D1D7", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "apigatewaysqsRestApiDeployment823C310B30d11fbd9e73b3db4ad8ab3529931324", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "apigatewaysqsRestApiPOST3638C367": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsapigatewayrole2BA120D3", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/x-www-form-urlencoded'", - }, - "RequestTemplates": Object { - "application/json": "Action=SendMessage&MessageBody=$util.urlEncode(\\"$input.body\\")", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":sqs:path/", - Object { - "Ref": "AWS::AccountId", - }, - "/", - Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "QueueName", - ], - }, - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "ResourceId": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsRestApi03BFD711", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaysqsRestApiUsagePlan744FD0EB": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - "Stage": Object { - "Ref": "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "apigatewaysqsRestApimessageC2D606D3": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsRestApi03BFD711", - "RootResourceId", - ], - }, - "PathPart": "message", - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaysqsapigatewayrole2BA120D3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysqsapigatewayroleDefaultPolicyD83F1724": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sqs:SendMessage", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "apigatewaysqsapigatewayroleDefaultPolicyD83F1724", - "Roles": Array [ - Object { - "Ref": "apigatewaysqsapigatewayrole2BA120D3", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "apigatewaysqsdeadLetterQueue25B510FA": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "apigatewaysqsdeadLetterQueuePolicy55247071": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "apigatewaysqsdeadLetterQueue25B510FA", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "apigatewaysqsqueueE186B895": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "apigatewaysqsqueuePolicy2A16DE42": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "apigatewaysqsqueueE186B895", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test minimal deployment 1`] = ` -Object { - "Outputs": Object { - "apigatewaysqsRestApiEndpointD55C9F0A": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "apigatewaysqsApiAccessLogGroup4D14D1D7": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "apigatewaysqsLambdaRestApiAccount8FA59342": Object { - "DependsOn": Array [ - "apigatewaysqsRestApi03BFD711", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsLambdaRestApiCloudWatchRoleB51EDA01", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "apigatewaysqsLambdaRestApiCloudWatchRoleB51EDA01": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysqsRestApi03BFD711": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "apigatewaysqsRestApiDeployment823C310B81c8c99dceff06c656282a644dc22b99": Object { - "DependsOn": Array [ - "apigatewaysqsRestApiGET13C64342", - "apigatewaysqsRestApimessageC2D606D3", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsApiAccessLogGroup4D14D1D7", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "apigatewaysqsRestApiDeployment823C310B81c8c99dceff06c656282a644dc22b99", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "apigatewaysqsRestApiGET13C64342": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "GET", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsapigatewayrole2BA120D3", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/x-www-form-urlencoded'", - }, - "RequestTemplates": Object { - "application/json": "Action=ReceiveMessage", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":sqs:path/", - Object { - "Ref": "AWS::AccountId", - }, - "/", - Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "QueueName", - ], - }, - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "ResourceId": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsRestApi03BFD711", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewaysqsRestApiUsagePlan744FD0EB": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - "Stage": Object { - "Ref": "apigatewaysqsRestApiDeploymentStageprodAA3C7DD5", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "apigatewaysqsRestApimessageC2D606D3": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsRestApi03BFD711", - "RootResourceId", - ], - }, - "PathPart": "message", - "RestApiId": Object { - "Ref": "apigatewaysqsRestApi03BFD711", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "apigatewaysqsapigatewayrole2BA120D3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "apigatewaysqsapigatewayroleDefaultPolicyD83F1724": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sqs:ReceiveMessage", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "apigatewaysqsapigatewayroleDefaultPolicyD83F1724", - "Roles": Array [ - Object { - "Ref": "apigatewaysqsapigatewayrole2BA120D3", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "apigatewaysqsdeadLetterQueue25B510FA": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "apigatewaysqsdeadLetterQueuePolicy55247071": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "apigatewaysqsdeadLetterQueue25B510FA", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "apigatewaysqsqueueE186B895": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsdeadLetterQueue25B510FA", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "apigatewaysqsqueuePolicy2A16DE42": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "apigatewaysqsqueueE186B895", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "apigatewaysqsqueueE186B895", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/apigateway-sqs.test.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/apigateway-sqs.test.ts index 304bd513b..ecef377bf 100644 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/apigateway-sqs.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-sqs/test/apigateway-sqs.test.ts @@ -14,40 +14,9 @@ // Imports import { Stack } from "@aws-cdk/core"; import { ApiGatewayToSqs } from '../lib'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import * as api from "@aws-cdk/aws-apigateway"; -// -------------------------------------------------------------- -// Test minimal deployment -// -------------------------------------------------------------- -test('Test minimal deployment', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new ApiGatewayToSqs(stack, 'api-gateway-sqs', { - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment w/ DLQ -// -------------------------------------------------------------- -test('Test deployment w/ DLQ', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new ApiGatewayToSqs(stack, 'api-gateway-sqs', { - allowCreateOperation: true, - allowReadOperation: true, - allowDeleteOperation: true, - deployDeadLetterQueue: true - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test deployment w/o DLQ // -------------------------------------------------------------- @@ -58,9 +27,7 @@ test('Test deployment w/o DLQ', () => { new ApiGatewayToSqs(stack, 'api-gateway-sqs', { deployDeadLetterQueue: false }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike("AWS::ApiGateway::Method", { HttpMethod: "GET", AuthorizationType: "AWS_IAM" @@ -78,9 +45,7 @@ test('Test deployment w/o allowReadOperation', () => { allowCreateOperation: true, allowReadOperation: false, }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike("AWS::ApiGateway::Method", { HttpMethod: "POST", AuthorizationType: "AWS_IAM" @@ -97,9 +62,7 @@ test('Test deployment w/ allowReadOperation', () => { new ApiGatewayToSqs(stack, 'api-gateway-sqs', { allowReadOperation: true, }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike("AWS::ApiGateway::Method", { HttpMethod: "GET", AuthorizationType: "AWS_IAM" diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap deleted file mode 100644 index cb1bde9d3..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/__snapshots__/test.cloudfront-apigateway-lambda.test.js.snap +++ /dev/null @@ -1,874 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test CloudFrontToApiGatewayToLambda default params 1`] = ` -Object { - "Outputs": Object { - "testcloudfrontapigatewaylambdaLambdaRestApiEndpoint83FD8F0F": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7", - }, - "/", - ], - ], - }, - }, - }, - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testcloudfrontapigatewaylambdaApiAccessLogGroup97EB2E40": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudFrontDistribution0AFC98FC": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W70", - "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion", - }, - ], - }, - }, - "Properties": Object { - "DistributionConfig": Object { - "DefaultCacheBehavior": Object { - "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", - "Compress": true, - "FunctionAssociations": Array [ - Object { - "EventType": "viewer-response", - "FunctionARN": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A", - "FunctionARN", - ], - }, - }, - ], - "TargetOriginId": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudFrontDistributionOrigin11F34FD46", - "ViewerProtocolPolicy": "redirect-to-https", - }, - "Enabled": true, - "HttpVersion": "http2", - "IPV6Enabled": true, - "Logging": Object { - "Bucket": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421", - "RegionalDomainName", - ], - }, - }, - "Origins": Array [ - Object { - "CustomOriginConfig": Object { - "OriginProtocolPolicy": "https-only", - "OriginSSLProtocols": Array [ - "TLSv1.2", - ], - }, - "DomainName": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "/", - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "://", - Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7", - }, - "/", - ], - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - "Id": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudFrontDistributionOrigin11F34FD46", - "OriginPath": Object { - "Fn::Join": Array [ - "", - Array [ - "/", - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7", - }, - ], - ], - }, - }, - ], - }, - }, - "Type": "AWS::CloudFront::Distribution", - }, - "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketPolicy4A551B79": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A": Object { - "Properties": Object { - "AutoPublish": true, - "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \\"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }", - "FunctionConfig": Object { - "Comment": "SetHttpSecurityHeadersc8921a01111335c3cb09d76a1618677328b11c1cb8", - "Runtime": "cloudfront-js-1.0", - }, - "Name": "SetHttpSecurityHeadersc8921a01111335c3cb09d76a1618677328b11c1cb8", - }, - "Type": "AWS::CloudFront::Function", - }, - "testcloudfrontapigatewaylambdaLambdaFunction17A55E65": Object { - "DependsOn": Array [ - "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB", - "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyDB7FF8EB", - "Roles": Array [ - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaFunctionServiceRoleCB74590F", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "REGIONAL", - ], - }, - "Name": "LambdaRestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiANYApiPermissionTesttestcloudfrontapigatewaylambdaLambdaRestApi4FCEAD4FANY54D89D69": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaLambdaFunction17A55E65", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - "/test-invoke-stage/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiANYApiPermissiontestcloudfrontapigatewaylambdaLambdaRestApi4FCEAD4FANY575F6F0F": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaLambdaFunction17A55E65", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - "/", - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7", - }, - "/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiANYBC435DFD": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W59", - "reason": "AWS::ApiGateway::Method AuthorizationType is set to 'NONE' because API Gateway behind CloudFront does not support AWS_IAM authentication", - }, - ], - }, - }, - "Properties": Object { - "AuthorizationType": "NONE", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaLambdaFunction17A55E65", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiAccount1A4578BB": Object { - "DependsOn": Array [ - "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaLambdaRestApiCloudWatchRole7A327F48", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiCloudWatchRole7A327F48": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiDeployment0C4661C03abb023c303d9e3ff2b4d984cd5d60ab": Object { - "DependsOn": Array [ - "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYAE500A13", - "testcloudfrontapigatewaylambdaLambdaRestApiproxyBC09D86F", - "testcloudfrontapigatewaylambdaLambdaRestApiANYBC435DFD", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaApiAccessLogGroup97EB2E40", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeployment0C4661C03abb023c303d9e3ff2b4d984cd5d60ab", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiUsagePlan59548A66": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - "Stage": Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYAE500A13": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W59", - "reason": "AWS::ApiGateway::Method AuthorizationType is set to 'NONE' because API Gateway behind CloudFront does not support AWS_IAM authentication", - }, - ], - }, - }, - "Properties": Object { - "AuthorizationType": "NONE", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaLambdaFunction17A55E65", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiproxyBC09D86F", - }, - "RestApiId": Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYApiPermissionTesttestcloudfrontapigatewaylambdaLambdaRestApi4FCEAD4FANYproxyDB9DBE95": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaLambdaFunction17A55E65", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - "/test-invoke-stage/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiproxyANYApiPermissiontestcloudfrontapigatewaylambdaLambdaRestApi4FCEAD4FANYproxy9F51CEF1": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaLambdaFunction17A55E65", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - "/", - Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApiDeploymentStageprod4617A7B7", - }, - "/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testcloudfrontapigatewaylambdaLambdaRestApiproxyBC09D86F": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - "RootResourceId", - ], - }, - "PathPart": "{proxy+}", - "RestApiId": Object { - "Ref": "testcloudfrontapigatewaylambdaLambdaRestApi6A4CBD44", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/test.cloudfront-apigateway-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/test.cloudfront-apigateway-lambda.test.ts index c8a34582a..30e2de1ff 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/test.cloudfront-apigateway-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/test.cloudfront-apigateway-lambda.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { CloudFrontToApiGatewayToLambda, CloudFrontToApiGatewayToLambdaProps } from "../lib"; import * as cdk from "@aws-cdk/core"; import * as lambda from '@aws-cdk/aws-lambda'; @@ -42,12 +41,6 @@ function useExistingFunc(stack: cdk.Stack) { }); } -test('snapshot test CloudFrontToApiGatewayToLambda default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check properties', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/__snapshots__/test.cloudfront-apigateway.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/__snapshots__/test.cloudfront-apigateway.test.js.snap deleted file mode 100644 index ca1e6ce88..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/__snapshots__/test.cloudfront-apigateway.test.js.snap +++ /dev/null @@ -1,854 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test CloudFrontToApiGateway default params 1`] = ` -Object { - "Outputs": Object { - "LambdaRestApiEndpointCCECE4C1": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "LambdaRestApi95870433", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "LambdaRestApiDeploymentStageprodB1F3862A", - }, - "/", - ], - ], - }, - }, - }, - "Parameters": Object { - "AssetParameters76457685de34c4b8447dc527f32d442291b2efeb05bcfcba793036ac6c94d9a2ArtifactHash86D9D5EA": Object { - "Description": "Artifact hash for asset \\"76457685de34c4b8447dc527f32d442291b2efeb05bcfcba793036ac6c94d9a2\\"", - "Type": "String", - }, - "AssetParameters76457685de34c4b8447dc527f32d442291b2efeb05bcfcba793036ac6c94d9a2S3BucketD637F5E2": Object { - "Description": "S3 bucket for asset \\"76457685de34c4b8447dc527f32d442291b2efeb05bcfcba793036ac6c94d9a2\\"", - "Type": "String", - }, - "AssetParameters76457685de34c4b8447dc527f32d442291b2efeb05bcfcba793036ac6c94d9a2S3VersionKeyEAFC3492": Object { - "Description": "S3 key for asset version \\"76457685de34c4b8447dc527f32d442291b2efeb05bcfcba793036ac6c94d9a2\\"", - "Type": "String", - }, - }, - "Resources": Object { - "ApiAccessLogGroupCEA70788": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "LambdaFunctionServiceRole0C4CDE0B", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters76457685de34c4b8447dc527f32d442291b2efeb05bcfcba793036ac6c94d9a2S3BucketD637F5E2", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters76457685de34c4b8447dc527f32d442291b2efeb05bcfcba793036ac6c94d9a2S3VersionKeyEAFC3492", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters76457685de34c4b8447dc527f32d442291b2efeb05bcfcba793036ac6c94d9a2S3VersionKeyEAFC3492", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRole0C4CDE0B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "Roles": Array [ - Object { - "Ref": "LambdaFunctionServiceRole0C4CDE0B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "LambdaRestApi95870433": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "REGIONAL", - ], - }, - "Name": "LambdaRestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "LambdaRestApiANYA831AD87": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Fn::GetAtt": Array [ - "LambdaRestApi95870433", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "LambdaRestApiANYApiPermissionLambdaRestApiANYD56C5914": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "LambdaRestApi95870433", - }, - "/", - Object { - "Ref": "LambdaRestApiDeploymentStageprodB1F3862A", - }, - "/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "LambdaRestApiANYApiPermissionTestLambdaRestApiANY9B2403A7": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "LambdaRestApi95870433", - }, - "/test-invoke-stage/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "LambdaRestApiAccount": Object { - "DependsOn": Array [ - "LambdaRestApi95870433", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "LambdaRestApiCloudWatchRoleF339D4E6", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "LambdaRestApiCloudWatchRoleF339D4E6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "LambdaRestApiDeploymentBA640578812946cff1910fe2b8b339ee3a8d51c7": Object { - "DependsOn": Array [ - "LambdaRestApiproxyANY93D43CC0", - "LambdaRestApiproxy9F99E187", - "LambdaRestApiANYA831AD87", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "LambdaRestApiDeploymentStageprodB1F3862A": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "ApiAccessLogGroupCEA70788", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "LambdaRestApiDeploymentBA640578812946cff1910fe2b8b339ee3a8d51c7", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "LambdaRestApiUsagePlanB4DF55D0": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - "Stage": Object { - "Ref": "LambdaRestApiDeploymentStageprodB1F3862A", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "LambdaRestApiproxy9F99E187": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "LambdaRestApi95870433", - "RootResourceId", - ], - }, - "PathPart": "{proxy+}", - "RestApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "LambdaRestApiproxyANY93D43CC0": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Ref": "LambdaRestApiproxy9F99E187", - }, - "RestApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "LambdaRestApiproxyANYApiPermissionLambdaRestApiANYproxy208F31EB": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "LambdaRestApi95870433", - }, - "/", - Object { - "Ref": "LambdaRestApiDeploymentStageprodB1F3862A", - }, - "/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "LambdaRestApiproxyANYApiPermissionTestLambdaRestApiANYproxyDBA3E731": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "LambdaRestApi95870433", - }, - "/test-invoke-stage/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testcloudfrontapigatewayCloudFrontDistribution159820CC": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W70", - "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion", - }, - ], - }, - }, - "Properties": Object { - "DistributionConfig": Object { - "DefaultCacheBehavior": Object { - "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", - "Compress": true, - "FunctionAssociations": Array [ - Object { - "EventType": "viewer-response", - "FunctionARN": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewaySetHttpSecurityHeadersD8DBA642", - "FunctionARN", - ], - }, - }, - ], - "TargetOriginId": "testcloudfrontapigatewayCloudFrontDistributionOrigin1FA7A74D5", - "ViewerProtocolPolicy": "redirect-to-https", - }, - "Enabled": true, - "HttpVersion": "http2", - "IPV6Enabled": true, - "Logging": Object { - "Bucket": Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewayCloudfrontLoggingBucket9811F6E8", - "RegionalDomainName", - ], - }, - }, - "Origins": Array [ - Object { - "CustomOriginConfig": Object { - "OriginProtocolPolicy": "https-only", - "OriginSSLProtocols": Array [ - "TLSv1.2", - ], - }, - "DomainName": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "/", - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "://", - Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "LambdaRestApi95870433", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "LambdaRestApiDeploymentStageprodB1F3862A", - }, - "/", - ], - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - "Id": "testcloudfrontapigatewayCloudFrontDistributionOrigin1FA7A74D5", - "OriginPath": Object { - "Fn::Join": Array [ - "", - Array [ - "/", - Object { - "Ref": "LambdaRestApiDeploymentStageprodB1F3862A", - }, - ], - ], - }, - }, - ], - }, - }, - "Type": "AWS::CloudFront::Distribution", - }, - "testcloudfrontapigatewayCloudfrontLoggingBucket9811F6E8": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testcloudfrontapigatewayCloudfrontLoggingBucketPolicyAA14EB71": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testcloudfrontapigatewayCloudfrontLoggingBucket9811F6E8", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewayCloudfrontLoggingBucket9811F6E8", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testcloudfrontapigatewayCloudfrontLoggingBucket9811F6E8", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testcloudfrontapigatewaySetHttpSecurityHeadersD8DBA642": Object { - "Properties": Object { - "AutoPublish": true, - "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \\"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }", - "FunctionConfig": Object { - "Comment": "SetHttpSecurityHeadersc870510d0bc8ff35331b00ae81e82ff5d11961e3ab", - "Runtime": "cloudfront-js-1.0", - }, - "Name": "SetHttpSecurityHeadersc870510d0bc8ff35331b00ae81e82ff5d11961e3ab", - }, - "Type": "AWS::CloudFront::Function", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/test.cloudfront-apigateway.test.ts b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/test.cloudfront-apigateway.test.ts index 2c44776d5..d36ff34f9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/test.cloudfront-apigateway.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/test.cloudfront-apigateway.test.ts @@ -11,7 +11,7 @@ * and limitations under the License. */ -import { SynthUtils, ResourcePart } from '@aws-cdk/assert'; +import { ResourcePart } from '@aws-cdk/assert'; import { CloudFrontToApiGateway } from "../lib"; import * as cdk from "@aws-cdk/core"; import * as defaults from '@aws-solutions-constructs/core'; @@ -34,12 +34,6 @@ function deploy(stack: cdk.Stack) { }); } -test('snapshot test CloudFrontToApiGateway default params', () => { - const stack = new cdk.Stack(); - deploy(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check getter methods', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/__snapshots__/cloudfront-mediastore.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/__snapshots__/cloudfront-mediastore.test.js.snap deleted file mode 100644 index 310436630..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/__snapshots__/cloudfront-mediastore.test.js.snap +++ /dev/null @@ -1,326 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test the default deployment snapshot 1`] = ` -Object { - "Resources": Object { - "testcloudfrontmediastoreCloudFrontDistributionED9265B1": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W70", - "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion", - }, - ], - }, - }, - "Properties": Object { - "DistributionConfig": Object { - "DefaultCacheBehavior": Object { - "AllowedMethods": Array [ - "GET", - "HEAD", - "OPTIONS", - ], - "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", - "CachedMethods": Array [ - "GET", - "HEAD", - "OPTIONS", - ], - "Compress": true, - "FunctionAssociations": Array [ - Object { - "EventType": "viewer-response", - "FunctionARN": Object { - "Fn::GetAtt": Array [ - "testcloudfrontmediastoreSetHttpSecurityHeaders9995A63D", - "FunctionARN", - ], - }, - }, - ], - "OriginRequestPolicyId": Object { - "Ref": "testcloudfrontmediastoreCloudfrontOriginRequestPolicyA1D988D3", - }, - "TargetOriginId": "testcloudfrontmediastoreCloudFrontDistributionOrigin1BBFA2A4D", - "ViewerProtocolPolicy": "redirect-to-https", - }, - "Enabled": true, - "HttpVersion": "http2", - "IPV6Enabled": true, - "Logging": Object { - "Bucket": Object { - "Fn::GetAtt": Array [ - "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", - "RegionalDomainName", - ], - }, - }, - "Origins": Array [ - Object { - "CustomOriginConfig": Object { - "OriginProtocolPolicy": "https-only", - "OriginSSLProtocols": Array [ - "TLSv1.2", - ], - }, - "DomainName": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "/", - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "://", - Object { - "Fn::GetAtt": Array [ - "testcloudfrontmediastoreMediaStoreContainerF60A96BB", - "Endpoint", - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - "Id": "testcloudfrontmediastoreCloudFrontDistributionOrigin1BBFA2A4D", - "OriginCustomHeaders": Array [ - Object { - "HeaderName": "User-Agent", - "HeaderValue": Object { - "Ref": "testcloudfrontmediastoreCloudFrontOriginAccessIdentity966405A0", - }, - }, - ], - }, - ], - }, - }, - "Type": "AWS::CloudFront::Distribution", - }, - "testcloudfrontmediastoreCloudFrontOriginAccessIdentity966405A0": Object { - "Properties": Object { - "CloudFrontOriginAccessIdentityConfig": Object { - "Comment": Object { - "Fn::Join": Array [ - "", - Array [ - "access-identity-", - Object { - "Ref": "AWS::Region", - }, - "-", - Object { - "Ref": "AWS::StackName", - }, - ], - ], - }, - }, - }, - "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity", - }, - "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testcloudfrontmediastoreCloudfrontLoggingBucketPolicyF3B44DFD": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testcloudfrontmediastoreCloudfrontLoggingBucketA3A51E6A", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testcloudfrontmediastoreCloudfrontOriginRequestPolicyA1D988D3": Object { - "Properties": Object { - "OriginRequestPolicyConfig": Object { - "Comment": "Policy for Constructs CloudFrontDistributionForMediaStore", - "CookiesConfig": Object { - "CookieBehavior": "none", - }, - "HeadersConfig": Object { - "HeaderBehavior": "whitelist", - "Headers": Array [ - "Access-Control-Allow-Origin", - "Access-Control-Request-Method", - "Access-Control-Request-Header", - "Origin", - ], - }, - "Name": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Ref": "AWS::StackName", - }, - "-", - Object { - "Ref": "AWS::Region", - }, - "-CloudFrontDistributionForMediaStore", - ], - ], - }, - "QueryStringsConfig": Object { - "QueryStringBehavior": "all", - }, - }, - }, - "Type": "AWS::CloudFront::OriginRequestPolicy", - }, - "testcloudfrontmediastoreMediaStoreContainerF60A96BB": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AccessLoggingEnabled": true, - "ContainerName": Object { - "Ref": "AWS::StackName", - }, - "CorsPolicy": Array [ - Object { - "AllowedHeaders": Array [ - "*", - ], - "AllowedMethods": Array [ - "GET", - ], - "AllowedOrigins": Array [ - "*", - ], - "ExposeHeaders": Array [ - "*", - ], - "MaxAgeSeconds": 3000, - }, - ], - "LifecyclePolicy": "{\\"rules\\":[{\\"definition\\":{\\"path\\":[{\\"wildcard\\":\\"*\\"}],\\"days_since_create\\":[{\\"numeric\\":[\\">\\",30]}]},\\"action\\":\\"EXPIRE\\"}]}", - "MetricPolicy": Object { - "ContainerLevelMetrics": "ENABLED", - }, - "Policy": Object { - "Fn::Join": Array [ - "", - Array [ - "{\\"Version\\":\\"2012-10-17\\",\\"Statement\\":[{\\"Sid\\":\\"MediaStoreDefaultPolicy\\",\\"Effect\\":\\"Allow\\",\\"Principal\\":\\"*\\",\\"Action\\":[\\"mediastore:GetObject\\",\\"mediastore:DescribeObject\\"],\\"Resource\\":\\"arn:", - Object { - "Ref": "AWS::Partition", - }, - ":mediastore:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":container/", - Object { - "Ref": "AWS::StackName", - }, - "/*\\",\\"Condition\\":{\\"StringEquals\\":{\\"aws:UserAgent\\":\\"", - Object { - "Ref": "testcloudfrontmediastoreCloudFrontOriginAccessIdentity966405A0", - }, - "\\"},\\"Bool\\":{\\"aws:SecureTransport\\":\\"true\\"}}}]}", - ], - ], - }, - }, - "Type": "AWS::MediaStore::Container", - }, - "testcloudfrontmediastoreSetHttpSecurityHeaders9995A63D": Object { - "Properties": Object { - "AutoPublish": true, - "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \\"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }", - "FunctionConfig": Object { - "Comment": "SetHttpSecurityHeadersc82c7d803c8b3899ab37eeee5cc2bce7beb7673c36", - "Runtime": "cloudfront-js-1.0", - }, - "Name": "SetHttpSecurityHeadersc82c7d803c8b3899ab37eeee5cc2bce7beb7673c36", - }, - "Type": "AWS::CloudFront::Function", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/cloudfront-mediastore.test.ts b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/cloudfront-mediastore.test.ts index ffc81e8d1..bd04cd311 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/cloudfront-mediastore.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/cloudfront-mediastore.test.ts @@ -14,23 +14,10 @@ // Imports import '@aws-cdk/assert/jest'; import { Stack } from '@aws-cdk/core'; -import { SynthUtils } from '@aws-cdk/assert'; import * as mediastore from '@aws-cdk/aws-mediastore'; import * as cloudfront from '@aws-cdk/aws-cloudfront'; import { CloudFrontToMediaStore } from '../lib'; -// -------------------------------------------------------------- -// Test the default deployment snapshot -// -------------------------------------------------------------- -test('Test the default deployment snapshot', () => { - // Initial setup - const stack = new Stack(); - new CloudFrontToMediaStore(stack, 'test-cloudfront-mediastore', {}); - - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test the default deployment pattern variables // -------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/__snapshots__/test.cloudfront-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/__snapshots__/test.cloudfront-s3.test.js.snap deleted file mode 100644 index 9d9eec28a..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/__snapshots__/test.cloudfront-s3.test.js.snap +++ /dev/null @@ -1,393 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test CloudFrontToS3 default params 1`] = ` -Object { - "Resources": Object { - "testcloudfronts3CloudFrontDistribution0565DEE8": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W70", - "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion", - }, - ], - }, - }, - "Properties": Object { - "DistributionConfig": Object { - "DefaultCacheBehavior": Object { - "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", - "Compress": true, - "FunctionAssociations": Array [ - Object { - "EventType": "viewer-response", - "FunctionARN": Object { - "Fn::GetAtt": Array [ - "testcloudfronts3SetHttpSecurityHeaders6C5A1E69", - "FunctionARN", - ], - }, - }, - ], - "TargetOriginId": "testcloudfronts3CloudFrontDistributionOrigin124051039", - "ViewerProtocolPolicy": "redirect-to-https", - }, - "DefaultRootObject": "index.html", - "Enabled": true, - "HttpVersion": "http2", - "IPV6Enabled": true, - "Logging": Object { - "Bucket": Object { - "Fn::GetAtt": Array [ - "testcloudfronts3CloudfrontLoggingBucket985C0FE8", - "RegionalDomainName", - ], - }, - }, - "Origins": Array [ - Object { - "DomainName": Object { - "Fn::GetAtt": Array [ - "testcloudfronts3S3BucketE0C5F76E", - "RegionalDomainName", - ], - }, - "Id": "testcloudfronts3CloudFrontDistributionOrigin124051039", - "S3OriginConfig": Object { - "OriginAccessIdentity": Object { - "Fn::Join": Array [ - "", - Array [ - "origin-access-identity/cloudfront/", - Object { - "Ref": "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058", - }, - ], - ], - }, - }, - }, - ], - }, - }, - "Type": "AWS::CloudFront::Distribution", - }, - "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058": Object { - "Properties": Object { - "CloudFrontOriginAccessIdentityConfig": Object { - "Comment": "Identity for testcloudfronts3CloudFrontDistributionOrigin124051039", - }, - }, - "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity", - }, - "testcloudfronts3CloudfrontLoggingBucket985C0FE8": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testcloudfronts3CloudfrontLoggingBucket985C0FE8", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testcloudfronts3CloudfrontLoggingBucket985C0FE8", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testcloudfronts3S3BucketE0C5F76E": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testcloudfronts3S3LoggingBucket90D239DD", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - }, - "testcloudfronts3S3BucketPolicy250F1F61": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "F16", - "reason": "Public website bucket policy requires a wildcard principal", - }, - ], - }, - }, - "Properties": Object { - "Bucket": Object { - "Ref": "testcloudfronts3S3BucketE0C5F76E", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testcloudfronts3S3BucketE0C5F76E", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testcloudfronts3S3BucketE0C5F76E", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - Object { - "Action": "s3:GetObject", - "Effect": "Allow", - "Principal": Object { - "CanonicalUser": Object { - "Fn::GetAtt": Array [ - "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058", - "S3CanonicalUserId", - ], - }, - }, - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testcloudfronts3S3BucketE0C5F76E", - "Arn", - ], - }, - "/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testcloudfronts3S3LoggingBucket90D239DD": Object { - "DeletionPolicy": "Delete", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - }, - "testcloudfronts3S3LoggingBucketPolicy529D4CFF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testcloudfronts3S3LoggingBucket90D239DD", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testcloudfronts3S3LoggingBucket90D239DD", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testcloudfronts3S3LoggingBucket90D239DD", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": Object { - "Properties": Object { - "AutoPublish": true, - "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \\"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }", - "FunctionConfig": Object { - "Comment": "SetHttpSecurityHeadersc829e98c76feafa0d7fd7eb5237e54317e9ff52687", - "Runtime": "cloudfront-js-1.0", - }, - "Name": "SetHttpSecurityHeadersc829e98c76feafa0d7fd7eb5237e54317e9ff52687", - }, - "Type": "AWS::CloudFront::Function", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts index ed8b3e1fd..75a550814 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts @@ -11,7 +11,7 @@ * and limitations under the License. */ -import { ResourcePart, SynthUtils } from '@aws-cdk/assert'; +import { ResourcePart } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import * as acm from '@aws-cdk/aws-certificatemanager'; import * as s3 from '@aws-cdk/aws-s3'; @@ -28,12 +28,6 @@ function deploy(stack: cdk.Stack, props?: CloudFrontToS3Props) { }); } -test('snapshot test CloudFrontToS3 default params', () => { - const stack = new cdk.Stack(); - deploy(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check s3Bucket default encryption', () => { const stack = new cdk.Stack(); deploy(stack); diff --git a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/__snapshots__/test.cognito-apigateway-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/__snapshots__/test.cognito-apigateway-lambda.test.js.snap deleted file mode 100644 index 59b12aad2..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/__snapshots__/test.cognito-apigateway-lambda.test.js.snap +++ /dev/null @@ -1,732 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test CognitoToApiGatewayToLambda default params 1`] = ` -Object { - "Outputs": Object { - "testcognitoapigatewaylambdaLambdaRestApiEndpointBF0175D7": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApiDeploymentStageprod850C17D1", - }, - "/", - ], - ], - }, - }, - }, - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testcognitoapigatewaylambdaApiAccessLogGroup9D0D0917": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testcognitoapigatewaylambdaCognitoAuthorizer170CACC9": Object { - "Properties": Object { - "IdentitySource": "method.request.header.Authorization", - "Name": "authorizer", - "ProviderARNs": Array [ - Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaCognitoUserPoolD5E74489", - "Arn", - ], - }, - ], - "RestApiId": Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - "Type": "COGNITO_USER_POOLS", - }, - "Type": "AWS::ApiGateway::Authorizer", - }, - "testcognitoapigatewaylambdaCognitoUserPoolClientDA118627": Object { - "Properties": Object { - "AllowedOAuthFlows": Array [ - "implicit", - "code", - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": Array [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin", - ], - "CallbackURLs": Array [ - "https://example.com", - ], - "SupportedIdentityProviders": Array [ - "COGNITO", - ], - "UserPoolId": Object { - "Ref": "testcognitoapigatewaylambdaCognitoUserPoolD5E74489", - }, - }, - "Type": "AWS::Cognito::UserPoolClient", - }, - "testcognitoapigatewaylambdaCognitoUserPoolD5E74489": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AccountRecoverySetting": Object { - "RecoveryMechanisms": Array [ - Object { - "Name": "verified_phone_number", - "Priority": 1, - }, - Object { - "Name": "verified_email", - "Priority": 2, - }, - ], - }, - "AdminCreateUserConfig": Object { - "AllowAdminCreateUserOnly": true, - }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "UserPoolAddOns": Object { - "AdvancedSecurityMode": "ENFORCED", - }, - "VerificationMessageTemplate": Object { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}", - }, - }, - "Type": "AWS::Cognito::UserPool", - "UpdateReplacePolicy": "Retain", - }, - "testcognitoapigatewaylambdaLambdaFunction0C8EAC23": Object { - "DependsOn": Array [ - "testcognitoapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyED0AF2CF", - "testcognitoapigatewaylambdaLambdaFunctionServiceRole943D8510", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaLambdaFunctionServiceRole943D8510", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testcognitoapigatewaylambdaLambdaFunctionServiceRole943D8510": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testcognitoapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyED0AF2CF": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testcognitoapigatewaylambdaLambdaFunctionServiceRoleDefaultPolicyED0AF2CF", - "Roles": Array [ - Object { - "Ref": "testcognitoapigatewaylambdaLambdaFunctionServiceRole943D8510", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testcognitoapigatewaylambdaLambdaRestApi2E272431": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "LambdaRestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "testcognitoapigatewaylambdaLambdaRestApiANY1BCFE40A": Object { - "Properties": Object { - "AuthorizationType": "COGNITO_USER_POOLS", - "AuthorizerId": Object { - "Ref": "testcognitoapigatewaylambdaCognitoAuthorizer170CACC9", - }, - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaLambdaFunction0C8EAC23", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaLambdaRestApi2E272431", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testcognitoapigatewaylambdaLambdaRestApiANYApiPermissionTesttestcognitoapigatewaylambdaLambdaRestApi7DADE73DANY38E57350": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaLambdaFunction0C8EAC23", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - "/test-invoke-stage/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testcognitoapigatewaylambdaLambdaRestApiANYApiPermissiontestcognitoapigatewaylambdaLambdaRestApi7DADE73DANYCE72E572": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaLambdaFunction0C8EAC23", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - "/", - Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApiDeploymentStageprod850C17D1", - }, - "/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testcognitoapigatewaylambdaLambdaRestApiAccountD303BB82": Object { - "DependsOn": Array [ - "testcognitoapigatewaylambdaLambdaRestApi2E272431", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaLambdaRestApiCloudWatchRole0AC7FF3B", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "testcognitoapigatewaylambdaLambdaRestApiCloudWatchRole0AC7FF3B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testcognitoapigatewaylambdaLambdaRestApiDeployment96AFD8CA5d8e3257747e529ac6f9e48e8d20548e": Object { - "DependsOn": Array [ - "testcognitoapigatewaylambdaLambdaRestApiproxyANY18BA6246", - "testcognitoapigatewaylambdaLambdaRestApiproxy23E1DA20", - "testcognitoapigatewaylambdaLambdaRestApiANY1BCFE40A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "testcognitoapigatewaylambdaLambdaRestApiDeploymentStageprod850C17D1": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaApiAccessLogGroup9D0D0917", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApiDeployment96AFD8CA5d8e3257747e529ac6f9e48e8d20548e", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "testcognitoapigatewaylambdaLambdaRestApiUsagePlan75371896": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - "Stage": Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApiDeploymentStageprod850C17D1", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "testcognitoapigatewaylambdaLambdaRestApiproxy23E1DA20": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaLambdaRestApi2E272431", - "RootResourceId", - ], - }, - "PathPart": "{proxy+}", - "RestApiId": Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "testcognitoapigatewaylambdaLambdaRestApiproxyANY18BA6246": Object { - "Properties": Object { - "AuthorizationType": "COGNITO_USER_POOLS", - "AuthorizerId": Object { - "Ref": "testcognitoapigatewaylambdaCognitoAuthorizer170CACC9", - }, - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaLambdaFunction0C8EAC23", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApiproxy23E1DA20", - }, - "RestApiId": Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "testcognitoapigatewaylambdaLambdaRestApiproxyANYApiPermissionTesttestcognitoapigatewaylambdaLambdaRestApi7DADE73DANYproxyE7ABD170": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaLambdaFunction0C8EAC23", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - "/test-invoke-stage/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testcognitoapigatewaylambdaLambdaRestApiproxyANYApiPermissiontestcognitoapigatewaylambdaLambdaRestApi7DADE73DANYproxyE8E57826": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testcognitoapigatewaylambdaLambdaFunction0C8EAC23", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApi2E272431", - }, - "/", - Object { - "Ref": "testcognitoapigatewaylambdaLambdaRestApiDeploymentStageprod850C17D1", - }, - "/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/test.cognito-apigateway-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/test.cognito-apigateway-lambda.test.ts index a6c8f31bf..6f2f5a97b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/test.cognito-apigateway-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-cognito-apigateway-lambda/test/test.cognito-apigateway-lambda.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { CognitoToApiGatewayToLambda, CognitoToApiGatewayToLambdaProps } from "../lib"; import * as cdk from "@aws-cdk/core"; import * as cognito from '@aws-cdk/aws-cognito'; @@ -31,12 +30,6 @@ function deployNewFunc(stack: cdk.Stack) { }); } -test('snapshot test CognitoToApiGatewayToLambda default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('override cognito properties', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/__snapshots__/dynamodb-stream-lambda-elasticsearch-kibana.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/__snapshots__/dynamodb-stream-lambda-elasticsearch-kibana.test.js.snap deleted file mode 100644 index 7e5b9af58..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/__snapshots__/dynamodb-stream-lambda-elasticsearch-kibana.test.js.snap +++ /dev/null @@ -1,861 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197ArtifactHash052E3F31": Object { - "Description": "Artifact hash for asset \\"92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197\\"", - "Type": "String", - }, - "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197S3Bucket87AE2D86": Object { - "Description": "S3 bucket for asset \\"92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197\\"", - "Type": "String", - }, - "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197S3VersionKey6EF53907": Object { - "Description": "S3 key for asset version \\"92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197\\"", - "Type": "String", - }, - }, - "Resources": Object { - "teststackteststackWDynamoDBStreamsToLambdaDynamoTableC58704B3": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AttributeDefinitions": Array [ - Object { - "AttributeName": "id", - "AttributeType": "S", - }, - ], - "BillingMode": "PAY_PER_REQUEST", - "KeySchema": Array [ - Object { - "AttributeName": "id", - "KeyType": "HASH", - }, - ], - "PointInTimeRecoverySpecification": Object { - "PointInTimeRecoveryEnabled": true, - }, - "SSESpecification": Object { - "SSEEnabled": true, - }, - "StreamSpecification": Object { - "StreamViewType": "NEW_AND_OLD_IMAGES", - }, - }, - "Type": "AWS::DynamoDB::Table", - "UpdateReplacePolicy": "Retain", - }, - "teststackteststackWDynamoDBStreamsToLambdaLambdaFunction02D303BD": Object { - "DependsOn": Array [ - "teststackteststackWDynamoDBStreamsToLambdaLambdaFunctionServiceRoleDefaultPolicyDDC691BF", - "teststackteststackWDynamoDBStreamsToLambdaLambdaFunctionServiceRole9196C7E3", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197S3Bucket87AE2D86", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197S3VersionKey6EF53907", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197S3VersionKey6EF53907", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "DOMAIN_ENDPOINT": Object { - "Fn::GetAtt": Array [ - "teststackteststackWLambdaToElasticSearchElasticsearchDomainA58EE4BC", - "DomainEndpoint", - ], - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "teststackteststackWDynamoDBStreamsToLambdaLambdaFunctionServiceRole9196C7E3", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "teststackteststackWDynamoDBStreamsToLambdaLambdaFunctionDynamoDBEventSourceteststackteststackWDynamoDBStreamsToLambdaDynamoTable73DF79BC81B75056": Object { - "Properties": Object { - "BatchSize": 100, - "BisectBatchOnFunctionError": true, - "DestinationConfig": Object { - "OnFailure": Object { - "Destination": Object { - "Fn::GetAtt": Array [ - "teststackteststackWDynamoDBStreamsToLambdaSqsDlqQueue10818CA0", - "Arn", - ], - }, - }, - }, - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "teststackteststackWDynamoDBStreamsToLambdaDynamoTableC58704B3", - "StreamArn", - ], - }, - "FunctionName": Object { - "Ref": "teststackteststackWDynamoDBStreamsToLambdaLambdaFunction02D303BD", - }, - "MaximumRecordAgeInSeconds": 86400, - "MaximumRetryAttempts": 500, - "StartingPosition": "TRIM_HORIZON", - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - "teststackteststackWDynamoDBStreamsToLambdaLambdaFunctionServiceRole9196C7E3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "teststackteststackWDynamoDBStreamsToLambdaLambdaFunctionServiceRoleDefaultPolicyDDC691BF": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "dynamodb:ListStreams", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "dynamodb:DescribeStream", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "teststackteststackWDynamoDBStreamsToLambdaDynamoTableC58704B3", - "StreamArn", - ], - }, - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "teststackteststackWDynamoDBStreamsToLambdaSqsDlqQueue10818CA0", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "teststackteststackWDynamoDBStreamsToLambdaLambdaFunctionServiceRoleDefaultPolicyDDC691BF", - "Roles": Array [ - Object { - "Ref": "teststackteststackWDynamoDBStreamsToLambdaLambdaFunctionServiceRole9196C7E3", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "teststackteststackWDynamoDBStreamsToLambdaSqsDlqQueue10818CA0": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "teststackteststackWDynamoDBStreamsToLambdaSqsDlqQueuePolicyDEE1A56C": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "teststackteststackWDynamoDBStreamsToLambdaSqsDlqQueue10818CA0", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "teststackteststackWDynamoDBStreamsToLambdaSqsDlqQueue10818CA0", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "teststackteststackWDynamoDBStreamsToLambdaSqsDlqQueue10818CA0", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "teststackteststackWLambdaToElasticSearchAutomatedSnapshotFailureTooHighAlarmDB9BEA35": Object { - "Properties": Object { - "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "AutomatedSnapshotFailure", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "teststackteststackWLambdaToElasticSearchCPUUtilizationTooHighAlarmB8332071": Object { - "Properties": Object { - "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 3, - "MetricName": "CPUUtilization", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 80, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "teststackteststackWLambdaToElasticSearchCognitoAuthorizedRole9F564D93": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": Object { - "ForAnyValue:StringLike": Object { - "cognito-identity.amazonaws.com:amr": "authenticated", - }, - "StringEquals": Object { - "cognito-identity.amazonaws.com:aud": Object { - "Ref": "teststackteststackWLambdaToElasticSearchCognitoIdentityPool3BA17797", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "Federated": "cognito-identity.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "es:ESHttp*", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "CognitoAccessPolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "teststackteststackWLambdaToElasticSearchCognitoIdentityPool3BA17797": Object { - "Properties": Object { - "AllowUnauthenticatedIdentities": false, - "CognitoIdentityProviders": Array [ - Object { - "ClientId": Object { - "Ref": "teststackteststackWLambdaToElasticSearchCognitoUserPoolClient4EC5CDBA", - }, - "ProviderName": Object { - "Fn::GetAtt": Array [ - "teststackteststackWLambdaToElasticSearchCognitoUserPool788087A8", - "ProviderName", - ], - }, - "ServerSideTokenCheck": true, - }, - ], - }, - "Type": "AWS::Cognito::IdentityPool", - }, - "teststackteststackWLambdaToElasticSearchCognitoKibanaConfigureRole583382EC": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "es.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "teststackteststackWLambdaToElasticSearchCognitoKibanaConfigureRolePolicy78D4B93D": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "cognito-idp:DescribeUserPool", - "cognito-idp:CreateUserPoolClient", - "cognito-idp:DeleteUserPoolClient", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:AdminInitiateAuth", - "cognito-idp:AdminUserGlobalSignOut", - "cognito-idp:ListUserPoolClients", - "cognito-identity:DescribeIdentityPool", - "cognito-identity:UpdateIdentityPool", - "cognito-identity:SetIdentityPoolRoles", - "cognito-identity:GetIdentityPoolRoles", - "es:UpdateElasticsearchDomainConfig", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "teststackteststackWLambdaToElasticSearchCognitoUserPool788087A8", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:cognito-identity:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":identitypool/", - Object { - "Ref": "teststackteststackWLambdaToElasticSearchCognitoIdentityPool3BA17797", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain", - ], - ], - }, - ], - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "cognito-identity.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "teststackteststackWLambdaToElasticSearchCognitoKibanaConfigureRole583382EC", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "teststackteststackWLambdaToElasticSearchCognitoKibanaConfigureRolePolicy78D4B93D", - "Roles": Array [ - Object { - "Ref": "teststackteststackWLambdaToElasticSearchCognitoKibanaConfigureRole583382EC", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "teststackteststackWLambdaToElasticSearchCognitoUserPool788087A8": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AccountRecoverySetting": Object { - "RecoveryMechanisms": Array [ - Object { - "Name": "verified_phone_number", - "Priority": 1, - }, - Object { - "Name": "verified_email", - "Priority": 2, - }, - ], - }, - "AdminCreateUserConfig": Object { - "AllowAdminCreateUserOnly": true, - }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "UserPoolAddOns": Object { - "AdvancedSecurityMode": "ENFORCED", - }, - "VerificationMessageTemplate": Object { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}", - }, - }, - "Type": "AWS::Cognito::UserPool", - "UpdateReplacePolicy": "Retain", - }, - "teststackteststackWLambdaToElasticSearchCognitoUserPoolClient4EC5CDBA": Object { - "Properties": Object { - "AllowedOAuthFlows": Array [ - "implicit", - "code", - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": Array [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin", - ], - "CallbackURLs": Array [ - "https://example.com", - ], - "SupportedIdentityProviders": Array [ - "COGNITO", - ], - "UserPoolId": Object { - "Ref": "teststackteststackWLambdaToElasticSearchCognitoUserPool788087A8", - }, - }, - "Type": "AWS::Cognito::UserPoolClient", - }, - "teststackteststackWLambdaToElasticSearchElasticsearchDomainA58EE4BC": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W28", - "reason": "The ES Domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific ES instance only", - }, - Object { - "id": "W90", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - ], - }, - }, - "Properties": Object { - "AccessPolicies": Object { - "Statement": Array [ - Object { - "Action": "es:ESHttp*", - "Effect": "Allow", - "Principal": Object { - "AWS": Array [ - Object { - "Fn::GetAtt": Array [ - "teststackteststackWLambdaToElasticSearchCognitoAuthorizedRole9F564D93", - "Arn", - ], - }, - Object { - "Fn::GetAtt": Array [ - "teststackteststackWDynamoDBStreamsToLambdaLambdaFunctionServiceRole9196C7E3", - "Arn", - ], - }, - ], - }, - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "CognitoOptions": Object { - "Enabled": true, - "IdentityPoolId": Object { - "Ref": "teststackteststackWLambdaToElasticSearchCognitoIdentityPool3BA17797", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "teststackteststackWLambdaToElasticSearchCognitoKibanaConfigureRole583382EC", - "Arn", - ], - }, - "UserPoolId": Object { - "Ref": "teststackteststackWLambdaToElasticSearchCognitoUserPool788087A8", - }, - }, - "DomainName": "test-domain", - "EBSOptions": Object { - "EBSEnabled": true, - "VolumeSize": 10, - }, - "ElasticsearchClusterConfig": Object { - "DedicatedMasterCount": 3, - "DedicatedMasterEnabled": true, - "InstanceCount": 3, - "ZoneAwarenessConfig": Object { - "AvailabilityZoneCount": 3, - }, - "ZoneAwarenessEnabled": true, - }, - "ElasticsearchVersion": "6.3", - "EncryptionAtRestOptions": Object { - "Enabled": true, - }, - "NodeToNodeEncryptionOptions": Object { - "Enabled": true, - }, - "SnapshotOptions": Object { - "AutomatedSnapshotStartHour": 1, - }, - }, - "Type": "AWS::Elasticsearch::Domain", - }, - "teststackteststackWLambdaToElasticSearchFreeStorageSpaceTooLowAlarmA97B2388": Object { - "Properties": Object { - "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.", - "ComparisonOperator": "LessThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "FreeStorageSpace", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Minimum", - "Threshold": 20000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "teststackteststackWLambdaToElasticSearchIdentityPoolRoleMappingA90C3B64": Object { - "Properties": Object { - "IdentityPoolId": Object { - "Ref": "teststackteststackWLambdaToElasticSearchCognitoIdentityPool3BA17797", - }, - "Roles": Object { - "authenticated": Object { - "Fn::GetAtt": Array [ - "teststackteststackWLambdaToElasticSearchCognitoAuthorizedRole9F564D93", - "Arn", - ], - }, - }, - }, - "Type": "AWS::Cognito::IdentityPoolRoleAttachment", - }, - "teststackteststackWLambdaToElasticSearchIndexWritesBlockedTooHighAlarmAB181272": Object { - "Properties": Object { - "AlarmDescription": "Your cluster is blocking write requests.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "ClusterIndexWritesBlocked", - "Namespace": "AWS/ES", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "teststackteststackWLambdaToElasticSearchJVMMemoryPressureTooHighAlarmB5BFB3E3": Object { - "Properties": Object { - "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "JVMMemoryPressure", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 80, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "teststackteststackWLambdaToElasticSearchMasterCPUUtilizationTooHighAlarmED6A34F6": Object { - "Properties": Object { - "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 3, - "MetricName": "MasterCPUUtilization", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 50, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "teststackteststackWLambdaToElasticSearchMasterJVMMemoryPressureTooHighAlarmC496CE72": Object { - "Properties": Object { - "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "MasterJVMMemoryPressure", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 50, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "teststackteststackWLambdaToElasticSearchStatusRedAlarm6C99C305": Object { - "Properties": Object { - "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "ClusterStatus.red", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "teststackteststackWLambdaToElasticSearchStatusYellowAlarm8AA413EB": Object { - "Properties": Object { - "AlarmDescription": "At least one replica shard is not allocated to a node.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "ClusterStatus.yellow", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "teststackteststackWLambdaToElasticSearchUserPoolDomainCB8B0E89": Object { - "DependsOn": Array [ - "teststackteststackWLambdaToElasticSearchCognitoUserPool788087A8", - ], - "Properties": Object { - "Domain": "test-domain", - "UserPoolId": Object { - "Ref": "teststackteststackWLambdaToElasticSearchCognitoUserPool788087A8", - }, - }, - "Type": "AWS::Cognito::UserPoolDomain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/dynamodb-stream-lambda-elasticsearch-kibana.test.ts b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/dynamodb-stream-lambda-elasticsearch-kibana.test.ts index 06bce1991..b642b01ff 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/dynamodb-stream-lambda-elasticsearch-kibana.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda-elasticsearch-kibana/test/dynamodb-stream-lambda-elasticsearch-kibana.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { DynamoDBStreamToLambdaToElasticSearchAndKibana, DynamoDBStreamToLambdaToElasticSearchAndKibanaProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; import * as cdk from "@aws-cdk/core"; @@ -30,13 +29,6 @@ function deployNewFunc(stack: cdk.Stack) { return new DynamoDBStreamToLambdaToElasticSearchAndKibana(stack, 'test--stack', props); } -test('snapshot test default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check domain names', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/__snapshots__/dynamodb-stream-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/__snapshots__/dynamodb-stream-lambda.test.js.snap deleted file mode 100644 index 3da93b0e5..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/__snapshots__/dynamodb-stream-lambda.test.js.snap +++ /dev/null @@ -1,362 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test DynamoDBStreamToLambda default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8ArtifactHash8D9AD644": Object { - "Description": "Artifact hash for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB": Object { - "Description": "S3 bucket for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7": Object { - "Description": "S3 key for asset version \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testlambdadynamodbstacktestlambdadynamodbstackWDynamoTableA36F83E4": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AttributeDefinitions": Array [ - Object { - "AttributeName": "id", - "AttributeType": "S", - }, - ], - "BillingMode": "PAY_PER_REQUEST", - "KeySchema": Array [ - Object { - "AttributeName": "id", - "KeyType": "HASH", - }, - ], - "PointInTimeRecoverySpecification": Object { - "PointInTimeRecoveryEnabled": true, - }, - "SSESpecification": Object { - "SSEEnabled": true, - }, - "StreamSpecification": Object { - "StreamViewType": "NEW_AND_OLD_IMAGES", - }, - }, - "Type": "AWS::DynamoDB::Table", - "UpdateReplacePolicy": "Retain", - }, - "testlambdadynamodbstacktestlambdadynamodbstackWLambdaFunctionB74B248B": Object { - "DependsOn": Array [ - "testlambdadynamodbstacktestlambdadynamodbstackWLambdaFunctionServiceRoleDefaultPolicyF4C9216A", - "testlambdadynamodbstacktestlambdadynamodbstackWLambdaFunctionServiceRoleD33A4DB6", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstacktestlambdadynamodbstackWLambdaFunctionServiceRoleD33A4DB6", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testlambdadynamodbstacktestlambdadynamodbstackWLambdaFunctionDynamoDBEventSourcetestlambdadynamodbstacktestlambdadynamodbstackWDynamoTable613AF80451DF30E5": Object { - "Properties": Object { - "BatchSize": 100, - "BisectBatchOnFunctionError": true, - "DestinationConfig": Object { - "OnFailure": Object { - "Destination": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstacktestlambdadynamodbstackWSqsDlqQueueEABCC500", - "Arn", - ], - }, - }, - }, - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstacktestlambdadynamodbstackWDynamoTableA36F83E4", - "StreamArn", - ], - }, - "FunctionName": Object { - "Ref": "testlambdadynamodbstacktestlambdadynamodbstackWLambdaFunctionB74B248B", - }, - "MaximumRecordAgeInSeconds": 86400, - "MaximumRetryAttempts": 500, - "StartingPosition": "TRIM_HORIZON", - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - "testlambdadynamodbstacktestlambdadynamodbstackWLambdaFunctionServiceRoleD33A4DB6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testlambdadynamodbstacktestlambdadynamodbstackWLambdaFunctionServiceRoleDefaultPolicyF4C9216A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "dynamodb:ListStreams", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "dynamodb:DescribeStream", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstacktestlambdadynamodbstackWDynamoTableA36F83E4", - "StreamArn", - ], - }, - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstacktestlambdadynamodbstackWSqsDlqQueueEABCC500", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testlambdadynamodbstacktestlambdadynamodbstackWLambdaFunctionServiceRoleDefaultPolicyF4C9216A", - "Roles": Array [ - Object { - "Ref": "testlambdadynamodbstacktestlambdadynamodbstackWLambdaFunctionServiceRoleD33A4DB6", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testlambdadynamodbstacktestlambdadynamodbstackWSqsDlqQueueEABCC500": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testlambdadynamodbstacktestlambdadynamodbstackWSqsDlqQueuePolicy5666EFE7": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstacktestlambdadynamodbstackWSqsDlqQueueEABCC500", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstacktestlambdadynamodbstackWSqsDlqQueueEABCC500", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testlambdadynamodbstacktestlambdadynamodbstackWSqsDlqQueueEABCC500", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts index 630929c6f..c07cfa2cd 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodb-stream-lambda/test/dynamodb-stream-lambda.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { DynamoDBStreamToLambda, DynamoDBStreamToLambdaProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; import * as dynamodb from '@aws-cdk/aws-dynamodb'; @@ -30,12 +29,6 @@ function deployNewFunc(stack: cdk.Stack) { return new DynamoDBStreamToLambda(stack, 'test-lambda-dynamodb-stack', props); } -test('snapshot test DynamoDBStreamToLambda default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check lambda EventSourceMapping', () => { const stack = new cdk.Stack(); deployNewFunc(stack); diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/__snapshots__/dynamodbstreams-lambda-elasticsearch-kibana.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/__snapshots__/dynamodbstreams-lambda-elasticsearch-kibana.test.js.snap deleted file mode 100644 index f80fa75d1..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/__snapshots__/dynamodbstreams-lambda-elasticsearch-kibana.test.js.snap +++ /dev/null @@ -1,861 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197ArtifactHash052E3F31": Object { - "Description": "Artifact hash for asset \\"92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197\\"", - "Type": "String", - }, - "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197S3Bucket87AE2D86": Object { - "Description": "S3 bucket for asset \\"92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197\\"", - "Type": "String", - }, - "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197S3VersionKey6EF53907": Object { - "Description": "S3 key for asset version \\"92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaDynamoTable67C553C4": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AttributeDefinitions": Array [ - Object { - "AttributeName": "id", - "AttributeType": "S", - }, - ], - "BillingMode": "PAY_PER_REQUEST", - "KeySchema": Array [ - Object { - "AttributeName": "id", - "KeyType": "HASH", - }, - ], - "PointInTimeRecoverySpecification": Object { - "PointInTimeRecoveryEnabled": true, - }, - "SSESpecification": Object { - "SSEEnabled": true, - }, - "StreamSpecification": Object { - "StreamViewType": "NEW_AND_OLD_IMAGES", - }, - }, - "Type": "AWS::DynamoDB::Table", - "UpdateReplacePolicy": "Retain", - }, - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaLambdaFunctionDynamoDBEventSourcetestdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaDynamoTable6A4F9DC02AF01B05": Object { - "Properties": Object { - "BatchSize": 100, - "BisectBatchOnFunctionError": true, - "DestinationConfig": Object { - "OnFailure": Object { - "Destination": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaSqsDlqQueueFAD2DB2B", - "Arn", - ], - }, - }, - }, - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaDynamoTable67C553C4", - "StreamArn", - ], - }, - "FunctionName": Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaLambdaFunctionEDB5804F", - }, - "MaximumRecordAgeInSeconds": 86400, - "MaximumRetryAttempts": 500, - "StartingPosition": "TRIM_HORIZON", - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaLambdaFunctionEDB5804F": Object { - "DependsOn": Array [ - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaLambdaFunctionServiceRoleDefaultPolicyF376BD92", - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaLambdaFunctionServiceRoleFA900D4B", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197S3Bucket87AE2D86", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197S3VersionKey6EF53907", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters92927de5fcc3aea277bddecb845bee318fb502f7375daedbdafb72c0400bc197S3VersionKey6EF53907", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "DOMAIN_ENDPOINT": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchElasticsearchDomainD539E435", - "DomainEndpoint", - ], - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaLambdaFunctionServiceRoleFA900D4B", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaLambdaFunctionServiceRoleDefaultPolicyF376BD92": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "dynamodb:ListStreams", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "dynamodb:DescribeStream", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaDynamoTable67C553C4", - "StreamArn", - ], - }, - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaSqsDlqQueueFAD2DB2B", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaLambdaFunctionServiceRoleDefaultPolicyF376BD92", - "Roles": Array [ - Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaLambdaFunctionServiceRoleFA900D4B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaLambdaFunctionServiceRoleFA900D4B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaSqsDlqQueueFAD2DB2B": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaSqsDlqQueuePolicyD13AC750": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaSqsDlqQueueFAD2DB2B", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaSqsDlqQueueFAD2DB2B", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaSqsDlqQueueFAD2DB2B", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchAutomatedSnapshotFailureTooHighAlarm79E9F162": Object { - "Properties": Object { - "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "AutomatedSnapshotFailure", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCPUUtilizationTooHighAlarmFA0BD382": Object { - "Properties": Object { - "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 3, - "MetricName": "CPUUtilization", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 80, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoAuthorizedRole4B91C04E": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": Object { - "ForAnyValue:StringLike": Object { - "cognito-identity.amazonaws.com:amr": "authenticated", - }, - "StringEquals": Object { - "cognito-identity.amazonaws.com:aud": Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoIdentityPool68C76F43", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "Federated": "cognito-identity.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "es:ESHttp*", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "CognitoAccessPolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoIdentityPool68C76F43": Object { - "Properties": Object { - "AllowUnauthenticatedIdentities": false, - "CognitoIdentityProviders": Array [ - Object { - "ClientId": Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoUserPoolClientE03C5E18", - }, - "ProviderName": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoUserPoolF99F93E5", - "ProviderName", - ], - }, - "ServerSideTokenCheck": true, - }, - ], - }, - "Type": "AWS::Cognito::IdentityPool", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoKibanaConfigureRoleC8DCD692": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "es.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoKibanaConfigureRolePolicy96BB58EC": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "cognito-idp:DescribeUserPool", - "cognito-idp:CreateUserPoolClient", - "cognito-idp:DeleteUserPoolClient", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:AdminInitiateAuth", - "cognito-idp:AdminUserGlobalSignOut", - "cognito-idp:ListUserPoolClients", - "cognito-identity:DescribeIdentityPool", - "cognito-identity:UpdateIdentityPool", - "cognito-identity:SetIdentityPoolRoles", - "cognito-identity:GetIdentityPoolRoles", - "es:UpdateElasticsearchDomainConfig", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoUserPoolF99F93E5", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:cognito-identity:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":identitypool/", - Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoIdentityPool68C76F43", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain", - ], - ], - }, - ], - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "cognito-identity.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoKibanaConfigureRoleC8DCD692", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoKibanaConfigureRolePolicy96BB58EC", - "Roles": Array [ - Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoKibanaConfigureRoleC8DCD692", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoUserPoolClientE03C5E18": Object { - "Properties": Object { - "AllowedOAuthFlows": Array [ - "implicit", - "code", - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": Array [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin", - ], - "CallbackURLs": Array [ - "https://example.com", - ], - "SupportedIdentityProviders": Array [ - "COGNITO", - ], - "UserPoolId": Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoUserPoolF99F93E5", - }, - }, - "Type": "AWS::Cognito::UserPoolClient", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoUserPoolF99F93E5": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AccountRecoverySetting": Object { - "RecoveryMechanisms": Array [ - Object { - "Name": "verified_phone_number", - "Priority": 1, - }, - Object { - "Name": "verified_email", - "Priority": 2, - }, - ], - }, - "AdminCreateUserConfig": Object { - "AllowAdminCreateUserOnly": true, - }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "UserPoolAddOns": Object { - "AdvancedSecurityMode": "ENFORCED", - }, - "VerificationMessageTemplate": Object { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}", - }, - }, - "Type": "AWS::Cognito::UserPool", - "UpdateReplacePolicy": "Retain", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchElasticsearchDomainD539E435": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W28", - "reason": "The ES Domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific ES instance only", - }, - Object { - "id": "W90", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - ], - }, - }, - "Properties": Object { - "AccessPolicies": Object { - "Statement": Array [ - Object { - "Action": "es:ESHttp*", - "Effect": "Allow", - "Principal": Object { - "AWS": Array [ - Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoAuthorizedRole4B91C04E", - "Arn", - ], - }, - Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackDynamoDBStreamsToLambdaLambdaFunctionServiceRoleFA900D4B", - "Arn", - ], - }, - ], - }, - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "CognitoOptions": Object { - "Enabled": true, - "IdentityPoolId": Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoIdentityPool68C76F43", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoKibanaConfigureRoleC8DCD692", - "Arn", - ], - }, - "UserPoolId": Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoUserPoolF99F93E5", - }, - }, - "DomainName": "test-domain", - "EBSOptions": Object { - "EBSEnabled": true, - "VolumeSize": 10, - }, - "ElasticsearchClusterConfig": Object { - "DedicatedMasterCount": 3, - "DedicatedMasterEnabled": true, - "InstanceCount": 3, - "ZoneAwarenessConfig": Object { - "AvailabilityZoneCount": 3, - }, - "ZoneAwarenessEnabled": true, - }, - "ElasticsearchVersion": "6.3", - "EncryptionAtRestOptions": Object { - "Enabled": true, - }, - "NodeToNodeEncryptionOptions": Object { - "Enabled": true, - }, - "SnapshotOptions": Object { - "AutomatedSnapshotStartHour": 1, - }, - }, - "Type": "AWS::Elasticsearch::Domain", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchFreeStorageSpaceTooLowAlarm0DF36C59": Object { - "Properties": Object { - "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.", - "ComparisonOperator": "LessThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "FreeStorageSpace", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Minimum", - "Threshold": 20000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchIdentityPoolRoleMapping31775D80": Object { - "Properties": Object { - "IdentityPoolId": Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoIdentityPool68C76F43", - }, - "Roles": Object { - "authenticated": Object { - "Fn::GetAtt": Array [ - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoAuthorizedRole4B91C04E", - "Arn", - ], - }, - }, - }, - "Type": "AWS::Cognito::IdentityPoolRoleAttachment", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchIndexWritesBlockedTooHighAlarmCD28CBB9": Object { - "Properties": Object { - "AlarmDescription": "Your cluster is blocking write requests.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "ClusterIndexWritesBlocked", - "Namespace": "AWS/ES", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchJVMMemoryPressureTooHighAlarmC6CB7B4D": Object { - "Properties": Object { - "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "JVMMemoryPressure", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 80, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchMasterCPUUtilizationTooHighAlarm2BA317F5": Object { - "Properties": Object { - "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 3, - "MetricName": "MasterCPUUtilization", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 50, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchMasterJVMMemoryPressureTooHighAlarmFD25E1C8": Object { - "Properties": Object { - "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "MasterJVMMemoryPressure", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 50, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchStatusRedAlarmDAEB5151": Object { - "Properties": Object { - "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "ClusterStatus.red", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchStatusYellowAlarmB86505F9": Object { - "Properties": Object { - "AlarmDescription": "At least one replica shard is not allocated to a node.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "ClusterStatus.yellow", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchUserPoolDomain702D3127": Object { - "DependsOn": Array [ - "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoUserPoolF99F93E5", - ], - "Properties": Object { - "Domain": "test-domain", - "UserPoolId": Object { - "Ref": "testdynamodbstreamlambdaelasticsearchstackLambdaToElasticSearchCognitoUserPoolF99F93E5", - }, - }, - "Type": "AWS::Cognito::UserPoolDomain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/dynamodbstreams-lambda-elasticsearch-kibana.test.ts b/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/dynamodbstreams-lambda-elasticsearch-kibana.test.ts index 45562aa99..a152a6161 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/dynamodbstreams-lambda-elasticsearch-kibana.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/dynamodbstreams-lambda-elasticsearch-kibana.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { DynamoDBStreamsToLambdaToElasticSearchAndKibana, DynamoDBStreamsToLambdaToElasticSearchAndKibanaProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; import * as cdk from "@aws-cdk/core"; @@ -30,13 +29,6 @@ function deployNewFunc(stack: cdk.Stack) { return new DynamoDBStreamsToLambdaToElasticSearchAndKibana(stack, 'test-dynamodb-stream-lambda-elasticsearch-stack', props); } -test('snapshot test default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check domain names', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/__snapshots__/dynamodbstreams-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/__snapshots__/dynamodbstreams-lambda.test.js.snap deleted file mode 100644 index 03fc0b713..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/__snapshots__/dynamodbstreams-lambda.test.js.snap +++ /dev/null @@ -1,362 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test DynamoDBStreamsToLambda default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8ArtifactHash8D9AD644": Object { - "Description": "Artifact hash for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB": Object { - "Description": "S3 bucket for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7": Object { - "Description": "S3 key for asset version \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testlambdadynamodbstackDynamoTable8138E93B": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AttributeDefinitions": Array [ - Object { - "AttributeName": "id", - "AttributeType": "S", - }, - ], - "BillingMode": "PAY_PER_REQUEST", - "KeySchema": Array [ - Object { - "AttributeName": "id", - "KeyType": "HASH", - }, - ], - "PointInTimeRecoverySpecification": Object { - "PointInTimeRecoveryEnabled": true, - }, - "SSESpecification": Object { - "SSEEnabled": true, - }, - "StreamSpecification": Object { - "StreamViewType": "NEW_AND_OLD_IMAGES", - }, - }, - "Type": "AWS::DynamoDB::Table", - "UpdateReplacePolicy": "Retain", - }, - "testlambdadynamodbstackLambdaFunction5DDB3E8D": Object { - "DependsOn": Array [ - "testlambdadynamodbstackLambdaFunctionServiceRoleDefaultPolicy547FB7F4", - "testlambdadynamodbstackLambdaFunctionServiceRole758347A1", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstackLambdaFunctionServiceRole758347A1", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testlambdadynamodbstackLambdaFunctionDynamoDBEventSourcetestlambdadynamodbstackDynamoTableD6E2BCEF4AB6F3DD": Object { - "Properties": Object { - "BatchSize": 100, - "BisectBatchOnFunctionError": true, - "DestinationConfig": Object { - "OnFailure": Object { - "Destination": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstackSqsDlqQueue4CC9868B", - "Arn", - ], - }, - }, - }, - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstackDynamoTable8138E93B", - "StreamArn", - ], - }, - "FunctionName": Object { - "Ref": "testlambdadynamodbstackLambdaFunction5DDB3E8D", - }, - "MaximumRecordAgeInSeconds": 86400, - "MaximumRetryAttempts": 500, - "StartingPosition": "TRIM_HORIZON", - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - "testlambdadynamodbstackLambdaFunctionServiceRole758347A1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testlambdadynamodbstackLambdaFunctionServiceRoleDefaultPolicy547FB7F4": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "dynamodb:ListStreams", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "dynamodb:DescribeStream", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstackDynamoTable8138E93B", - "StreamArn", - ], - }, - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstackSqsDlqQueue4CC9868B", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testlambdadynamodbstackLambdaFunctionServiceRoleDefaultPolicy547FB7F4", - "Roles": Array [ - Object { - "Ref": "testlambdadynamodbstackLambdaFunctionServiceRole758347A1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testlambdadynamodbstackSqsDlqQueue4CC9868B": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testlambdadynamodbstackSqsDlqQueuePolicy192E20FD": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstackSqsDlqQueue4CC9868B", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstackSqsDlqQueue4CC9868B", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testlambdadynamodbstackSqsDlqQueue4CC9868B", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/dynamodbstreams-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/dynamodbstreams-lambda.test.ts index f43213024..aad7d6be3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/dynamodbstreams-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda/test/dynamodbstreams-lambda.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { DynamoDBStreamsToLambda, DynamoDBStreamsToLambdaProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; import * as dynamodb from '@aws-cdk/aws-dynamodb'; @@ -30,12 +29,6 @@ function deployNewFunc(stack: cdk.Stack) { return new DynamoDBStreamsToLambda(stack, 'test-lambda-dynamodb-stack', props); } -test('snapshot test DynamoDBStreamsToLambda default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check lambda EventSourceMapping', () => { const stack = new cdk.Stack(); deployNewFunc(stack); diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/__snapshots__/eventbridge-kinesisfirehose-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/__snapshots__/eventbridge-kinesisfirehose-s3.test.js.snap deleted file mode 100644 index 430896610..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/__snapshots__/eventbridge-kinesisfirehose-s3.test.js.snap +++ /dev/null @@ -1,2242 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test snapshot match with default parameters 1`] = ` -Object { - "Resources": Object { - "testeventbridgekinesisfirehoses3defaultparametersEventsRuleF8AE5CFF": Object { - "Properties": Object { - "Description": "event rule props", - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3KinesisFirehoseCF5C31E4", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehoses3defaultparametersEventsRuleInvokeKinesisFirehoseRole6FCCC5E3", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventbridgekinesisfirehoses3defaultparametersEventsRuleInvokeKinesisFirehosePolicyE92BAE99": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:PutRecord", - "firehose:PutRecordBatch", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3KinesisFirehoseCF5C31E4", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgekinesisfirehoses3defaultparametersEventsRuleInvokeKinesisFirehosePolicyE92BAE99", - "Roles": Array [ - Object { - "Ref": "testeventbridgekinesisfirehoses3defaultparametersEventsRuleInvokeKinesisFirehoseRole6FCCC5E3", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventbridgekinesisfirehoses3defaultparametersEventsRuleInvokeKinesisFirehoseRole6FCCC5E3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule To Kinesis Firehose Role", - }, - "Type": "AWS::IAM::Role", - }, - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3KinesisFirehoseCF5C31E4": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3BucketC564608D", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3firehoseloggroup5088E6CD", - }, - "LogStreamName": Object { - "Ref": "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3firehoseloggroupfirehoselogstreamAB86FE83", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3KinesisFirehoseRoleC12DDB53", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3KinesisFirehosePolicyB2B5833F": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3BucketC564608D", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3BucketC564608D", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3firehoseloggroup5088E6CD", - }, - ":log-stream:", - Object { - "Ref": "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3firehoseloggroupfirehoselogstreamAB86FE83", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3KinesisFirehosePolicyB2B5833F", - "Roles": Array [ - Object { - "Ref": "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3KinesisFirehoseRoleC12DDB53", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3KinesisFirehoseRoleC12DDB53": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3BucketC564608D": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3LoggingBucket9F46AA14", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3BucketPolicy67A907BC": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3BucketC564608D", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3BucketC564608D", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3BucketC564608D", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3LoggingBucket9F46AA14": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3LoggingBucketPolicy5DA30449": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3LoggingBucket9F46AA14", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3LoggingBucket9F46AA14", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3S3LoggingBucket9F46AA14", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3firehoseloggroup5088E6CD": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3firehoseloggroupfirehoselogstreamAB86FE83": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testeventbridgekinesisfirehoses3defaultparametersKinesisFirehoseToS3firehoseloggroup5088E6CD", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Resources": Object { - "testeventbridgekinesisfirehosedefaultparametersCustomEventBus6AD0ADE3": Object { - "Properties": Object { - "Name": "testeventbridgekinesisfirehosedefaultparametersCustomEventBus6A430E5F", - }, - "Type": "AWS::Events::EventBus", - }, - "testeventbridgekinesisfirehosedefaultparametersEventsRule8D95759F": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testeventbridgekinesisfirehosedefaultparametersCustomEventBus6AD0ADE3", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3KinesisFirehose807C3595", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehosedefaultparametersEventsRuleInvokeKinesisFirehoseRoleBAEF0DDD", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventbridgekinesisfirehosedefaultparametersEventsRuleInvokeKinesisFirehosePolicyF358C252": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:PutRecord", - "firehose:PutRecordBatch", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3KinesisFirehose807C3595", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgekinesisfirehosedefaultparametersEventsRuleInvokeKinesisFirehosePolicyF358C252", - "Roles": Array [ - Object { - "Ref": "testeventbridgekinesisfirehosedefaultparametersEventsRuleInvokeKinesisFirehoseRoleBAEF0DDD", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventbridgekinesisfirehosedefaultparametersEventsRuleInvokeKinesisFirehoseRoleBAEF0DDD": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule To Kinesis Firehose Role", - }, - "Type": "AWS::IAM::Role", - }, - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3KinesisFirehose807C3595": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3Bucket5DFF6EFF", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3firehoseloggroup65240B59", - }, - "LogStreamName": Object { - "Ref": "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3firehoseloggroupfirehoselogstream4432C9CF", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3KinesisFirehoseRoleC1ACB6BE", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3KinesisFirehosePolicyFB2952C4": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3Bucket5DFF6EFF", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3Bucket5DFF6EFF", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3firehoseloggroup65240B59", - }, - ":log-stream:", - Object { - "Ref": "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3firehoseloggroupfirehoselogstream4432C9CF", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3KinesisFirehosePolicyFB2952C4", - "Roles": Array [ - Object { - "Ref": "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3KinesisFirehoseRoleC1ACB6BE", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3KinesisFirehoseRoleC1ACB6BE": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3Bucket5DFF6EFF": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3LoggingBucket3848DBB9", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3BucketPolicy1166CF9A": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3Bucket5DFF6EFF", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3Bucket5DFF6EFF", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3Bucket5DFF6EFF", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3LoggingBucket3848DBB9": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3LoggingBucketPolicy07BFDAD3": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3LoggingBucket3848DBB9", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3LoggingBucket3848DBB9", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3S3LoggingBucket3848DBB9", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3firehoseloggroup65240B59": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3firehoseloggroupfirehoselogstream4432C9CF": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testeventbridgekinesisfirehosedefaultparametersKinesisFirehoseToS3firehoseloggroup65240B59", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Resources": Object { - "testneweventbridgekinesisfirehose1CustomEventBus1B13945F": Object { - "Properties": Object { - "Name": "testneweventbridgekinesisfirehose1CustomEventBusEB87ABB3", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgekinesisfirehose1EventsRule3C764285": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgekinesisfirehose1CustomEventBus1B13945F", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3KinesisFirehose6320FB1F", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose1EventsRuleInvokeKinesisFirehoseRole001BE88B", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgekinesisfirehose1EventsRuleInvokeKinesisFirehosePolicyC72F471A": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:PutRecord", - "firehose:PutRecordBatch", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3KinesisFirehose6320FB1F", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgekinesisfirehose1EventsRuleInvokeKinesisFirehosePolicyC72F471A", - "Roles": Array [ - Object { - "Ref": "testneweventbridgekinesisfirehose1EventsRuleInvokeKinesisFirehoseRole001BE88B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventbridgekinesisfirehose1EventsRuleInvokeKinesisFirehoseRole001BE88B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule To Kinesis Firehose Role", - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3KinesisFirehose6320FB1F": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3BucketB679D546", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testneweventbridgekinesisfirehose1KinesisFirehoseToS3firehoseloggroup7A670CFB", - }, - "LogStreamName": Object { - "Ref": "testneweventbridgekinesisfirehose1KinesisFirehoseToS3firehoseloggroupfirehoselogstream82A09182", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3KinesisFirehoseRole258CA24A", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3KinesisFirehosePolicyF0A9D93F": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3BucketB679D546", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3BucketB679D546", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testneweventbridgekinesisfirehose1KinesisFirehoseToS3firehoseloggroup7A670CFB", - }, - ":log-stream:", - Object { - "Ref": "testneweventbridgekinesisfirehose1KinesisFirehoseToS3firehoseloggroupfirehoselogstream82A09182", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgekinesisfirehose1KinesisFirehoseToS3KinesisFirehosePolicyF0A9D93F", - "Roles": Array [ - Object { - "Ref": "testneweventbridgekinesisfirehose1KinesisFirehoseToS3KinesisFirehoseRole258CA24A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3KinesisFirehoseRole258CA24A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3BucketB679D546": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3LoggingBucketCBEA5EE3", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3BucketPolicyBD50A50D": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3BucketB679D546", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3BucketB679D546", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3BucketB679D546", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3LoggingBucketCBEA5EE3": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3LoggingBucketPolicy44F47D93": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3LoggingBucketCBEA5EE3", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3LoggingBucketCBEA5EE3", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3S3LoggingBucketCBEA5EE3", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3firehoseloggroup7A670CFB": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgekinesisfirehose1KinesisFirehoseToS3firehoseloggroupfirehoselogstream82A09182": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testneweventbridgekinesisfirehose1KinesisFirehoseToS3firehoseloggroup7A670CFB", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgekinesisfirehose2CustomEventBus2B960576": Object { - "Properties": Object { - "Name": "testneweventbridgekinesisfirehose2CustomEventBus09EC972B", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgekinesisfirehose2EventsRule456F428C": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgekinesisfirehose2CustomEventBus2B960576", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3KinesisFirehose5827FBA9", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose2EventsRuleInvokeKinesisFirehoseRoleEEB5CEC2", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgekinesisfirehose2EventsRuleInvokeKinesisFirehosePolicy0D8E6225": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:PutRecord", - "firehose:PutRecordBatch", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3KinesisFirehose5827FBA9", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgekinesisfirehose2EventsRuleInvokeKinesisFirehosePolicy0D8E6225", - "Roles": Array [ - Object { - "Ref": "testneweventbridgekinesisfirehose2EventsRuleInvokeKinesisFirehoseRoleEEB5CEC2", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventbridgekinesisfirehose2EventsRuleInvokeKinesisFirehoseRoleEEB5CEC2": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule To Kinesis Firehose Role", - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3KinesisFirehose5827FBA9": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3Bucket226AAAD4", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testneweventbridgekinesisfirehose2KinesisFirehoseToS3firehoseloggroup7C0015D8", - }, - "LogStreamName": Object { - "Ref": "testneweventbridgekinesisfirehose2KinesisFirehoseToS3firehoseloggroupfirehoselogstreamBF47285F", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3KinesisFirehoseRole8C3AB362", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3KinesisFirehosePolicy37C4EA6E": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3Bucket226AAAD4", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3Bucket226AAAD4", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testneweventbridgekinesisfirehose2KinesisFirehoseToS3firehoseloggroup7C0015D8", - }, - ":log-stream:", - Object { - "Ref": "testneweventbridgekinesisfirehose2KinesisFirehoseToS3firehoseloggroupfirehoselogstreamBF47285F", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgekinesisfirehose2KinesisFirehoseToS3KinesisFirehosePolicy37C4EA6E", - "Roles": Array [ - Object { - "Ref": "testneweventbridgekinesisfirehose2KinesisFirehoseToS3KinesisFirehoseRole8C3AB362", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3KinesisFirehoseRole8C3AB362": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3Bucket226AAAD4": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3LoggingBucket505CECAD", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3BucketPolicy16828DE2": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3Bucket226AAAD4", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3Bucket226AAAD4", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3Bucket226AAAD4", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3LoggingBucket505CECAD": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3LoggingBucketPolicy7FCDE9DE": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3LoggingBucket505CECAD", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3LoggingBucket505CECAD", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3S3LoggingBucket505CECAD", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3firehoseloggroup7C0015D8": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgekinesisfirehose2KinesisFirehoseToS3firehoseloggroupfirehoselogstreamBF47285F": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testneweventbridgekinesisfirehose2KinesisFirehoseToS3firehoseloggroup7C0015D8", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; - -exports[`snapshot test EventbridgeToKinesisFirehose existing event bus params 1`] = ` -Object { - "Resources": Object { - "testexistingeventbridgekinesisfirehoseEventsRule26A50A15": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3KinesisFirehose7EBE7E6E", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisfirehoseEventsRuleInvokeKinesisFirehoseRole224F03DC", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventbridgekinesisfirehoseEventsRuleInvokeKinesisFirehosePolicy5A0A0DE2": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:PutRecord", - "firehose:PutRecordBatch", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3KinesisFirehose7EBE7E6E", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventbridgekinesisfirehoseEventsRuleInvokeKinesisFirehosePolicy5A0A0DE2", - "Roles": Array [ - Object { - "Ref": "testexistingeventbridgekinesisfirehoseEventsRuleInvokeKinesisFirehoseRole224F03DC", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testexistingeventbridgekinesisfirehoseEventsRuleInvokeKinesisFirehoseRole224F03DC": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule To Kinesis Firehose Role", - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3KinesisFirehose7EBE7E6E": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3BucketDD7B4553", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3firehoseloggroup417B5627", - }, - "LogStreamName": Object { - "Ref": "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3firehoseloggroupfirehoselogstream617C8F21", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3KinesisFirehoseRole13481CE9", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3KinesisFirehosePolicyE534A2BA": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3BucketDD7B4553", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3BucketDD7B4553", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3firehoseloggroup417B5627", - }, - ":log-stream:", - Object { - "Ref": "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3firehoseloggroupfirehoselogstream617C8F21", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3KinesisFirehosePolicyE534A2BA", - "Roles": Array [ - Object { - "Ref": "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3KinesisFirehoseRole13481CE9", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3KinesisFirehoseRole13481CE9": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3BucketDD7B4553": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3LoggingBucket3A3655DB", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3BucketPolicy87BB1E36": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3BucketDD7B4553", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3BucketDD7B4553", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3BucketDD7B4553", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3LoggingBucket3A3655DB": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3LoggingBucketPolicyF8ECD600": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3LoggingBucket3A3655DB", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3LoggingBucket3A3655DB", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3S3LoggingBucket3A3655DB", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3firehoseloggroup417B5627": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3firehoseloggroupfirehoselogstream617C8F21": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testexistingeventbridgekinesisfirehoseKinesisFirehoseToS3firehoseloggroup417B5627", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/eventbridge-kinesisfirehose-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/eventbridge-kinesisfirehose-s3.test.ts index c85b779eb..2907360e5 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/eventbridge-kinesisfirehose-s3.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisfirehose-s3/test/eventbridge-kinesisfirehose-s3.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import * as cdk from "@aws-cdk/core"; import * as s3 from "@aws-cdk/aws-s3"; import * as events from "@aws-cdk/aws-events"; @@ -31,14 +30,6 @@ function deployNewStack(stack: cdk.Stack) { return new EventbridgeToKinesisFirehoseToS3(stack, 'test-eventbridge-kinesis-firehose-s3-default-parameters', props); } -test('Test snapshot match with default parameters', () => { - const stack = new cdk.Stack(); - deployNewStack(stack); - - // Assertions - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test properties // -------------------------------------------------------------- @@ -173,8 +164,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.s3Bucket !== null); expect(construct.s3LoggingBucket !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -198,20 +187,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventbridgeToKinesisFirehose existing event bus params', () => { - const stack = new cdk.Stack(); - const props: EventbridgeToKinesisFirehoseToS3Props = { - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - new EventbridgeToKinesisFirehoseToS3(stack, 'test-existing-eventbridge-kinesisfirehose', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); @@ -230,21 +205,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: `testeventbus` }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - - const props: EventbridgeToKinesisFirehoseToS3Props = { - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventbridgeToKinesisFirehoseToS3(stack, 'test-new-eventbridge-kinesisfirehose1', props); - new EventbridgeToKinesisFirehoseToS3(stack, 'test-new-eventbridge-kinesisfirehose2', props); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisstreams/test/__snapshots__/eventbridge-kinesisstreams.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisstreams/test/__snapshots__/eventbridge-kinesisstreams.test.js.snap deleted file mode 100644 index cb4c22561..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisstreams/test/__snapshots__/eventbridge-kinesisstreams.test.js.snap +++ /dev/null @@ -1,741 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test existing resources 1`] = ` -Object { - "Resources": Object { - "testeventbridgekinesisstreamexistingresourceEventsRuleC7743154": Object { - "Properties": Object { - "Description": "event rule props", - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testexistingstreamA6CF7AE7", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisstreamexistingresourceeventsRoleFD13459F", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventbridgekinesisstreamexistingresourceKinesisStreamGetRecordsIteratorAgeAlarmE700B5FA": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgekinesisstreamexistingresourceKinesisStreamReadProvisionedThroughputExceededAlarmA06674FD": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgekinesisstreamexistingresourceeventsRoleDefaultPolicy126D4DED": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingstreamA6CF7AE7", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgekinesisstreamexistingresourceeventsRoleDefaultPolicy126D4DED", - "Roles": Array [ - Object { - "Ref": "testeventbridgekinesisstreamexistingresourceeventsRoleFD13459F", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventbridgekinesisstreamexistingresourceeventsRoleFD13459F": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testexistingstreamA6CF7AE7": Object { - "Properties": Object { - "Name": "existing-stream", - "RetentionPeriodHours": 48, - "ShardCount": 5, - }, - "Type": "AWS::Kinesis::Stream", - }, - }, -} -`; - -exports[`Test snapshot match with default parameters 1`] = ` -Object { - "Resources": Object { - "testeventbridgekinesisstreamsdefaultparametersEventsRuleFFD1F314": Object { - "Properties": Object { - "Description": "event rule props", - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisstreamsdefaultparametersKinesisStream9FB4F7F1", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisstreamsdefaultparameterseventsRole94A3623E", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventbridgekinesisstreamsdefaultparametersKinesisStream9FB4F7F1": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testeventbridgekinesisstreamsdefaultparametersKinesisStreamGetRecordsIteratorAgeAlarmE0D529DB": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgekinesisstreamsdefaultparametersKinesisStreamReadProvisionedThroughputExceededAlarmF8AE8C5D": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgekinesisstreamsdefaultparameterseventsRole94A3623E": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testeventbridgekinesisstreamsdefaultparameterseventsRoleDefaultPolicyB5CCC5D7": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisstreamsdefaultparametersKinesisStream9FB4F7F1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgekinesisstreamsdefaultparameterseventsRoleDefaultPolicyB5CCC5D7", - "Roles": Array [ - Object { - "Ref": "testeventbridgekinesisstreamsdefaultparameterseventsRole94A3623E", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Resources": Object { - "testeventbridgekinesisstreamsdefaultparametersCustomEventBus62772BCD": Object { - "Properties": Object { - "Name": "testeventbridgekinesisstreamsdefaultparametersCustomEventBus22157231", - }, - "Type": "AWS::Events::EventBus", - }, - "testeventbridgekinesisstreamsdefaultparametersEventsRuleFFD1F314": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testeventbridgekinesisstreamsdefaultparametersCustomEventBus62772BCD", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisstreamsdefaultparametersKinesisStream9FB4F7F1", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisstreamsdefaultparameterseventsRole94A3623E", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventbridgekinesisstreamsdefaultparametersKinesisStream9FB4F7F1": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testeventbridgekinesisstreamsdefaultparametersKinesisStreamGetRecordsIteratorAgeAlarmE0D529DB": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgekinesisstreamsdefaultparametersKinesisStreamReadProvisionedThroughputExceededAlarmF8AE8C5D": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgekinesisstreamsdefaultparameterseventsRole94A3623E": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testeventbridgekinesisstreamsdefaultparameterseventsRoleDefaultPolicyB5CCC5D7": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgekinesisstreamsdefaultparametersKinesisStream9FB4F7F1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgekinesisstreamsdefaultparameterseventsRoleDefaultPolicyB5CCC5D7", - "Roles": Array [ - Object { - "Ref": "testeventbridgekinesisstreamsdefaultparameterseventsRole94A3623E", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Resources": Object { - "testneweventbridgekinesisstreams1CustomEventBus1A176E0B": Object { - "Properties": Object { - "Name": "testneweventbridgekinesisstreams1CustomEventBusC824F9F2", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgekinesisstreams1EventsRule2E6D88D9": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgekinesisstreams1CustomEventBus1A176E0B", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisstreams1KinesisStream7E0380F0", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisstreams1eventsRole7C6CD7A1", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgekinesisstreams1KinesisStream7E0380F0": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testneweventbridgekinesisstreams1KinesisStreamGetRecordsIteratorAgeAlarm98F5DB9F": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventbridgekinesisstreams1KinesisStreamReadProvisionedThroughputExceededAlarm63B214D9": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventbridgekinesisstreams1eventsRole7C6CD7A1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgekinesisstreams1eventsRoleDefaultPolicyFA21F8A8": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisstreams1KinesisStream7E0380F0", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgekinesisstreams1eventsRoleDefaultPolicyFA21F8A8", - "Roles": Array [ - Object { - "Ref": "testneweventbridgekinesisstreams1eventsRole7C6CD7A1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventbridgekinesisstreams2CustomEventBus9FCEF58F": Object { - "Properties": Object { - "Name": "testneweventbridgekinesisstreams2CustomEventBus458FACFC", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgekinesisstreams2EventsRuleF14C5405": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgekinesisstreams2CustomEventBus9FCEF58F", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisstreams2KinesisStreamBC538A18", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisstreams2eventsRole9E13686D", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgekinesisstreams2KinesisStreamBC538A18": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testneweventbridgekinesisstreams2KinesisStreamGetRecordsIteratorAgeAlarm0DDE44EA": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventbridgekinesisstreams2KinesisStreamReadProvisionedThroughputExceededAlarm6CC96DC4": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventbridgekinesisstreams2eventsRole9E13686D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgekinesisstreams2eventsRoleDefaultPolicyDC91DE52": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgekinesisstreams2KinesisStreamBC538A18", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgekinesisstreams2eventsRoleDefaultPolicyDC91DE52", - "Roles": Array [ - Object { - "Ref": "testneweventbridgekinesisstreams2eventsRole9E13686D", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`snapshot test EventbridgeToKinesisStreams existing event bus params 1`] = ` -Object { - "Resources": Object { - "testexistingeventbridgekinesisstreamsEventsRule0F78E916": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisstreamsKinesisStream9E707E70", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisstreamseventsRole4E65203D", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventbridgekinesisstreamsKinesisStream9E707E70": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testexistingeventbridgekinesisstreamsKinesisStreamGetRecordsIteratorAgeAlarm69E05245": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testexistingeventbridgekinesisstreamsKinesisStreamReadProvisionedThroughputExceededAlarmFD48C29F": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testexistingeventbridgekinesisstreamseventsRole4E65203D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventbridgekinesisstreamseventsRoleDefaultPolicy9C0D7DAA": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgekinesisstreamsKinesisStream9E707E70", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventbridgekinesisstreamseventsRoleDefaultPolicy9C0D7DAA", - "Roles": Array [ - Object { - "Ref": "testexistingeventbridgekinesisstreamseventsRole4E65203D", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisstreams/test/eventbridge-kinesisstreams.test.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisstreams/test/eventbridge-kinesisstreams.test.ts index d0c1082c9..0913ed91f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisstreams/test/eventbridge-kinesisstreams.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-kinesisstreams/test/eventbridge-kinesisstreams.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import * as cdk from "@aws-cdk/core"; import * as events from "@aws-cdk/aws-events"; import * as kinesis from '@aws-cdk/aws-kinesis'; @@ -31,14 +30,6 @@ function deployNewStack(stack: cdk.Stack) { return new EventbridgeToKinesisStreams(stack, 'test-eventbridge-kinesis-streams-default-parameters', props); } -test('Test snapshot match with default parameters', () => { - const stack = new cdk.Stack(); - deployNewStack(stack); - - // Assertions - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test properties // -------------------------------------------------------------- @@ -90,8 +81,6 @@ test('Test existing resources', () => { } }); - // Assertions - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(stack).toHaveResource('AWS::Kinesis::Stream', { Name: 'existing-stream', ShardCount: 5, @@ -116,8 +105,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.kinesisStream !== null); expect(construct.eventsRole !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -141,20 +128,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventbridgeToKinesisStreams existing event bus params', () => { - const stack = new cdk.Stack(); - const props: EventbridgeToKinesisStreamsProps = { - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - new EventbridgeToKinesisStreams(stack, 'test-existing-eventbridge-kinesisstreams', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); @@ -173,21 +146,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: `testeventbus` }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - - const props: EventbridgeToKinesisStreamsProps = { - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventbridgeToKinesisStreams(stack, 'test-new-eventbridge-kinesisstreams1', props); - new EventbridgeToKinesisStreams(stack, 'test-new-eventbridge-kinesisstreams2', props); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-lambda/test/__snapshots__/eventbridge-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-eventbridge-lambda/test/__snapshots__/eventbridge-lambda.test.js.snap deleted file mode 100644 index a9fedc615..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-lambda/test/__snapshots__/eventbridge-lambda.test.js.snap +++ /dev/null @@ -1,1172 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testneweventbridgelambdaCustomEventBus42BE6810": Object { - "Properties": Object { - "Name": "testneweventbridgelambdaCustomEventBusDA817FEF", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgelambdaEventsRule584DE841": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgelambdaCustomEventBus42BE6810", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambdaLambdaFunction4C935769", - "Arn", - ], - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgelambdaLambdaFunction4C935769": Object { - "DependsOn": Array [ - "testneweventbridgelambdaLambdaFunctionServiceRoleDefaultPolicy701C67E1", - "testneweventbridgelambdaLambdaFunctionServiceRole0B14BEDF", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambdaLambdaFunctionServiceRole0B14BEDF", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testneweventbridgelambdaLambdaFunctionAwsEventsLambdaInvokePermission1A6FDDA08": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambdaLambdaFunction4C935769", - "Arn", - ], - }, - "Principal": "events.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambdaEventsRule584DE841", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testneweventbridgelambdaLambdaFunctionServiceRole0B14BEDF": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgelambdaLambdaFunctionServiceRoleDefaultPolicy701C67E1": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgelambdaLambdaFunctionServiceRoleDefaultPolicy701C67E1", - "Roles": Array [ - Object { - "Ref": "testneweventbridgelambdaLambdaFunctionServiceRole0B14BEDF", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testneweventbridgelambda1CustomEventBus8F6307CE": Object { - "Properties": Object { - "Name": "testneweventbridgelambda1CustomEventBus32DD8C10", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgelambda1EventsRuleA880FEC6": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgelambda1CustomEventBus8F6307CE", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambda1LambdaFunction6B1B71BE", - "Arn", - ], - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgelambda1LambdaFunction6B1B71BE": Object { - "DependsOn": Array [ - "testneweventbridgelambda1LambdaFunctionServiceRoleDefaultPolicy936A7F9D", - "testneweventbridgelambda1LambdaFunctionServiceRoleA0E1765D", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambda1LambdaFunctionServiceRoleA0E1765D", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testneweventbridgelambda1LambdaFunctionAwsEventsLambdaInvokePermission1A7F397DB": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambda1LambdaFunction6B1B71BE", - "Arn", - ], - }, - "Principal": "events.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambda1EventsRuleA880FEC6", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testneweventbridgelambda1LambdaFunctionServiceRoleA0E1765D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgelambda1LambdaFunctionServiceRoleDefaultPolicy936A7F9D": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgelambda1LambdaFunctionServiceRoleDefaultPolicy936A7F9D", - "Roles": Array [ - Object { - "Ref": "testneweventbridgelambda1LambdaFunctionServiceRoleA0E1765D", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventbridgelambda2CustomEventBusE7F7F8AE": Object { - "Properties": Object { - "Name": "testneweventbridgelambda2CustomEventBus2A5AAEB3", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgelambda2EventsRuleC907730B": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgelambda2CustomEventBusE7F7F8AE", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambda2LambdaFunction68C27D79", - "Arn", - ], - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgelambda2LambdaFunction68C27D79": Object { - "DependsOn": Array [ - "testneweventbridgelambda2LambdaFunctionServiceRoleDefaultPolicyE8769E57", - "testneweventbridgelambda2LambdaFunctionServiceRole6B0C9C0A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambda2LambdaFunctionServiceRole6B0C9C0A", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testneweventbridgelambda2LambdaFunctionAwsEventsLambdaInvokePermission1B0249F6C": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambda2LambdaFunction68C27D79", - "Arn", - ], - }, - "Principal": "events.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgelambda2EventsRuleC907730B", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testneweventbridgelambda2LambdaFunctionServiceRole6B0C9C0A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgelambda2LambdaFunctionServiceRoleDefaultPolicyE8769E57": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgelambda2LambdaFunctionServiceRoleDefaultPolicyE8769E57", - "Roles": Array [ - Object { - "Ref": "testneweventbridgelambda2LambdaFunctionServiceRole6B0C9C0A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`snapshot test EventbridgeToLambda default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testeventbridgelambdaEventsRule7DB0954D": Object { - "Properties": Object { - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventbridgelambdaLambdaFunction475423FD", - "Arn", - ], - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventbridgelambdaLambdaFunction475423FD": Object { - "DependsOn": Array [ - "testeventbridgelambdaLambdaFunctionServiceRoleDefaultPolicyB0C15F1B", - "testeventbridgelambdaLambdaFunctionServiceRole6D02CEEE", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testeventbridgelambdaLambdaFunctionServiceRole6D02CEEE", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testeventbridgelambdaLambdaFunctionAwsEventsLambdaInvokePermission1C8A95062": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testeventbridgelambdaLambdaFunction475423FD", - "Arn", - ], - }, - "Principal": "events.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgelambdaEventsRule7DB0954D", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testeventbridgelambdaLambdaFunctionServiceRole6D02CEEE": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testeventbridgelambdaLambdaFunctionServiceRoleDefaultPolicyB0C15F1B": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgelambdaLambdaFunctionServiceRoleDefaultPolicyB0C15F1B", - "Roles": Array [ - Object { - "Ref": "testeventbridgelambdaLambdaFunctionServiceRole6D02CEEE", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`snapshot test EventbridgeToLambda existing event bus params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testexistingeventbridgelambdaEventsRule6EB82633": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgelambdaLambdaFunctionEAAA61EF", - "Arn", - ], - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventbridgelambdaLambdaFunctionAwsEventsLambdaInvokePermission1DD91E957": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgelambdaLambdaFunctionEAAA61EF", - "Arn", - ], - }, - "Principal": "events.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgelambdaEventsRule6EB82633", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testexistingeventbridgelambdaLambdaFunctionEAAA61EF": Object { - "DependsOn": Array [ - "testexistingeventbridgelambdaLambdaFunctionServiceRoleDefaultPolicy11F12158", - "testexistingeventbridgelambdaLambdaFunctionServiceRoleD4150277", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgelambdaLambdaFunctionServiceRoleD4150277", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testexistingeventbridgelambdaLambdaFunctionServiceRoleD4150277": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventbridgelambdaLambdaFunctionServiceRoleDefaultPolicy11F12158": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventbridgelambdaLambdaFunctionServiceRoleDefaultPolicy11F12158", - "Roles": Array [ - Object { - "Ref": "testexistingeventbridgelambdaLambdaFunctionServiceRoleD4150277", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-lambda/test/eventbridge-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-lambda/test/eventbridge-lambda.test.ts index ebd4a721e..14660b1d5 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-lambda/test/eventbridge-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-lambda/test/eventbridge-lambda.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import * as lambda from '@aws-cdk/aws-lambda'; import * as events from '@aws-cdk/aws-events'; import { EventbridgeToLambdaProps, EventbridgeToLambda } from '../lib/index'; @@ -50,12 +49,6 @@ function deployNewEventBus(stack: cdk.Stack) { return new EventbridgeToLambda(stack, 'test-new-eventbridge-lambda', props); } -test('snapshot test EventbridgeToLambda default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check lambda function properties for deploy: true', () => { const stack = new cdk.Stack(); @@ -215,8 +208,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.eventsRule !== null); expect(construct.lambdaFunction !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -245,25 +236,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventbridgeToLambda existing event bus params', () => { - const stack = new cdk.Stack(); - const props: EventbridgeToLambdaProps = { - lambdaFunctionProps: { - code: lambda.Code.fromAsset(`${__dirname}/lambda`), - runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler' - }, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - new EventbridgeToLambda(stack, 'test-existing-eventbridge-lambda', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); @@ -287,26 +259,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: `testeventbus` }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - - const props: EventbridgeToLambdaProps = { - lambdaFunctionProps: { - code: lambda.Code.fromAsset(`${__dirname}/lambda`), - runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler' - }, - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventbridgeToLambda(stack, 'test-new-eventbridge-lambda1', props); - new EventbridgeToLambda(stack, 'test-new-eventbridge-lambda2', props); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/__snapshots__/eventbridge-sns-topic.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/__snapshots__/eventbridge-sns-topic.test.js.snap deleted file mode 100644 index 9d47dab19..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/__snapshots__/eventbridge-sns-topic.test.js.snap +++ /dev/null @@ -1,1036 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Resources": Object { - "testneweventbusCustomEventBusC2A45FC2": Object { - "Properties": Object { - "Name": "testneweventbusCustomEventBus24E7BAAE", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbusEncryptionKeyC43253F0": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbusEventsRule25036ADC": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbusCustomEventBusC2A45FC2", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testneweventbusSnsTopicBF481452", - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testneweventbusSnsTopicBF481452", - "TopicName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbusSnsTopicBF481452": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testneweventbusEncryptionKeyC43253F0", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testneweventbusSnsTopicPolicy456B78C8": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testneweventbusSnsTopicBF481452", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testneweventbusSnsTopicBF481452", - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Ref": "testneweventbusSnsTopicBF481452", - }, - "Sid": "2", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testneweventbusSnsTopicBF481452", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Resources": Object { - "testneweventbridgesns1CustomEventBusF36D6226": Object { - "Properties": Object { - "Name": "testneweventbridgesns1CustomEventBus9C3BE8DD", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgesns1EncryptionKeyC41FBC73": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgesns1EventsRule04D0CF66": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgesns1CustomEventBusF36D6226", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testneweventbridgesns1SnsTopic13CC9313", - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesns1SnsTopic13CC9313", - "TopicName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgesns1SnsTopic13CC9313": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesns1EncryptionKeyC41FBC73", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testneweventbridgesns1SnsTopicPolicyC0E5C498": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testneweventbridgesns1SnsTopic13CC9313", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testneweventbridgesns1SnsTopic13CC9313", - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Ref": "testneweventbridgesns1SnsTopic13CC9313", - }, - "Sid": "2", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testneweventbridgesns1SnsTopic13CC9313", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - "testneweventbridgesns2CustomEventBus954EFEF6": Object { - "Properties": Object { - "Name": "testneweventbridgesns2CustomEventBusBB8CAB84", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgesns2EncryptionKeyBE543C5C": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgesns2EventsRule9C99BD24": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgesns2CustomEventBus954EFEF6", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testneweventbridgesns2SnsTopic53A662BE", - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesns2SnsTopic53A662BE", - "TopicName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgesns2SnsTopic53A662BE": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesns2EncryptionKeyBE543C5C", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testneweventbridgesns2SnsTopicPolicy7858877E": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testneweventbridgesns2SnsTopic53A662BE", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testneweventbridgesns2SnsTopic53A662BE", - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Ref": "testneweventbridgesns2SnsTopic53A662BE", - }, - "Sid": "2", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testneweventbridgesns2SnsTopic53A662BE", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; - -exports[`snapshot test EventbridgeToSns default params 1`] = ` -Object { - "Resources": Object { - "testEncryptionKeyB55BFDBC": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testEventsRuleE75BC9BA": Object { - "Properties": Object { - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testSnsTopic42942701", - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testSnsTopic42942701", - "TopicName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testSnsTopic42942701": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testEncryptionKeyB55BFDBC", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testSnsTopicPolicyCF3F7399": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testSnsTopic42942701", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testSnsTopic42942701", - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Ref": "testSnsTopic42942701", - }, - "Sid": "2", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testSnsTopic42942701", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; - -exports[`snapshot test EventbridgeToSns existing event bus params 1`] = ` -Object { - "Resources": Object { - "testexistingeventbridgesnsEncryptionKey60803E9B": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventbridgesnsEventsRuleA069146F": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testexistingeventbridgesnsSnsTopic90D4F9FB", - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgesnsSnsTopic90D4F9FB", - "TopicName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventbridgesnsSnsTopic90D4F9FB": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgesnsEncryptionKey60803E9B", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testexistingeventbridgesnsSnsTopicPolicyB86F5A00": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testexistingeventbridgesnsSnsTopic90D4F9FB", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testexistingeventbridgesnsSnsTopic90D4F9FB", - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Ref": "testexistingeventbridgesnsSnsTopic90D4F9FB", - }, - "Sid": "2", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testexistingeventbridgesnsSnsTopic90D4F9FB", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/eventbridge-sns-topic.test.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/eventbridge-sns-topic.test.ts index 298c3ee0a..af1d799bc 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/eventbridge-sns-topic.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-sns/test/eventbridge-sns-topic.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import * as cdk from "@aws-cdk/core"; import * as events from "@aws-cdk/aws-events"; import * as defaults from '@aws-solutions-constructs/core'; @@ -39,12 +38,6 @@ function deployStackWithNewEventBus(stack: cdk.Stack) { return new EventbridgeToSns(stack, 'test-neweventbus', props); } -test('snapshot test EventbridgeToSns default params', () => { - const stack = new cdk.Stack(); - deployNewStack(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check if the event rule has permission/policy in place in sns for it to be able to publish to the topic', () => { const stack = new cdk.Stack(); deployNewStack(stack); @@ -213,63 +206,6 @@ test('check the sns topic properties with existing KMS key', () => { }); expect(stack).toHaveResource('AWS::KMS::Key', { - KeyPolicy: { - Statement: [ - { - Action: [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource" - ], - Effect: "Allow", - Principal: { - AWS: { - "Fn::Join": [ - "", - [ - "arn:", - { - Ref: "AWS::Partition" - }, - ":iam::", - { - Ref: "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - Resource: "*" - }, - { - Action: [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - Effect: "Allow", - Principal: { - Service: "events.amazonaws.com" - }, - Resource: "*" - } - ], - Version: "2012-10-17" - }, Description: "my-key", EnableKeyRotation: true }); @@ -285,9 +221,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.encryptionKey !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -311,20 +244,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventbridgeToSns existing event bus params', () => { - const stack = new cdk.Stack(); - const props: EventbridgeToSnsProps = { - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - new EventbridgeToSns(stack, 'test-existing-eventbridge-sns', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); @@ -343,21 +262,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: 'testcustomeventbus' }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - - const props: EventbridgeToSnsProps = { - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventbridgeToSns(stack, 'test-new-eventbridge-sns1', props); - new EventbridgeToSns(stack, 'test-new-eventbridge-sns2', props); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-sqs/test/__snapshots__/eventbridge-sqs-queue.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-eventbridge-sqs/test/__snapshots__/eventbridge-sqs-queue.test.js.snap deleted file mode 100644 index 8cf4e5a06..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-sqs/test/__snapshots__/eventbridge-sqs-queue.test.js.snap +++ /dev/null @@ -1,1466 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Resources": Object { - "testeventbridgesqsnewbusCustomEventBus7799DF2B": Object { - "Properties": Object { - "Name": "testeventbridgesqsnewbusCustomEventBus19F2F64B", - }, - "Type": "AWS::Events::EventBus", - }, - "testeventbridgesqsnewbusEncryptionKeyC054EABF": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testeventbridgesqsnewbusEventsRuleF2643721": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testeventbridgesqsnewbusCustomEventBus7799DF2B", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsnewbusqueue662F5BAB", - "Arn", - ], - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsnewbusqueue662F5BAB", - "QueueName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventbridgesqsnewbusdeadLetterQueue780165C7": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testeventbridgesqsnewbusdeadLetterQueuePolicy5C43CFAB": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsnewbusdeadLetterQueue780165C7", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsnewbusdeadLetterQueue780165C7", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testeventbridgesqsnewbusdeadLetterQueue780165C7", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testeventbridgesqsnewbusqueue662F5BAB": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsnewbusEncryptionKeyC054EABF", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsnewbusdeadLetterQueue780165C7", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testeventbridgesqsnewbusqueuePolicyDE8209E1": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsnewbusqueue662F5BAB", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsnewbusqueue662F5BAB", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsnewbusqueue662F5BAB", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testeventbridgesqsnewbusqueue662F5BAB", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Resources": Object { - "testneweventbridgesqs1CustomEventBus8325C352": Object { - "Properties": Object { - "Name": "testneweventbridgesqs1CustomEventBusA5003CBC", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgesqs1EncryptionKey3A3D74F8": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgesqs1EventsRule2E263936": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgesqs1CustomEventBus8325C352", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs1queue330A3071", - "Arn", - ], - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs1queue330A3071", - "QueueName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgesqs1deadLetterQueueE1549281": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testneweventbridgesqs1deadLetterQueuePolicy86E53DD1": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs1deadLetterQueueE1549281", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs1deadLetterQueueE1549281", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testneweventbridgesqs1deadLetterQueueE1549281", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testneweventbridgesqs1queue330A3071": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs1EncryptionKey3A3D74F8", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs1deadLetterQueueE1549281", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testneweventbridgesqs1queuePolicy9CD02502": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs1queue330A3071", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs1queue330A3071", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs1queue330A3071", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testneweventbridgesqs1queue330A3071", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testneweventbridgesqs2CustomEventBusDA6122E8": Object { - "Properties": Object { - "Name": "testneweventbridgesqs2CustomEventBus95F2705A", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgesqs2EncryptionKey0FBD0AC0": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgesqs2EventsRule2060C024": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgesqs2CustomEventBusDA6122E8", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs2queueE4D7A411", - "Arn", - ], - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs2queueE4D7A411", - "QueueName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgesqs2deadLetterQueueC5C6F498": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testneweventbridgesqs2deadLetterQueuePolicy2824F886": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs2deadLetterQueueC5C6F498", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs2deadLetterQueueC5C6F498", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testneweventbridgesqs2deadLetterQueueC5C6F498", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testneweventbridgesqs2queueE4D7A411": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs2EncryptionKey0FBD0AC0", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs2deadLetterQueueC5C6F498", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testneweventbridgesqs2queuePolicy611821E2": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs2queueE4D7A411", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs2queueE4D7A411", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventbridgesqs2queueE4D7A411", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testneweventbridgesqs2queueE4D7A411", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`snapshot test EventbridgeToSqs default params 1`] = ` -Object { - "Resources": Object { - "testeventbridgesqsEncryptionKey811BDC23": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testeventbridgesqsEventsRule66E44184": Object { - "Properties": Object { - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsqueue21FF6EBA", - "Arn", - ], - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsqueue21FF6EBA", - "QueueName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventbridgesqsdeadLetterQueueF5B377E2": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testeventbridgesqsdeadLetterQueuePolicy74A33822": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsdeadLetterQueueF5B377E2", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsdeadLetterQueueF5B377E2", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testeventbridgesqsdeadLetterQueueF5B377E2", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testeventbridgesqsqueue21FF6EBA": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsEncryptionKey811BDC23", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsdeadLetterQueueF5B377E2", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testeventbridgesqsqueuePolicy2E375B6A": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsqueue21FF6EBA", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsqueue21FF6EBA", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventbridgesqsqueue21FF6EBA", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testeventbridgesqsqueue21FF6EBA", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`snapshot test EventbridgeToSqs existing event bus params 1`] = ` -Object { - "Resources": Object { - "testexistingeventbridgesqsEncryptionKey5B28D4E1": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventbridgesqsEventsRule91D26531": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgesqsqueue3A4B6717", - "Arn", - ], - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgesqsqueue3A4B6717", - "QueueName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventbridgesqsdeadLetterQueueD3B506FC": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testexistingeventbridgesqsdeadLetterQueuePolicy54BD6A69": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgesqsdeadLetterQueueD3B506FC", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgesqsdeadLetterQueueD3B506FC", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testexistingeventbridgesqsdeadLetterQueueD3B506FC", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testexistingeventbridgesqsqueue3A4B6717": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgesqsEncryptionKey5B28D4E1", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgesqsdeadLetterQueueD3B506FC", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testexistingeventbridgesqsqueuePolicyE422CDEB": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgesqsqueue3A4B6717", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgesqsqueue3A4B6717", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgesqsqueue3A4B6717", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testexistingeventbridgesqsqueue3A4B6717", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-sqs/test/eventbridge-sqs-queue.test.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-sqs/test/eventbridge-sqs-queue.test.ts index fd58b787b..abdec3e61 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-sqs/test/eventbridge-sqs-queue.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-sqs/test/eventbridge-sqs-queue.test.ts @@ -14,7 +14,6 @@ import * as cdk from '@aws-cdk/core'; import { EventbridgeToSqs, EventbridgeToSqsProps } from '../lib'; import * as events from "@aws-cdk/aws-events"; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import * as defaults from '@aws-solutions-constructs/core'; @@ -39,12 +38,6 @@ function deployStackWithNewEventBus(stack: cdk.Stack) { return new EventbridgeToSqs(stack, 'test-eventbridge-sqs-new-bus', props); } -test('snapshot test EventbridgeToSqs default params', () => { - const stack = new cdk.Stack(); - deployNewStack(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check the sqs queue properties', () => { const stack = new cdk.Stack(); deployNewStack(stack); @@ -101,63 +94,6 @@ test('check the sqs queue properties with existing KMS key', () => { }); expect(stack).toHaveResource('AWS::KMS::Key', { - KeyPolicy: { - Statement: [ - { - Action: [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource" - ], - Effect: "Allow", - Principal: { - AWS: { - "Fn::Join": [ - "", - [ - "arn:", - { - Ref: "AWS::Partition" - }, - ":iam::", - { - Ref: "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - Resource: "*" - }, - { - Action: [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - Effect: "Allow", - Principal: { - Service: "events.amazonaws.com" - }, - Resource: "*" - } - ], - Version: "2012-10-17" - }, Description: "my-key", EnableKeyRotation: true }); @@ -346,8 +282,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.deadLetterQueue !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -371,20 +305,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventbridgeToSqs existing event bus params', () => { - const stack = new cdk.Stack(); - const props: EventbridgeToSqsProps = { - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - new EventbridgeToSqs(stack, 'test-existing-eventbridge-sqs', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); @@ -403,21 +323,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: 'testcustomeventbus' }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - - const props: EventbridgeToSqsProps = { - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventbridgeToSqs(stack, 'test-new-eventbridge-sqs1', props); - new EventbridgeToSqs(stack, 'test-new-eventbridge-sqs2', props); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/__snapshots__/eventbridge-stepfunctions.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/__snapshots__/eventbridge-stepfunctions.test.js.snap deleted file mode 100644 index f13f8d77e..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/__snapshots__/eventbridge-stepfunctions.test.js.snap +++ /dev/null @@ -1,1431 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Resources": Object { - "testeventbridgestepfunctionseventbusCustomEventBus543EEB31": Object { - "Properties": Object { - "Name": "testeventbridgestepfunctionseventbusCustomEventBus1261A8B4", - }, - "Type": "AWS::Events::EventBus", - }, - "testeventbridgestepfunctionseventbusEventsRuleA633C307": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testeventbridgestepfunctionseventbusCustomEventBus543EEB31", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testeventbridgestepfunctionseventbusStateMachineECEE5C4A", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgestepfunctionseventbusEventsRuleRoleA8F42A12", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventbridgestepfunctionseventbusEventsRuleRoleA8F42A12": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testeventbridgestepfunctionseventbusEventsRuleRoleDefaultPolicyB510931A": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testeventbridgestepfunctionseventbusStateMachineECEE5C4A", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgestepfunctionseventbusEventsRuleRoleDefaultPolicyB510931A", - "Roles": Array [ - Object { - "Ref": "testeventbridgestepfunctionseventbusEventsRuleRoleA8F42A12", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventbridgestepfunctionseventbusExecutionAbortedAlarm7A3F86E8": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventbridgestepfunctionseventbusStateMachineECEE5C4A", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgestepfunctionseventbusExecutionFailedAlarmB2601715": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventbridgestepfunctionseventbusStateMachineECEE5C4A", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgestepfunctionseventbusExecutionThrottledAlarm2C8AB2F2": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventbridgestepfunctionseventbusStateMachineECEE5C4A", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgestepfunctionseventbusStateMachineECEE5C4A": Object { - "DependsOn": Array [ - "testeventbridgestepfunctionseventbusStateMachineRoleDefaultPolicyCC309240", - "testeventbridgestepfunctionseventbusStateMachineRoleC63D8370", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgestepfunctionseventbusStateMachineLogGroupF3B6B238", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgestepfunctionseventbusStateMachineRoleC63D8370", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testeventbridgestepfunctionseventbusStateMachineLogGroupF3B6B238": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttesteventbridgestepfunctionseventbusstatemachinelog3ade1833cd96", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testeventbridgestepfunctionseventbusStateMachineRoleC63D8370": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testeventbridgestepfunctionseventbusStateMachineRoleDefaultPolicyCC309240": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgestepfunctionseventbusStateMachineRoleDefaultPolicyCC309240", - "Roles": Array [ - Object { - "Ref": "testeventbridgestepfunctionseventbusStateMachineRoleC63D8370", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Resources": Object { - "testneweventbridgestepfunctions1CustomEventBus3267BF12": Object { - "Properties": Object { - "Name": "testneweventbridgestepfunctions1CustomEventBusFDAEC555", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgestepfunctions1EventsRule75C4711B": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgestepfunctions1CustomEventBus3267BF12", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testneweventbridgestepfunctions1StateMachine79D48A86", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgestepfunctions1EventsRuleRole6CAB7254", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgestepfunctions1EventsRuleRole6CAB7254": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgestepfunctions1EventsRuleRoleDefaultPolicy699CFB6B": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testneweventbridgestepfunctions1StateMachine79D48A86", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgestepfunctions1EventsRuleRoleDefaultPolicy699CFB6B", - "Roles": Array [ - Object { - "Ref": "testneweventbridgestepfunctions1EventsRuleRole6CAB7254", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventbridgestepfunctions1ExecutionAbortedAlarm1221BC23": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventbridgestepfunctions1StateMachine79D48A86", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventbridgestepfunctions1ExecutionFailedAlarm78F34B69": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventbridgestepfunctions1StateMachine79D48A86", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventbridgestepfunctions1ExecutionThrottledAlarm835AE392": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventbridgestepfunctions1StateMachine79D48A86", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventbridgestepfunctions1StateMachine79D48A86": Object { - "DependsOn": Array [ - "testneweventbridgestepfunctions1StateMachineRoleDefaultPolicy5A42DEA7", - "testneweventbridgestepfunctions1StateMachineRoleE21F8DEE", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState1\\",\\"States\\":{\\"StartState1\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgestepfunctions1StateMachineLogGroup4E3B02FA", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgestepfunctions1StateMachineRoleE21F8DEE", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testneweventbridgestepfunctions1StateMachineLogGroup4E3B02FA": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttestneweventbridgestepfunctions1statemachinelog97c1ffa93355", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgestepfunctions1StateMachineRoleDefaultPolicy5A42DEA7": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgestepfunctions1StateMachineRoleDefaultPolicy5A42DEA7", - "Roles": Array [ - Object { - "Ref": "testneweventbridgestepfunctions1StateMachineRoleE21F8DEE", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventbridgestepfunctions1StateMachineRoleE21F8DEE": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgestepfunctions2CustomEventBusA77E5098": Object { - "Properties": Object { - "Name": "testneweventbridgestepfunctions2CustomEventBusDA330C9F", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbridgestepfunctions2EventsRule8926D086": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbridgestepfunctions2CustomEventBusA77E5098", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testneweventbridgestepfunctions2StateMachineAD0DC5E7", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgestepfunctions2EventsRuleRole6E867C4F", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbridgestepfunctions2EventsRuleRole6E867C4F": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgestepfunctions2EventsRuleRoleDefaultPolicy812687BD": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testneweventbridgestepfunctions2StateMachineAD0DC5E7", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgestepfunctions2EventsRuleRoleDefaultPolicy812687BD", - "Roles": Array [ - Object { - "Ref": "testneweventbridgestepfunctions2EventsRuleRole6E867C4F", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventbridgestepfunctions2ExecutionAbortedAlarm738FE6FC": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventbridgestepfunctions2StateMachineAD0DC5E7", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventbridgestepfunctions2ExecutionFailedAlarm4DFA599B": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventbridgestepfunctions2StateMachineAD0DC5E7", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventbridgestepfunctions2ExecutionThrottledAlarm03E964B2": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventbridgestepfunctions2StateMachineAD0DC5E7", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventbridgestepfunctions2StateMachineAD0DC5E7": Object { - "DependsOn": Array [ - "testneweventbridgestepfunctions2StateMachineRoleDefaultPolicy46E34E47", - "testneweventbridgestepfunctions2StateMachineRoleA4B88ACC", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState2\\",\\"States\\":{\\"StartState2\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgestepfunctions2StateMachineLogGroupC4B1019B", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventbridgestepfunctions2StateMachineRoleA4B88ACC", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testneweventbridgestepfunctions2StateMachineLogGroupC4B1019B": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttestneweventbridgestepfunctions2statemachinelogfb5fb852e9ef", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbridgestepfunctions2StateMachineRoleA4B88ACC": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventbridgestepfunctions2StateMachineRoleDefaultPolicy46E34E47": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventbridgestepfunctions2StateMachineRoleDefaultPolicy46E34E47", - "Roles": Array [ - Object { - "Ref": "testneweventbridgestepfunctions2StateMachineRoleA4B88ACC", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`snapshot test EventbridgeToStepfunctions default params 1`] = ` -Object { - "Resources": Object { - "testeventbridgestepfunctionsEventsRuleD6900736": Object { - "Properties": Object { - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testeventbridgestepfunctionsStateMachineDD09BCB6", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgestepfunctionsEventsRuleRoleFFAAD2A8", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventbridgestepfunctionsEventsRuleRoleDefaultPolicy66B6953F": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testeventbridgestepfunctionsStateMachineDD09BCB6", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgestepfunctionsEventsRuleRoleDefaultPolicy66B6953F", - "Roles": Array [ - Object { - "Ref": "testeventbridgestepfunctionsEventsRuleRoleFFAAD2A8", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventbridgestepfunctionsEventsRuleRoleFFAAD2A8": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testeventbridgestepfunctionsExecutionAbortedAlarmAE0D19A9": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventbridgestepfunctionsStateMachineDD09BCB6", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgestepfunctionsExecutionFailedAlarmA06327F5": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventbridgestepfunctionsStateMachineDD09BCB6", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgestepfunctionsExecutionThrottledAlarm2BC06B74": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventbridgestepfunctionsStateMachineDD09BCB6", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventbridgestepfunctionsStateMachineDD09BCB6": Object { - "DependsOn": Array [ - "testeventbridgestepfunctionsStateMachineRoleDefaultPolicyD88C6FFD", - "testeventbridgestepfunctionsStateMachineRoleB9F78693", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgestepfunctionsStateMachineLogGroup826A5B74", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventbridgestepfunctionsStateMachineRoleB9F78693", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testeventbridgestepfunctionsStateMachineLogGroup826A5B74": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttesteventbridgestepfunctionsstatemachineloge61513a7c3d9", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testeventbridgestepfunctionsStateMachineRoleB9F78693": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testeventbridgestepfunctionsStateMachineRoleDefaultPolicyD88C6FFD": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventbridgestepfunctionsStateMachineRoleDefaultPolicyD88C6FFD", - "Roles": Array [ - Object { - "Ref": "testeventbridgestepfunctionsStateMachineRoleB9F78693", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`snapshot test EventbridgeToStepfunctions existing event bus params 1`] = ` -Object { - "Resources": Object { - "testexistingeventbridgestepfunctionsEventsRuleA20DE119": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testexistingeventbridgestepfunctionsStateMachine86B15A44", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgestepfunctionsEventsRuleRole27A71B6C", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventbridgestepfunctionsEventsRuleRole27A71B6C": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventbridgestepfunctionsEventsRuleRoleDefaultPolicy8EC02AA4": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testexistingeventbridgestepfunctionsStateMachine86B15A44", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventbridgestepfunctionsEventsRuleRoleDefaultPolicy8EC02AA4", - "Roles": Array [ - Object { - "Ref": "testexistingeventbridgestepfunctionsEventsRuleRole27A71B6C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testexistingeventbridgestepfunctionsExecutionAbortedAlarmBE39DD0B": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testexistingeventbridgestepfunctionsStateMachine86B15A44", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testexistingeventbridgestepfunctionsExecutionFailedAlarm1375C3D6": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testexistingeventbridgestepfunctionsStateMachine86B15A44", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testexistingeventbridgestepfunctionsExecutionThrottledAlarm9180B0CE": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testexistingeventbridgestepfunctionsStateMachine86B15A44", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testexistingeventbridgestepfunctionsStateMachine86B15A44": Object { - "DependsOn": Array [ - "testexistingeventbridgestepfunctionsStateMachineRoleDefaultPolicy37FA170E", - "testexistingeventbridgestepfunctionsStateMachineRole43DDAE0D", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgestepfunctionsStateMachineLogGroup491A5CAE", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventbridgestepfunctionsStateMachineRole43DDAE0D", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testexistingeventbridgestepfunctionsStateMachineLogGroup491A5CAE": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttestexistingeventbridgestepfunctionsstatemachinelog9db3ac073f4e", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventbridgestepfunctionsStateMachineRole43DDAE0D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventbridgestepfunctionsStateMachineRoleDefaultPolicy37FA170E": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventbridgestepfunctionsStateMachineRoleDefaultPolicy37FA170E", - "Roles": Array [ - Object { - "Ref": "testexistingeventbridgestepfunctionsStateMachineRole43DDAE0D", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/eventbridge-stepfunctions.test.ts b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/eventbridge-stepfunctions.test.ts index 7cb1d5e83..4aaf6bde6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/eventbridge-stepfunctions.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-eventbridge-stepfunctions/test/eventbridge-stepfunctions.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import * as events from '@aws-cdk/aws-events'; import { EventbridgeToStepfunctions, EventbridgeToStepfunctionsProps } from '../lib/index'; import { Duration } from '@aws-cdk/core'; @@ -54,12 +53,6 @@ function deployNewStateMachineAndEventBus(stack: cdk.Stack) { return new EventbridgeToStepfunctions(stack, 'test-eventbridge-stepfunctions-eventbus', props); } -test('snapshot test EventbridgeToStepfunctions default params', () => { - const stack = new cdk.Stack(); - deployNewStateMachine(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check events rule role policy permissions', () => { const stack = new cdk.Stack(); @@ -150,8 +143,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.stateMachineLogGroup !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -179,26 +170,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventbridgeToStepfunctions existing event bus params', () => { - const stack = new cdk.Stack(); - const startState = new sfn.Pass(stack, 'StartState'); - - const props: EventbridgeToStepfunctionsProps = { - stateMachineProps: { - definition: startState - }, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - - new EventbridgeToStepfunctions(stack, 'test-existing-eventbridge-stepfunctions', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); const startState = new sfn.Pass(stack, 'StartState'); @@ -221,39 +192,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: 'testcustomeventbus' }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - const startState1 = new sfn.Pass(stack, 'StartState1'); - - const props1: EventbridgeToStepfunctionsProps = { - stateMachineProps: { - definition: startState1 - }, - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - - const startState2 = new sfn.Pass(stack, 'StartState2'); - - const props2: EventbridgeToStepfunctionsProps = { - stateMachineProps: { - definition: startState2 - }, - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventbridgeToStepfunctions(stack, 'test-new-eventbridge-stepfunctions1', props1); - new EventbridgeToStepfunctions(stack, 'test-new-eventbridge-stepfunctions2', props2); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/__snapshots__/events-rule-kinesisfirehose-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/__snapshots__/events-rule-kinesisfirehose-s3.test.js.snap deleted file mode 100644 index c0b055094..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/__snapshots__/events-rule-kinesisfirehose-s3.test.js.snap +++ /dev/null @@ -1,2242 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test snapshot match with default parameters 1`] = ` -Object { - "Resources": Object { - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWEventsRule231C9A1C": Object { - "Properties": Object { - "Description": "event rule props", - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3KinesisFirehoseE1E70A8A", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWEventsRuleInvokeKinesisFirehoseRole31E4422A", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWEventsRuleInvokeKinesisFirehosePolicy0A5464DF": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:PutRecord", - "firehose:PutRecordBatch", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3KinesisFirehoseE1E70A8A", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "kinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWEventsRuleInvokeKinesisFirehosePolicy0A5464DF", - "Roles": Array [ - Object { - "Ref": "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWEventsRuleInvokeKinesisFirehoseRole31E4422A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWEventsRuleInvokeKinesisFirehoseRole31E4422A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule To Kinesis Firehose Role", - }, - "Type": "AWS::IAM::Role", - }, - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3KinesisFirehoseE1E70A8A": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3Bucket84D286D2", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3firehoseloggroupEFEFBB43", - }, - "LogStreamName": Object { - "Ref": "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3firehoseloggroupfirehoselogstream7EEC31E1", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3KinesisFirehoseRole7BCEFD7F", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3KinesisFirehosePolicy59C959E0": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3Bucket84D286D2", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3Bucket84D286D2", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3firehoseloggroupEFEFBB43", - }, - ":log-stream:", - Object { - "Ref": "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3firehoseloggroupfirehoselogstream7EEC31E1", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "esisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3KinesisFirehosePolicy59C959E0", - "Roles": Array [ - Object { - "Ref": "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3KinesisFirehoseRole7BCEFD7F", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3KinesisFirehoseRole7BCEFD7F": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3Bucket84D286D2": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3LoggingBucket598555FD", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3BucketPolicyA1D61C49": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3Bucket84D286D2", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3Bucket84D286D2", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3Bucket84D286D2", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3LoggingBucket598555FD": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3LoggingBucketPolicyBBDC87C8": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3LoggingBucket598555FD", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3LoggingBucket598555FD", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3S3LoggingBucket598555FD", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3firehoseloggroupEFEFBB43": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3firehoseloggroupfirehoselogstream7EEC31E1": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testeventsrulekinesisfirehoses3defaultparameterstesteventsrulekinesisfirehoses3defaultparametersWKinesisFirehoseToS3firehoseloggroupEFEFBB43", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Resources": Object { - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWCustomEventBusDC0B1528": Object { - "Properties": Object { - "Name": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWCustomEventBus733832E5", - }, - "Type": "AWS::Events::EventBus", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWEventsRule6405B59E": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWCustomEventBusDC0B1528", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3KinesisFirehose359E5CB2", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWEventsRuleInvokeKinesisFirehoseRole4A78641F", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWEventsRuleInvokeKinesisFirehosePolicyED42C0A7": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:PutRecord", - "firehose:PutRecordBatch", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3KinesisFirehose359E5CB2", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "rulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWEventsRuleInvokeKinesisFirehosePolicyED42C0A7", - "Roles": Array [ - Object { - "Ref": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWEventsRuleInvokeKinesisFirehoseRole4A78641F", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWEventsRuleInvokeKinesisFirehoseRole4A78641F": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule To Kinesis Firehose Role", - }, - "Type": "AWS::IAM::Role", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3KinesisFirehose359E5CB2": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3Bucket23F44FFE", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3firehoseloggroup714598F2", - }, - "LogStreamName": Object { - "Ref": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3firehoseloggroupfirehoselogstream42B0168A", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3KinesisFirehoseRole03B14AF1", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3KinesisFirehosePolicy01068871": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3Bucket23F44FFE", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3Bucket23F44FFE", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3firehoseloggroup714598F2", - }, - ":log-stream:", - Object { - "Ref": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3firehoseloggroupfirehoselogstream42B0168A", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "ekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3KinesisFirehosePolicy01068871", - "Roles": Array [ - Object { - "Ref": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3KinesisFirehoseRole03B14AF1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3KinesisFirehoseRole03B14AF1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3Bucket23F44FFE": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3LoggingBucketA996F4EA", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3BucketPolicy42227E47": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3Bucket23F44FFE", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3Bucket23F44FFE", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3Bucket23F44FFE", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3LoggingBucketA996F4EA": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3LoggingBucketPolicyAE23D8B9": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3LoggingBucketA996F4EA", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3LoggingBucketA996F4EA", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3S3LoggingBucketA996F4EA", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3firehoseloggroup714598F2": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3firehoseloggroupfirehoselogstream42B0168A": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testeventsrulekinesisfirehosedefaultparameterstesteventsrulekinesisfirehosedefaultparametersWKinesisFirehoseToS3firehoseloggroup714598F2", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Resources": Object { - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WCustomEventBus5B5E4452": Object { - "Properties": Object { - "Name": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WCustomEventBus4EEAAC29", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WEventsRuleE79A7687": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WCustomEventBus5B5E4452", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3KinesisFirehoseA95F57ED", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WEventsRuleInvokeKinesisFirehoseRole2D9787E0", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WEventsRuleInvokeKinesisFirehosePolicy70C58056": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:PutRecord", - "firehose:PutRecordBatch", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3KinesisFirehoseA95F57ED", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WEventsRuleInvokeKinesisFirehosePolicy70C58056", - "Roles": Array [ - Object { - "Ref": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WEventsRuleInvokeKinesisFirehoseRole2D9787E0", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WEventsRuleInvokeKinesisFirehoseRole2D9787E0": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule To Kinesis Firehose Role", - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3KinesisFirehoseA95F57ED": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3Bucket53A32F6A", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3firehoseloggroupB080DEC3", - }, - "LogStreamName": Object { - "Ref": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3firehoseloggroupfirehoselogstream42131EDC", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3KinesisFirehoseRole48DDB6F3", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3KinesisFirehosePolicy0520BA1E": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3Bucket53A32F6A", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3Bucket53A32F6A", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3firehoseloggroupB080DEC3", - }, - ":log-stream:", - Object { - "Ref": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3firehoseloggroupfirehoselogstream42131EDC", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3KinesisFirehosePolicy0520BA1E", - "Roles": Array [ - Object { - "Ref": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3KinesisFirehoseRole48DDB6F3", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3KinesisFirehoseRole48DDB6F3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3Bucket53A32F6A": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3LoggingBucket95C77672", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3BucketPolicy9DCFF8E9": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3Bucket53A32F6A", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3Bucket53A32F6A", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3Bucket53A32F6A", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3LoggingBucket95C77672": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3LoggingBucketPolicy36080103": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3LoggingBucket95C77672", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3LoggingBucket95C77672", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3S3LoggingBucket95C77672", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3firehoseloggroupB080DEC3": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3firehoseloggroupfirehoselogstream42131EDC": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testneweventsrulekinesisfirehose1testneweventsrulekinesisfirehose1WKinesisFirehoseToS3firehoseloggroupB080DEC3", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WCustomEventBusC5F2EC35": Object { - "Properties": Object { - "Name": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WCustomEventBus874FF828", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WEventsRuleD8710394": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WCustomEventBusC5F2EC35", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3KinesisFirehoseA7686855", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WEventsRuleInvokeKinesisFirehoseRoleEB85507E", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WEventsRuleInvokeKinesisFirehosePolicyB19D8441": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:PutRecord", - "firehose:PutRecordBatch", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3KinesisFirehoseA7686855", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WEventsRuleInvokeKinesisFirehosePolicyB19D8441", - "Roles": Array [ - Object { - "Ref": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WEventsRuleInvokeKinesisFirehoseRoleEB85507E", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WEventsRuleInvokeKinesisFirehoseRoleEB85507E": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule To Kinesis Firehose Role", - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3KinesisFirehoseA7686855": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3Bucket01018DDF", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3firehoseloggroupA88358AB", - }, - "LogStreamName": Object { - "Ref": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3firehoseloggroupfirehoselogstreamA84741AB", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3KinesisFirehoseRoleEA8A162C", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3KinesisFirehosePolicy8BF521E7": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3Bucket01018DDF", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3Bucket01018DDF", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3firehoseloggroupA88358AB", - }, - ":log-stream:", - Object { - "Ref": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3firehoseloggroupfirehoselogstreamA84741AB", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3KinesisFirehosePolicy8BF521E7", - "Roles": Array [ - Object { - "Ref": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3KinesisFirehoseRoleEA8A162C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3KinesisFirehoseRoleEA8A162C": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3Bucket01018DDF": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3LoggingBucket1125F06F", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3BucketPolicy68147434": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3Bucket01018DDF", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3Bucket01018DDF", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3Bucket01018DDF", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3LoggingBucket1125F06F": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3LoggingBucketPolicyA4163089": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3LoggingBucket1125F06F", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3LoggingBucket1125F06F", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3S3LoggingBucket1125F06F", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3firehoseloggroupA88358AB": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3firehoseloggroupfirehoselogstreamA84741AB": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testneweventsrulekinesisfirehose2testneweventsrulekinesisfirehose2WKinesisFirehoseToS3firehoseloggroupA88358AB", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; - -exports[`snapshot test EventsRuleToKinesisFirehose existing event bus params 1`] = ` -Object { - "Resources": Object { - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWEventsRule199C6397": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3KinesisFirehose5BD3CDC8", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWEventsRuleInvokeKinesisFirehoseRole6538EF44", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWEventsRuleInvokeKinesisFirehosePolicy72F0E72E": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:PutRecord", - "firehose:PutRecordBatch", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3KinesisFirehose5BD3CDC8", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWEventsRuleInvokeKinesisFirehosePolicy72F0E72E", - "Roles": Array [ - Object { - "Ref": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWEventsRuleInvokeKinesisFirehoseRole6538EF44", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWEventsRuleInvokeKinesisFirehoseRole6538EF44": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule To Kinesis Firehose Role", - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3KinesisFirehose5BD3CDC8": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3Bucket7FC695A6", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3firehoseloggroup14BECCD5", - }, - "LogStreamName": Object { - "Ref": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3firehoseloggroupfirehoselogstreamC6D12661", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3KinesisFirehoseRole64EF3B2D", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3KinesisFirehosePolicyE81FE550": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3Bucket7FC695A6", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3Bucket7FC695A6", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3firehoseloggroup14BECCD5", - }, - ":log-stream:", - Object { - "Ref": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3firehoseloggroupfirehoselogstreamC6D12661", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3KinesisFirehosePolicyE81FE550", - "Roles": Array [ - Object { - "Ref": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3KinesisFirehoseRole64EF3B2D", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3KinesisFirehoseRole64EF3B2D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3Bucket7FC695A6": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3LoggingBucket7D1A0A6C", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3BucketPolicyB93D78A6": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3Bucket7FC695A6", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3Bucket7FC695A6", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3Bucket7FC695A6", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3LoggingBucket7D1A0A6C": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3LoggingBucketPolicy6DD495DA": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3LoggingBucket7D1A0A6C", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3LoggingBucket7D1A0A6C", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3S3LoggingBucket7D1A0A6C", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3firehoseloggroup14BECCD5": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3firehoseloggroupfirehoselogstreamC6D12661": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testexistingeventsrulekinesisfirehosetestexistingeventsrulekinesisfirehoseWKinesisFirehoseToS3firehoseloggroup14BECCD5", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/events-rule-kinesisfirehose-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/events-rule-kinesisfirehose-s3.test.ts index 848cc7417..b0771826a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/events-rule-kinesisfirehose-s3.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisfirehose-s3/test/events-rule-kinesisfirehose-s3.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import * as cdk from "@aws-cdk/core"; import * as s3 from "@aws-cdk/aws-s3"; import * as events from "@aws-cdk/aws-events"; @@ -31,14 +30,6 @@ function deployNewStack(stack: cdk.Stack) { return new EventsRuleToKinesisFirehoseToS3(stack, 'test-events-rule-kinesis-firehose-s3-default-parameters', props); } -test('Test snapshot match with default parameters', () => { - const stack = new cdk.Stack(); - deployNewStack(stack); - - // Assertions - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test properties // -------------------------------------------------------------- @@ -173,8 +164,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.s3Bucket !== null); expect(construct.s3LoggingBucket !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -198,20 +187,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventsRuleToKinesisFirehose existing event bus params', () => { - const stack = new cdk.Stack(); - const props: EventsRuleToKinesisFirehoseToS3Props = { - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - new EventsRuleToKinesisFirehoseToS3(stack, 'test-existing-eventsrule-kinesisfirehose', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); @@ -230,21 +205,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: `testeventbus` }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - - const props: EventsRuleToKinesisFirehoseToS3Props = { - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventsRuleToKinesisFirehoseToS3(stack, 'test-new-eventsrule-kinesisfirehose1', props); - new EventsRuleToKinesisFirehoseToS3(stack, 'test-new-eventsrule-kinesisfirehose2', props); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisstreams/test/__snapshots__/events-rule-kinesisstreams.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisstreams/test/__snapshots__/events-rule-kinesisstreams.test.js.snap deleted file mode 100644 index 0500b5128..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisstreams/test/__snapshots__/events-rule-kinesisstreams.test.js.snap +++ /dev/null @@ -1,742 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test existing resources 1`] = ` -Object { - "Resources": Object { - "testeventsrulekinesisstreamexistingresourcetesteventsrulekinesisstreamexistingresourceWEventsRuleE1CDDC86": Object { - "Properties": Object { - "Description": "event rule props", - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testexistingstreamA6CF7AE7", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisstreamexistingresourcetesteventsrulekinesisstreamexistingresourceWeventsRoleA4611D14", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventsrulekinesisstreamexistingresourcetesteventsrulekinesisstreamexistingresourceWKinesisStreamGetRecordsIteratorAgeAlarm75C03BAF": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventsrulekinesisstreamexistingresourcetesteventsrulekinesisstreamexistingresourceWKinesisStreamReadProvisionedThroughputExceededAlarmA3CD49C6": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventsrulekinesisstreamexistingresourcetesteventsrulekinesisstreamexistingresourceWeventsRoleA4611D14": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testeventsrulekinesisstreamexistingresourcetesteventsrulekinesisstreamexistingresourceWeventsRoleDefaultPolicy54FB5780": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingstreamA6CF7AE7", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventsrulekinesisstreamexistingresourcetesteventsrulekinesisstreamexistingresourceWeventsRoleDefaultPolicy54FB5780", - "Roles": Array [ - Object { - "Ref": "testeventsrulekinesisstreamexistingresourcetesteventsrulekinesisstreamexistingresourceWeventsRoleA4611D14", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testexistingstreamA6CF7AE7": Object { - "Properties": Object { - "Name": "existing-stream", - "RetentionPeriodHours": 48, - "ShardCount": 5, - }, - "Type": "AWS::Kinesis::Stream", - }, - }, -} -`; - -exports[`Test snapshot match with default parameters 1`] = ` -Object { - "Resources": Object { - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWEventsRule3B0BBD02": Object { - "Properties": Object { - "Description": "event rule props", - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWKinesisStreamEB30AB36", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWeventsRole02A0AEFA", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWKinesisStreamEB30AB36": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWKinesisStreamGetRecordsIteratorAgeAlarm6B710C39": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWKinesisStreamReadProvisionedThroughputExceededAlarm530C042A": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWeventsRole02A0AEFA": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWeventsRoleDefaultPolicyAAE313AA": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWKinesisStreamEB30AB36", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWeventsRoleDefaultPolicyAAE313AA", - "Roles": Array [ - Object { - "Ref": "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWeventsRole02A0AEFA", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Resources": Object { - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWCustomEventBusE379FB3A": Object { - "Properties": Object { - "Name": "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWCustomEventBusC4EC5A85", - }, - "Type": "AWS::Events::EventBus", - }, - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWEventsRule3B0BBD02": Object { - "Properties": Object { - "Description": "event rule props", - "EventBusName": Object { - "Ref": "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWCustomEventBusE379FB3A", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWKinesisStreamEB30AB36", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWeventsRole02A0AEFA", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWKinesisStreamEB30AB36": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWKinesisStreamGetRecordsIteratorAgeAlarm6B710C39": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWKinesisStreamReadProvisionedThroughputExceededAlarm530C042A": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWeventsRole02A0AEFA": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWeventsRoleDefaultPolicyAAE313AA": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWKinesisStreamEB30AB36", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWeventsRoleDefaultPolicyAAE313AA", - "Roles": Array [ - Object { - "Ref": "testeventsrulekinesisstreamsdefaultparameterstesteventsrulekinesisstreamsdefaultparametersWeventsRole02A0AEFA", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Resources": Object { - "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WCustomEventBusCB793FD2": Object { - "Properties": Object { - "Name": "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WCustomEventBus370A4667", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WEventsRule68EE3DEC": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WCustomEventBusCB793FD2", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WKinesisStream405ABD89", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WeventsRoleF8A00A46", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WKinesisStream405ABD89": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WKinesisStreamGetRecordsIteratorAgeAlarm10EF9BCB": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WKinesisStreamReadProvisionedThroughputExceededAlarm130E52F3": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WeventsRoleDefaultPolicy887766E9": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WKinesisStream405ABD89", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WeventsRoleDefaultPolicy887766E9", - "Roles": Array [ - Object { - "Ref": "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WeventsRoleF8A00A46", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventsrulekinesisstreams1testneweventsrulekinesisstreams1WeventsRoleF8A00A46": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WCustomEventBus104AF840": Object { - "Properties": Object { - "Name": "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WCustomEventBus153160C3", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WEventsRule80162E43": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WCustomEventBus104AF840", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WKinesisStream652ED8BF", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WeventsRole052FF25B", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WKinesisStream652ED8BF": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WKinesisStreamGetRecordsIteratorAgeAlarmC6800575": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WKinesisStreamReadProvisionedThroughputExceededAlarm27C47D57": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WeventsRole052FF25B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WeventsRoleDefaultPolicy9776E535": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WKinesisStream652ED8BF", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WeventsRoleDefaultPolicy9776E535", - "Roles": Array [ - Object { - "Ref": "testneweventsrulekinesisstreams2testneweventsrulekinesisstreams2WeventsRole052FF25B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`snapshot test EventsRuleToKinesisStreams existing event bus params 1`] = ` -Object { - "Resources": Object { - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - "testexistingeventsrulekinesisstreamstestexistingeventsrulekinesisstreamsWEventsRule93E97062": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisstreamstestexistingeventsrulekinesisstreamsWKinesisStream75CA0531", - "Arn", - ], - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisstreamstestexistingeventsrulekinesisstreamsWeventsRole5CA69F99", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventsrulekinesisstreamstestexistingeventsrulekinesisstreamsWKinesisStream75CA0531": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testexistingeventsrulekinesisstreamstestexistingeventsrulekinesisstreamsWKinesisStreamGetRecordsIteratorAgeAlarm12C7C44D": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testexistingeventsrulekinesisstreamstestexistingeventsrulekinesisstreamsWKinesisStreamReadProvisionedThroughputExceededAlarm52D4EB2F": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testexistingeventsrulekinesisstreamstestexistingeventsrulekinesisstreamsWeventsRole5CA69F99": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Events Rule Role", - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventsrulekinesisstreamstestexistingeventsrulekinesisstreamsWeventsRoleDefaultPolicyE5FEBF35": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:ListShards", - "kinesis:PutRecord", - "kinesis:PutRecords", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulekinesisstreamstestexistingeventsrulekinesisstreamsWKinesisStream75CA0531", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventsrulekinesisstreamstestexistingeventsrulekinesisstreamsWeventsRoleDefaultPolicyE5FEBF35", - "Roles": Array [ - Object { - "Ref": "testexistingeventsrulekinesisstreamstestexistingeventsrulekinesisstreamsWeventsRole5CA69F99", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisstreams/test/events-rule-kinesisstreams.test.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisstreams/test/events-rule-kinesisstreams.test.ts index cfff4eede..6a5c3b17f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisstreams/test/events-rule-kinesisstreams.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-kinesisstreams/test/events-rule-kinesisstreams.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import * as cdk from "@aws-cdk/core"; import * as events from "@aws-cdk/aws-events"; import * as kinesis from '@aws-cdk/aws-kinesis'; @@ -31,14 +30,6 @@ function deployNewStack(stack: cdk.Stack) { return new EventsRuleToKinesisStreams(stack, 'test-events-rule-kinesis-streams-default-parameters', props); } -test('Test snapshot match with default parameters', () => { - const stack = new cdk.Stack(); - deployNewStack(stack); - - // Assertions - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test properties // -------------------------------------------------------------- @@ -90,8 +81,6 @@ test('Test existing resources', () => { } }); - // Assertions - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(stack).toHaveResource('AWS::Kinesis::Stream', { Name: 'existing-stream', ShardCount: 5, @@ -117,8 +106,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.kinesisStream !== null); expect(construct.eventsRole !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -142,20 +129,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventsRuleToKinesisStreams existing event bus params', () => { - const stack = new cdk.Stack(); - const props: EventsRuleToKinesisStreamsProps = { - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - new EventsRuleToKinesisStreams(stack, 'test-existing-eventsrule-kinesisstreams', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); @@ -174,21 +147,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: `testeventbus` }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - - const props: EventsRuleToKinesisStreamsProps = { - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventsRuleToKinesisStreams(stack, 'test-new-eventsrule-kinesisstreams1', props); - new EventsRuleToKinesisStreams(stack, 'test-new-eventsrule-kinesisstreams2', props); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap deleted file mode 100644 index 1818cc735..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/__snapshots__/events-rule-lambda.test.js.snap +++ /dev/null @@ -1,1172 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testneweventsrulelambdatestneweventsrulelambdaWCustomEventBusACACFB40": Object { - "Properties": Object { - "Name": "testneweventsrulelambdatestneweventsrulelambdaWCustomEventBus4B53AC86", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulelambdatestneweventsrulelambdaWEventsRule61826461": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulelambdatestneweventsrulelambdaWCustomEventBusACACFB40", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambdatestneweventsrulelambdaWLambdaFunction82A6BFDD", - "Arn", - ], - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulelambdatestneweventsrulelambdaWLambdaFunction82A6BFDD": Object { - "DependsOn": Array [ - "testneweventsrulelambdatestneweventsrulelambdaWLambdaFunctionServiceRoleDefaultPolicyA4A6E440", - "testneweventsrulelambdatestneweventsrulelambdaWLambdaFunctionServiceRole1A592834", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambdatestneweventsrulelambdaWLambdaFunctionServiceRole1A592834", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testneweventsrulelambdatestneweventsrulelambdaWLambdaFunctionAwsEventsLambdaInvokePermission1963A2F59": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambdatestneweventsrulelambdaWLambdaFunction82A6BFDD", - "Arn", - ], - }, - "Principal": "events.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambdatestneweventsrulelambdaWEventsRule61826461", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testneweventsrulelambdatestneweventsrulelambdaWLambdaFunctionServiceRole1A592834": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulelambdatestneweventsrulelambdaWLambdaFunctionServiceRoleDefaultPolicyA4A6E440": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulelambdatestneweventsrulelambdaWLambdaFunctionServiceRoleDefaultPolicyA4A6E440", - "Roles": Array [ - Object { - "Ref": "testneweventsrulelambdatestneweventsrulelambdaWLambdaFunctionServiceRole1A592834", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testneweventsrulelambda1testneweventsrulelambda1WCustomEventBusD70475EA": Object { - "Properties": Object { - "Name": "testneweventsrulelambda1testneweventsrulelambda1WCustomEventBusCCFC7671", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulelambda1testneweventsrulelambda1WEventsRuleCAF3D220": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulelambda1testneweventsrulelambda1WCustomEventBusD70475EA", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambda1testneweventsrulelambda1WLambdaFunction508366E8", - "Arn", - ], - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulelambda1testneweventsrulelambda1WLambdaFunction508366E8": Object { - "DependsOn": Array [ - "testneweventsrulelambda1testneweventsrulelambda1WLambdaFunctionServiceRoleDefaultPolicy2EDAC674", - "testneweventsrulelambda1testneweventsrulelambda1WLambdaFunctionServiceRole44F29D0D", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambda1testneweventsrulelambda1WLambdaFunctionServiceRole44F29D0D", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testneweventsrulelambda1testneweventsrulelambda1WLambdaFunctionAwsEventsLambdaInvokePermission1BD774C6A": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambda1testneweventsrulelambda1WLambdaFunction508366E8", - "Arn", - ], - }, - "Principal": "events.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambda1testneweventsrulelambda1WEventsRuleCAF3D220", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testneweventsrulelambda1testneweventsrulelambda1WLambdaFunctionServiceRole44F29D0D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulelambda1testneweventsrulelambda1WLambdaFunctionServiceRoleDefaultPolicy2EDAC674": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulelambda1testneweventsrulelambda1WLambdaFunctionServiceRoleDefaultPolicy2EDAC674", - "Roles": Array [ - Object { - "Ref": "testneweventsrulelambda1testneweventsrulelambda1WLambdaFunctionServiceRole44F29D0D", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventsrulelambda2testneweventsrulelambda2WCustomEventBusECAFE55E": Object { - "Properties": Object { - "Name": "testneweventsrulelambda2testneweventsrulelambda2WCustomEventBus8B7AB031", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulelambda2testneweventsrulelambda2WEventsRule3AEF73E1": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulelambda2testneweventsrulelambda2WCustomEventBusECAFE55E", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambda2testneweventsrulelambda2WLambdaFunction0603676F", - "Arn", - ], - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulelambda2testneweventsrulelambda2WLambdaFunction0603676F": Object { - "DependsOn": Array [ - "testneweventsrulelambda2testneweventsrulelambda2WLambdaFunctionServiceRoleDefaultPolicyC838EF33", - "testneweventsrulelambda2testneweventsrulelambda2WLambdaFunctionServiceRoleE2024B15", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambda2testneweventsrulelambda2WLambdaFunctionServiceRoleE2024B15", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testneweventsrulelambda2testneweventsrulelambda2WLambdaFunctionAwsEventsLambdaInvokePermission19D4CBF19": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambda2testneweventsrulelambda2WLambdaFunction0603676F", - "Arn", - ], - }, - "Principal": "events.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulelambda2testneweventsrulelambda2WEventsRule3AEF73E1", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testneweventsrulelambda2testneweventsrulelambda2WLambdaFunctionServiceRoleDefaultPolicyC838EF33": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulelambda2testneweventsrulelambda2WLambdaFunctionServiceRoleDefaultPolicyC838EF33", - "Roles": Array [ - Object { - "Ref": "testneweventsrulelambda2testneweventsrulelambda2WLambdaFunctionServiceRoleE2024B15", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventsrulelambda2testneweventsrulelambda2WLambdaFunctionServiceRoleE2024B15": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - }, -} -`; - -exports[`snapshot test EventsRuleToLambda default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testeventsrulelambdatesteventsrulelambdaWEventsRule1B328BFB": Object { - "Properties": Object { - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventsrulelambdatesteventsrulelambdaWLambdaFunction5EE557E8", - "Arn", - ], - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventsrulelambdatesteventsrulelambdaWLambdaFunction5EE557E8": Object { - "DependsOn": Array [ - "testeventsrulelambdatesteventsrulelambdaWLambdaFunctionServiceRoleDefaultPolicyD705B722", - "testeventsrulelambdatesteventsrulelambdaWLambdaFunctionServiceRoleFF9B9BDB", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testeventsrulelambdatesteventsrulelambdaWLambdaFunctionServiceRoleFF9B9BDB", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testeventsrulelambdatesteventsrulelambdaWLambdaFunctionAwsEventsLambdaInvokePermission135EE70F4": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testeventsrulelambdatesteventsrulelambdaWLambdaFunction5EE557E8", - "Arn", - ], - }, - "Principal": "events.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testeventsrulelambdatesteventsrulelambdaWEventsRule1B328BFB", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testeventsrulelambdatesteventsrulelambdaWLambdaFunctionServiceRoleDefaultPolicyD705B722": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventsrulelambdatesteventsrulelambdaWLambdaFunctionServiceRoleDefaultPolicyD705B722", - "Roles": Array [ - Object { - "Ref": "testeventsrulelambdatesteventsrulelambdaWLambdaFunctionServiceRoleFF9B9BDB", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventsrulelambdatesteventsrulelambdaWLambdaFunctionServiceRoleFF9B9BDB": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - }, -} -`; - -exports[`snapshot test EventsRuleToLambda existing event bus params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - "testexistingeventsrulelambdatestexistingeventsrulelambdaWEventsRuleEC7E86AC": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulelambdatestexistingeventsrulelambdaWLambdaFunction761A16B3", - "Arn", - ], - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventsrulelambdatestexistingeventsrulelambdaWLambdaFunction761A16B3": Object { - "DependsOn": Array [ - "testexistingeventsrulelambdatestexistingeventsrulelambdaWLambdaFunctionServiceRoleDefaultPolicy9D955941", - "testexistingeventsrulelambdatestexistingeventsrulelambdaWLambdaFunctionServiceRoleBE7F5B75", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulelambdatestexistingeventsrulelambdaWLambdaFunctionServiceRoleBE7F5B75", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testexistingeventsrulelambdatestexistingeventsrulelambdaWLambdaFunctionAwsEventsLambdaInvokePermission19C6183E3": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulelambdatestexistingeventsrulelambdaWLambdaFunction761A16B3", - "Arn", - ], - }, - "Principal": "events.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulelambdatestexistingeventsrulelambdaWEventsRuleEC7E86AC", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testexistingeventsrulelambdatestexistingeventsrulelambdaWLambdaFunctionServiceRoleBE7F5B75": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventsrulelambdatestexistingeventsrulelambdaWLambdaFunctionServiceRoleDefaultPolicy9D955941": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventsrulelambdatestexistingeventsrulelambdaWLambdaFunctionServiceRoleDefaultPolicy9D955941", - "Roles": Array [ - Object { - "Ref": "testexistingeventsrulelambdatestexistingeventsrulelambdaWLambdaFunctionServiceRoleBE7F5B75", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/events-rule-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/events-rule-lambda.test.ts index 0e1973dd3..94a73744f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/events-rule-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-lambda/test/events-rule-lambda.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import * as lambda from '@aws-cdk/aws-lambda'; import * as events from '@aws-cdk/aws-events'; import { EventsRuleToLambdaProps, EventsRuleToLambda } from '../lib/index'; @@ -50,12 +49,6 @@ function deployNewEventBus(stack: cdk.Stack) { return new EventsRuleToLambda(stack, 'test-new-eventsrule-lambda', props); } -test('snapshot test EventsRuleToLambda default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check lambda function properties for deploy: true', () => { const stack = new cdk.Stack(); @@ -216,8 +209,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.lambdaFunction !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -246,25 +237,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventsRuleToLambda existing event bus params', () => { - const stack = new cdk.Stack(); - const props: EventsRuleToLambdaProps = { - lambdaFunctionProps: { - code: lambda.Code.fromAsset(`${__dirname}/lambda`), - runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler' - }, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - new EventsRuleToLambda(stack, 'test-existing-eventsrule-lambda', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); @@ -288,26 +260,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: `testeventbus` }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - - const props: EventsRuleToLambdaProps = { - lambdaFunctionProps: { - code: lambda.Code.fromAsset(`${__dirname}/lambda`), - runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler' - }, - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventsRuleToLambda(stack, 'test-new-eventsrule-lambda1', props); - new EventsRuleToLambda(stack, 'test-new-eventsrule-lambda2', props); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/test/__snapshots__/events-rule-sns-topic.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/test/__snapshots__/events-rule-sns-topic.test.js.snap deleted file mode 100644 index 67c1bcf5d..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/test/__snapshots__/events-rule-sns-topic.test.js.snap +++ /dev/null @@ -1,1036 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Resources": Object { - "testneweventbustestneweventbusWCustomEventBusF2664EFE": Object { - "Properties": Object { - "Name": "testneweventbustestneweventbusWCustomEventBus51480605", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventbustestneweventbusWEncryptionKeyCEA853ED": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testneweventbustestneweventbusWEventsRuleB426C87E": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventbustestneweventbusWCustomEventBusF2664EFE", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testneweventbustestneweventbusWSnsTopic2702F6D7", - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testneweventbustestneweventbusWSnsTopic2702F6D7", - "TopicName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventbustestneweventbusWSnsTopic2702F6D7": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testneweventbustestneweventbusWEncryptionKeyCEA853ED", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testneweventbustestneweventbusWSnsTopicPolicyB728B045": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testneweventbustestneweventbusWSnsTopic2702F6D7", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testneweventbustestneweventbusWSnsTopic2702F6D7", - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Ref": "testneweventbustestneweventbusWSnsTopic2702F6D7", - }, - "Sid": "2", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testneweventbustestneweventbusWSnsTopic2702F6D7", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Resources": Object { - "testneweventsrulesns1testneweventsrulesns1WCustomEventBus92059687": Object { - "Properties": Object { - "Name": "testneweventsrulesns1testneweventsrulesns1WCustomEventBus3405BE4B", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulesns1testneweventsrulesns1WEncryptionKey897A7F56": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulesns1testneweventsrulesns1WEventsRule8D7B1276": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulesns1testneweventsrulesns1WCustomEventBus92059687", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testneweventsrulesns1testneweventsrulesns1WSnsTopic5FA11EB4", - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesns1testneweventsrulesns1WSnsTopic5FA11EB4", - "TopicName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulesns1testneweventsrulesns1WSnsTopic5FA11EB4": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesns1testneweventsrulesns1WEncryptionKey897A7F56", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testneweventsrulesns1testneweventsrulesns1WSnsTopicPolicy63BBE31D": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testneweventsrulesns1testneweventsrulesns1WSnsTopic5FA11EB4", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testneweventsrulesns1testneweventsrulesns1WSnsTopic5FA11EB4", - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Ref": "testneweventsrulesns1testneweventsrulesns1WSnsTopic5FA11EB4", - }, - "Sid": "2", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testneweventsrulesns1testneweventsrulesns1WSnsTopic5FA11EB4", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - "testneweventsrulesns2testneweventsrulesns2WCustomEventBus627A5C94": Object { - "Properties": Object { - "Name": "testneweventsrulesns2testneweventsrulesns2WCustomEventBus7D2C1571", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulesns2testneweventsrulesns2WEncryptionKey8192A4D6": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulesns2testneweventsrulesns2WEventsRule3B7FEBA5": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulesns2testneweventsrulesns2WCustomEventBus627A5C94", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testneweventsrulesns2testneweventsrulesns2WSnsTopic40FFC103", - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesns2testneweventsrulesns2WSnsTopic40FFC103", - "TopicName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulesns2testneweventsrulesns2WSnsTopic40FFC103": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesns2testneweventsrulesns2WEncryptionKey8192A4D6", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testneweventsrulesns2testneweventsrulesns2WSnsTopicPolicyBD757099": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testneweventsrulesns2testneweventsrulesns2WSnsTopic40FFC103", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testneweventsrulesns2testneweventsrulesns2WSnsTopic40FFC103", - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Ref": "testneweventsrulesns2testneweventsrulesns2WSnsTopic40FFC103", - }, - "Sid": "2", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testneweventsrulesns2testneweventsrulesns2WSnsTopic40FFC103", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; - -exports[`snapshot test EventsRuleToSns default params 1`] = ` -Object { - "Resources": Object { - "testtestWEncryptionKeyC6B126B6": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testtestWEventsRuleDF9938A8": Object { - "Properties": Object { - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testtestWSnsTopicBFF33C41", - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testtestWSnsTopicBFF33C41", - "TopicName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testtestWSnsTopicBFF33C41": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testtestWEncryptionKeyC6B126B6", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testtestWSnsTopicPolicy2A17B1B5": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testtestWSnsTopicBFF33C41", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testtestWSnsTopicBFF33C41", - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Ref": "testtestWSnsTopicBFF33C41", - }, - "Sid": "2", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testtestWSnsTopicBFF33C41", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; - -exports[`snapshot test EventsruleToSns existing event bus params 1`] = ` -Object { - "Resources": Object { - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - "testexistingeventsrulesnstestexistingeventsrulesnsWEncryptionKeyA657F0B7": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventsrulesnstestexistingeventsrulesnsWEventsRuleC69BF9D5": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testexistingeventsrulesnstestexistingeventsrulesnsWSnsTopicB26AB7C3", - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulesnstestexistingeventsrulesnsWSnsTopicB26AB7C3", - "TopicName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventsrulesnstestexistingeventsrulesnsWSnsTopicB26AB7C3": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulesnstestexistingeventsrulesnsWEncryptionKeyA657F0B7", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testexistingeventsrulesnstestexistingeventsrulesnsWSnsTopicPolicyF0C4F75A": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testexistingeventsrulesnstestexistingeventsrulesnsWSnsTopicB26AB7C3", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testexistingeventsrulesnstestexistingeventsrulesnsWSnsTopicB26AB7C3", - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Ref": "testexistingeventsrulesnstestexistingeventsrulesnsWSnsTopicB26AB7C3", - }, - "Sid": "2", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testexistingeventsrulesnstestexistingeventsrulesnsWSnsTopicB26AB7C3", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/test/events-rule-sns-topic.test.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/test/events-rule-sns-topic.test.ts index bea74c2a2..4de80ea44 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/test/events-rule-sns-topic.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-sns/test/events-rule-sns-topic.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import * as cdk from "@aws-cdk/core"; import * as events from "@aws-cdk/aws-events"; import * as defaults from '@aws-solutions-constructs/core'; @@ -39,12 +38,6 @@ function deployStackWithNewEventBus(stack: cdk.Stack) { return new EventsRuleToSns(stack, 'test-neweventbus', props); } -test('snapshot test EventsRuleToSns default params', () => { - const stack = new cdk.Stack(); - deployNewStack(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check if the event rule has permission/policy in place in sns for it to be able to publish to the topic', () => { const stack = new cdk.Stack(); deployNewStack(stack); @@ -213,63 +206,6 @@ test('check the sns topic properties with existing KMS key', () => { }); expect(stack).toHaveResource('AWS::KMS::Key', { - KeyPolicy: { - Statement: [ - { - Action: [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource" - ], - Effect: "Allow", - Principal: { - AWS: { - "Fn::Join": [ - "", - [ - "arn:", - { - Ref: "AWS::Partition" - }, - ":iam::", - { - Ref: "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - Resource: "*" - }, - { - Action: [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - Effect: "Allow", - Principal: { - Service: "events.amazonaws.com" - }, - Resource: "*" - } - ], - Version: "2012-10-17" - }, Description: "my-key", EnableKeyRotation: true }); @@ -285,9 +221,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.encryptionKey !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -311,20 +244,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventsruleToSns existing event bus params', () => { - const stack = new cdk.Stack(); - const props: EventsRuleToSnsProps = { - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - new EventsRuleToSns(stack, 'test-existing-eventsrule-sns', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); @@ -343,21 +262,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: 'testcustomeventbus' }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - - const props: EventsRuleToSnsProps = { - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventsRuleToSns(stack, 'test-new-eventsrule-sns1', props); - new EventsRuleToSns(stack, 'test-new-eventsrule-sns2', props); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/test/__snapshots__/events-rule-sqs-queue.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/test/__snapshots__/events-rule-sqs-queue.test.js.snap deleted file mode 100644 index 8ece1199d..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/test/__snapshots__/events-rule-sqs-queue.test.js.snap +++ /dev/null @@ -1,1466 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Resources": Object { - "testeventsrulesqsnewbustesteventsrulesqsnewbusWCustomEventBus36EDC929": Object { - "Properties": Object { - "Name": "testeventsrulesqsnewbustesteventsrulesqsnewbusWCustomEventBus20358A3F", - }, - "Type": "AWS::Events::EventBus", - }, - "testeventsrulesqsnewbustesteventsrulesqsnewbusWEncryptionKey35D0A000": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testeventsrulesqsnewbustesteventsrulesqsnewbusWEventsRule5EA2E0A7": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testeventsrulesqsnewbustesteventsrulesqsnewbusWCustomEventBus36EDC929", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqsnewbustesteventsrulesqsnewbusWqueue210AA2B8", - "Arn", - ], - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqsnewbustesteventsrulesqsnewbusWqueue210AA2B8", - "QueueName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventsrulesqsnewbustesteventsrulesqsnewbusWdeadLetterQueueFA2AF8C1": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testeventsrulesqsnewbustesteventsrulesqsnewbusWdeadLetterQueuePolicy16B47C96": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqsnewbustesteventsrulesqsnewbusWdeadLetterQueueFA2AF8C1", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqsnewbustesteventsrulesqsnewbusWdeadLetterQueueFA2AF8C1", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testeventsrulesqsnewbustesteventsrulesqsnewbusWdeadLetterQueueFA2AF8C1", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testeventsrulesqsnewbustesteventsrulesqsnewbusWqueue210AA2B8": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqsnewbustesteventsrulesqsnewbusWEncryptionKey35D0A000", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqsnewbustesteventsrulesqsnewbusWdeadLetterQueueFA2AF8C1", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testeventsrulesqsnewbustesteventsrulesqsnewbusWqueuePolicy93F3F8EF": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqsnewbustesteventsrulesqsnewbusWqueue210AA2B8", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqsnewbustesteventsrulesqsnewbusWqueue210AA2B8", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqsnewbustesteventsrulesqsnewbusWqueue210AA2B8", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testeventsrulesqsnewbustesteventsrulesqsnewbusWqueue210AA2B8", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Resources": Object { - "testneweventsrulesqs1testneweventsrulesqs1WCustomEventBusB554EC44": Object { - "Properties": Object { - "Name": "testneweventsrulesqs1testneweventsrulesqs1WCustomEventBusBFC0396B", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulesqs1testneweventsrulesqs1WEncryptionKeyE1E6195E": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulesqs1testneweventsrulesqs1WEventsRule2830870B": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulesqs1testneweventsrulesqs1WCustomEventBusB554EC44", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs1testneweventsrulesqs1WqueueFC4AA923", - "Arn", - ], - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs1testneweventsrulesqs1WqueueFC4AA923", - "QueueName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulesqs1testneweventsrulesqs1WdeadLetterQueueDD243050": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testneweventsrulesqs1testneweventsrulesqs1WdeadLetterQueuePolicyE9629A27": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs1testneweventsrulesqs1WdeadLetterQueueDD243050", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs1testneweventsrulesqs1WdeadLetterQueueDD243050", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testneweventsrulesqs1testneweventsrulesqs1WdeadLetterQueueDD243050", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testneweventsrulesqs1testneweventsrulesqs1WqueueFC4AA923": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs1testneweventsrulesqs1WEncryptionKeyE1E6195E", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs1testneweventsrulesqs1WdeadLetterQueueDD243050", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testneweventsrulesqs1testneweventsrulesqs1WqueuePolicy420A5BF4": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs1testneweventsrulesqs1WqueueFC4AA923", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs1testneweventsrulesqs1WqueueFC4AA923", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs1testneweventsrulesqs1WqueueFC4AA923", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testneweventsrulesqs1testneweventsrulesqs1WqueueFC4AA923", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testneweventsrulesqs2testneweventsrulesqs2WCustomEventBusC4846389": Object { - "Properties": Object { - "Name": "testneweventsrulesqs2testneweventsrulesqs2WCustomEventBus3B4DC433", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulesqs2testneweventsrulesqs2WEncryptionKey2A055286": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulesqs2testneweventsrulesqs2WEventsRuleC179CF04": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulesqs2testneweventsrulesqs2WCustomEventBusC4846389", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs2testneweventsrulesqs2Wqueue129496E7", - "Arn", - ], - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs2testneweventsrulesqs2Wqueue129496E7", - "QueueName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulesqs2testneweventsrulesqs2WdeadLetterQueue6F02DB90": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testneweventsrulesqs2testneweventsrulesqs2WdeadLetterQueuePolicyF7263C45": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs2testneweventsrulesqs2WdeadLetterQueue6F02DB90", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs2testneweventsrulesqs2WdeadLetterQueue6F02DB90", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testneweventsrulesqs2testneweventsrulesqs2WdeadLetterQueue6F02DB90", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testneweventsrulesqs2testneweventsrulesqs2Wqueue129496E7": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs2testneweventsrulesqs2WEncryptionKey2A055286", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs2testneweventsrulesqs2WdeadLetterQueue6F02DB90", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testneweventsrulesqs2testneweventsrulesqs2WqueuePolicy23E89E2B": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs2testneweventsrulesqs2Wqueue129496E7", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs2testneweventsrulesqs2Wqueue129496E7", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testneweventsrulesqs2testneweventsrulesqs2Wqueue129496E7", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testneweventsrulesqs2testneweventsrulesqs2Wqueue129496E7", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`snapshot test EventsRuleToSqs default params 1`] = ` -Object { - "Resources": Object { - "testeventsrulesqstesteventsrulesqsWEncryptionKey59B6B2A9": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testeventsrulesqstesteventsrulesqsWEventsRuleC50FD0CC": Object { - "Properties": Object { - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqstesteventsrulesqsWqueue0E3B047B", - "Arn", - ], - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqstesteventsrulesqsWqueue0E3B047B", - "QueueName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventsrulesqstesteventsrulesqsWdeadLetterQueue6C5AAA92": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testeventsrulesqstesteventsrulesqsWdeadLetterQueuePolicyCE8DDEE8": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqstesteventsrulesqsWdeadLetterQueue6C5AAA92", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqstesteventsrulesqsWdeadLetterQueue6C5AAA92", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testeventsrulesqstesteventsrulesqsWdeadLetterQueue6C5AAA92", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testeventsrulesqstesteventsrulesqsWqueue0E3B047B": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqstesteventsrulesqsWEncryptionKey59B6B2A9", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqstesteventsrulesqsWdeadLetterQueue6C5AAA92", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testeventsrulesqstesteventsrulesqsWqueuePolicyD4F6F330": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqstesteventsrulesqsWqueue0E3B047B", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqstesteventsrulesqsWqueue0E3B047B", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testeventsrulesqstesteventsrulesqsWqueue0E3B047B", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testeventsrulesqstesteventsrulesqsWqueue0E3B047B", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`snapshot test EventsRuleToSqs existing event bus params 1`] = ` -Object { - "Resources": Object { - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - "testexistingeventsrulesqstestexistingeventsrulesqsWEncryptionKey1C1F8ECD": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventsrulesqstestexistingeventsrulesqsWEventsRuleC773C4FF": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulesqstestexistingeventsrulesqsWqueue288A816F", - "Arn", - ], - }, - "Id": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulesqstestexistingeventsrulesqsWqueue288A816F", - "QueueName", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventsrulesqstestexistingeventsrulesqsWdeadLetterQueue781BE9BC": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testexistingeventsrulesqstestexistingeventsrulesqsWdeadLetterQueuePolicy7068A9EE": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulesqstestexistingeventsrulesqsWdeadLetterQueue781BE9BC", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulesqstestexistingeventsrulesqsWdeadLetterQueue781BE9BC", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testexistingeventsrulesqstestexistingeventsrulesqsWdeadLetterQueue781BE9BC", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testexistingeventsrulesqstestexistingeventsrulesqsWqueue288A816F": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulesqstestexistingeventsrulesqsWEncryptionKey1C1F8ECD", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulesqstestexistingeventsrulesqsWdeadLetterQueue781BE9BC", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testexistingeventsrulesqstestexistingeventsrulesqsWqueuePolicyF5486A18": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulesqstestexistingeventsrulesqsWqueue288A816F", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulesqstestexistingeventsrulesqsWqueue288A816F", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulesqstestexistingeventsrulesqsWqueue288A816F", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testexistingeventsrulesqstestexistingeventsrulesqsWqueue288A816F", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/test/events-rule-sqs-queue.test.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/test/events-rule-sqs-queue.test.ts index 06fffaecb..29477b2d3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/test/events-rule-sqs-queue.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-sqs/test/events-rule-sqs-queue.test.ts @@ -14,7 +14,6 @@ import * as cdk from '@aws-cdk/core'; import { EventsRuleToSqs, EventsRuleToSqsProps } from '../lib'; import * as events from "@aws-cdk/aws-events"; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import * as defaults from '@aws-solutions-constructs/core'; @@ -39,12 +38,6 @@ function deployStackWithNewEventBus(stack: cdk.Stack) { return new EventsRuleToSqs(stack, 'test-eventsrule-sqs-new-bus', props); } -test('snapshot test EventsRuleToSqs default params', () => { - const stack = new cdk.Stack(); - deployNewStack(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check the sqs queue properties', () => { const stack = new cdk.Stack(); deployNewStack(stack); @@ -101,63 +94,6 @@ test('check the sqs queue properties with existing KMS key', () => { }); expect(stack).toHaveResource('AWS::KMS::Key', { - KeyPolicy: { - Statement: [ - { - Action: [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource" - ], - Effect: "Allow", - Principal: { - AWS: { - "Fn::Join": [ - "", - [ - "arn:", - { - Ref: "AWS::Partition" - }, - ":iam::", - { - Ref: "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - Resource: "*" - }, - { - Action: [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - Effect: "Allow", - Principal: { - Service: "events.amazonaws.com" - }, - Resource: "*" - } - ], - Version: "2012-10-17" - }, Description: "my-key", EnableKeyRotation: true }); @@ -346,8 +282,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.deadLetterQueue !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -371,20 +305,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventsRuleToSqs existing event bus params', () => { - const stack = new cdk.Stack(); - const props: EventsRuleToSqsProps = { - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - new EventsRuleToSqs(stack, 'test-existing-eventsrule-sqs', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); @@ -403,21 +323,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: 'testcustomeventbus' }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - - const props: EventsRuleToSqsProps = { - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventsRuleToSqs(stack, 'test-new-eventsrule-sqs1', props); - new EventsRuleToSqs(stack, 'test-new-eventsrule-sqs2', props); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/__snapshots__/events-rule-step-function.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/__snapshots__/events-rule-step-function.test.js.snap deleted file mode 100644 index 3cbd62290..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/__snapshots__/events-rule-step-function.test.js.snap +++ /dev/null @@ -1,1431 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`check eventbus property, snapshot & eventbus exists 1`] = ` -Object { - "Resources": Object { - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWCustomEventBus9A8EB44C": Object { - "Properties": Object { - "Name": "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWCustomEventBus96725ED9", - }, - "Type": "AWS::Events::EventBus", - }, - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWEventsRule9CBD73A7": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWCustomEventBus9A8EB44C", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachine985605C1", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWEventsRuleRole43E83332", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWEventsRuleRole43E83332": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWEventsRuleRoleDefaultPolicy88C45E8E": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachine985605C1", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWEventsRuleRoleDefaultPolicy88C45E8E", - "Roles": Array [ - Object { - "Ref": "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWEventsRuleRole43E83332", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWExecutionAbortedAlarm3EC27335": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachine985605C1", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWExecutionFailedAlarmF5EBDDC8": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachine985605C1", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWExecutionThrottledAlarm01F170A3": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachine985605C1", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachine985605C1": Object { - "DependsOn": Array [ - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachineRoleDefaultPolicyA62A4445", - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachineRoleE4E8523D", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachineLogGroupA9B344FF", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachineRoleE4E8523D", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachineLogGroupA9B344FF": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttesteventrulesstepfunctionseventbuswstatemachinelog45e67f327ac7", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachineRoleDefaultPolicyA62A4445": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachineRoleDefaultPolicyA62A4445", - "Roles": Array [ - Object { - "Ref": "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachineRoleE4E8523D", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventrulesstepfunctionseventbustesteventrulesstepfunctionseventbusWStateMachineRoleE4E8523D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - }, -} -`; - -exports[`check multiple constructs in a single stack 1`] = ` -Object { - "Resources": Object { - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WCustomEventBus1DFFF478": Object { - "Properties": Object { - "Name": "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WCustomEventBus87A0BE3B", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WEventsRuleDF6D8C33": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WCustomEventBus1DFFF478", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachine0B65F147", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WEventsRuleRole98D83521", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WEventsRuleRole98D83521": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WEventsRuleRoleDefaultPolicy72754402": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachine0B65F147", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WEventsRuleRoleDefaultPolicy72754402", - "Roles": Array [ - Object { - "Ref": "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WEventsRuleRole98D83521", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WExecutionAbortedAlarmAFF2B2A4": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachine0B65F147", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WExecutionFailedAlarmA2DD093E": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachine0B65F147", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WExecutionThrottledAlarm9DFC597D": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachine0B65F147", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachine0B65F147": Object { - "DependsOn": Array [ - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachineRoleDefaultPolicyC52599AF", - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachineRole05A37DB2", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState1\\",\\"States\\":{\\"StartState1\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachineLogGroup8814D6B7", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachineRole05A37DB2", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachineLogGroup8814D6B7": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttestneweventsrulestepfunctions1wstatemachinelog97c26b319582", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachineRole05A37DB2": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachineRoleDefaultPolicyC52599AF": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachineRoleDefaultPolicyC52599AF", - "Roles": Array [ - Object { - "Ref": "testneweventsrulestepfunctions1testneweventsrulestepfunctions1WStateMachineRole05A37DB2", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WCustomEventBus78F90360": Object { - "Properties": Object { - "Name": "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WCustomEventBusE072453C", - }, - "Type": "AWS::Events::EventBus", - }, - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WEventsRule6651A8FD": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WCustomEventBus78F90360", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachine19B33D06", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WEventsRuleRole61AF2B20", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WEventsRuleRole61AF2B20": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WEventsRuleRoleDefaultPolicy8B46CAA2": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachine19B33D06", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WEventsRuleRoleDefaultPolicy8B46CAA2", - "Roles": Array [ - Object { - "Ref": "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WEventsRuleRole61AF2B20", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WExecutionAbortedAlarm308A499D": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachine19B33D06", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WExecutionFailedAlarm9A88CE2D": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachine19B33D06", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WExecutionThrottledAlarmD30B2A78": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachine19B33D06", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachine19B33D06": Object { - "DependsOn": Array [ - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachineRoleDefaultPolicy1C779334", - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachineRole749D8D3F", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState2\\",\\"States\\":{\\"StartState2\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachineLogGroup790F52EC", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachineRole749D8D3F", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachineLogGroup790F52EC": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttestneweventsrulestepfunctions2wstatemachinelogf9e3049f13b4", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachineRole749D8D3F": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachineRoleDefaultPolicy1C779334": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachineRoleDefaultPolicy1C779334", - "Roles": Array [ - Object { - "Ref": "testneweventsrulestepfunctions2testneweventsrulestepfunctions2WStateMachineRole749D8D3F", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`snapshot test EventsRuleToStepFunction default params 1`] = ` -Object { - "Resources": Object { - "testeventsrulestepfunctiontesteventsrulestepfunctionWEventsRule8B362B1C": Object { - "Properties": Object { - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachine64FD5A64", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventsrulestepfunctiontesteventsrulestepfunctionWEventsRuleRole992B57E4", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testeventsrulestepfunctiontesteventsrulestepfunctionWEventsRuleRole992B57E4": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testeventsrulestepfunctiontesteventsrulestepfunctionWEventsRuleRoleDefaultPolicyFBE4056E": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachine64FD5A64", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventsrulestepfunctiontesteventsrulestepfunctionWEventsRuleRoleDefaultPolicyFBE4056E", - "Roles": Array [ - Object { - "Ref": "testeventsrulestepfunctiontesteventsrulestepfunctionWEventsRuleRole992B57E4", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testeventsrulestepfunctiontesteventsrulestepfunctionWExecutionAbortedAlarm3FAB3CF0": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachine64FD5A64", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventsrulestepfunctiontesteventsrulestepfunctionWExecutionFailedAlarm6E85FA5A": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachine64FD5A64", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventsrulestepfunctiontesteventsrulestepfunctionWExecutionThrottledAlarm4368F45A": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachine64FD5A64", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachine64FD5A64": Object { - "DependsOn": Array [ - "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachineRoleDefaultPolicy517315B3", - "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachineRole594689FA", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachineLogGroupA5BA56B5", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachineRole594689FA", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachineLogGroupA5BA56B5": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttesteventsrulestepfunctionwstatemachineloge7a646a2b77b", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachineRole594689FA": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachineRoleDefaultPolicy517315B3": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachineRoleDefaultPolicy517315B3", - "Roles": Array [ - Object { - "Ref": "testeventsrulestepfunctiontesteventsrulestepfunctionWStateMachineRole594689FA", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`snapshot test EventsRuleToStepfunctions existing event bus params 1`] = ` -Object { - "Resources": Object { - "testexistingeventbusC6E4A2D0": Object { - "Properties": Object { - "Name": "testexistingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWEventsRule85E7CC2B": Object { - "Properties": Object { - "EventBusName": Object { - "Ref": "testexistingeventbusC6E4A2D0", - }, - "EventPattern": Object { - "source": Array [ - "solutionsconstructs", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachine08CB895B", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWEventsRuleRole0F7C77E1", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWEventsRuleRole0F7C77E1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWEventsRuleRoleDefaultPolicy0F0C57E0": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachine08CB895B", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWEventsRuleRoleDefaultPolicy0F0C57E0", - "Roles": Array [ - Object { - "Ref": "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWEventsRuleRole0F7C77E1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWExecutionAbortedAlarm25B0859F": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachine08CB895B", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWExecutionFailedAlarm212909CA": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachine08CB895B", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWExecutionThrottledAlarmD70DAD50": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachine08CB895B", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachine08CB895B": Object { - "DependsOn": Array [ - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachineRoleDefaultPolicyF4942FB8", - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachineRole6468A596", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachineLogGroupF95FB577", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachineRole6468A596", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachineLogGroupF95FB577": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttestexistingeventsrulestepfunctionswstatemachinelog84f35cce0b0f", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachineRole6468A596": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachineRoleDefaultPolicyF4942FB8": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachineRoleDefaultPolicyF4942FB8", - "Roles": Array [ - Object { - "Ref": "testexistingeventsrulestepfunctionstestexistingeventsrulestepfunctionsWStateMachineRole6468A596", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/events-rule-step-function.test.ts b/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/events-rule-step-function.test.ts index 459ecfec3..a431efc6a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/events-rule-step-function.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-events-rule-step-function/test/events-rule-step-function.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import * as events from '@aws-cdk/aws-events'; import { EventsRuleToStepFunction, EventsRuleToStepFunctionProps } from '../lib/index'; import { Duration } from '@aws-cdk/core'; @@ -54,12 +53,6 @@ function deployNewStateMachineAndEventBus(stack: cdk.Stack) { return new EventsRuleToStepFunction(stack, 'test-eventrules-stepfunctions-eventbus', props); } -test('snapshot test EventsRuleToStepFunction default params', () => { - const stack = new cdk.Stack(); - deployNewStateMachine(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check events rule role policy permissions', () => { const stack = new cdk.Stack(); @@ -150,8 +143,6 @@ test('check eventbus property, snapshot & eventbus exists', () => { expect(construct.stateMachineLogGroup !== null); expect(construct.eventBus !== null); - // Validate snapshot - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Check whether eventbus exists expect(stack).toHaveResource('AWS::Events::EventBus'); }); @@ -179,26 +170,6 @@ test('check exception while passing existingEventBus & eventBusProps', () => { expect(app).toThrowError(); }); -test('snapshot test EventsRuleToStepfunctions existing event bus params', () => { - const stack = new cdk.Stack(); - const startState = new sfn.Pass(stack, 'StartState'); - - const props: EventsRuleToStepFunctionProps = { - stateMachineProps: { - definition: startState - }, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - }, - existingEventBusInterface: new events.EventBus(stack, `test-existing-eventbus`, {}) - }; - - new EventsRuleToStepFunction(stack, 'test-existing-eventsrule-stepfunctions', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check custom event bus resource with props when deploy:true', () => { const stack = new cdk.Stack(); const startState = new sfn.Pass(stack, 'StartState'); @@ -221,39 +192,4 @@ test('check custom event bus resource with props when deploy:true', () => { expect(stack).toHaveResource('AWS::Events::EventBus', { Name: 'testcustomeventbus' }); -}); - -test('check multiple constructs in a single stack', () => { - const stack = new cdk.Stack(); - const startState1 = new sfn.Pass(stack, 'StartState1'); - - const props1: EventsRuleToStepFunctionProps = { - stateMachineProps: { - definition: startState1 - }, - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - - const startState2 = new sfn.Pass(stack, 'StartState2'); - - const props2: EventsRuleToStepFunctionProps = { - stateMachineProps: { - definition: startState2 - }, - eventBusProps: {}, - eventRuleProps: { - eventPattern: { - source: ['solutionsconstructs'] - } - } - }; - new EventsRuleToStepFunction(stack, 'test-new-eventsrule-stepfunctions1', props1); - new EventsRuleToStepFunction(stack, 'test-new-eventsrule-stepfunctions2', props2); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); }); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/__snapshots__/test.iot-kinesisfirehose-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/__snapshots__/test.iot-kinesisfirehose-s3.test.js.snap deleted file mode 100644 index 1ae17addc..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/__snapshots__/test.iot-kinesisfirehose-s3.test.js.snap +++ /dev/null @@ -1,437 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test IotToKinesisFirehoseToS3 default params 1`] = ` -Object { - "Resources": Object { - "testiotfirehoses3IotActionsPolicy1B38E4E3": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "firehose:PutRecord", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotfirehoses3KinesisFirehoseToS3KinesisFirehose68DB2BEE", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotfirehoses3IotActionsPolicy1B38E4E3", - "Roles": Array [ - Object { - "Ref": "testiotfirehoses3IotActionsRole743F8973", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testiotfirehoses3IotActionsRole743F8973": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "iot.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testiotfirehoses3IotTopicAC1CA58D": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Firehose": Object { - "DeliveryStreamName": Object { - "Ref": "testiotfirehoses3KinesisFirehoseToS3KinesisFirehose68DB2BEE", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testiotfirehoses3IotActionsRole743F8973", - "Arn", - ], - }, - }, - }, - ], - "Description": "Persistent storage of connected vehicle telematics data", - "RuleDisabled": false, - "Sql": "SELECT * FROM 'connectedcar/telemetry/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "testiotfirehoses3KinesisFirehoseToS3KinesisFirehose68DB2BEE": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testiotfirehoses3KinesisFirehoseToS3S3Bucket19C97D09", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testiotfirehoses3KinesisFirehoseToS3firehoseloggroup4A2E4212", - }, - "LogStreamName": Object { - "Ref": "testiotfirehoses3KinesisFirehoseToS3firehoseloggroupfirehoselogstreamD1B6E670", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testiotfirehoses3KinesisFirehoseToS3KinesisFirehoseRole93DE9170", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testiotfirehoses3KinesisFirehoseToS3KinesisFirehosePolicy5914CC69": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testiotfirehoses3KinesisFirehoseToS3S3Bucket19C97D09", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testiotfirehoses3KinesisFirehoseToS3S3Bucket19C97D09", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testiotfirehoses3KinesisFirehoseToS3firehoseloggroup4A2E4212", - }, - ":log-stream:", - Object { - "Ref": "testiotfirehoses3KinesisFirehoseToS3firehoseloggroupfirehoselogstreamD1B6E670", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotfirehoses3KinesisFirehoseToS3KinesisFirehosePolicy5914CC69", - "Roles": Array [ - Object { - "Ref": "testiotfirehoses3KinesisFirehoseToS3KinesisFirehoseRole93DE9170", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testiotfirehoses3KinesisFirehoseToS3KinesisFirehoseRole93DE9170": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testiotfirehoses3KinesisFirehoseToS3S3Bucket19C97D09": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testiotfirehoses3KinesisFirehoseToS3S3LoggingBucketC786B050", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - }, - "testiotfirehoses3KinesisFirehoseToS3S3BucketPolicy39975CE7": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testiotfirehoses3KinesisFirehoseToS3S3Bucket19C97D09", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testiotfirehoses3KinesisFirehoseToS3S3Bucket19C97D09", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testiotfirehoses3KinesisFirehoseToS3S3Bucket19C97D09", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testiotfirehoses3KinesisFirehoseToS3S3LoggingBucketC786B050": Object { - "DeletionPolicy": "Delete", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - }, - "testiotfirehoses3KinesisFirehoseToS3S3LoggingBucketPolicyE5A94728": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testiotfirehoses3KinesisFirehoseToS3S3LoggingBucketC786B050", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testiotfirehoses3KinesisFirehoseToS3S3LoggingBucketC786B050", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testiotfirehoses3KinesisFirehoseToS3S3LoggingBucketC786B050", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testiotfirehoses3KinesisFirehoseToS3firehoseloggroup4A2E4212": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testiotfirehoses3KinesisFirehoseToS3firehoseloggroupfirehoselogstreamD1B6E670": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testiotfirehoses3KinesisFirehoseToS3firehoseloggroup4A2E4212", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/test.iot-kinesisfirehose-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/test.iot-kinesisfirehose-s3.test.ts index b4f02dec3..e46c26994 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/test.iot-kinesisfirehose-s3.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-iot-kinesisfirehose-s3/test/test.iot-kinesisfirehose-s3.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { IotToKinesisFirehoseToS3, IotToKinesisFirehoseToS3Props } from "../lib"; import * as cdk from "@aws-cdk/core"; import * as s3 from "@aws-cdk/aws-s3"; @@ -35,12 +34,6 @@ function deploy(stack: cdk.Stack) { return new IotToKinesisFirehoseToS3(stack, 'test-iot-firehose-s3', props); } -test('snapshot test IotToKinesisFirehoseToS3 default params', () => { - const stack = new cdk.Stack(); - deploy(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check iot topic rule properties', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap deleted file mode 100644 index a501c367a..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/__snapshots__/iot-lambda-dynamodb.test.js.snap +++ /dev/null @@ -1,289 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test IotToLambdaToDynamoDB default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testiotlambdadynamodbstackIotToLambdaIotTopic74F5E3BB": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Lambda": Object { - "FunctionArn": Object { - "Fn::GetAtt": Array [ - "testiotlambdadynamodbstackIotToLambdaLambdaFunctionDFEAF894", - "Arn", - ], - }, - }, - }, - ], - "Description": "Processing of DTC messages from the AWS Connected Vehicle Solution.", - "RuleDisabled": false, - "Sql": "SELECT * FROM 'connectedcar/dtc/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "testiotlambdadynamodbstackIotToLambdaLambdaFunctionAwsIotLambdaInvokePermission1CF07890C": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testiotlambdadynamodbstackIotToLambdaLambdaFunctionDFEAF894", - "Arn", - ], - }, - "Principal": "iot.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testiotlambdadynamodbstackIotToLambdaIotTopic74F5E3BB", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testiotlambdadynamodbstackIotToLambdaLambdaFunctionDFEAF894": Object { - "DependsOn": Array [ - "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleDefaultPolicyB43AD823", - "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleC57F7FDA", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "DDB_TABLE_NAME": Object { - "Ref": "testiotlambdadynamodbstackLambdaToDynamoDBDynamoTableE17E5733", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleC57F7FDA", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleC57F7FDA": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleDefaultPolicyB43AD823": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "dynamodb:BatchGetItem", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:Query", - "dynamodb:GetItem", - "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:BatchWriteItem", - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testiotlambdadynamodbstackLambdaToDynamoDBDynamoTableE17E5733", - "Arn", - ], - }, - Object { - "Ref": "AWS::NoValue", - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleDefaultPolicyB43AD823", - "Roles": Array [ - Object { - "Ref": "testiotlambdadynamodbstackIotToLambdaLambdaFunctionServiceRoleC57F7FDA", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testiotlambdadynamodbstackLambdaToDynamoDBDynamoTableE17E5733": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AttributeDefinitions": Array [ - Object { - "AttributeName": "id", - "AttributeType": "S", - }, - ], - "BillingMode": "PAY_PER_REQUEST", - "KeySchema": Array [ - Object { - "AttributeName": "id", - "KeyType": "HASH", - }, - ], - "PointInTimeRecoverySpecification": Object { - "PointInTimeRecoveryEnabled": true, - }, - "SSESpecification": Object { - "SSEEnabled": true, - }, - }, - "Type": "AWS::DynamoDB::Table", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts index 64e2a0691..c9a637390 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda-dynamodb/test/iot-lambda-dynamodb.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { IotToLambdaToDynamoDB, IotToLambdaToDynamoDBProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; import * as cdk from "@aws-cdk/core"; @@ -37,12 +36,6 @@ function deployStack(stack: cdk.Stack) { return new IotToLambdaToDynamoDB(stack, 'test-iot-lambda-dynamodb-stack', props); } -test('snapshot test IotToLambdaToDynamoDB default params', () => { - const stack = new cdk.Stack(); - deployStack(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check lambda function properties', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap deleted file mode 100644 index 4dc391b8a..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/__snapshots__/iot-lambda.test.js.snap +++ /dev/null @@ -1,233 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test IotToLambda default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testiotlambdaintegrationIotTopic18B6A735": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Lambda": Object { - "FunctionArn": Object { - "Fn::GetAtt": Array [ - "testiotlambdaintegrationLambdaFunctionC5329DBA", - "Arn", - ], - }, - }, - }, - ], - "Description": "Processing of DTC messages from the AWS Connected Vehicle Solution.", - "RuleDisabled": false, - "Sql": "SELECT * FROM 'connectedcar/dtc/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "testiotlambdaintegrationLambdaFunctionAwsIotLambdaInvokePermission184E45B6F": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testiotlambdaintegrationLambdaFunctionC5329DBA", - "Arn", - ], - }, - "Principal": "iot.amazonaws.com", - "SourceArn": Object { - "Fn::GetAtt": Array [ - "testiotlambdaintegrationIotTopic18B6A735", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testiotlambdaintegrationLambdaFunctionC5329DBA": Object { - "DependsOn": Array [ - "testiotlambdaintegrationLambdaFunctionServiceRoleDefaultPolicy0FB2AE4D", - "testiotlambdaintegrationLambdaFunctionServiceRole27C3EE41", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testiotlambdaintegrationLambdaFunctionServiceRole27C3EE41", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testiotlambdaintegrationLambdaFunctionServiceRole27C3EE41": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testiotlambdaintegrationLambdaFunctionServiceRoleDefaultPolicy0FB2AE4D": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotlambdaintegrationLambdaFunctionServiceRoleDefaultPolicy0FB2AE4D", - "Roles": Array [ - Object { - "Ref": "testiotlambdaintegrationLambdaFunctionServiceRole27C3EE41", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/iot-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/iot-lambda.test.ts index 45387c266..466d4681a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/iot-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-iot-lambda/test/iot-lambda.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { IotToLambda, IotToLambdaProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; import * as cdk from "@aws-cdk/core"; @@ -60,12 +59,6 @@ function useExistingFunc(stack: cdk.Stack) { return new IotToLambda(stack, 'test-iot-lambda-integration', props); } -test('snapshot test IotToLambda default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check lambda function properties for deploy: true', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-sqs/test/__snapshots__/iot-sqs.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-iot-sqs/test/__snapshots__/iot-sqs.test.js.snap deleted file mode 100644 index 976b863c2..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-iot-sqs/test/__snapshots__/iot-sqs.test.js.snap +++ /dev/null @@ -1,2477 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Pattern deployment passing KMS key props 1`] = ` -Object { - "Resources": Object { - "testiotsqsEncryptionKey64EE64B1": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": false, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testiotsqsEncryptionKeyAlias5A222BA1": Object { - "Properties": Object { - "AliasName": "alias/new-key-alias-from-props", - "TargetKeyId": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - }, - "Type": "AWS::KMS::Alias", - }, - "testiotsqsIotTopicRule3ABB9E1A": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Sqs": Object { - "QueueUrl": Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - }, - ], - "Description": "Processing messages from IoT devices or factory machines", - "RuleDisabled": false, - "Sql": "SELECT * FROM 'test/topic/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "testiotsqsdeadLetterQueue66A04E81": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsdeadLetterQueuePolicyE13575BF": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsdeadLetterQueue66A04E81", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testiotsqsiotactionsrole93B1D327": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "iot.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testiotsqsiotactionsroleDefaultPolicyEE46FAE6": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotsqsiotactionsroleDefaultPolicyEE46FAE6", - "Roles": Array [ - Object { - "Ref": "testiotsqsiotactionsrole93B1D327", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testiotsqsqueue630B4C1F": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsqueuePolicyD1FF6491": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Pattern deployment with custom maxReceiveCount 1`] = ` -Object { - "Resources": Object { - "testiotsqsEncryptionKey64EE64B1": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testiotsqsIotTopicRule3ABB9E1A": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Sqs": Object { - "QueueUrl": Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - }, - ], - "Description": "Processing messages from IoT devices or factory machines", - "RuleDisabled": false, - "Sql": "SELECT * FROM 'test/topic/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "testiotsqsdeadLetterQueue66A04E81": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "QueueName": "dlq-name", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsdeadLetterQueuePolicyE13575BF": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsdeadLetterQueue66A04E81", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testiotsqsiotactionsrole93B1D327": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "iot.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testiotsqsiotactionsroleDefaultPolicyEE46FAE6": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotsqsiotactionsroleDefaultPolicyEE46FAE6", - "Roles": Array [ - Object { - "Ref": "testiotsqsiotactionsrole93B1D327", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testiotsqsqueue630B4C1F": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - "QueueName": "queue-name", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "maxReceiveCount": 1, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsqueuePolicyD1FF6491": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Pattern deployment with dead letter queue turned off 1`] = ` -Object { - "Resources": Object { - "testiotsqsEncryptionKey64EE64B1": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testiotsqsIotTopicRule3ABB9E1A": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Sqs": Object { - "QueueUrl": Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - }, - ], - "Description": "Processing messages from IoT devices or factory machines", - "RuleDisabled": false, - "Sql": "SELECT * FROM 'test/topic/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "testiotsqsiotactionsrole93B1D327": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "iot.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testiotsqsiotactionsroleDefaultPolicyEE46FAE6": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotsqsiotactionsroleDefaultPolicyEE46FAE6", - "Roles": Array [ - Object { - "Ref": "testiotsqsiotactionsrole93B1D327", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testiotsqsqueue630B4C1F": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - "QueueName": "queue-name", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsqueuePolicyD1FF6491": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Pattern deployment with default props 1`] = ` -Object { - "Resources": Object { - "testiotsqsEncryptionKey64EE64B1": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testiotsqsIotTopicRule3ABB9E1A": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Sqs": Object { - "QueueUrl": Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - }, - ], - "Description": "Processing messages from IoT devices or factory machines", - "RuleDisabled": false, - "Sql": "SELECT * FROM 'test/topic/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "testiotsqsdeadLetterQueue66A04E81": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsdeadLetterQueuePolicyE13575BF": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsdeadLetterQueue66A04E81", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testiotsqsiotactionsrole93B1D327": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "iot.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testiotsqsiotactionsroleDefaultPolicyEE46FAE6": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotsqsiotactionsroleDefaultPolicyEE46FAE6", - "Roles": Array [ - Object { - "Ref": "testiotsqsiotactionsrole93B1D327", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testiotsqsqueue630B4C1F": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsqueuePolicyD1FF6491": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Pattern deployment with existing KMS key 1`] = ` -Object { - "Resources": Object { - "existingkey205DFC01": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": false, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "existingkeyAliasE18FEC67": Object { - "Properties": Object { - "AliasName": "alias/existing-key-alias", - "TargetKeyId": Object { - "Fn::GetAtt": Array [ - "existingkey205DFC01", - "Arn", - ], - }, - }, - "Type": "AWS::KMS::Alias", - }, - "testiotsqsIotTopicRule3ABB9E1A": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Sqs": Object { - "QueueUrl": Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - }, - ], - "Description": "Processing messages from IoT devices or factory machines", - "RuleDisabled": false, - "Sql": "SELECT * FROM 'test/topic/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "testiotsqsdeadLetterQueue66A04E81": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsdeadLetterQueuePolicyE13575BF": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsdeadLetterQueue66A04E81", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testiotsqsiotactionsrole93B1D327": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "iot.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testiotsqsiotactionsroleDefaultPolicyEE46FAE6": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "existingkey205DFC01", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "existingkey205DFC01", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotsqsiotactionsroleDefaultPolicyEE46FAE6", - "Roles": Array [ - Object { - "Ref": "testiotsqsiotactionsrole93B1D327", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testiotsqsqueue630B4C1F": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "existingkey205DFC01", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsqueuePolicyD1FF6491": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Pattern deployment with existing queue 1`] = ` -Object { - "Resources": Object { - "existingqueueobjF8AF0ED1": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "QueueName": "existing-queue-obj", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsIotTopicRule3ABB9E1A": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Sqs": Object { - "QueueUrl": Object { - "Ref": "existingqueueobjF8AF0ED1", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - }, - ], - "Description": "Processing messages from IoT devices or factory machines", - "RuleDisabled": false, - "Sql": "SELECT * FROM 'test/topic/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "testiotsqsiotactionsrole93B1D327": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "iot.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testiotsqsiotactionsroleDefaultPolicyEE46FAE6": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueueobjF8AF0ED1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotsqsiotactionsroleDefaultPolicyEE46FAE6", - "Roles": Array [ - Object { - "Ref": "testiotsqsiotactionsrole93B1D327", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`Pattern deployment with queue and dead letter queue props 1`] = ` -Object { - "Resources": Object { - "testiotsqsEncryptionKey64EE64B1": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testiotsqsIotTopicRule3ABB9E1A": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Sqs": Object { - "QueueUrl": Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - }, - ], - "Description": "Processing messages from IoT devices or factory machines", - "RuleDisabled": false, - "Sql": "SELECT * FROM 'test/topic/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "testiotsqsdeadLetterQueue66A04E81": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "QueueName": "dlq-name", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsdeadLetterQueuePolicyE13575BF": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsdeadLetterQueue66A04E81", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testiotsqsiotactionsrole93B1D327": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "iot.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testiotsqsiotactionsroleDefaultPolicyEE46FAE6": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotsqsiotactionsroleDefaultPolicyEE46FAE6", - "Roles": Array [ - Object { - "Ref": "testiotsqsiotactionsrole93B1D327", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testiotsqsqueue630B4C1F": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "testiotsqsEncryptionKey64EE64B1", - "Arn", - ], - }, - "QueueName": "queue-name", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsqueuePolicyD1FF6491": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Pattern deployment without creating a KMS key 1`] = ` -Object { - "Resources": Object { - "testiotsqsIotTopicRule3ABB9E1A": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Sqs": Object { - "QueueUrl": Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsiotactionsrole93B1D327", - "Arn", - ], - }, - }, - }, - ], - "Description": "Processing messages from IoT devices or factory machines", - "RuleDisabled": false, - "Sql": "SELECT * FROM 'test/topic/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "testiotsqsdeadLetterQueue66A04E81": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsdeadLetterQueuePolicyE13575BF": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsdeadLetterQueue66A04E81", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testiotsqsiotactionsrole93B1D327": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "iot.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testiotsqsiotactionsroleDefaultPolicyEE46FAE6": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testiotsqsiotactionsroleDefaultPolicyEE46FAE6", - "Roles": Array [ - Object { - "Ref": "testiotsqsiotactionsrole93B1D327", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testiotsqsqueue630B4C1F": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testiotsqsdeadLetterQueue66A04E81", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testiotsqsqueuePolicyD1FF6491": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testiotsqsqueue630B4C1F", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testiotsqsqueue630B4C1F", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-iot-sqs/test/iot-sqs.test.ts b/source/patterns/@aws-solutions-constructs/aws-iot-sqs/test/iot-sqs.test.ts index f5b3914ce..3e98f0073 100644 --- a/source/patterns/@aws-solutions-constructs/aws-iot-sqs/test/iot-sqs.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-iot-sqs/test/iot-sqs.test.ts @@ -14,7 +14,6 @@ // Imports import { Stack } from "@aws-cdk/core"; import { IotToSqs, IotToSqsProps } from "../lib"; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import * as sqs from '@aws-cdk/aws-sqs'; import * as kms from '@aws-cdk/aws-kms'; @@ -37,8 +36,6 @@ test('Pattern deployment with default props', () => { }; new IotToSqs(stack, 'test-iot-sqs', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Creates a default sqs queue expect(stack).toHaveResource("AWS::SQS::Queue", { KmsMasterKeyId: { @@ -106,8 +103,6 @@ test('Pattern deployment with existing queue', () => { }; new IotToSqs(stack, 'test-iot-sqs', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Creates a default sqs queue expect(stack).toHaveResource("AWS::SQS::Queue", { QueueName: "existing-queue-obj" @@ -139,8 +134,6 @@ test('Pattern deployment with queue and dead letter queue props', () => { }; new IotToSqs(stack, 'test-iot-sqs', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Creates a queue using the provided props expect(stack).toHaveResource("AWS::SQS::Queue", { QueueName: "queue-name", @@ -184,8 +177,6 @@ test('Pattern deployment with dead letter queue turned off', () => { }; new IotToSqs(stack, 'test-iot-sqs', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Creates a queue using the provided props expect(stack).toHaveResource("AWS::SQS::Queue", { QueueName: "queue-name" @@ -224,8 +215,6 @@ test('Pattern deployment with custom maxReceiveCount', () => { }; new IotToSqs(stack, 'test-iot-sqs', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Creates a queue using the provided props expect(stack).toHaveResource("AWS::SQS::Queue", { QueueName: "queue-name", @@ -261,8 +250,6 @@ test('Pattern deployment without creating a KMS key', () => { }; new IotToSqs(stack, 'test-iot-sqs', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Creates a default sqs queue expect(stack).toHaveResource("AWS::SQS::Queue", { KmsMasterKeyId: "alias/aws/sqs" @@ -324,8 +311,6 @@ test('Pattern deployment with existing KMS key', () => { }; new IotToSqs(stack, 'test-iot-sqs', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Creates a default sqs queue expect(stack).toHaveResource("AWS::SQS::Queue", { KmsMasterKeyId: { @@ -392,8 +377,6 @@ test('Pattern deployment passing KMS key props', () => { }; new IotToSqs(stack, 'test-iot-sqs', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Creates a default sqs queue expect(stack).toHaveResource("AWS::SQS::Queue", { KmsMasterKeyId: { diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/__snapshots__/test.kinesisfirehose-analytics-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/__snapshots__/test.kinesisfirehose-analytics-s3.test.js.snap deleted file mode 100644 index 16d6b066d..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/__snapshots__/test.kinesisfirehose-analytics-s3.test.js.snap +++ /dev/null @@ -1,470 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Pattern deployment w/ default properties 1`] = ` -Object { - "Resources": Object { - "testfirehoses3andanalyticsstackKinesisAnalytics20F3845E": Object { - "DependsOn": Array [ - "testfirehoses3andanalyticsstackKinesisAnalyticsPolicy2594304F", - ], - "Properties": Object { - "Inputs": Array [ - Object { - "InputSchema": Object { - "RecordColumns": Array [ - Object { - "Mapping": "$.ticker_symbol", - "Name": "ticker_symbol", - "SqlType": "VARCHAR(4)", - }, - Object { - "Mapping": "$.sector", - "Name": "sector", - "SqlType": "VARCHAR(16)", - }, - Object { - "Mapping": "$.change", - "Name": "change", - "SqlType": "REAL", - }, - Object { - "Mapping": "$.price", - "Name": "price", - "SqlType": "REAL", - }, - ], - "RecordEncoding": "UTF-8", - "RecordFormat": Object { - "RecordFormatType": "JSON", - }, - }, - "KinesisFirehoseInput": Object { - "ResourceARN": Object { - "Fn::GetAtt": Array [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3KinesisFirehose86F339C4", - "Arn", - ], - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testfirehoses3andanalyticsstackKinesisAnalyticsRole7217C4CC", - "Arn", - ], - }, - }, - "NamePrefix": "SOURCE_SQL_STREAM", - }, - ], - }, - "Type": "AWS::KinesisAnalytics::Application", - }, - "testfirehoses3andanalyticsstackKinesisAnalyticsPolicy2594304F": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:DescribeDeliveryStream", - "firehose:Get*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3KinesisFirehose86F339C4", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testfirehoses3andanalyticsstackKinesisAnalyticsPolicy2594304F", - "Roles": Array [ - Object { - "Ref": "testfirehoses3andanalyticsstackKinesisAnalyticsRole7217C4CC", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testfirehoses3andanalyticsstackKinesisAnalyticsRole7217C4CC": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "kinesisanalytics.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testfirehoses3andanalyticsstackKinesisFirehoseToS3KinesisFirehose86F339C4": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3BucketAE659354", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testfirehoses3andanalyticsstackKinesisFirehoseToS3firehoseloggroup7E569B76", - }, - "LogStreamName": Object { - "Ref": "testfirehoses3andanalyticsstackKinesisFirehoseToS3firehoseloggroupfirehoselogstream98C70102", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3KinesisFirehoseRoleE7F8ADDA", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testfirehoses3andanalyticsstackKinesisFirehoseToS3KinesisFirehosePolicy8E134001": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3BucketAE659354", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3BucketAE659354", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testfirehoses3andanalyticsstackKinesisFirehoseToS3firehoseloggroup7E569B76", - }, - ":log-stream:", - Object { - "Ref": "testfirehoses3andanalyticsstackKinesisFirehoseToS3firehoseloggroupfirehoselogstream98C70102", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testfirehoses3andanalyticsstackKinesisFirehoseToS3KinesisFirehosePolicy8E134001", - "Roles": Array [ - Object { - "Ref": "testfirehoses3andanalyticsstackKinesisFirehoseToS3KinesisFirehoseRoleE7F8ADDA", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testfirehoses3andanalyticsstackKinesisFirehoseToS3KinesisFirehoseRoleE7F8ADDA": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3BucketAE659354": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3LoggingBucket887A5000", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - }, - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3BucketPolicyAD03F319": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3BucketAE659354", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3BucketAE659354", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3BucketAE659354", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3LoggingBucket887A5000": Object { - "DeletionPolicy": "Delete", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - }, - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3LoggingBucketPolicy2D8B2B71": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3LoggingBucket887A5000", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3LoggingBucket887A5000", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testfirehoses3andanalyticsstackKinesisFirehoseToS3S3LoggingBucket887A5000", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testfirehoses3andanalyticsstackKinesisFirehoseToS3firehoseloggroup7E569B76": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testfirehoses3andanalyticsstackKinesisFirehoseToS3firehoseloggroupfirehoselogstream98C70102": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testfirehoses3andanalyticsstackKinesisFirehoseToS3firehoseloggroup7E569B76", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/test.kinesisfirehose-analytics-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/test.kinesisfirehose-analytics-s3.test.ts index 99457a0ba..442d0cd04 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/test.kinesisfirehose-analytics-s3.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3-and-kinesisanalytics/test/test.kinesisfirehose-analytics-s3.test.ts @@ -12,56 +12,11 @@ */ // Imports -import { SynthUtils } from '@aws-cdk/assert'; import { Stack, RemovalPolicy } from '@aws-cdk/core'; import * as s3 from '@aws-cdk/aws-s3'; import { KinesisFirehoseToAnalyticsAndS3, KinesisFirehoseToAnalyticsAndS3Props } from '../lib'; import '@aws-cdk/assert/jest'; -// -------------------------------------------------------------- -// Test Case 1 - Pattern deployment w/ default properties -// -------------------------------------------------------------- -test('Pattern deployment w/ default properties', () => { - // Initial Setup - const stack = new Stack(); - const props: KinesisFirehoseToAnalyticsAndS3Props = { - kinesisAnalyticsProps: { - inputs: [{ - inputSchema: { - recordColumns: [{ - name: 'ticker_symbol', - sqlType: 'VARCHAR(4)', - mapping: '$.ticker_symbol' - }, { - name: 'sector', - sqlType: 'VARCHAR(16)', - mapping: '$.sector' - }, { - name: 'change', - sqlType: 'REAL', - mapping: '$.change' - }, { - name: 'price', - sqlType: 'REAL', - mapping: '$.price' - }], - recordFormat: { - recordFormatType: 'JSON' - }, - recordEncoding: 'UTF-8' - }, - namePrefix: 'SOURCE_SQL_STREAM' - }] - }, - bucketProps: { - removalPolicy: RemovalPolicy.DESTROY, - } - }; - new KinesisFirehoseToAnalyticsAndS3(stack, 'test-firehose-s3-and-analytics-stack', props); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test Case 2 - Test the getter methods // -------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/__snapshots__/test.kinesisfirehose-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/__snapshots__/test.kinesisfirehose-s3.test.js.snap deleted file mode 100644 index 0e18a2fd7..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/__snapshots__/test.kinesisfirehose-s3.test.js.snap +++ /dev/null @@ -1,369 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test KinesisFirehoseToS3 default params 1`] = ` -Object { - "Resources": Object { - "testfirehoses3KinesisFirehose5D459661": Object { - "Properties": Object { - "DeliveryStreamEncryptionConfigurationInput": Object { - "KeyType": "AWS_OWNED_CMK", - }, - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "testfirehoses3S3Bucket93480488", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "testfirehoses3firehoseloggroup8067C3EC", - }, - "LogStreamName": Object { - "Ref": "testfirehoses3firehoseloggroupfirehoselogstreamAC5E7A6B", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "testfirehoses3KinesisFirehoseRole9BC5362D", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "testfirehoses3KinesisFirehosePolicy34C2972F": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testfirehoses3S3Bucket93480488", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testfirehoses3S3Bucket93480488", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "testfirehoses3firehoseloggroup8067C3EC", - }, - ":log-stream:", - Object { - "Ref": "testfirehoses3firehoseloggroupfirehoselogstreamAC5E7A6B", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testfirehoses3KinesisFirehosePolicy34C2972F", - "Roles": Array [ - Object { - "Ref": "testfirehoses3KinesisFirehoseRole9BC5362D", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testfirehoses3KinesisFirehoseRole9BC5362D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testfirehoses3S3Bucket93480488": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testfirehoses3S3LoggingBucket31BFDC22", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testfirehoses3S3BucketPolicyF01906C0": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testfirehoses3S3Bucket93480488", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testfirehoses3S3Bucket93480488", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testfirehoses3S3Bucket93480488", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testfirehoses3S3LoggingBucket31BFDC22": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testfirehoses3S3LoggingBucketPolicyA41D0380": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testfirehoses3S3LoggingBucket31BFDC22", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testfirehoses3S3LoggingBucket31BFDC22", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testfirehoses3S3LoggingBucket31BFDC22", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testfirehoses3firehoseloggroup8067C3EC": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testfirehoses3firehoseloggroupfirehoselogstreamAC5E7A6B": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "testfirehoses3firehoseloggroup8067C3EC", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/test.kinesisfirehose-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/test.kinesisfirehose-s3.test.ts index 7547d7c96..222cd5d68 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/test.kinesisfirehose-s3.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisfirehose-s3/test/test.kinesisfirehose-s3.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { KinesisFirehoseToS3, KinesisFirehoseToS3Props } from "../lib"; import * as cdk from '@aws-cdk/core'; import * as s3 from '@aws-cdk/aws-s3'; @@ -22,12 +21,6 @@ function deploy(stack: cdk.Stack, props: KinesisFirehoseToS3Props = {}) { return new KinesisFirehoseToS3(stack, 'test-firehose-s3', props); } -test('snapshot test KinesisFirehoseToS3 default params', () => { - const stack = new cdk.Stack(); - deploy(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check s3Bucket default encryption', () => { const stack = new cdk.Stack(); deploy(stack); diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/__snapshots__/test.kinesisstream-gluejob.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/__snapshots__/test.kinesisstream-gluejob.test.js.snap deleted file mode 100644 index 21ff0edba..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/__snapshots__/test.kinesisstream-gluejob.test.js.snap +++ /dev/null @@ -1,3628 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Pattern minimal deployment 1`] = ` -Object { - "Resources": Object { - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "Identifier for the record", - "Name": "id", - "Type": "int", - }, - Object { - "Comment": "The name of the record", - "Name": "name", - "Type": "string", - }, - Object { - "Comment": "The type of the record", - "Name": "type", - "Type": "string", - }, - Object { - "Comment": "Some value associated with the record", - "Name": "numericvalue", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": Object { - "Ref": "testkinesisstreamslambdaKinesisStream374D6D56", - }, - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": Object { - "Ref": "testkinesisstreamslambdaKinesisStream374D6D56", - }, - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id,name,type,numericvalue", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - "testkinesisstreamslambdaGlueJobPolicy10DEE7DE": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Glue Security Configuration does not have an ARN, and the policy only allows reading the configuration. CloudWatch metrics also do not have an ARN but adding a namespace condition to the policy to allow it to publish metrics only for AWS Glue", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "glue:GetJob", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":job/", - Object { - "Ref": "testkinesisstreamslambdaKinesisETLJobF9454612", - }, - ], - ], - }, - }, - Object { - "Action": "glue:GetSecurityConfiguration", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "glue:GetTable", - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":table/", - Object { - "Ref": "GlueDatabase", - }, - "/", - Object { - "Ref": "GlueTable", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":database/", - Object { - "Ref": "GlueDatabase", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":catalog", - ], - ], - }, - ], - }, - Object { - "Action": "cloudwatch:PutMetricData", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "true", - }, - "StringEquals": Object { - "cloudwatch:namespace": "Glue", - }, - }, - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kinesis:DescribeStream", - "kinesis:DescribeStreamSummary", - "kinesis:GetRecords", - "kinesis:GetShardIterator", - "kinesis:ListShards", - "kinesis:SubscribeToShard", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaKinesisStream374D6D56", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaGlueJobPolicy10DEE7DE", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaGlueSecurityConfig3568178F": Object { - "Properties": Object { - "EncryptionConfiguration": Object { - "JobBookmarksEncryption": Object { - "JobBookmarksEncryptionMode": "CSE-KMS", - "KmsKeyArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/glue", - ], - ], - }, - }, - "S3Encryptions": Array [ - Object { - "S3EncryptionMode": "SSE-S3", - }, - ], - }, - "Name": "ETLJobSecurityConfig", - }, - "Type": "AWS::Glue::SecurityConfiguration", - }, - "testkinesisstreamslambdaJobRole42199B9C": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Service role that Glue custom ETL jobs will assume for exeuction", - }, - "Type": "AWS::IAM::Role", - }, - "testkinesisstreamslambdaJobRoleDefaultPolicy943FFA49": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakebucket/fakefolder/fakefolder/fakefile.py", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakebucket/fakefolder/fakefolder/fakefile.py/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaJobRoleDefaultPolicy943FFA49", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaKinesisETLJobF9454612": Object { - "Properties": Object { - "Command": Object { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": "s3://fakebucket/fakefolder/fakefolder/fakefile.py", - }, - "DefaultArguments": Object { - "--database_name": Object { - "Ref": "GlueDatabase", - }, - "--enable-continuous-cloudwatch-log": true, - "--enable-metrics": true, - "--output_path": Object { - "Fn::Join": Array [ - "", - Array [ - "s3a://", - Object { - "Ref": "testkinesisstreamslambdaS3Bucket54759F5C", - }, - "/output/", - ], - ], - }, - "--table_name": Object { - "Ref": "GlueTable", - }, - }, - "GlueVersion": "2.0", - "NumberOfWorkers": 2, - "Role": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaJobRole42199B9C", - "Arn", - ], - }, - "SecurityConfiguration": "ETLJobSecurityConfig", - "WorkerType": "G.1X", - }, - "Type": "AWS::Glue::Job", - }, - "testkinesisstreamslambdaKinesisStream374D6D56": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testkinesisstreamslambdaLogPolicy5FB58427": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws-glue/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaLogPolicy5FB58427", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaS3Bucket54759F5C": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testkinesisstreamslambdaS3LoggingBucket48F70267", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testkinesisstreamslambdaS3BucketPolicy78EB663C": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testkinesisstreamslambdaS3Bucket54759F5C", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testkinesisstreamslambdaS3LoggingBucket48F70267": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testkinesisstreamslambdaS3LoggingBucketPolicy43C89C6D": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testkinesisstreamslambdaS3LoggingBucket48F70267", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3LoggingBucket48F70267", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3LoggingBucket48F70267", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test if existing Glue Job is provided 1`] = ` -Object { - "Resources": Object { - "ExistingJob": Object { - "Properties": Object { - "Command": Object { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": "s3://fakebucket/fakepath/fakepath/fakefile.py", - }, - "Role": Object { - "Fn::GetAtt": Array [ - "JobRole014917C6", - "Arn", - ], - }, - "SecurityConfiguration": "testSecConfig", - }, - "Type": "AWS::Glue::Job", - }, - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "Identifier for the record", - "Name": "id", - "Type": "int", - }, - Object { - "Comment": "The name of the record", - "Name": "name", - "Type": "string", - }, - Object { - "Comment": "The type of the record", - "Name": "type", - "Type": "string", - }, - Object { - "Comment": "Some value associated with the record", - "Name": "numericvalue", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": Object { - "Ref": "testkinesisstreamslambdaKinesisStream374D6D56", - }, - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": Object { - "Ref": "testkinesisstreamslambdaKinesisStream374D6D56", - }, - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id,name,type,numericvalue", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - "JobRole014917C6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Service role that Glue custom ETL jobs will assume for exeuction", - }, - "Type": "AWS::IAM::Role", - }, - "testkinesisstreamslambdaGlueJobPolicy10DEE7DE": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Glue Security Configuration does not have an ARN, and the policy only allows reading the configuration. CloudWatch metrics also do not have an ARN but adding a namespace condition to the policy to allow it to publish metrics only for AWS Glue", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "glue:GetJob", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":job/", - Object { - "Ref": "ExistingJob", - }, - ], - ], - }, - }, - Object { - "Action": "glue:GetSecurityConfiguration", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "glue:GetTable", - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":table/", - Object { - "Ref": "GlueDatabase", - }, - "/", - Object { - "Ref": "GlueTable", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":database/", - Object { - "Ref": "GlueDatabase", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":catalog", - ], - ], - }, - ], - }, - Object { - "Action": "cloudwatch:PutMetricData", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "true", - }, - "StringEquals": Object { - "cloudwatch:namespace": "Glue", - }, - }, - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kinesis:DescribeStream", - "kinesis:DescribeStreamSummary", - "kinesis:GetRecords", - "kinesis:GetShardIterator", - "kinesis:ListShards", - "kinesis:SubscribeToShard", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaKinesisStream374D6D56", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaGlueJobPolicy10DEE7DE", - "Roles": Array [ - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "/", - Object { - "Fn::Select": Array [ - 5, - Object { - "Fn::Split": Array [ - ":", - Object { - "Fn::GetAtt": Array [ - "JobRole014917C6", - "Arn", - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaKinesisStream374D6D56": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - }, -} -`; - -exports[`When S3 bucket location for script exists 1`] = ` -Object { - "Resources": Object { - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "Identifier for the record", - "Name": "id", - "Type": "int", - }, - Object { - "Comment": "The name of the record", - "Name": "name", - "Type": "string", - }, - Object { - "Comment": "The type of the record", - "Name": "type", - "Type": "string", - }, - Object { - "Comment": "Some value associated with the record", - "Name": "numericvalue", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": Object { - "Ref": "testkinesisstreamslambdaKinesisStream374D6D56", - }, - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": Object { - "Ref": "testkinesisstreamslambdaKinesisStream374D6D56", - }, - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id,name,type,numericvalue", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - "testkinesisstreamslambdaGlueJobPolicy10DEE7DE": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Glue Security Configuration does not have an ARN, and the policy only allows reading the configuration. CloudWatch metrics also do not have an ARN but adding a namespace condition to the policy to allow it to publish metrics only for AWS Glue", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "glue:GetJob", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":job/", - Object { - "Ref": "testkinesisstreamslambdaKinesisETLJobF9454612", - }, - ], - ], - }, - }, - Object { - "Action": "glue:GetSecurityConfiguration", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "glue:GetTable", - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":table/", - Object { - "Ref": "GlueDatabase", - }, - "/", - Object { - "Ref": "GlueTable", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":database/", - Object { - "Ref": "GlueDatabase", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":catalog", - ], - ], - }, - ], - }, - Object { - "Action": "cloudwatch:PutMetricData", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "true", - }, - "StringEquals": Object { - "cloudwatch:namespace": "Glue", - }, - }, - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kinesis:DescribeStream", - "kinesis:DescribeStreamSummary", - "kinesis:GetRecords", - "kinesis:GetShardIterator", - "kinesis:ListShards", - "kinesis:SubscribeToShard", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaKinesisStream374D6D56", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaGlueJobPolicy10DEE7DE", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaGlueSecurityConfig3568178F": Object { - "Properties": Object { - "EncryptionConfiguration": Object { - "JobBookmarksEncryption": Object { - "JobBookmarksEncryptionMode": "CSE-KMS", - "KmsKeyArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/glue", - ], - ], - }, - }, - "S3Encryptions": Array [ - Object { - "S3EncryptionMode": "SSE-S3", - }, - ], - }, - "Name": "ETLJobSecurityConfig", - }, - "Type": "AWS::Glue::SecurityConfiguration", - }, - "testkinesisstreamslambdaJobRole42199B9C": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Service role that Glue custom ETL jobs will assume for exeuction", - }, - "Type": "AWS::IAM::Role", - }, - "testkinesisstreamslambdaJobRoleDefaultPolicy943FFA49": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakelocation/etl/fakefile.py", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakelocation/etl/fakefile.py/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaJobRoleDefaultPolicy943FFA49", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaKinesisETLJobF9454612": Object { - "Properties": Object { - "Command": Object { - "Name": "pythonshell", - "PythonVersion": "3", - "ScriptLocation": "s3://fakelocation/etl/fakefile.py", - }, - "DefaultArguments": Object { - "--database_name": Object { - "Ref": "GlueDatabase", - }, - "--enable-continuous-cloudwatch-log": true, - "--enable-metrics": true, - "--output_path": Object { - "Fn::Join": Array [ - "", - Array [ - "s3a://", - Object { - "Ref": "testkinesisstreamslambdaS3Bucket54759F5C", - }, - "/output/", - ], - ], - }, - "--table_name": Object { - "Ref": "GlueTable", - }, - }, - "GlueVersion": "2.0", - "NumberOfWorkers": 2, - "Role": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaJobRole42199B9C", - "Arn", - ], - }, - "SecurityConfiguration": "ETLJobSecurityConfig", - "WorkerType": "G.1X", - }, - "Type": "AWS::Glue::Job", - }, - "testkinesisstreamslambdaKinesisStream374D6D56": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testkinesisstreamslambdaLogPolicy5FB58427": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws-glue/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaLogPolicy5FB58427", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaS3Bucket54759F5C": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testkinesisstreamslambdaS3LoggingBucket48F70267", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testkinesisstreamslambdaS3BucketPolicy78EB663C": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testkinesisstreamslambdaS3Bucket54759F5C", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testkinesisstreamslambdaS3LoggingBucket48F70267": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testkinesisstreamslambdaS3LoggingBucketPolicy43C89C6D": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testkinesisstreamslambdaS3LoggingBucket48F70267", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3LoggingBucket48F70267", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3LoggingBucket48F70267", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`When database and table are not provided 1`] = ` -Object { - "Resources": Object { - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "Identifier for the record", - "Name": "id", - "Type": "int", - }, - Object { - "Comment": "The name of the record", - "Name": "name", - "Type": "string", - }, - Object { - "Comment": "The type of the record", - "Name": "type", - "Type": "string", - }, - Object { - "Comment": "Some value associated with the record", - "Name": "numericvalue", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": Object { - "Ref": "testkinesisstreamslambdaKinesisStream374D6D56", - }, - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": Object { - "Ref": "testkinesisstreamslambdaKinesisStream374D6D56", - }, - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id,name,type,numericvalue", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - "testkinesisstreamslambdaGlueJobPolicy10DEE7DE": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Glue Security Configuration does not have an ARN, and the policy only allows reading the configuration. CloudWatch metrics also do not have an ARN but adding a namespace condition to the policy to allow it to publish metrics only for AWS Glue", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "glue:GetJob", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":job/", - Object { - "Ref": "testkinesisstreamslambdaKinesisETLJobF9454612", - }, - ], - ], - }, - }, - Object { - "Action": "glue:GetSecurityConfiguration", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "glue:GetTable", - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":table/", - Object { - "Ref": "GlueDatabase", - }, - "/", - Object { - "Ref": "GlueTable", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":database/", - Object { - "Ref": "GlueDatabase", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":catalog", - ], - ], - }, - ], - }, - Object { - "Action": "cloudwatch:PutMetricData", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "true", - }, - "StringEquals": Object { - "cloudwatch:namespace": "Glue", - }, - }, - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kinesis:DescribeStream", - "kinesis:DescribeStreamSummary", - "kinesis:GetRecords", - "kinesis:GetShardIterator", - "kinesis:ListShards", - "kinesis:SubscribeToShard", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaKinesisStream374D6D56", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaGlueJobPolicy10DEE7DE", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaGlueSecurityConfig3568178F": Object { - "Properties": Object { - "EncryptionConfiguration": Object { - "JobBookmarksEncryption": Object { - "JobBookmarksEncryptionMode": "CSE-KMS", - "KmsKeyArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/glue", - ], - ], - }, - }, - "S3Encryptions": Array [ - Object { - "S3EncryptionMode": "SSE-S3", - }, - ], - }, - "Name": "ETLJobSecurityConfig", - }, - "Type": "AWS::Glue::SecurityConfiguration", - }, - "testkinesisstreamslambdaJobRole42199B9C": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Service role that Glue custom ETL jobs will assume for exeuction", - }, - "Type": "AWS::IAM::Role", - }, - "testkinesisstreamslambdaJobRoleDefaultPolicy943FFA49": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakebucket/fakefolder/fakefolder/fakefile.py", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakebucket/fakefolder/fakefolder/fakefile.py/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaJobRoleDefaultPolicy943FFA49", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaKinesisETLJobF9454612": Object { - "Properties": Object { - "Command": Object { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": "s3://fakebucket/fakefolder/fakefolder/fakefile.py", - }, - "DefaultArguments": Object { - "--database_name": Object { - "Ref": "GlueDatabase", - }, - "--enable-continuous-cloudwatch-log": true, - "--enable-metrics": true, - "--output_path": Object { - "Fn::Join": Array [ - "", - Array [ - "s3a://", - Object { - "Ref": "testkinesisstreamslambdaS3Bucket54759F5C", - }, - "/output/", - ], - ], - }, - "--table_name": Object { - "Ref": "GlueTable", - }, - }, - "GlueVersion": "2.0", - "NumberOfWorkers": 2, - "Role": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaJobRole42199B9C", - "Arn", - ], - }, - "SecurityConfiguration": "ETLJobSecurityConfig", - "WorkerType": "G.1X", - }, - "Type": "AWS::Glue::Job", - }, - "testkinesisstreamslambdaKinesisStream374D6D56": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testkinesisstreamslambdaLogPolicy5FB58427": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws-glue/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaLogPolicy5FB58427", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaS3Bucket54759F5C": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testkinesisstreamslambdaS3LoggingBucket48F70267", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testkinesisstreamslambdaS3BucketPolicy78EB663C": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testkinesisstreamslambdaS3Bucket54759F5C", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testkinesisstreamslambdaS3LoggingBucket48F70267": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testkinesisstreamslambdaS3LoggingBucketPolicy43C89C6D": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testkinesisstreamslambdaS3LoggingBucket48F70267", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3LoggingBucket48F70267", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3LoggingBucket48F70267", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`When database and table are provided 1`] = ` -Object { - "Resources": Object { - "GlueTable": Object { - "Properties": Object { - "CatalogId": "fakecatalogId", - "DatabaseName": Object { - "Ref": "fakedb", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "Identifier for the record", - "Name": "id", - "Type": "int", - }, - Object { - "Comment": "The name of the record", - "Name": "name", - "Type": "string", - }, - Object { - "Comment": "The type of the record", - "Name": "type", - "Type": "string", - }, - Object { - "Comment": "Some value associated with the record", - "Name": "numericvalue", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": "testStream", - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": "testStream", - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id,name,type,numericvalue", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - "fakedb": Object { - "Properties": Object { - "CatalogId": "fakecatalogId", - "DatabaseInput": Object { - "Description": "a fake glue db", - }, - }, - "Type": "AWS::Glue::Database", - }, - "testkinesisstreamslambdaGlueJobPolicy10DEE7DE": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Glue Security Configuration does not have an ARN, and the policy only allows reading the configuration. CloudWatch metrics also do not have an ARN but adding a namespace condition to the policy to allow it to publish metrics only for AWS Glue", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "glue:GetJob", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":job/", - Object { - "Ref": "testkinesisstreamslambdaKinesisETLJobF9454612", - }, - ], - ], - }, - }, - Object { - "Action": "glue:GetSecurityConfiguration", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "glue:GetTable", - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":table/", - Object { - "Ref": "fakedb", - }, - "/", - Object { - "Ref": "GlueTable", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":database/", - Object { - "Ref": "fakedb", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":catalog", - ], - ], - }, - ], - }, - Object { - "Action": "cloudwatch:PutMetricData", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "true", - }, - "StringEquals": Object { - "cloudwatch:namespace": "Glue", - }, - }, - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kinesis:DescribeStream", - "kinesis:DescribeStreamSummary", - "kinesis:GetRecords", - "kinesis:GetShardIterator", - "kinesis:ListShards", - "kinesis:SubscribeToShard", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaKinesisStream374D6D56", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaGlueJobPolicy10DEE7DE", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaGlueSecurityConfig3568178F": Object { - "Properties": Object { - "EncryptionConfiguration": Object { - "JobBookmarksEncryption": Object { - "JobBookmarksEncryptionMode": "CSE-KMS", - "KmsKeyArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/glue", - ], - ], - }, - }, - "S3Encryptions": Array [ - Object { - "S3EncryptionMode": "SSE-S3", - }, - ], - }, - "Name": "ETLJobSecurityConfig", - }, - "Type": "AWS::Glue::SecurityConfiguration", - }, - "testkinesisstreamslambdaJobRole42199B9C": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Service role that Glue custom ETL jobs will assume for exeuction", - }, - "Type": "AWS::IAM::Role", - }, - "testkinesisstreamslambdaJobRoleDefaultPolicy943FFA49": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakebucket/fakefolder/fakefolder/fakefile.py", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakebucket/fakefolder/fakefolder/fakefile.py/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaJobRoleDefaultPolicy943FFA49", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaKinesisETLJobF9454612": Object { - "Properties": Object { - "Command": Object { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": "s3://fakebucket/fakefolder/fakefolder/fakefile.py", - }, - "DefaultArguments": Object { - "--database_name": Object { - "Ref": "fakedb", - }, - "--enable-continuous-cloudwatch-log": true, - "--enable-metrics": true, - "--output_path": Object { - "Fn::Join": Array [ - "", - Array [ - "s3a://", - Object { - "Ref": "testkinesisstreamslambdaS3Bucket54759F5C", - }, - "/output/", - ], - ], - }, - "--table_name": Object { - "Ref": "GlueTable", - }, - }, - "GlueVersion": "2.0", - "NumberOfWorkers": 2, - "Role": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaJobRole42199B9C", - "Arn", - ], - }, - "SecurityConfiguration": "ETLJobSecurityConfig", - "WorkerType": "G.1X", - }, - "Type": "AWS::Glue::Job", - }, - "testkinesisstreamslambdaKinesisStream374D6D56": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testkinesisstreamslambdaLogPolicy5FB58427": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws-glue/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaLogPolicy5FB58427", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaJobRole42199B9C", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaS3Bucket54759F5C": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "testkinesisstreamslambdaS3LoggingBucket48F70267", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testkinesisstreamslambdaS3BucketPolicy78EB663C": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testkinesisstreamslambdaS3Bucket54759F5C", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3Bucket54759F5C", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "testkinesisstreamslambdaS3LoggingBucket48F70267": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "testkinesisstreamslambdaS3LoggingBucketPolicy43C89C6D": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "testkinesisstreamslambdaS3LoggingBucket48F70267", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3LoggingBucket48F70267", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaS3LoggingBucket48F70267", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`create glue job with existing kinesis stream 1`] = ` -Object { - "Resources": Object { - "FakeStreamAC5F518E": Object { - "Properties": Object { - "Name": "fakename", - "RetentionPeriodHours": 30, - "ShardCount": 3, - }, - "Type": "AWS::Kinesis::Stream", - }, - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "Identifier for the record", - "Name": "id", - "Type": "int", - }, - Object { - "Comment": "The name of the record", - "Name": "name", - "Type": "string", - }, - Object { - "Comment": "The type of the record", - "Name": "type", - "Type": "string", - }, - Object { - "Comment": "Some value associated with the record", - "Name": "numericvalue", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": Object { - "Ref": "FakeStreamAC5F518E", - }, - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": Object { - "Ref": "FakeStreamAC5F518E", - }, - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id,name,type,numericvalue", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - "existingStreamJobGlueJobPolicy7D9DFD94": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Glue Security Configuration does not have an ARN, and the policy only allows reading the configuration. CloudWatch metrics also do not have an ARN but adding a namespace condition to the policy to allow it to publish metrics only for AWS Glue", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "glue:GetJob", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":job/", - Object { - "Ref": "existingStreamJobKinesisETLJobA36C45A1", - }, - ], - ], - }, - }, - Object { - "Action": "glue:GetSecurityConfiguration", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "glue:GetTable", - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":table/", - Object { - "Ref": "GlueDatabase", - }, - "/", - Object { - "Ref": "GlueTable", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":database/", - Object { - "Ref": "GlueDatabase", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":glue:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":catalog", - ], - ], - }, - ], - }, - Object { - "Action": "cloudwatch:PutMetricData", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "true", - }, - "StringEquals": Object { - "cloudwatch:namespace": "Glue", - }, - }, - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kinesis:DescribeStream", - "kinesis:DescribeStreamSummary", - "kinesis:GetRecords", - "kinesis:GetShardIterator", - "kinesis:ListShards", - "kinesis:SubscribeToShard", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "FakeStreamAC5F518E", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "existingStreamJobGlueJobPolicy7D9DFD94", - "Roles": Array [ - Object { - "Ref": "existingStreamJobJobRoleA1ADDA0A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "existingStreamJobGlueSecurityConfig88E060CD": Object { - "Properties": Object { - "EncryptionConfiguration": Object { - "JobBookmarksEncryption": Object { - "JobBookmarksEncryptionMode": "CSE-KMS", - "KmsKeyArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/glue", - ], - ], - }, - }, - "S3Encryptions": Array [ - Object { - "S3EncryptionMode": "SSE-S3", - }, - ], - }, - "Name": "ETLJobSecurityConfig", - }, - "Type": "AWS::Glue::SecurityConfiguration", - }, - "existingStreamJobJobRoleA1ADDA0A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Service role that Glue custom ETL jobs will assume for exeuction", - }, - "Type": "AWS::IAM::Role", - }, - "existingStreamJobJobRoleDefaultPolicy30D677C0": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "existingStreamJobS3Bucket33C3F47E", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "existingStreamJobS3Bucket33C3F47E", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakes3bucket/fakepath/fakefile.py", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakes3bucket/fakepath/fakefile.py/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "existingStreamJobJobRoleDefaultPolicy30D677C0", - "Roles": Array [ - Object { - "Ref": "existingStreamJobJobRoleA1ADDA0A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "existingStreamJobKinesisETLJobA36C45A1": Object { - "Properties": Object { - "Command": Object { - "Name": "pythonshell", - "PythonVersion": "3", - "ScriptLocation": "s3://fakes3bucket/fakepath/fakefile.py", - }, - "DefaultArguments": Object { - "--database_name": Object { - "Ref": "GlueDatabase", - }, - "--enable-continuous-cloudwatch-log": true, - "--enable-metrics": true, - "--output_path": Object { - "Fn::Join": Array [ - "", - Array [ - "s3a://", - Object { - "Ref": "existingStreamJobS3Bucket33C3F47E", - }, - "/output/", - ], - ], - }, - "--table_name": Object { - "Ref": "GlueTable", - }, - }, - "GlueVersion": "2.0", - "NumberOfWorkers": 2, - "Role": Object { - "Fn::GetAtt": Array [ - "existingStreamJobJobRoleA1ADDA0A", - "Arn", - ], - }, - "SecurityConfiguration": "ETLJobSecurityConfig", - "WorkerType": "G.1X", - }, - "Type": "AWS::Glue::Job", - }, - "existingStreamJobLogPolicy08F24C09": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws-glue/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "existingStreamJobLogPolicy08F24C09", - "Roles": Array [ - Object { - "Ref": "existingStreamJobJobRoleA1ADDA0A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "existingStreamJobS3Bucket33C3F47E": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "existingStreamJobS3LoggingBucket9A822FD6", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "existingStreamJobS3BucketPolicy9174F803": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "existingStreamJobS3Bucket33C3F47E", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "existingStreamJobS3Bucket33C3F47E", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "existingStreamJobS3Bucket33C3F47E", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "existingStreamJobS3LoggingBucket9A822FD6": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "existingStreamJobS3LoggingBucketPolicyDB691863": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "existingStreamJobS3LoggingBucket9A822FD6", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "existingStreamJobS3LoggingBucket9A822FD6", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "existingStreamJobS3LoggingBucket9A822FD6", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/test.kinesisstream-gluejob.test.ts b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/test.kinesisstream-gluejob.test.ts index e1339a5b7..f89fa96cc 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/test.kinesisstream-gluejob.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-gluejob/test/test.kinesisstream-gluejob.test.ts @@ -11,7 +11,7 @@ * and limitations under the License. */ -import { ResourcePart, SynthUtils } from '@aws-cdk/assert'; +import { ResourcePart } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import { CfnDatabase, CfnJob } from '@aws-cdk/aws-glue'; import { Stream, StreamEncryption } from '@aws-cdk/aws-kinesis'; @@ -56,8 +56,6 @@ test('Pattern minimal deployment', () => { const id = 'test-kinesisstreams-lambda'; new KinesisstreamsToGluejob(stack, id, props); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // check for role creation expect(stack).toHaveResourceLike('AWS::IAM::Role', { @@ -294,8 +292,6 @@ test('Test if existing Glue Job is provided', () => { comment: "Some value associated with the record" }], }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // check for Kinesis Stream expect(stack).toHaveResourceLike('AWS::Kinesis::Stream', { @@ -348,8 +344,6 @@ test('When S3 bucket location for script exists', () => { } }; new KinesisstreamsToGluejob(stack, 'test-kinesisstreams-lambda', props); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(stack).toHaveResourceLike('AWS::Glue::Job', { Type: 'AWS::Glue::Job', Properties: { @@ -405,7 +399,6 @@ test('create glue job with existing kinesis stream', () => { } }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(stack).toHaveResourceLike('AWS::Kinesis::Stream', { Type: 'AWS::Kinesis::Stream', Properties: { @@ -522,8 +515,6 @@ test('When database and table are provided', () => { }], 'kinesis', { STREAM_NAME: 'testStream' }) }; new KinesisstreamsToGluejob(stack, 'test-kinesisstreams-lambda', props); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(stack).toHaveResourceLike('AWS::Glue::Database', { Type: "AWS::Glue::Database", Properties: { @@ -568,8 +559,6 @@ test('When database and table are not provided', () => { }] }; new KinesisstreamsToGluejob(stack, 'test-kinesisstreams-lambda', props); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(stack).toHaveResourceLike('AWS::Glue::Database', { Type: "AWS::Glue::Database", Properties: { diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/__snapshots__/test.kinesisfirehose-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/__snapshots__/test.kinesisfirehose-s3.test.js.snap deleted file mode 100644 index 64cf67239..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/__snapshots__/test.kinesisfirehose-s3.test.js.snap +++ /dev/null @@ -1,460 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test KinesisStreamsToKinesisFirehoseToS3 default params 1`] = ` -Object { - "Resources": Object { - "KinesisStreamsRole2BFD39A5": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:DescribeStream", - "kinesis:GetShardIterator", - "kinesis:GetRecords", - "kinesis:ListShards", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "teststreamfirehoses3KinesisStream3165E68E", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "KinesisStreamsRoleRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "teststreamfirehoses3KinesisFirehoseToS3KinesisFirehose7303FF77": Object { - "Properties": Object { - "DeliveryStreamType": "KinesisStreamAsSource", - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": Object { - "Fn::GetAtt": Array [ - "teststreamfirehoses3KinesisFirehoseToS3S3Bucket315B67A3", - "Arn", - ], - }, - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": Object { - "Ref": "teststreamfirehoses3KinesisFirehoseToS3firehoseloggroupEE4052E0", - }, - "LogStreamName": Object { - "Ref": "teststreamfirehoses3KinesisFirehoseToS3firehoseloggroupfirehoselogstream444A1C47", - }, - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "teststreamfirehoses3KinesisFirehoseToS3KinesisFirehoseRole4FEDEB9A", - "Arn", - ], - }, - }, - "KinesisStreamSourceConfiguration": Object { - "KinesisStreamARN": Object { - "Fn::GetAtt": Array [ - "teststreamfirehoses3KinesisStream3165E68E", - "Arn", - ], - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "KinesisStreamsRole2BFD39A5", - "Arn", - ], - }, - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - "teststreamfirehoses3KinesisFirehoseToS3KinesisFirehosePolicy10E28125": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:AbortMultipartUpload", - "s3:GetBucketLocation", - "s3:GetObject", - "s3:ListBucket", - "s3:ListBucketMultipartUploads", - "s3:PutObject", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "teststreamfirehoses3KinesisFirehoseToS3S3Bucket315B67A3", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "teststreamfirehoses3KinesisFirehoseToS3S3Bucket315B67A3", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": "logs:PutLogEvents", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:", - Object { - "Ref": "teststreamfirehoses3KinesisFirehoseToS3firehoseloggroupEE4052E0", - }, - ":log-stream:", - Object { - "Ref": "teststreamfirehoses3KinesisFirehoseToS3firehoseloggroupfirehoselogstream444A1C47", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "teststreamfirehoses3KinesisFirehoseToS3KinesisFirehosePolicy10E28125", - "Roles": Array [ - Object { - "Ref": "teststreamfirehoses3KinesisFirehoseToS3KinesisFirehoseRole4FEDEB9A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "teststreamfirehoses3KinesisFirehoseToS3KinesisFirehoseRole4FEDEB9A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "firehose.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "teststreamfirehoses3KinesisFirehoseToS3S3Bucket315B67A3": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "teststreamfirehoses3KinesisFirehoseToS3S3LoggingBucketFB87BEBC", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "teststreamfirehoses3KinesisFirehoseToS3S3BucketPolicy6A903D55": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "teststreamfirehoses3KinesisFirehoseToS3S3Bucket315B67A3", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "teststreamfirehoses3KinesisFirehoseToS3S3Bucket315B67A3", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "teststreamfirehoses3KinesisFirehoseToS3S3Bucket315B67A3", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "teststreamfirehoses3KinesisFirehoseToS3S3LoggingBucketFB87BEBC": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "teststreamfirehoses3KinesisFirehoseToS3S3LoggingBucketPolicy4A393931": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "teststreamfirehoses3KinesisFirehoseToS3S3LoggingBucketFB87BEBC", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "teststreamfirehoses3KinesisFirehoseToS3S3LoggingBucketFB87BEBC", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "teststreamfirehoses3KinesisFirehoseToS3S3LoggingBucketFB87BEBC", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "teststreamfirehoses3KinesisFirehoseToS3firehoseloggroupEE4052E0": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "teststreamfirehoses3KinesisFirehoseToS3firehoseloggroupfirehoselogstream444A1C47": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "LogGroupName": Object { - "Ref": "teststreamfirehoses3KinesisFirehoseToS3firehoseloggroupEE4052E0", - }, - }, - "Type": "AWS::Logs::LogStream", - "UpdateReplacePolicy": "Retain", - }, - "teststreamfirehoses3KinesisStream3165E68E": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "teststreamfirehoses3KinesisStreamGetRecordsIteratorAgeAlarm8C693DF4": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "teststreamfirehoses3KinesisStreamReadProvisionedThroughputExceededAlarm7C631AC0": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/test.kinesisfirehose-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/test.kinesisfirehose-s3.test.ts index a0df080f0..126901aae 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/test.kinesisfirehose-s3.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/test/test.kinesisfirehose-s3.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { KinesisStreamsToKinesisFirehoseToS3, KinesisStreamsToKinesisFirehoseToS3Props } from '../lib'; import * as cdk from '@aws-cdk/core'; import '@aws-cdk/assert/jest'; @@ -23,12 +22,6 @@ function deploy(stack: cdk.Stack, props: KinesisStreamsToKinesisFirehoseToS3Prop return new KinesisStreamsToKinesisFirehoseToS3(stack, 'test-stream-firehose-s3', props); } -test('snapshot test KinesisStreamsToKinesisFirehoseToS3 default params', () => { - const stack = new cdk.Stack(); - deploy(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('test kinesisFirehose override ', () => { const stack = new cdk.Stack(); deploy(stack, { diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/__snapshots__/test.kinesisstreams-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/__snapshots__/test.kinesisstreams-lambda.test.js.snap deleted file mode 100644 index e96a0609f..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/__snapshots__/test.kinesisstreams-lambda.test.js.snap +++ /dev/null @@ -1,682 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Pattern minimal deployment 1`] = ` -Object { - "Parameters": Object { - "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdArtifactHashEA3A5944": Object { - "Description": "Artifact hash for asset \\"dfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcd\\"", - "Type": "String", - }, - "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdS3BucketA460830B": Object { - "Description": "S3 bucket for asset \\"dfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcd\\"", - "Type": "String", - }, - "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdS3VersionKey58FEB9E6": Object { - "Description": "S3 key for asset version \\"dfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcd\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testkinesisstreamslambdaKinesisStream76FFCAB1": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - "testkinesisstreamslambdaKinesisStreamGetRecordsIteratorAgeAlarmD4A643E3": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testkinesisstreamslambdaKinesisStreamReadProvisionedThroughputExceededAlarm625E46F4": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testkinesisstreamslambdaLambdaFunction02E4DD2D": Object { - "DependsOn": Array [ - "testkinesisstreamslambdaLambdaFunctionServiceRoleDefaultPolicyE2BE8F65", - "testkinesisstreamslambdaLambdaFunctionServiceRoleD083672F", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdS3BucketA460830B", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdS3VersionKey58FEB9E6", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdS3VersionKey58FEB9E6", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaLambdaFunctionServiceRoleD083672F", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testkinesisstreamslambdaLambdaFunctionKinesisEventSourcetestkinesisstreamslambdaKinesisStreamE01CADBD221E7379": Object { - "Properties": Object { - "BatchSize": 100, - "BisectBatchOnFunctionError": true, - "DestinationConfig": Object { - "OnFailure": Object { - "Destination": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaSqsDlqQueueDCC12D0A", - "Arn", - ], - }, - }, - }, - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaKinesisStream76FFCAB1", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "testkinesisstreamslambdaLambdaFunction02E4DD2D", - }, - "MaximumRecordAgeInSeconds": 86400, - "MaximumRetryAttempts": 500, - "StartingPosition": "TRIM_HORIZON", - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - "testkinesisstreamslambdaLambdaFunctionServiceRoleD083672F": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testkinesisstreamslambdaLambdaFunctionServiceRoleDefaultPolicyE2BE8F65": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kinesis:DescribeStreamSummary", - "kinesis:GetRecords", - "kinesis:GetShardIterator", - "kinesis:ListShards", - "kinesis:SubscribeToShard", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaKinesisStream76FFCAB1", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaSqsDlqQueueDCC12D0A", - "Arn", - ], - }, - }, - Object { - "Action": "kinesis:DescribeStream", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaKinesisStream76FFCAB1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testkinesisstreamslambdaLambdaFunctionServiceRoleDefaultPolicyE2BE8F65", - "Roles": Array [ - Object { - "Ref": "testkinesisstreamslambdaLambdaFunctionServiceRoleD083672F", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaSqsDlqQueueDCC12D0A": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testkinesisstreamslambdaSqsDlqQueuePolicyB865E539": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaSqsDlqQueueDCC12D0A", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaSqsDlqQueueDCC12D0A", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testkinesisstreamslambdaSqsDlqQueueDCC12D0A", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test existing resources 1`] = ` -Object { - "Parameters": Object { - "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdArtifactHashEA3A5944": Object { - "Description": "Artifact hash for asset \\"dfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcd\\"", - "Type": "String", - }, - "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdS3BucketA460830B": Object { - "Description": "S3 bucket for asset \\"dfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcd\\"", - "Type": "String", - }, - "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdS3VersionKey58FEB9E6": Object { - "Description": "S3 key for asset version \\"dfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcd\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testfn76BCC25C": Object { - "DependsOn": Array [ - "testfnServiceRoleDefaultPolicy63AA2D42", - "testfnServiceRoleC30E0817", - ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdS3BucketA460830B", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdS3VersionKey58FEB9E6", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersdfe828a7d00b0da7a6e92dc1decf39ec907e4edc6006faea8631d4dabd7f4fcdS3VersionKey58FEB9E6", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testfnServiceRoleC30E0817", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - }, - "Type": "AWS::Lambda::Function", - }, - "testfnKinesisEventSourceteststreamE93A322D": Object { - "Properties": Object { - "BatchSize": 100, - "BisectBatchOnFunctionError": true, - "DestinationConfig": Object { - "OnFailure": Object { - "Destination": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaSqsDlqQueueDCC12D0A", - "Arn", - ], - }, - }, - }, - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "teststream04374A09", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "testfn76BCC25C", - }, - "MaximumRecordAgeInSeconds": 86400, - "MaximumRetryAttempts": 500, - "StartingPosition": "TRIM_HORIZON", - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - "testfnServiceRoleC30E0817": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testfnServiceRoleDefaultPolicy63AA2D42": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kinesis:DescribeStreamSummary", - "kinesis:GetRecords", - "kinesis:GetShardIterator", - "kinesis:ListShards", - "kinesis:SubscribeToShard", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "teststream04374A09", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaSqsDlqQueueDCC12D0A", - "Arn", - ], - }, - }, - Object { - "Action": "kinesis:DescribeStream", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "teststream04374A09", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testfnServiceRoleDefaultPolicy63AA2D42", - "Roles": Array [ - Object { - "Ref": "testfnServiceRoleC30E0817", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testkinesisstreamslambdaKinesisStreamGetRecordsIteratorAgeAlarmD4A643E3": Object { - "Properties": Object { - "AlarmDescription": "Consumer Record Processing Falling Behind, there is risk for data loss due to record expiration.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "GetRecords.IteratorAgeMilliseconds", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 2592000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testkinesisstreamslambdaKinesisStreamReadProvisionedThroughputExceededAlarm625E46F4": Object { - "Properties": Object { - "AlarmDescription": "Consumer Application is Reading at a Slower Rate Than Expected.", - "ComparisonOperator": "GreaterThanThreshold", - "EvaluationPeriods": 1, - "MetricName": "ReadProvisionedThroughputExceeded", - "Namespace": "AWS/Kinesis", - "Period": 300, - "Statistic": "Average", - "Threshold": 0, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testkinesisstreamslambdaSqsDlqQueueDCC12D0A": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testkinesisstreamslambdaSqsDlqQueuePolicyB865E539": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaSqsDlqQueueDCC12D0A", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testkinesisstreamslambdaSqsDlqQueueDCC12D0A", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testkinesisstreamslambdaSqsDlqQueueDCC12D0A", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "teststream04374A09": Object { - "Properties": Object { - "Name": "existing-stream", - "RetentionPeriodHours": 48, - "ShardCount": 5, - }, - "Type": "AWS::Kinesis::Stream", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/test.kinesisstreams-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/test.kinesisstreams-lambda.test.ts index 433a36165..959d7c7d1 100644 --- a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/test.kinesisstreams-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-lambda/test/test.kinesisstreams-lambda.test.ts @@ -14,29 +14,10 @@ // Imports import { Stack, Duration } from "@aws-cdk/core"; import { KinesisStreamsToLambda, KinesisStreamsToLambdaProps } from "../lib"; -import { SynthUtils } from '@aws-cdk/assert'; import * as lambda from '@aws-cdk/aws-lambda'; import * as kinesis from '@aws-cdk/aws-kinesis'; import '@aws-cdk/assert/jest'; -// -------------------------------------------------------------- -// Pattern minimal deployment -// -------------------------------------------------------------- -test('Pattern minimal deployment', () => { - // Initial setup - const stack = new Stack(); - const props: KinesisStreamsToLambdaProps = { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - } - }; - new KinesisStreamsToLambda(stack, 'test-kinesis-streams-lambda', props); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test properties // -------------------------------------------------------------- @@ -85,9 +66,6 @@ test('Test existing resources', () => { }); - // Assertions - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - expect(stack).toHaveResource('AWS::Kinesis::Stream', { Name: 'existing-stream', ShardCount: 5, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/__snapshots__/lambda-dynamodb.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/__snapshots__/lambda-dynamodb.test.js.snap deleted file mode 100644 index a7e9dd1a0..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/__snapshots__/lambda-dynamodb.test.js.snap +++ /dev/null @@ -1,248 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test LambdaToDynamoDB default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8ArtifactHash8D9AD644": Object { - "Description": "Artifact hash for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB": Object { - "Description": "S3 bucket for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7": Object { - "Description": "S3 key for asset version \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testlambdadynamodbstackDynamoTable8138E93B": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AttributeDefinitions": Array [ - Object { - "AttributeName": "id", - "AttributeType": "S", - }, - ], - "BillingMode": "PAY_PER_REQUEST", - "KeySchema": Array [ - Object { - "AttributeName": "id", - "KeyType": "HASH", - }, - ], - "PointInTimeRecoverySpecification": Object { - "PointInTimeRecoveryEnabled": true, - }, - "SSESpecification": Object { - "SSEEnabled": true, - }, - }, - "Type": "AWS::DynamoDB::Table", - "UpdateReplacePolicy": "Retain", - }, - "testlambdadynamodbstackLambdaFunction5DDB3E8D": Object { - "DependsOn": Array [ - "testlambdadynamodbstackLambdaFunctionServiceRoleDefaultPolicy547FB7F4", - "testlambdadynamodbstackLambdaFunctionServiceRole758347A1", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "DDB_TABLE_NAME": Object { - "Ref": "testlambdadynamodbstackDynamoTable8138E93B", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstackLambdaFunctionServiceRole758347A1", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testlambdadynamodbstackLambdaFunctionServiceRole758347A1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testlambdadynamodbstackLambdaFunctionServiceRoleDefaultPolicy547FB7F4": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "dynamodb:BatchGetItem", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:Query", - "dynamodb:GetItem", - "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:BatchWriteItem", - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testlambdadynamodbstackDynamoTable8138E93B", - "Arn", - ], - }, - Object { - "Ref": "AWS::NoValue", - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testlambdadynamodbstackLambdaFunctionServiceRoleDefaultPolicy547FB7F4", - "Roles": Array [ - Object { - "Ref": "testlambdadynamodbstackLambdaFunctionServiceRole758347A1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts index 09d8fe7ab..4b86d95d6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-dynamodb/test/lambda-dynamodb.test.ts @@ -11,7 +11,7 @@ * and limitations under the License. */ -import { SynthUtils, expect as expectCDK, haveResource } from '@aws-cdk/assert'; +import { expect as expectCDK, haveResource } from '@aws-cdk/assert'; import { LambdaToDynamoDB, LambdaToDynamoDBProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; import * as dynamodb from '@aws-cdk/aws-dynamodb'; @@ -54,12 +54,6 @@ function useExistingFunc(stack: cdk.Stack) { return new LambdaToDynamoDB(stack, 'test-lambda-dynamodb-stack', props); } -test('snapshot test LambdaToDynamoDB default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check lambda function properties for deploy: true', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/__snapshots__/lambda-elasticsearch-kibana.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/__snapshots__/lambda-elasticsearch-kibana.test.js.snap deleted file mode 100644 index 6be903272..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/__snapshots__/lambda-elasticsearch-kibana.test.js.snap +++ /dev/null @@ -1,691 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682dbArtifactHash322F5E2F": Object { - "Description": "Artifact hash for asset \\"67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682db\\"", - "Type": "String", - }, - "AssetParameters67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682dbS3BucketBAF5BF3A": Object { - "Description": "S3 bucket for asset \\"67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682db\\"", - "Type": "String", - }, - "AssetParameters67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682dbS3VersionKeyADB3CCA3": Object { - "Description": "S3 key for asset version \\"67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682db\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testlambdaelasticsearchstackAutomatedSnapshotFailureTooHighAlarmE1525DBA": Object { - "Properties": Object { - "AlarmDescription": "An automated snapshot failed. This failure is often the result of a red cluster health status.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "AutomatedSnapshotFailure", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdaelasticsearchstackCPUUtilizationTooHighAlarm25C597E5": Object { - "Properties": Object { - "AlarmDescription": "100% CPU utilization is not uncommon, but sustained high usage is problematic. Consider using larger instance types or adding instances.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 3, - "MetricName": "CPUUtilization", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 80, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdaelasticsearchstackCognitoAuthorizedRole48A260E1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": Object { - "ForAnyValue:StringLike": Object { - "cognito-identity.amazonaws.com:amr": "authenticated", - }, - "StringEquals": Object { - "cognito-identity.amazonaws.com:aud": Object { - "Ref": "testlambdaelasticsearchstackCognitoIdentityPool7A260383", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "Federated": "cognito-identity.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "es:ESHttp*", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "CognitoAccessPolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testlambdaelasticsearchstackCognitoIdentityPool7A260383": Object { - "Properties": Object { - "AllowUnauthenticatedIdentities": false, - "CognitoIdentityProviders": Array [ - Object { - "ClientId": Object { - "Ref": "testlambdaelasticsearchstackCognitoUserPoolClient6610371B", - }, - "ProviderName": Object { - "Fn::GetAtt": Array [ - "testlambdaelasticsearchstackCognitoUserPool05D1387E", - "ProviderName", - ], - }, - "ServerSideTokenCheck": true, - }, - ], - }, - "Type": "AWS::Cognito::IdentityPool", - }, - "testlambdaelasticsearchstackCognitoKibanaConfigureRole72380E63": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "es.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testlambdaelasticsearchstackCognitoKibanaConfigureRolePolicyE3A46E8D": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "cognito-idp:DescribeUserPool", - "cognito-idp:CreateUserPoolClient", - "cognito-idp:DeleteUserPoolClient", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:AdminInitiateAuth", - "cognito-idp:AdminUserGlobalSignOut", - "cognito-idp:ListUserPoolClients", - "cognito-identity:DescribeIdentityPool", - "cognito-identity:UpdateIdentityPool", - "cognito-identity:SetIdentityPoolRoles", - "cognito-identity:GetIdentityPoolRoles", - "es:UpdateElasticsearchDomainConfig", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "testlambdaelasticsearchstackCognitoUserPool05D1387E", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:cognito-identity:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":identitypool/", - Object { - "Ref": "testlambdaelasticsearchstackCognitoIdentityPool7A260383", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain", - ], - ], - }, - ], - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "cognito-identity.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdaelasticsearchstackCognitoKibanaConfigureRole72380E63", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testlambdaelasticsearchstackCognitoKibanaConfigureRolePolicyE3A46E8D", - "Roles": Array [ - Object { - "Ref": "testlambdaelasticsearchstackCognitoKibanaConfigureRole72380E63", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testlambdaelasticsearchstackCognitoUserPool05D1387E": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AccountRecoverySetting": Object { - "RecoveryMechanisms": Array [ - Object { - "Name": "verified_phone_number", - "Priority": 1, - }, - Object { - "Name": "verified_email", - "Priority": 2, - }, - ], - }, - "AdminCreateUserConfig": Object { - "AllowAdminCreateUserOnly": true, - }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "UserPoolAddOns": Object { - "AdvancedSecurityMode": "ENFORCED", - }, - "VerificationMessageTemplate": Object { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}", - }, - }, - "Type": "AWS::Cognito::UserPool", - "UpdateReplacePolicy": "Retain", - }, - "testlambdaelasticsearchstackCognitoUserPoolClient6610371B": Object { - "Properties": Object { - "AllowedOAuthFlows": Array [ - "implicit", - "code", - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": Array [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin", - ], - "CallbackURLs": Array [ - "https://example.com", - ], - "SupportedIdentityProviders": Array [ - "COGNITO", - ], - "UserPoolId": Object { - "Ref": "testlambdaelasticsearchstackCognitoUserPool05D1387E", - }, - }, - "Type": "AWS::Cognito::UserPoolClient", - }, - "testlambdaelasticsearchstackElasticsearchDomain2DE7011B": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W28", - "reason": "The ES Domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific ES instance only", - }, - Object { - "id": "W90", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - ], - }, - }, - "Properties": Object { - "AccessPolicies": Object { - "Statement": Array [ - Object { - "Action": "es:ESHttp*", - "Effect": "Allow", - "Principal": Object { - "AWS": Array [ - Object { - "Fn::GetAtt": Array [ - "testlambdaelasticsearchstackCognitoAuthorizedRole48A260E1", - "Arn", - ], - }, - Object { - "Fn::GetAtt": Array [ - "testlambdaelasticsearchstackLambdaFunctionServiceRoleEB1E3355", - "Arn", - ], - }, - ], - }, - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "CognitoOptions": Object { - "Enabled": true, - "IdentityPoolId": Object { - "Ref": "testlambdaelasticsearchstackCognitoIdentityPool7A260383", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testlambdaelasticsearchstackCognitoKibanaConfigureRole72380E63", - "Arn", - ], - }, - "UserPoolId": Object { - "Ref": "testlambdaelasticsearchstackCognitoUserPool05D1387E", - }, - }, - "DomainName": "test-domain", - "EBSOptions": Object { - "EBSEnabled": true, - "VolumeSize": 10, - }, - "ElasticsearchClusterConfig": Object { - "DedicatedMasterCount": 3, - "DedicatedMasterEnabled": true, - "InstanceCount": 3, - "ZoneAwarenessConfig": Object { - "AvailabilityZoneCount": 3, - }, - "ZoneAwarenessEnabled": true, - }, - "ElasticsearchVersion": "6.3", - "EncryptionAtRestOptions": Object { - "Enabled": true, - }, - "NodeToNodeEncryptionOptions": Object { - "Enabled": true, - }, - "SnapshotOptions": Object { - "AutomatedSnapshotStartHour": 1, - }, - }, - "Type": "AWS::Elasticsearch::Domain", - }, - "testlambdaelasticsearchstackFreeStorageSpaceTooLowAlarmB0688A0C": Object { - "Properties": Object { - "AlarmDescription": "A node in your cluster is down to 20 GiB of free storage space.", - "ComparisonOperator": "LessThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "FreeStorageSpace", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Minimum", - "Threshold": 20000, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdaelasticsearchstackIdentityPoolRoleMapping1553C88A": Object { - "Properties": Object { - "IdentityPoolId": Object { - "Ref": "testlambdaelasticsearchstackCognitoIdentityPool7A260383", - }, - "Roles": Object { - "authenticated": Object { - "Fn::GetAtt": Array [ - "testlambdaelasticsearchstackCognitoAuthorizedRole48A260E1", - "Arn", - ], - }, - }, - }, - "Type": "AWS::Cognito::IdentityPoolRoleAttachment", - }, - "testlambdaelasticsearchstackIndexWritesBlockedTooHighAlarm204AB403": Object { - "Properties": Object { - "AlarmDescription": "Your cluster is blocking write requests.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "ClusterIndexWritesBlocked", - "Namespace": "AWS/ES", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdaelasticsearchstackJVMMemoryPressureTooHighAlarmFB8617D3": Object { - "Properties": Object { - "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "JVMMemoryPressure", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 80, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdaelasticsearchstackLambdaFunction5CA5683F": Object { - "DependsOn": Array [ - "testlambdaelasticsearchstackLambdaFunctionServiceRoleDefaultPolicy5EFA0073", - "testlambdaelasticsearchstackLambdaFunctionServiceRoleEB1E3355", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682dbS3BucketBAF5BF3A", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682dbS3VersionKeyADB3CCA3", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters67a9971e29baab2bde3043bb70ce5b53318b95429a1ce9b189cf65223e8682dbS3VersionKeyADB3CCA3", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "DOMAIN_ENDPOINT": Object { - "Fn::GetAtt": Array [ - "testlambdaelasticsearchstackElasticsearchDomain2DE7011B", - "DomainEndpoint", - ], - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testlambdaelasticsearchstackLambdaFunctionServiceRoleEB1E3355", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testlambdaelasticsearchstackLambdaFunctionServiceRoleDefaultPolicy5EFA0073": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testlambdaelasticsearchstackLambdaFunctionServiceRoleDefaultPolicy5EFA0073", - "Roles": Array [ - Object { - "Ref": "testlambdaelasticsearchstackLambdaFunctionServiceRoleEB1E3355", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testlambdaelasticsearchstackLambdaFunctionServiceRoleEB1E3355": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testlambdaelasticsearchstackMasterCPUUtilizationTooHighAlarm9F5EF826": Object { - "Properties": Object { - "AlarmDescription": "Average CPU utilization over last 45 minutes too high. Consider using larger instance types for your dedicated master nodes.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 3, - "MetricName": "MasterCPUUtilization", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 50, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdaelasticsearchstackMasterJVMMemoryPressureTooHighAlarmECFF41A2": Object { - "Properties": Object { - "AlarmDescription": "Average JVM memory pressure over last 15 minutes too high. Consider scaling vertically.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "MasterJVMMemoryPressure", - "Namespace": "AWS/ES", - "Period": 900, - "Statistic": "Average", - "Threshold": 50, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdaelasticsearchstackStatusRedAlarmD3149716": Object { - "Properties": Object { - "AlarmDescription": "At least one primary shard and its replicas are not allocated to a node. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "ClusterStatus.red", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdaelasticsearchstackStatusYellowAlarm75AD016C": Object { - "Properties": Object { - "AlarmDescription": "At least one replica shard is not allocated to a node.", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "EvaluationPeriods": 1, - "MetricName": "ClusterStatus.yellow", - "Namespace": "AWS/ES", - "Period": 60, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdaelasticsearchstackUserPoolDomainD67735BF": Object { - "DependsOn": Array [ - "testlambdaelasticsearchstackCognitoUserPool05D1387E", - ], - "Properties": Object { - "Domain": "test-domain", - "UserPoolId": Object { - "Ref": "testlambdaelasticsearchstackCognitoUserPool05D1387E", - }, - }, - "Type": "AWS::Cognito::UserPoolDomain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/lambda-elasticsearch-kibana.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/lambda-elasticsearch-kibana.test.ts index 8b9b8aa00..2b5554777 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/lambda-elasticsearch-kibana.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/lambda-elasticsearch-kibana.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { LambdaToElasticSearchAndKibana, LambdaToElasticSearchAndKibanaProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; import * as cdk from "@aws-cdk/core"; @@ -30,13 +29,6 @@ function deployNewFunc(stack: cdk.Stack) { return new LambdaToElasticSearchAndKibana(stack, 'test-lambda-elasticsearch-stack', props); } -test('snapshot test default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check domain names', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/__snapshots__/lambda-s3.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/__snapshots__/lambda-s3.test.js.snap deleted file mode 100644 index 7c062b0a7..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/__snapshots__/lambda-s3.test.js.snap +++ /dev/null @@ -1,3202 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment w/ s3 multiple permissions 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatos3stackLambdaFunctionDA71B293": Object { - "DependsOn": Array [ - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "S3_BUCKET_NAME": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatos3stackLambdaFunctionServiceRole7E511A8A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "s3:DeleteObject*", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - }, - Object { - "Action": Array [ - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "Roles": Array [ - Object { - "Ref": "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatos3stackS3BucketB9FD9B29": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3BucketPolicy705750EF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "lambdatos3stackS3LoggingBucketB82C3492": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3LoggingBucketPolicy72A56AE9": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test deployment w/ s3:Delete only 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatos3stackLambdaFunctionDA71B293": Object { - "DependsOn": Array [ - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "S3_BUCKET_NAME": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatos3stackLambdaFunctionServiceRole7E511A8A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "s3:DeleteObject*", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "Roles": Array [ - Object { - "Ref": "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatos3stackS3BucketB9FD9B29": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3BucketPolicy705750EF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "lambdatos3stackS3LoggingBucketB82C3492": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3LoggingBucketPolicy72A56AE9": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test deployment w/ s3:Put only 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatos3stackLambdaFunctionDA71B293": Object { - "DependsOn": Array [ - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "S3_BUCKET_NAME": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatos3stackLambdaFunctionServiceRole7E511A8A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "Roles": Array [ - Object { - "Ref": "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatos3stackS3BucketB9FD9B29": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3BucketPolicy705750EF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "lambdatos3stackS3LoggingBucketB82C3492": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3LoggingBucketPolicy72A56AE9": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test deployment w/ s3:Read only 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatos3stackLambdaFunctionDA71B293": Object { - "DependsOn": Array [ - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "S3_BUCKET_NAME": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatos3stackLambdaFunctionServiceRole7E511A8A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "Roles": Array [ - Object { - "Ref": "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatos3stackS3BucketB9FD9B29": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3BucketPolicy705750EF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "lambdatos3stackS3LoggingBucketB82C3492": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3LoggingBucketPolicy72A56AE9": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test deployment w/ s3:ReadWrite only 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatos3stackLambdaFunctionDA71B293": Object { - "DependsOn": Array [ - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "S3_BUCKET_NAME": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatos3stackLambdaFunctionServiceRole7E511A8A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "Roles": Array [ - Object { - "Ref": "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatos3stackS3BucketB9FD9B29": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3BucketPolicy705750EF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "lambdatos3stackS3LoggingBucketB82C3492": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3LoggingBucketPolicy72A56AE9": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test deployment w/ s3:Write only 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatos3stackLambdaFunctionDA71B293": Object { - "DependsOn": Array [ - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "S3_BUCKET_NAME": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatos3stackLambdaFunctionServiceRole7E511A8A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "Roles": Array [ - Object { - "Ref": "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatos3stackS3BucketB9FD9B29": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3BucketPolicy705750EF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "lambdatos3stackS3LoggingBucketB82C3492": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3LoggingBucketPolicy72A56AE9": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test minimal deployment with new Lambda function 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatos3stackLambdaFunctionDA71B293": Object { - "DependsOn": Array [ - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "S3_BUCKET_NAME": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatos3stackLambdaFunctionServiceRole7E511A8A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "Roles": Array [ - Object { - "Ref": "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatos3stackS3BucketB9FD9B29": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3BucketPolicy705750EF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "lambdatos3stackS3LoggingBucketB82C3492": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3LoggingBucketPolicy72A56AE9": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test the bucketProps override 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatos3stackLambdaFunctionDA71B293": Object { - "DependsOn": Array [ - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "S3_BUCKET_NAME": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatos3stackLambdaFunctionServiceRole7E511A8A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatos3stackLambdaFunctionServiceRoleDefaultPolicy97EC0F3A", - "Roles": Array [ - Object { - "Ref": "lambdatos3stackLambdaFunctionServiceRole7E511A8A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatos3stackS3BucketB9FD9B29": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - "WebsiteConfiguration": Object { - "IndexDocument": "index.main.html", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3BucketPolicy705750EF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3BucketB9FD9B29", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3BucketB9FD9B29", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "lambdatos3stackS3LoggingBucketB82C3492": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "lambdatos3stackS3LoggingBucketPolicy72A56AE9": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "lambdatos3stackS3LoggingBucketB82C3492", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "lambdatos3stackS3LoggingBucketB82C3492", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/lambda-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/lambda-s3.test.ts index 827b0cd01..6904f75ba 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/lambda-s3.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-s3/test/lambda-s3.test.ts @@ -17,142 +17,9 @@ import * as lambda from "@aws-cdk/aws-lambda"; import * as ec2 from "@aws-cdk/aws-ec2"; import * as s3 from "@aws-cdk/aws-s3"; import { LambdaToS3 } from '../lib'; -import { SynthUtils } from '@aws-cdk/assert'; import { CreateScrapBucket } from '@aws-solutions-constructs/core'; import '@aws-cdk/assert/jest'; -// -------------------------------------------------------------- -// Test minimal deployment with new Lambda function -// -------------------------------------------------------------- -test('Test minimal deployment with new Lambda function', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToS3(stack, 'lambda-to-s3-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - } - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment w/ s3:Delete only -// -------------------------------------------------------------- -test('Test deployment w/ s3:Delete only', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToS3(stack, 'lambda-to-s3-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - bucketPermissions: ['Delete'] - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment w/ s3:Put only -// -------------------------------------------------------------- -test('Test deployment w/ s3:Put only', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToS3(stack, 'lambda-to-s3-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - bucketPermissions: ['Put'] - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment w/ s3:Read only -// -------------------------------------------------------------- -test('Test deployment w/ s3:Read only', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToS3(stack, 'lambda-to-s3-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - bucketPermissions: ['Read'] - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment w/ s3:ReadWrite only -// -------------------------------------------------------------- -test('Test deployment w/ s3:ReadWrite only', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToS3(stack, 'lambda-to-s3-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - bucketPermissions: ['ReadWrite'] - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment w/ s3:Write only -// -------------------------------------------------------------- -test('Test deployment w/ s3:Write only', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToS3(stack, 'lambda-to-s3-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - bucketPermissions: ['Write'] - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment w/ s3 multiple permissions -// -------------------------------------------------------------- -test('Test deployment w/ s3 multiple permissions', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToS3(stack, 'lambda-to-s3-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - bucketPermissions: ['Write', 'Delete'] - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test the getter methods // -------------------------------------------------------------- @@ -194,9 +61,6 @@ test('Test the bucketProps override', () => { websiteIndexDocument: 'index.main.html' } }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 expect(stack).toHaveResource("AWS::S3::Bucket", { WebsiteConfiguration: { IndexDocument: 'index.main.html' diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/__snapshots__/aws-lambda-sagemakerendpoint.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/__snapshots__/aws-lambda-sagemakerendpoint.test.js.snap deleted file mode 100644 index bd925ac73..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/__snapshots__/aws-lambda-sagemakerendpoint.test.js.snap +++ /dev/null @@ -1,1616 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Pattern deployment with existing Lambda function, new Sagemaker endpoint, deployVpc = false 1`] = ` -Object { - "Parameters": Object { - "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15ArtifactHash4C89D4A0": Object { - "Description": "Artifact hash for asset \\"d894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15\\"", - "Type": "String", - }, - "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15S3BucketE0481499": Object { - "Description": "S3 bucket for asset \\"d894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15\\"", - "Type": "String", - }, - "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15S3VersionKey9A1AB349": Object { - "Description": "S3 key for asset version \\"d894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15\\"", - "Type": "String", - }, - }, - "Resources": Object { - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "LambdaFunctionServiceRole0C4CDE0B", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15S3BucketE0481499", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15S3VersionKey9A1AB349", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15S3VersionKey9A1AB349", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "SAGEMAKER_ENDPOINT_NAME": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerEndpoint12803730", - "EndpointName", - ], - }, - }, - }, - "Handler": "index.handler", - "MemorySize": 128, - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn", - ], - }, - "Runtime": "python3.8", - "Timeout": 300, - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRole0C4CDE0B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "sagemaker:InvokeEndpoint", - "Effect": "Allow", - "Resource": Object { - "Ref": "testlambdasagemakerSagemakerEndpoint12803730", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "Roles": Array [ - Object { - "Ref": "LambdaFunctionServiceRole0C4CDE0B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testlambdasagemakerEncryptionKey2AACF9E0": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testlambdasagemakerSagemakerEndpoint12803730": Object { - "DependsOn": Array [ - "testlambdasagemakerSagemakerEndpointConfig6BABA334", - ], - "Properties": Object { - "EndpointConfigName": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerEndpointConfig6BABA334", - "EndpointConfigName", - ], - }, - }, - "Type": "AWS::SageMaker::Endpoint", - }, - "testlambdasagemakerSagemakerEndpointConfig6BABA334": Object { - "DependsOn": Array [ - "testlambdasagemakerSagemakerModelEC3E4E39", - ], - "Properties": Object { - "KmsKeyId": Object { - "Ref": "testlambdasagemakerEncryptionKey2AACF9E0", - }, - "ProductionVariants": Array [ - Object { - "InitialInstanceCount": 1, - "InitialVariantWeight": 1, - "InstanceType": "ml.m4.xlarge", - "ModelName": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerModelEC3E4E39", - "ModelName", - ], - }, - "VariantName": "AllTraffic", - }, - ], - }, - "Type": "AWS::SageMaker::EndpointConfig", - }, - "testlambdasagemakerSagemakerModelEC3E4E39": Object { - "DependsOn": Array [ - "testlambdasagemakerSagemakerRoleDefaultPolicy9909C0A0", - "testlambdasagemakerSagemakerRoleD84546B8", - ], - "Properties": Object { - "ExecutionRoleArn": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerRoleD84546B8", - "Arn", - ], - }, - "PrimaryContainer": Object { - "Image": ".dkr.ecr..amazonaws.com/linear-learner:latest", - "ModelDataUrl": "s3:////model.tar.gz", - }, - }, - "Type": "AWS::SageMaker::Model", - }, - "testlambdasagemakerSagemakerRoleD84546B8": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "sagemaker.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testlambdasagemakerSagemakerRoleDefaultPolicy9909C0A0": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Sagemaker needs the following minimum required permissions to access ENIs in a VPC, ECR for custom model images, and elastic inference.", - }, - Object { - "id": "W76", - "reason": "Complex role becuase Sagemaker needs permissions to access several services", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sagemaker:CreateTrainingJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:CreateModel", - "sagemaker:DescribeModel", - "sagemaker:DeleteModel", - "sagemaker:CreateEndpoint", - "sagemaker:CreateEndpointConfig", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DeleteEndpoint", - "sagemaker:DeleteEndpointConfig", - "sagemaker:InvokeEndpoint", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/sagemaker/*", - ], - ], - }, - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:DescribeRepositories", - "ecr:DescribeImages", - "ecr:BatchGetImage", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":ecr:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":key/*", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*", - }, - Object { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerRoleD84546B8", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "sagemaker.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerRoleD84546B8", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testlambdasagemakerSagemakerRoleDefaultPolicy9909C0A0", - "Roles": Array [ - Object { - "Ref": "testlambdasagemakerSagemakerRoleD84546B8", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`Pattern deployment with new Lambda function, new Sagemaker endpoint, deployVpc = true 1`] = ` -Object { - "Parameters": Object { - "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15ArtifactHash4C89D4A0": Object { - "Description": "Artifact hash for asset \\"d894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15\\"", - "Type": "String", - }, - "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15S3BucketE0481499": Object { - "Description": "S3 bucket for asset \\"d894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15\\"", - "Type": "String", - }, - "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15S3VersionKey9A1AB349": Object { - "Description": "S3 key for asset version \\"d894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15\\"", - "Type": "String", - }, - }, - "Resources": Object { - "DefaultSAGEMAKERRUNTIMEsecuritygroup32609E8C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/Default-SAGEMAKER_RUNTIME-security-group", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1", - }, - ], - "SecurityGroupIngress": Array [ - Object { - "CidrIp": Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - "Description": Object { - "Fn::Join": Array [ - "", - Array [ - "from ", - Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - ":443", - ], - ], - }, - "FromPort": 443, - "IpProtocol": "tcp", - "ToPort": 443, - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "Vpc8378EB38": Object { - "Properties": Object { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "VpcFlowLog8FF33A73": Object { - "Properties": Object { - "DeliverLogsPermissionArn": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - "LogDestinationType": "cloud-watch-logs", - "LogGroupName": Object { - "Ref": "VpcFlowLogLogGroup7B5C56B9", - }, - "ResourceId": Object { - "Ref": "Vpc8378EB38", - }, - "ResourceType": "VPC", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - "TrafficType": "ALL", - }, - "Type": "AWS::EC2::FlowLog", - }, - "VpcFlowLogIAMRole6A475D41": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "vpc-flow-logs.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "VpcFlowLogIAMRoleDefaultPolicy406FB995": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogLogGroup7B5C56B9", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", - "Roles": Array [ - Object { - "Ref": "VpcFlowLogIAMRole6A475D41", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "VpcFlowLogLogGroup7B5C56B9": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "RetentionInDays": 731, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "VpcS3A5408339": Object { - "Properties": Object { - "RouteTableIds": Array [ - Object { - "Ref": "VpcisolatedSubnet1RouteTableE442650B", - }, - Object { - "Ref": "VpcisolatedSubnet2RouteTable334F9764", - }, - ], - "ServiceName": Object { - "Fn::Join": Array [ - "", - Array [ - "com.amazonaws.", - Object { - "Ref": "AWS::Region", - }, - ".s3", - ], - ], - }, - "VpcEndpointType": "Gateway", - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::VPCEndpoint", - }, - "VpcSAGEMAKERRUNTIME337E125A": Object { - "Properties": Object { - "PrivateDnsEnabled": true, - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ - "DefaultSAGEMAKERRUNTIMEsecuritygroup32609E8C", - "GroupId", - ], - }, - ], - "ServiceName": Object { - "Fn::Join": Array [ - "", - Array [ - "com.amazonaws.", - Object { - "Ref": "AWS::Region", - }, - ".sagemaker.runtime", - ], - ], - }, - "SubnetIds": Array [ - Object { - "Ref": "VpcisolatedSubnet1SubnetE62B1B9B", - }, - Object { - "Ref": "VpcisolatedSubnet2Subnet39217055", - }, - ], - "VpcEndpointType": "Interface", - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::VPCEndpoint", - }, - "VpcisolatedSubnet1RouteTableAssociationD259E31A": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcisolatedSubnet1RouteTableE442650B", - }, - "SubnetId": Object { - "Ref": "VpcisolatedSubnet1SubnetE62B1B9B", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcisolatedSubnet1RouteTableE442650B": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcisolatedSubnet1SubnetE62B1B9B": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "isolated", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcisolatedSubnet2RouteTable334F9764": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcisolatedSubnet2RouteTableAssociation25A4716F": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcisolatedSubnet2RouteTable334F9764", - }, - "SubnetId": Object { - "Ref": "VpcisolatedSubnet2Subnet39217055", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcisolatedSubnet2Subnet39217055": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "isolated", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testlambdasagemakerEncryptionKey2AACF9E0": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testlambdasagemakerLambdaFunction661E043F": Object { - "DependsOn": Array [ - "testlambdasagemakerLambdaFunctionServiceRoleDefaultPolicy208C2512", - "testlambdasagemakerLambdaFunctionServiceRole4BA038CB", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15S3BucketE0481499", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15S3VersionKey9A1AB349", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersd894a15aa0242919d44274cbb8ddd33f39cce242789e85e67e642da0a2926e15S3VersionKey9A1AB349", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "SAGEMAKER_ENDPOINT_NAME": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerEndpoint12803730", - "EndpointName", - ], - }, - }, - }, - "Handler": "index.handler", - "MemorySize": 128, - "Role": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerLambdaFunctionServiceRole4BA038CB", - "Arn", - ], - }, - "Runtime": "python3.8", - "Timeout": 300, - "TracingConfig": Object { - "Mode": "Active", - }, - "VpcConfig": Object { - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerReplaceDefaultSecurityGroupsecuritygroupB2FD7810", - "GroupId", - ], - }, - ], - "SubnetIds": Array [ - Object { - "Ref": "VpcisolatedSubnet1SubnetE62B1B9B", - }, - Object { - "Ref": "VpcisolatedSubnet2Subnet39217055", - }, - ], - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testlambdasagemakerLambdaFunctionServiceRole4BA038CB": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testlambdasagemakerLambdaFunctionServiceRoleDefaultPolicy208C2512": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", - "ec2:DeleteNetworkInterface", - "ec2:AssignPrivateIpAddresses", - "ec2:UnassignPrivateIpAddresses", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "sagemaker:InvokeEndpoint", - "Effect": "Allow", - "Resource": Object { - "Ref": "testlambdasagemakerSagemakerEndpoint12803730", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testlambdasagemakerLambdaFunctionServiceRoleDefaultPolicy208C2512", - "Roles": Array [ - Object { - "Ref": "testlambdasagemakerLambdaFunctionServiceRole4BA038CB", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testlambdasagemakerReplaceDefaultSecurityGroupsecuritygroupB2FD7810": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/test-lambda-sagemaker/ReplaceDefaultSecurityGroup-security-group", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "testlambdasagemakerReplaceModelDefaultSecurityGroup7284AA24": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/test-lambda-sagemaker/ReplaceModelDefaultSecurityGroup", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1", - }, - ], - "SecurityGroupIngress": Array [ - Object { - "CidrIp": Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - "Description": Object { - "Fn::Join": Array [ - "", - Array [ - "from ", - Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - ":443", - ], - ], - }, - "FromPort": 443, - "IpProtocol": "tcp", - "ToPort": 443, - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "testlambdasagemakerSagemakerEndpoint12803730": Object { - "DependsOn": Array [ - "testlambdasagemakerSagemakerEndpointConfig6BABA334", - ], - "Properties": Object { - "EndpointConfigName": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerEndpointConfig6BABA334", - "EndpointConfigName", - ], - }, - }, - "Type": "AWS::SageMaker::Endpoint", - }, - "testlambdasagemakerSagemakerEndpointConfig6BABA334": Object { - "DependsOn": Array [ - "testlambdasagemakerSagemakerModelEC3E4E39", - ], - "Properties": Object { - "KmsKeyId": Object { - "Ref": "testlambdasagemakerEncryptionKey2AACF9E0", - }, - "ProductionVariants": Array [ - Object { - "InitialInstanceCount": 1, - "InitialVariantWeight": 1, - "InstanceType": "ml.m4.xlarge", - "ModelName": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerModelEC3E4E39", - "ModelName", - ], - }, - "VariantName": "AllTraffic", - }, - ], - }, - "Type": "AWS::SageMaker::EndpointConfig", - }, - "testlambdasagemakerSagemakerModelEC3E4E39": Object { - "DependsOn": Array [ - "testlambdasagemakerSagemakerRoleDefaultPolicy9909C0A0", - "testlambdasagemakerSagemakerRoleD84546B8", - ], - "Properties": Object { - "ExecutionRoleArn": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerRoleD84546B8", - "Arn", - ], - }, - "PrimaryContainer": Object { - "Image": ".dkr.ecr..amazonaws.com/linear-learner:latest", - "ModelDataUrl": "s3:////model.tar.gz", - }, - "VpcConfig": Object { - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerReplaceModelDefaultSecurityGroup7284AA24", - "GroupId", - ], - }, - ], - "Subnets": Array [ - Object { - "Ref": "VpcisolatedSubnet1SubnetE62B1B9B", - }, - Object { - "Ref": "VpcisolatedSubnet2Subnet39217055", - }, - ], - }, - }, - "Type": "AWS::SageMaker::Model", - }, - "testlambdasagemakerSagemakerRoleD84546B8": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "sagemaker.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testlambdasagemakerSagemakerRoleDefaultPolicy9909C0A0": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Sagemaker needs the following minimum required permissions to access ENIs in a VPC, ECR for custom model images, and elastic inference.", - }, - Object { - "id": "W76", - "reason": "Complex role becuase Sagemaker needs permissions to access several services", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sagemaker:CreateTrainingJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:CreateModel", - "sagemaker:DescribeModel", - "sagemaker:DeleteModel", - "sagemaker:CreateEndpoint", - "sagemaker:CreateEndpointConfig", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DeleteEndpoint", - "sagemaker:DeleteEndpointConfig", - "sagemaker:InvokeEndpoint", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/sagemaker/*", - ], - ], - }, - }, - Object { - "Action": Array [ - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DescribeNetworkInterfaces", - "ec2:AssignPrivateIpAddresses", - "ec2:UnassignPrivateIpAddresses", - "ec2:DescribeVpcs", - "ec2:DescribeDhcpOptions", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:DescribeRepositories", - "ecr:DescribeImages", - "ecr:BatchGetImage", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":ecr:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":key/*", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*", - }, - Object { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerRoleD84546B8", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "sagemaker.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testlambdasagemakerSagemakerRoleD84546B8", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testlambdasagemakerSagemakerRoleDefaultPolicy9909C0A0", - "Roles": Array [ - Object { - "Ref": "testlambdasagemakerSagemakerRoleD84546B8", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/aws-lambda-sagemakerendpoint.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/aws-lambda-sagemakerendpoint.test.ts index e682fc587..299ca9a9f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/aws-lambda-sagemakerendpoint.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sagemakerendpoint/test/aws-lambda-sagemakerendpoint.test.ts @@ -17,7 +17,6 @@ import { LambdaToSagemakerEndpoint, LambdaToSagemakerEndpointProps } from '../li import * as defaults from '@aws-solutions-constructs/core'; import * as lambda from '@aws-cdk/aws-lambda'; import * as iam from '@aws-cdk/aws-iam'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; // ----------------------------------------------------------------------------------------- @@ -43,9 +42,7 @@ test('Pattern deployment with new Lambda function, new Sagemaker endpoint, deplo deployVpc: true, }; new LambdaToSagemakerEndpoint(stack, 'test-lambda-sagemaker', constructProps); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike('AWS::Lambda::Function', { Environment: { Variables: { @@ -147,10 +144,7 @@ test('Pattern deployment with existing Lambda function, new Sagemaker endpoint, existingLambdaObj: fn, }; new LambdaToSagemakerEndpoint(stack, 'test-lambda-sagemaker', constructProps); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 expect(stack).toHaveResourceLike('AWS::SageMaker::Model', { ExecutionRoleArn: { 'Fn::GetAtt': ['testlambdasagemakerSagemakerRoleD84546B8', 'Arn'], diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/__snapshots__/lambda-secretsmanager.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/__snapshots__/lambda-secretsmanager.test.js.snap deleted file mode 100644 index 13aa14e87..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/__snapshots__/lambda-secretsmanager.test.js.snap +++ /dev/null @@ -1,223 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test minimal deployment with new Lambda function 1`] = ` -Object { - "Parameters": Object { - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8ArtifactHash8D9AD644": Object { - "Description": "Artifact hash for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB": Object { - "Description": "S3 bucket for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7": Object { - "Description": "S3 key for asset version \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatosecretsmanagerstackLambdaFunction2BCCE9C9": Object { - "DependsOn": Array [ - "lambdatosecretsmanagerstackLambdaFunctionServiceRoleDefaultPolicy8E30EE71", - "lambdatosecretsmanagerstackLambdaFunctionServiceRole035B2C55", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SECRET_ARN": Object { - "Ref": "lambdatosecretsmanagerstacksecretBA684E34", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatosecretsmanagerstackLambdaFunctionServiceRole035B2C55", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatosecretsmanagerstackLambdaFunctionServiceRole035B2C55": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatosecretsmanagerstackLambdaFunctionServiceRoleDefaultPolicy8E30EE71": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret", - ], - "Effect": "Allow", - "Resource": Object { - "Ref": "lambdatosecretsmanagerstacksecretBA684E34", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatosecretsmanagerstackLambdaFunctionServiceRoleDefaultPolicy8E30EE71", - "Roles": Array [ - Object { - "Ref": "lambdatosecretsmanagerstackLambdaFunctionServiceRole035B2C55", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatosecretsmanagerstacksecretBA684E34": Object { - "DeletionPolicy": "Delete", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W77", - "reason": "We allow the use of the AWS account default key aws/secretsmanager for secret encryption.", - }, - ], - }, - }, - "Properties": Object { - "GenerateSecretString": Object {}, - }, - "Type": "AWS::SecretsManager::Secret", - "UpdateReplacePolicy": "Delete", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/lambda-secretsmanager.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/lambda-secretsmanager.test.ts index 165991bb6..07be06279 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/lambda-secretsmanager.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-secretsmanager/test/lambda-secretsmanager.test.ts @@ -17,29 +17,9 @@ import * as lambda from "@aws-cdk/aws-lambda"; import { Secret } from '@aws-cdk/aws-secretsmanager'; import * as ec2 from "@aws-cdk/aws-ec2"; import { LambdaToSecretsmanager } from '../lib'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import * as defaults from "@aws-solutions-constructs/core"; -// -------------------------------------------------------------- -// Test minimal deployment with new Lambda function -// -------------------------------------------------------------- -test('Test minimal deployment with new Lambda function', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToSecretsmanager(stack, 'lambda-to-secretsmanager-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - secretProps: { removalPolicy: RemovalPolicy.DESTROY }, - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test the getter methods // -------------------------------------------------------------- @@ -438,165 +418,6 @@ test('Test overriding secretProps to pass a customer provided CMK', () => { // Assertion 3 expect(stack).toHaveResource('AWS::KMS::Key', { - KeyPolicy: { - Statement: [ - { - Action: [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource" - ], - Effect: "Allow", - Principal: { - AWS: { - "Fn::Join": [ - "", - [ - "arn:", - { - Ref: "AWS::Partition" - }, - ":iam::", - { - Ref: "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - Resource: "*" - }, - { - Action: [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - Condition: { - StringEquals: { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - Ref: "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - Effect: "Allow", - Principal: { - AWS: { - "Fn::Join": [ - "", - [ - "arn:", - { - Ref: "AWS::Partition" - }, - ":iam::", - { - Ref: "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - Resource: "*" - }, - { - Action: [ - "kms:CreateGrant", - "kms:DescribeKey" - ], - Condition: { - StringEquals: { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - Ref: "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - Effect: "Allow", - Principal: { - AWS: { - "Fn::Join": [ - "", - [ - "arn:", - { - Ref: "AWS::Partition" - }, - ":iam::", - { - Ref: "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - Resource: "*" - }, - { - Action: "kms:Decrypt", - Condition: { - StringEquals: { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - Ref: "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - Effect: "Allow", - Principal: { - AWS: { - "Fn::GetAtt": [ - "lambdatosecretsmanagerstackLambdaFunctionServiceRole035B2C55", - "Arn" - ] - } - }, - Resource: "*" - } - ], - Version: "2012-10-17" - }, Description: "secret-key", EnableKeyRotation: true }); diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/__snapshots__/lambda-sns.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/__snapshots__/lambda-sns.test.js.snap deleted file mode 100644 index 01fa4463a..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/__snapshots__/lambda-sns.test.js.snap +++ /dev/null @@ -1,532 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment with existing existingTopicObj 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "MyTopic86869434": Object { - "Properties": Object { - "TopicName": "custom-topic", - }, - "Type": "AWS::SNS::Topic", - }, - "lambdatosnsstackLambdaFunction84DDA23E": Object { - "DependsOn": Array [ - "lambdatosnsstackLambdaFunctionServiceRoleDefaultPolicy787D809F", - "lambdatosnsstackLambdaFunctionServiceRole55BFEAA9", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "LAMBDA_NAME": "override-function", - "SNS_TOPIC_ARN": Object { - "Ref": "MyTopic86869434", - }, - "SNS_TOPIC_NAME": Object { - "Fn::GetAtt": Array [ - "MyTopic86869434", - "TopicName", - ], - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatosnsstackLambdaFunctionServiceRole55BFEAA9", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatosnsstackLambdaFunctionServiceRole55BFEAA9": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatosnsstackLambdaFunctionServiceRoleDefaultPolicy787D809F": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Resource": Object { - "Ref": "MyTopic86869434", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatosnsstackLambdaFunctionServiceRoleDefaultPolicy787D809F", - "Roles": Array [ - Object { - "Ref": "lambdatosnsstackLambdaFunctionServiceRole55BFEAA9", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`Test deployment with new Lambda function 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatosnsstackLambdaFunction84DDA23E": Object { - "DependsOn": Array [ - "lambdatosnsstackLambdaFunctionServiceRoleDefaultPolicy787D809F", - "lambdatosnsstackLambdaFunctionServiceRole55BFEAA9", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "LAMBDA_NAME": "deployed-function", - "SNS_TOPIC_ARN": Object { - "Ref": "lambdatosnsstackSnsTopic6292A14A", - }, - "SNS_TOPIC_NAME": Object { - "Fn::GetAtt": Array [ - "lambdatosnsstackSnsTopic6292A14A", - "TopicName", - ], - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatosnsstackLambdaFunctionServiceRole55BFEAA9", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatosnsstackLambdaFunctionServiceRole55BFEAA9": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatosnsstackLambdaFunctionServiceRoleDefaultPolicy787D809F": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "sns:Publish", - "Effect": "Allow", - "Resource": Object { - "Ref": "lambdatosnsstackSnsTopic6292A14A", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatosnsstackLambdaFunctionServiceRoleDefaultPolicy787D809F", - "Roles": Array [ - Object { - "Ref": "lambdatosnsstackLambdaFunctionServiceRole55BFEAA9", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatosnsstackSnsTopic6292A14A": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/sns", - ], - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "lambdatosnsstackSnsTopicPolicy9C03E2DB": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "lambdatosnsstackSnsTopic6292A14A", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "lambdatosnsstackSnsTopic6292A14A", - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "lambdatosnsstackSnsTopic6292A14A", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/lambda-sns.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/lambda-sns.test.ts index 3f7970b2e..2f28b2e4e 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/lambda-sns.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sns/test/lambda-sns.test.ts @@ -17,7 +17,7 @@ import * as lambda from "@aws-cdk/aws-lambda"; import * as sns from "@aws-cdk/aws-sns"; import * as ec2 from "@aws-cdk/aws-ec2"; import { LambdaToSns, LambdaToSnsProps } from '../lib'; -import { SynthUtils, expect as expectCDK, haveResource } from '@aws-cdk/assert'; +import { expect as expectCDK, haveResource } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; // -------------------------------------------------------------- @@ -37,9 +37,7 @@ test('Test deployment with new Lambda function', () => { } } }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike("AWS::Lambda::Function", { Environment: { Variables: { @@ -103,9 +101,7 @@ test('Test deployment with existing existingTopicObj', () => { }, existingTopicObj: topic }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expectCDK(stack).to(haveResource("AWS::SNS::Topic", { TopicName: "custom-topic" })); diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/__snapshots__/lambda-sqs-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/__snapshots__/lambda-sqs-lambda.test.js.snap deleted file mode 100755 index bcdc60df0..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/__snapshots__/lambda-sqs-lambda.test.js.snap +++ /dev/null @@ -1,3945 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment w/ DLQ explicitly disabled 1`] = ` -Object { - "Parameters": Object { - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5ArtifactHash6AF67D2F": Object { - "Description": "Artifact hash for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45": Object { - "Description": "S3 bucket for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA": Object { - "Description": "S3 key for asset version \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aArtifactHash8AC382E7": Object { - "Description": "Artifact hash for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629": Object { - "Description": "S3 bucket for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F": Object { - "Description": "S3 key for asset version \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdasqslambdalambdatosqsLambdaFunction816E0C7E": Object { - "DependsOn": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdalambdatosqsqueue49588D68": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdasqslambdalambdatosqsqueuePolicy2E3032D3": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdasqslambdasqstolambdaLambdaFunction78C2590B": Object { - "DependsOn": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdasqstolambdaLambdaFunctionSqsEventSourcelambdasqslambdalambdatosqsqueue2DD65713E8460277": Object { - "Properties": Object { - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunction78C2590B", - }, - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - }, -} -`; - -exports[`Test deployment w/ DLQ explicitly enabled and w/ MRC override 1`] = ` -Object { - "Parameters": Object { - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5ArtifactHash6AF67D2F": Object { - "Description": "Artifact hash for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45": Object { - "Description": "S3 bucket for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA": Object { - "Description": "S3 key for asset version \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aArtifactHash8AC382E7": Object { - "Description": "Artifact hash for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629": Object { - "Description": "S3 bucket for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F": Object { - "Description": "S3 key for asset version \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdasqslambdalambdatosqsLambdaFunction816E0C7E": Object { - "DependsOn": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdasqslambdalambdatosqsdeadLetterQueuePolicyF51B6C4C": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdasqslambdalambdatosqsqueue49588D68": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "maxReceiveCount": 6, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdasqslambdalambdatosqsqueuePolicy2E3032D3": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdasqslambdasqstolambdaLambdaFunction78C2590B": Object { - "DependsOn": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdasqstolambdaLambdaFunctionSqsEventSourcelambdasqslambdalambdatosqsqueue2DD65713E8460277": Object { - "Properties": Object { - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunction78C2590B", - }, - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - }, -} -`; - -exports[`Test deployment w/ existing consumer function 1`] = ` -Object { - "Parameters": Object { - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5ArtifactHash6AF67D2F": Object { - "Description": "Artifact hash for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45": Object { - "Description": "S3 bucket for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA": Object { - "Description": "S3 key for asset version \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aArtifactHash8AC382E7": Object { - "Description": "Artifact hash for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629": Object { - "Description": "S3 bucket for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F": Object { - "Description": "S3 key for asset version \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - }, - "Resources": Object { - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "LambdaFunctionServiceRole0C4CDE0B", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "FunctionName": "existing-consumer-function", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRole0C4CDE0B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "Roles": Array [ - Object { - "Ref": "LambdaFunctionServiceRole0C4CDE0B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "LambdaFunctionSqsEventSourcelambdasqslambdalambdatosqsqueue2DD6571300DB28F4": Object { - "Properties": Object { - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "LambdaFunctionBF21E41F", - }, - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - "lambdasqslambdalambdatosqsLambdaFunction816E0C7E": Object { - "DependsOn": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - }, - }, - "FunctionName": "deployed-producer-function", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdasqslambdalambdatosqsdeadLetterQueuePolicyF51B6C4C": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdasqslambdalambdatosqsqueue49588D68": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdasqslambdalambdatosqsqueuePolicy2E3032D3": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test deployment w/ existing producer function 1`] = ` -Object { - "Parameters": Object { - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5ArtifactHash6AF67D2F": Object { - "Description": "Artifact hash for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45": Object { - "Description": "S3 bucket for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA": Object { - "Description": "S3 key for asset version \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aArtifactHash8AC382E7": Object { - "Description": "Artifact hash for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629": Object { - "Description": "S3 bucket for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F": Object { - "Description": "S3 key for asset version \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - }, - "Resources": Object { - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "LambdaFunctionServiceRole0C4CDE0B", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - }, - }, - "FunctionName": "existing-producer-function", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRole0C4CDE0B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "Roles": Array [ - Object { - "Ref": "LambdaFunctionServiceRole0C4CDE0B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdasqslambdalambdatosqsdeadLetterQueuePolicyF51B6C4C": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdasqslambdalambdatosqsqueue49588D68": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdasqslambdalambdatosqsqueuePolicy2E3032D3": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdasqslambdasqstolambdaLambdaFunction78C2590B": Object { - "DependsOn": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "FunctionName": "deployed-consumer-function", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdasqstolambdaLambdaFunctionSqsEventSourcelambdasqslambdalambdatosqsqueue2DD65713E8460277": Object { - "Properties": Object { - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunction78C2590B", - }, - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - }, -} -`; - -exports[`Test deployment w/ existing queue 1`] = ` -Object { - "Parameters": Object { - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5ArtifactHash6AF67D2F": Object { - "Description": "Artifact hash for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45": Object { - "Description": "S3 bucket for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA": Object { - "Description": "S3 key for asset version \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aArtifactHash8AC382E7": Object { - "Description": "Artifact hash for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629": Object { - "Description": "S3 bucket for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F": Object { - "Description": "S3 key for asset version \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - }, - "Resources": Object { - "existingqueue03D57A53": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "QueueName": "existing-queue", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "existingqueuePolicy8BCB024D": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueue03D57A53", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueue03D57A53", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "existingqueue03D57A53", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdasqslambdalambdatosqsLambdaFunction816E0C7E": Object { - "DependsOn": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "existingqueue03D57A53", - }, - }, - }, - "FunctionName": "producer-function", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueue03D57A53", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdasqstolambdaLambdaFunction78C2590B": Object { - "DependsOn": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "FunctionName": "consumer-function", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueue03D57A53", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdasqstolambdaLambdaFunctionSqsEventSourceexistingqueue48457E99": Object { - "Properties": Object { - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "existingqueue03D57A53", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunction78C2590B", - }, - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - }, -} -`; - -exports[`Test minimal deployment 1`] = ` -Object { - "Parameters": Object { - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5ArtifactHash6AF67D2F": Object { - "Description": "Artifact hash for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45": Object { - "Description": "S3 bucket for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA": Object { - "Description": "S3 key for asset version \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aArtifactHash8AC382E7": Object { - "Description": "Artifact hash for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629": Object { - "Description": "S3 bucket for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F": Object { - "Description": "S3 key for asset version \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdasqslambdalambdatosqsLambdaFunction816E0C7E": Object { - "DependsOn": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - }, - }, - "FunctionName": "producer-function", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdasqslambdalambdatosqsdeadLetterQueuePolicyF51B6C4C": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdasqslambdalambdatosqsqueue49588D68": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdasqslambdalambdatosqsqueuePolicy2E3032D3": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdasqslambdasqstolambdaLambdaFunction78C2590B": Object { - "DependsOn": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "FunctionName": "consumer-function", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdasqstolambdaLambdaFunctionSqsEventSourcelambdasqslambdalambdatosqsqueue2DD65713E8460277": Object { - "Properties": Object { - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunction78C2590B", - }, - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - }, -} -`; - -exports[`Test overrides for producer and consumer functions 1`] = ` -Object { - "Parameters": Object { - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5ArtifactHash6AF67D2F": Object { - "Description": "Artifact hash for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45": Object { - "Description": "S3 bucket for asset \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA": Object { - "Description": "S3 key for asset version \\"3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aArtifactHash8AC382E7": Object { - "Description": "Artifact hash for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629": Object { - "Description": "S3 bucket for asset \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F": Object { - "Description": "S3 key for asset version \\"670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206a\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdasqslambdalambdatosqsLambdaFunction816E0C7E": Object { - "DependsOn": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3Bucket340F7629", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters670cd3ad46e9feac5a92bbf55746e52324459dac0ea00dd6a214a7a8ce05206aS3VersionKey2054120F", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - }, - }, - "FunctionName": "producer-function", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdalambdatosqsLambdaFunctionServiceRoleDefaultPolicy415D084C", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsLambdaFunctionServiceRole715E701A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdasqslambdalambdatosqsdeadLetterQueuePolicyF51B6C4C": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdasqslambdalambdatosqsqueue49588D68": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsdeadLetterQueue46E7302E", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdasqslambdalambdatosqsqueuePolicy2E3032D3": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdasqslambdalambdatosqsqueue49588D68", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdasqslambdasqstolambdaLambdaFunction78C2590B": Object { - "DependsOn": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3Bucket86ED5E45", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters3bf31d2e69ca582971f645cca0be83ead5dfbc80bd36b3e487100422c68243a5S3VersionKey24D05EBA", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "FunctionName": "consumer-function", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdasqslambdasqstolambdaLambdaFunctionServiceRoleDefaultPolicyA5B2DD0D", - "Roles": Array [ - Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunctionServiceRole64336E45", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdasqslambdasqstolambdaLambdaFunctionSqsEventSourcelambdasqslambdalambdatosqsqueue2DD65713E8460277": Object { - "Properties": Object { - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "lambdasqslambdalambdatosqsqueue49588D68", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "lambdasqslambdasqstolambdaLambdaFunction78C2590B", - }, - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-lambda.test.ts index accfb4a1e..74ea6fc55 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs-lambda/test/lambda-sqs-lambda.test.ts @@ -17,7 +17,7 @@ import * as lambda from "@aws-cdk/aws-lambda"; import * as ec2 from "@aws-cdk/aws-ec2"; import * as defaults from '@aws-solutions-constructs/core'; import { LambdaToSqsToLambda, LambdaToSqsToLambdaProps } from '../lib'; -import { SynthUtils, haveResourceLike } from '@aws-cdk/assert'; +import { haveResourceLike } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; // -------------------------------------------------------------- @@ -42,8 +42,7 @@ test('Test minimal deployment', () => { } }; new LambdaToSqsToLambda(stack, 'lambda-sqs-lambda', props); - // Assertion 1: snapshot test - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); + // Assertion 2: test for an producer function expect(stack).toHaveResource('AWS::Lambda::Function', { FunctionName: 'producer-function' @@ -144,8 +143,7 @@ test('Test deployment w/ existing producer function', () => { } }; new LambdaToSqsToLambda(stack, 'lambda-sqs-lambda', props); - // Assertion 1: snapshot test - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); + // Assertion 2: test for the existing producer function expect(stack).toHaveResource('AWS::Lambda::Function', { FunctionName: 'existing-producer-function' @@ -182,8 +180,7 @@ test('Test deployment w/ existing consumer function', () => { existingConsumerLambdaObj: existingConsumerFn }; new LambdaToSqsToLambda(stack, 'lambda-sqs-lambda', props); - // Assertion 1: snapshot test - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); + // Assertion 2: test for the deployed producer function expect(stack).toHaveResource('AWS::Lambda::Function', { FunctionName: 'deployed-producer-function' @@ -223,8 +220,7 @@ test('Test deployment w/ existing queue', () => { existingQueueObj: existingQueue }; new LambdaToSqsToLambda(stack, 'lambda-sqs-lambda', props); - // Assertion 1: snapshot test - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); + // Assertion 2: test for the existing queue expect(stack).toHaveResource('AWS::SQS::Queue', { QueueName: 'existing-queue' @@ -252,8 +248,7 @@ test('Test deployment w/ DLQ explicitly disabled', () => { deployDeadLetterQueue: false, }; new LambdaToSqsToLambda(stack, 'lambda-sqs-lambda', props); - // Assertion 1: snapshot test - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); + // Assertion 2: test for a non-existing DLQ expect(!haveResourceLike('AWS::SQS::Queue', { RedrivePolicy: { @@ -284,8 +279,7 @@ test('Test deployment w/ DLQ explicitly enabled and w/ MRC override', () => { maxReceiveCount: 6 }; new LambdaToSqsToLambda(stack, 'lambda-sqs-lambda', props); - // Assertion 1: snapshot test - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); + // Assertion 2: test for an existing DLQ expect(haveResourceLike('AWS::SQS::Queue', { RedrivePolicy: { @@ -322,8 +316,7 @@ test('Test overrides for producer and consumer functions', () => { } }; new LambdaToSqsToLambda(stack, 'lambda-sqs-lambda', props); - // Assertion 1: snapshot test - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); + // Assertion 2: test for updated runtime on producer function expect(stack).toHaveResource('AWS::Lambda::Function', { Runtime: "nodejs12.x" diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/__snapshots__/lambda-sqs.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/__snapshots__/lambda-sqs.test.js.snap deleted file mode 100644 index 425d415ac..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/__snapshots__/lambda-sqs.test.js.snap +++ /dev/null @@ -1,1672 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment w/ DLQ and purging enabled 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bArtifactHash81FE0B06": Object { - "Description": "Artifact hash for asset \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3Bucket99C6FD3D": Object { - "Description": "S3 bucket for asset \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED": Object { - "Description": "S3 key for asset version \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatosqsstackLambdaFunctionDAB62CB1": Object { - "DependsOn": Array [ - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3Bucket99C6FD3D", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "lambdatosqsstackqueueFDDEE3DB", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:PurgeQueue", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "Roles": Array [ - Object { - "Ref": "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatosqsstackdeadLetterQueueEAF9B078": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdatosqsstackdeadLetterQueuePolicyF7307F40": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackdeadLetterQueueEAF9B078", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackdeadLetterQueueEAF9B078", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdatosqsstackdeadLetterQueueEAF9B078", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdatosqsstackqueueFDDEE3DB": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackdeadLetterQueueEAF9B078", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdatosqsstackqueuePolicy4B9B1605": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdatosqsstackqueueFDDEE3DB", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test deployment w/ DLQ disabled 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bArtifactHash81FE0B06": Object { - "Description": "Artifact hash for asset \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3Bucket99C6FD3D": Object { - "Description": "S3 bucket for asset \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED": Object { - "Description": "S3 key for asset version \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatosqsstackLambdaFunctionDAB62CB1": Object { - "DependsOn": Array [ - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3Bucket99C6FD3D", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "lambdatosqsstackqueueFDDEE3DB", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:PurgeQueue", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "Roles": Array [ - Object { - "Ref": "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatosqsstackqueueFDDEE3DB": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "QueueName": "queue-with-dlq-disabled", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdatosqsstackqueuePolicy4B9B1605": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdatosqsstackqueueFDDEE3DB", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test deployment w/ existing queue 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bArtifactHash81FE0B06": Object { - "Description": "Artifact hash for asset \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3Bucket99C6FD3D": Object { - "Description": "S3 bucket for asset \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED": Object { - "Description": "S3 key for asset version \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - }, - "Resources": Object { - "existingqueueobjF8AF0ED1": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "QueueName": "existing-queue-obj", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdatosqsstackLambdaFunctionDAB62CB1": Object { - "DependsOn": Array [ - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3Bucket99C6FD3D", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "existingqueueobjF8AF0ED1", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:PurgeQueue", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueueobjF8AF0ED1", - "Arn", - ], - }, - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueueobjF8AF0ED1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "Roles": Array [ - Object { - "Ref": "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`Test deployment w/ purging disabled 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bArtifactHash81FE0B06": Object { - "Description": "Artifact hash for asset \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3Bucket99C6FD3D": Object { - "Description": "S3 bucket for asset \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED": Object { - "Description": "S3 key for asset version \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatosqsstackLambdaFunctionDAB62CB1": Object { - "DependsOn": Array [ - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3Bucket99C6FD3D", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "lambdatosqsstackqueueFDDEE3DB", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "Roles": Array [ - Object { - "Ref": "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatosqsstackdeadLetterQueueEAF9B078": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdatosqsstackdeadLetterQueuePolicyF7307F40": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackdeadLetterQueueEAF9B078", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackdeadLetterQueueEAF9B078", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdatosqsstackdeadLetterQueueEAF9B078", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdatosqsstackqueueFDDEE3DB": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackdeadLetterQueueEAF9B078", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdatosqsstackqueuePolicy4B9B1605": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdatosqsstackqueueFDDEE3DB", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test minimal deployment with new Lambda function 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bArtifactHash81FE0B06": Object { - "Description": "Artifact hash for asset \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3Bucket99C6FD3D": Object { - "Description": "S3 bucket for asset \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED": Object { - "Description": "S3 key for asset version \\"8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2b\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatosqsstackLambdaFunctionDAB62CB1": Object { - "DependsOn": Array [ - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3Bucket99C6FD3D", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8522cf47e408b8532776f54567f9fd125e5ee78fb2dadb4aa7014d320a77fa2bS3VersionKey7DE82FED", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SQS_QUEUE_URL": Object { - "Ref": "lambdatosqsstackqueueFDDEE3DB", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:GetQueueUrl", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "Roles": Array [ - Object { - "Ref": "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatosqsstackdeadLetterQueueEAF9B078": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdatosqsstackdeadLetterQueuePolicyF7307F40": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackdeadLetterQueueEAF9B078", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackdeadLetterQueueEAF9B078", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdatosqsstackdeadLetterQueueEAF9B078", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "lambdatosqsstackqueueFDDEE3DB": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackdeadLetterQueueEAF9B078", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdatosqsstackqueuePolicy4B9B1605": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackqueueFDDEE3DB", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "lambdatosqsstackqueueFDDEE3DB", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/lambda-sqs.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/lambda-sqs.test.ts index 30aab4351..050e64a32 100755 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/lambda-sqs.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-sqs/test/lambda-sqs.test.ts @@ -14,69 +14,10 @@ // Imports import { Stack } from "@aws-cdk/core"; import * as lambda from "@aws-cdk/aws-lambda"; -import * as sqs from "@aws-cdk/aws-sqs"; import * as ec2 from "@aws-cdk/aws-ec2"; import { LambdaToSqs } from '../lib'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; -// -------------------------------------------------------------- -// Test minimal deployment with new Lambda function -// -------------------------------------------------------------- -test('Test minimal deployment with new Lambda function', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToSqs(stack, 'lambda-to-sqs-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - } - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment w/ DLQ and purging explicitly enabled -// -------------------------------------------------------------- -test('Test deployment w/ DLQ and purging enabled', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToSqs(stack, 'lambda-to-sqs-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - enableQueuePurging: true, - deployDeadLetterQueue: true - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment w/ purging explicitly disabled -// -------------------------------------------------------------- -test('Test deployment w/ purging disabled', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToSqs(stack, 'lambda-to-sqs-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - enableQueuePurging: false - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test the getter methods // -------------------------------------------------------------- @@ -102,52 +43,6 @@ test('Test the properties', () => { expect(dlq).toBeDefined(); }); -// -------------------------------------------------------------- -// Test deployment w/ DLQ disabled -// -------------------------------------------------------------- -test('Test deployment w/ DLQ disabled', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToSqs(stack, 'lambda-to-sqs-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - enableQueuePurging: true, - deployDeadLetterQueue: false, - queueProps: { - queueName: 'queue-with-dlq-disabled' - } - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment w/ existing queue -// -------------------------------------------------------------- -test('Test deployment w/ existing queue', () => { - // Stack - const stack = new Stack(); - // Helper declaration - const queue = new sqs.Queue(stack, 'existing-queue-obj', { - queueName: 'existing-queue-obj' - }); - new LambdaToSqs(stack, 'lambda-to-sqs-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - enableQueuePurging: true, - existingQueueObj: queue - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test minimal deployment that deploys a VPC without vpcProps // -------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-ssmstringparameter/test/__snapshots__/lambda-ssmstringparameter.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-ssmstringparameter/test/__snapshots__/lambda-ssmstringparameter.test.js.snap deleted file mode 100644 index 7dde34cff..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-ssmstringparameter/test/__snapshots__/lambda-ssmstringparameter.test.js.snap +++ /dev/null @@ -1,234 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test minimal deployment with new Lambda function 1`] = ` -Object { - "Parameters": Object { - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8ArtifactHash8D9AD644": Object { - "Description": "Artifact hash for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB": Object { - "Description": "S3 bucket for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7": Object { - "Description": "S3 key for asset version \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatossmstackLambdaFunctionD5C9EDB6": Object { - "DependsOn": Array [ - "lambdatossmstackLambdaFunctionServiceRoleDefaultPolicyC682BFD6", - "lambdatossmstackLambdaFunctionServiceRoleD0A34D48", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "SSM_STRING_PARAMETER_NAME": Object { - "Ref": "lambdatossmstackstringParameterA6E27D57", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatossmstackLambdaFunctionServiceRoleD0A34D48", - "Arn", - ], - }, - "Runtime": "nodejs14.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatossmstackLambdaFunctionServiceRoleD0A34D48": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatossmstackLambdaFunctionServiceRoleDefaultPolicyC682BFD6": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "ssm:DescribeParameters", - "ssm:GetParameters", - "ssm:GetParameter", - "ssm:GetParameterHistory", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":ssm:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":parameter/", - Object { - "Ref": "lambdatossmstackstringParameterA6E27D57", - }, - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatossmstackLambdaFunctionServiceRoleDefaultPolicyC682BFD6", - "Roles": Array [ - Object { - "Ref": "lambdatossmstackLambdaFunctionServiceRoleD0A34D48", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatossmstackstringParameterA6E27D57": Object { - "Properties": Object { - "Type": "String", - "Value": "test-string-value", - }, - "Type": "AWS::SSM::Parameter", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-ssmstringparameter/test/lambda-ssmstringparameter.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-ssmstringparameter/test/lambda-ssmstringparameter.test.ts index c5cbe32b2..e8030942d 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-ssmstringparameter/test/lambda-ssmstringparameter.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-ssmstringparameter/test/lambda-ssmstringparameter.test.ts @@ -16,30 +16,10 @@ import { Stack } from "@aws-cdk/core"; import * as lambda from "@aws-cdk/aws-lambda"; import * as ec2 from "@aws-cdk/aws-ec2"; import { LambdaToSsmstringparameter } from '../lib'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import { StringParameter } from "@aws-cdk/aws-ssm"; import * as defaults from "@aws-solutions-constructs/core"; -// -------------------------------------------------------------- -// Test minimal deployment with new Lambda function -// -------------------------------------------------------------- -test('Test minimal deployment with new Lambda function', () => { - // Stack - const stack = new Stack(); - // Helper declaration - new LambdaToSsmstringparameter(stack, 'lambda-to-ssm-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_14_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - stringParameterProps: { stringValue: "test-string-value" } - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test lambda function custom environment variable // -------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/__snapshots__/lambda-step-function.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/__snapshots__/lambda-step-function.test.js.snap deleted file mode 100644 index 78a107dba..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/__snapshots__/lambda-step-function.test.js.snap +++ /dev/null @@ -1,823 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment with existing Lambda function 1`] = ` -Object { - "Parameters": Object { - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93ArtifactHashC69F2EC4": Object { - "Description": "Artifact hash for asset \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3Bucket0DF3E8CF": Object { - "Description": "S3 bucket for asset \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528": Object { - "Description": "S3 key for asset version \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - }, - "Resources": Object { - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "LambdaFunctionServiceRole0C4CDE0B", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3Bucket0DF3E8CF", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "LAMBDA_NAME": "existing-function", - "STATE_MACHINE_ARN": Object { - "Ref": "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineE1495D19", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRole0C4CDE0B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineE1495D19", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "Roles": Array [ - Object { - "Ref": "LambdaFunctionServiceRole0C4CDE0B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testlambdastepfunctionconstructtestlambdastepfunctionconstructWExecutionAbortedAlarmC0CADAC2": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineE1495D19", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdastepfunctionconstructtestlambdastepfunctionconstructWExecutionFailedAlarm513E4C7C": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineE1495D19", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdastepfunctionconstructtestlambdastepfunctionconstructWExecutionThrottledAlarm08912C4F": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineE1495D19", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineE1495D19": Object { - "DependsOn": Array [ - "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineRoleDefaultPolicyF44CF55B", - "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineRoleC001CA39", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineLogGroup7291796E", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineRoleC001CA39", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineLogGroup7291796E": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttestlambdastepfunctionconstructwstatemachinelogbb0fcb9b20b9", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineRoleC001CA39": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineRoleDefaultPolicyF44CF55B": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineRoleDefaultPolicyF44CF55B", - "Roles": Array [ - Object { - "Ref": "testlambdastepfunctionconstructtestlambdastepfunctionconstructWStateMachineRoleC001CA39", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`Test deployment with new Lambda function 1`] = ` -Object { - "Parameters": Object { - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93ArtifactHashC69F2EC4": Object { - "Description": "Artifact hash for asset \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3Bucket0DF3E8CF": Object { - "Description": "S3 bucket for asset \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528": Object { - "Description": "S3 key for asset version \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatostepfunctionstacklambdatostepfunctionstackWExecutionAbortedAlarmB996058D": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineB28C4CED", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "lambdatostepfunctionstacklambdatostepfunctionstackWExecutionFailedAlarmB82026F5": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineB28C4CED", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "lambdatostepfunctionstacklambdatostepfunctionstackWExecutionThrottledAlarmD6C471DD": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineB28C4CED", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "lambdatostepfunctionstacklambdatostepfunctionstackWLambdaFunction9C7C68AF": Object { - "DependsOn": Array [ - "lambdatostepfunctionstacklambdatostepfunctionstackWLambdaFunctionServiceRoleDefaultPolicyCA1819E5", - "lambdatostepfunctionstacklambdatostepfunctionstackWLambdaFunctionServiceRoleD072F490", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3Bucket0DF3E8CF", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "LAMBDA_NAME": "deploy-function", - "STATE_MACHINE_ARN": Object { - "Ref": "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineB28C4CED", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatostepfunctionstacklambdatostepfunctionstackWLambdaFunctionServiceRoleD072F490", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatostepfunctionstacklambdatostepfunctionstackWLambdaFunctionServiceRoleD072F490": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatostepfunctionstacklambdatostepfunctionstackWLambdaFunctionServiceRoleDefaultPolicyCA1819E5": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineB28C4CED", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatostepfunctionstacklambdatostepfunctionstackWLambdaFunctionServiceRoleDefaultPolicyCA1819E5", - "Roles": Array [ - Object { - "Ref": "lambdatostepfunctionstacklambdatostepfunctionstackWLambdaFunctionServiceRoleD072F490", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineB28C4CED": Object { - "DependsOn": Array [ - "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineRoleDefaultPolicy26F2A08C", - "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineRole3EDB944D", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineLogGroup18B411CB", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineRole3EDB944D", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineLogGroup18B411CB": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaultlambdatostepfunctionstackwstatemachinelogcdfe1ad94ef3", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineRole3EDB944D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineRoleDefaultPolicy26F2A08C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineRoleDefaultPolicy26F2A08C", - "Roles": Array [ - Object { - "Ref": "lambdatostepfunctionstacklambdatostepfunctionstackWStateMachineRole3EDB944D", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts index ae23f7b9e..d69fb4c85 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-step-function/test/lambda-step-function.test.ts @@ -18,7 +18,6 @@ import * as defaults from '@aws-solutions-constructs/core'; import * as stepfunctions from '@aws-cdk/aws-stepfunctions'; import * as ec2 from "@aws-cdk/aws-ec2"; import { LambdaToStepFunction } from '../lib'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; // -------------------------------------------------------------- @@ -42,9 +41,7 @@ test('Test deployment with new Lambda function', () => { definition: startState } }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike("AWS::Lambda::Function", { Environment: { Variables: { @@ -81,9 +78,7 @@ test('Test deployment with existing Lambda function', () => { definition: startState } }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike("AWS::Lambda::Function", { Environment: { Variables: { diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/__snapshots__/lambda-stepfunctions.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/__snapshots__/lambda-stepfunctions.test.js.snap deleted file mode 100644 index e223f4081..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/__snapshots__/lambda-stepfunctions.test.js.snap +++ /dev/null @@ -1,823 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment with existing Lambda function 1`] = ` -Object { - "Parameters": Object { - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93ArtifactHashC69F2EC4": Object { - "Description": "Artifact hash for asset \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3Bucket0DF3E8CF": Object { - "Description": "S3 bucket for asset \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528": Object { - "Description": "S3 key for asset version \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - }, - "Resources": Object { - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "LambdaFunctionServiceRole0C4CDE0B", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3Bucket0DF3E8CF", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "LAMBDA_NAME": "existing-function", - "STATE_MACHINE_ARN": Object { - "Ref": "testlambdastepfunctionconstructStateMachine3D4830AD", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRole0C4CDE0B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "testlambdastepfunctionconstructStateMachine3D4830AD", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "Roles": Array [ - Object { - "Ref": "LambdaFunctionServiceRole0C4CDE0B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testlambdastepfunctionconstructExecutionAbortedAlarmC2BA974A": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testlambdastepfunctionconstructStateMachine3D4830AD", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdastepfunctionconstructExecutionFailedAlarmC55FFDEE": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testlambdastepfunctionconstructStateMachine3D4830AD", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdastepfunctionconstructExecutionThrottledAlarm8C5110D9": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "testlambdastepfunctionconstructStateMachine3D4830AD", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "testlambdastepfunctionconstructStateMachine3D4830AD": Object { - "DependsOn": Array [ - "testlambdastepfunctionconstructStateMachineRoleDefaultPolicy226F91C6", - "testlambdastepfunctionconstructStateMachineRoleC3777C02", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "testlambdastepfunctionconstructStateMachineLogGroup08972C3B", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "testlambdastepfunctionconstructStateMachineRoleC3777C02", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "testlambdastepfunctionconstructStateMachineLogGroup08972C3B": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttestlambdastepfunctionconstructstatemachinelog548fb554106f", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "testlambdastepfunctionconstructStateMachineRoleC3777C02": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "testlambdastepfunctionconstructStateMachineRoleDefaultPolicy226F91C6": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testlambdastepfunctionconstructStateMachineRoleDefaultPolicy226F91C6", - "Roles": Array [ - Object { - "Ref": "testlambdastepfunctionconstructStateMachineRoleC3777C02", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`Test deployment with new Lambda function 1`] = ` -Object { - "Parameters": Object { - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93ArtifactHashC69F2EC4": Object { - "Description": "Artifact hash for asset \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3Bucket0DF3E8CF": Object { - "Description": "S3 bucket for asset \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528": Object { - "Description": "S3 key for asset version \\"fd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93\\"", - "Type": "String", - }, - }, - "Resources": Object { - "lambdatostepfunctionstackExecutionAbortedAlarmB59542AF": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "lambdatostepfunctionstackStateMachine98EE8EFB", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "lambdatostepfunctionstackExecutionFailedAlarmED41CA91": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "lambdatostepfunctionstackStateMachine98EE8EFB", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "lambdatostepfunctionstackExecutionThrottledAlarm2DEE538A": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "lambdatostepfunctionstackStateMachine98EE8EFB", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "lambdatostepfunctionstackLambdaFunction2C7FCAC4": Object { - "DependsOn": Array [ - "lambdatostepfunctionstackLambdaFunctionServiceRoleDefaultPolicyFF90D87F", - "lambdatostepfunctionstackLambdaFunctionServiceRole98A7C47A", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3Bucket0DF3E8CF", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParametersfd7a741674eeef7951675d2a57f0459376e046d88e5bee9aab601d8f5a704c93S3VersionKeyE124A528", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - "LAMBDA_NAME": "deploy-function", - "STATE_MACHINE_ARN": Object { - "Ref": "lambdatostepfunctionstackStateMachine98EE8EFB", - }, - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatostepfunctionstackLambdaFunctionServiceRole98A7C47A", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatostepfunctionstackLambdaFunctionServiceRole98A7C47A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatostepfunctionstackLambdaFunctionServiceRoleDefaultPolicyFF90D87F": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "lambdatostepfunctionstackStateMachine98EE8EFB", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatostepfunctionstackLambdaFunctionServiceRoleDefaultPolicyFF90D87F", - "Roles": Array [ - Object { - "Ref": "lambdatostepfunctionstackLambdaFunctionServiceRole98A7C47A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatostepfunctionstackStateMachine98EE8EFB": Object { - "DependsOn": Array [ - "lambdatostepfunctionstackStateMachineRoleDefaultPolicy6657ED67", - "lambdatostepfunctionstackStateMachineRole707B037B", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "lambdatostepfunctionstackStateMachineLogGroupEAD4854E", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "lambdatostepfunctionstackStateMachineRole707B037B", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "lambdatostepfunctionstackStateMachineLogGroupEAD4854E": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaultlambdatostepfunctionstackstatemachinelog8f3fc802765e", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "lambdatostepfunctionstackStateMachineRole707B037B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "lambdatostepfunctionstackStateMachineRoleDefaultPolicy6657ED67": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatostepfunctionstackStateMachineRoleDefaultPolicy6657ED67", - "Roles": Array [ - Object { - "Ref": "lambdatostepfunctionstackStateMachineRole707B037B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/lambda-stepfunctions.test.ts b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/lambda-stepfunctions.test.ts index d7e88b4cc..7e4836f0a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/lambda-stepfunctions.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-stepfunctions/test/lambda-stepfunctions.test.ts @@ -18,7 +18,6 @@ import * as defaults from '@aws-solutions-constructs/core'; import * as stepfunctions from '@aws-cdk/aws-stepfunctions'; import * as ec2 from "@aws-cdk/aws-ec2"; import { LambdaToStepfunctions } from '../lib'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; // -------------------------------------------------------------- @@ -42,9 +41,7 @@ test('Test deployment with new Lambda function', () => { definition: startState } }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike("AWS::Lambda::Function", { Environment: { Variables: { @@ -81,9 +78,7 @@ test('Test deployment with existing Lambda function', () => { definition: startState } }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike("AWS::Lambda::Function", { Environment: { Variables: { diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/__snapshots__/s3-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/__snapshots__/s3-lambda.test.js.snap deleted file mode 100644 index 608ffc32e..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/__snapshots__/s3-lambda.test.js.snap +++ /dev/null @@ -1,1233 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test S3ToLambda default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8ArtifactHash8D9AD644": Object { - "Description": "Artifact hash for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB": Object { - "Description": "S3 bucket for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7": Object { - "Description": "S3 key for asset version \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - }, - "Resources": Object { - "BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691": Object { - "DependsOn": Array [ - "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", - "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "ZipFile": "import boto3 # type: ignore -import json -import logging -import urllib.request - -s3 = boto3.client(\\"s3\\") - -CONFIGURATION_TYPES = [\\"TopicConfigurations\\", \\"QueueConfigurations\\", \\"LambdaFunctionConfigurations\\"] - -def handler(event: dict, context): - response_status = \\"SUCCESS\\" - error_message = \\"\\" - try: - props = event[\\"ResourceProperties\\"] - bucket = props[\\"BucketName\\"] - notification_configuration = props[\\"NotificationConfiguration\\"] - request_type = event[\\"RequestType\\"] - managed = props.get('Managed', 'true').lower() == 'true' - stack_id = event['StackId'] - - if managed: - config = handle_managed(request_type, notification_configuration) - else: - config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration) - - put_bucket_notification_configuration(bucket, config) - except Exception as e: - logging.exception(\\"Failed to put bucket notification configuration\\") - response_status = \\"FAILED\\" - error_message = f\\"Error: {str(e)}. \\" - finally: - submit_response(event, context, response_status, error_message) - - -def handle_managed(request_type, notification_configuration): - if request_type == 'Delete': - return {} - return notification_configuration - - -def handle_unmanaged(bucket, stack_id, request_type, notification_configuration): - - # find external notifications - external_notifications = find_external_notifications(bucket, stack_id) - - # if delete, that's all we need - if request_type == 'Delete': - return external_notifications - - def with_id(notification): - notification['Id'] = f\\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\\" - return notification - - # otherwise, merge external with incoming config and augment with id - notifications = {} - for t in CONFIGURATION_TYPES: - external = external_notifications.get(t, []) - incoming = [with_id(n) for n in notification_configuration.get(t, [])] - notifications[t] = external + incoming - return notifications - - -def find_external_notifications(bucket, stack_id): - existing_notifications = get_bucket_notification_configuration(bucket) - external_notifications = {} - for t in CONFIGURATION_TYPES: - # if the notification was created by us, we know what id to expect - # so we can filter by it. - external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\\"{stack_id}-\\")] - - return external_notifications - - -def get_bucket_notification_configuration(bucket): - return s3.get_bucket_notification_configuration(Bucket=bucket) - - -def put_bucket_notification_configuration(bucket, notification_configuration): - s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration) - - -def submit_response(event: dict, context, response_status: str, error_message: str): - response_body = json.dumps( - { - \\"Status\\": response_status, - \\"Reason\\": f\\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\\", - \\"PhysicalResourceId\\": event.get(\\"PhysicalResourceId\\") or event[\\"LogicalResourceId\\"], - \\"StackId\\": event[\\"StackId\\"], - \\"RequestId\\": event[\\"RequestId\\"], - \\"LogicalResourceId\\": event[\\"LogicalResourceId\\"], - \\"NoEcho\\": False, - } - ).encode(\\"utf-8\\") - headers = {\\"content-type\\": \\"\\", \\"content-length\\": str(len(response_body))} - try: - req = urllib.request.Request(url=event[\\"ResponseURL\\"], headers=headers, data=response_body, method=\\"PUT\\") - with urllib.request.urlopen(req) as response: - print(response.read().decode(\\"utf-8\\")) - print(\\"Status code: \\" + response.reason) - except Exception as e: - print(\\"send(..) failed executing request.urlopen(..): \\" + str(e)) -", - }, - "Description": "AWS CloudFormation handler for \\"Custom::S3BucketNotifications\\" resources (@aws-cdk/aws-s3)", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", - "Arn", - ], - }, - "Runtime": "python3.7", - "Timeout": 300, - }, - "Type": "AWS::Lambda::Function", - }, - "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Bucket resource is '*' due to circular dependency with bucket and role creation at the same time", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "s3:PutBucketNotification", - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", - "Roles": Array [ - Object { - "Ref": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "tests3lambdaLambdaFunctionB56B7023": Object { - "DependsOn": Array [ - "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5", - "tests3lambdaLambdaFunctionServiceRoleA74F4427", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "tests3lambdaLambdaFunctionServiceRoleA74F4427", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "tests3lambdaLambdaFunctionServiceRoleA74F4427": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5", - "Roles": Array [ - Object { - "Ref": "tests3lambdaLambdaFunctionServiceRoleA74F4427", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "tests3lambdaS3BucketAllowBucketNotificationsTotests3lambdaLambdaFunction5728304630C49926": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "tests3lambdaLambdaFunctionB56B7023", - "Arn", - ], - }, - "Principal": "s3.amazonaws.com", - "SourceAccount": Object { - "Ref": "AWS::AccountId", - }, - "SourceArn": Object { - "Fn::GetAtt": Array [ - "tests3lambdaS3BucketBE7C1B8E", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "tests3lambdaS3BucketBE7C1B8E": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "tests3lambdaS3LoggingBucket0C3BBFDC", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - }, - "tests3lambdaS3BucketNotifications1943E9B3": Object { - "DependsOn": Array [ - "tests3lambdaS3BucketAllowBucketNotificationsTotests3lambdaLambdaFunction5728304630C49926", - ], - "Properties": Object { - "BucketName": Object { - "Ref": "tests3lambdaS3BucketBE7C1B8E", - }, - "Managed": true, - "NotificationConfiguration": Object { - "LambdaFunctionConfigurations": Array [ - Object { - "Events": Array [ - "s3:ObjectCreated:*", - ], - "LambdaFunctionArn": Object { - "Fn::GetAtt": Array [ - "tests3lambdaLambdaFunctionB56B7023", - "Arn", - ], - }, - }, - ], - }, - "ServiceToken": Object { - "Fn::GetAtt": Array [ - "BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691", - "Arn", - ], - }, - }, - "Type": "Custom::S3BucketNotifications", - }, - "tests3lambdaS3BucketPolicyE0402ABD": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3lambdaS3BucketBE7C1B8E", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3lambdaS3BucketBE7C1B8E", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3lambdaS3BucketBE7C1B8E", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "tests3lambdaS3LoggingBucket0C3BBFDC": Object { - "DeletionPolicy": "Delete", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - }, - "tests3lambdaS3LoggingBucketPolicyC349F74C": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3lambdaS3LoggingBucket0C3BBFDC", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3lambdaS3LoggingBucket0C3BBFDC", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3lambdaS3LoggingBucket0C3BBFDC", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`snapshot test S3ToLambda with versioning turned off 1`] = ` -Object { - "Parameters": Object { - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8ArtifactHash8D9AD644": Object { - "Description": "Artifact hash for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB": Object { - "Description": "S3 bucket for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7": Object { - "Description": "S3 key for asset version \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - }, - "Resources": Object { - "BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691": Object { - "DependsOn": Array [ - "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", - "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "ZipFile": "import boto3 # type: ignore -import json -import logging -import urllib.request - -s3 = boto3.client(\\"s3\\") - -CONFIGURATION_TYPES = [\\"TopicConfigurations\\", \\"QueueConfigurations\\", \\"LambdaFunctionConfigurations\\"] - -def handler(event: dict, context): - response_status = \\"SUCCESS\\" - error_message = \\"\\" - try: - props = event[\\"ResourceProperties\\"] - bucket = props[\\"BucketName\\"] - notification_configuration = props[\\"NotificationConfiguration\\"] - request_type = event[\\"RequestType\\"] - managed = props.get('Managed', 'true').lower() == 'true' - stack_id = event['StackId'] - - if managed: - config = handle_managed(request_type, notification_configuration) - else: - config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration) - - put_bucket_notification_configuration(bucket, config) - except Exception as e: - logging.exception(\\"Failed to put bucket notification configuration\\") - response_status = \\"FAILED\\" - error_message = f\\"Error: {str(e)}. \\" - finally: - submit_response(event, context, response_status, error_message) - - -def handle_managed(request_type, notification_configuration): - if request_type == 'Delete': - return {} - return notification_configuration - - -def handle_unmanaged(bucket, stack_id, request_type, notification_configuration): - - # find external notifications - external_notifications = find_external_notifications(bucket, stack_id) - - # if delete, that's all we need - if request_type == 'Delete': - return external_notifications - - def with_id(notification): - notification['Id'] = f\\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\\" - return notification - - # otherwise, merge external with incoming config and augment with id - notifications = {} - for t in CONFIGURATION_TYPES: - external = external_notifications.get(t, []) - incoming = [with_id(n) for n in notification_configuration.get(t, [])] - notifications[t] = external + incoming - return notifications - - -def find_external_notifications(bucket, stack_id): - existing_notifications = get_bucket_notification_configuration(bucket) - external_notifications = {} - for t in CONFIGURATION_TYPES: - # if the notification was created by us, we know what id to expect - # so we can filter by it. - external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\\"{stack_id}-\\")] - - return external_notifications - - -def get_bucket_notification_configuration(bucket): - return s3.get_bucket_notification_configuration(Bucket=bucket) - - -def put_bucket_notification_configuration(bucket, notification_configuration): - s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration) - - -def submit_response(event: dict, context, response_status: str, error_message: str): - response_body = json.dumps( - { - \\"Status\\": response_status, - \\"Reason\\": f\\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\\", - \\"PhysicalResourceId\\": event.get(\\"PhysicalResourceId\\") or event[\\"LogicalResourceId\\"], - \\"StackId\\": event[\\"StackId\\"], - \\"RequestId\\": event[\\"RequestId\\"], - \\"LogicalResourceId\\": event[\\"LogicalResourceId\\"], - \\"NoEcho\\": False, - } - ).encode(\\"utf-8\\") - headers = {\\"content-type\\": \\"\\", \\"content-length\\": str(len(response_body))} - try: - req = urllib.request.Request(url=event[\\"ResponseURL\\"], headers=headers, data=response_body, method=\\"PUT\\") - with urllib.request.urlopen(req) as response: - print(response.read().decode(\\"utf-8\\")) - print(\\"Status code: \\" + response.reason) - except Exception as e: - print(\\"send(..) failed executing request.urlopen(..): \\" + str(e)) -", - }, - "Description": "AWS CloudFormation handler for \\"Custom::S3BucketNotifications\\" resources (@aws-cdk/aws-s3)", - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", - "Arn", - ], - }, - "Runtime": "python3.7", - "Timeout": 300, - }, - "Type": "AWS::Lambda::Function", - }, - "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Bucket resource is '*' due to circular dependency with bucket and role creation at the same time", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "s3:PutBucketNotification", - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", - "Roles": Array [ - Object { - "Ref": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "tests3lambdaLambdaFunctionB56B7023": Object { - "DependsOn": Array [ - "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5", - "tests3lambdaLambdaFunctionServiceRoleA74F4427", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "tests3lambdaLambdaFunctionServiceRoleA74F4427", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "tests3lambdaLambdaFunctionServiceRoleA74F4427": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "tests3lambdaLambdaFunctionServiceRoleDefaultPolicyA7E71BD5", - "Roles": Array [ - Object { - "Ref": "tests3lambdaLambdaFunctionServiceRoleA74F4427", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "tests3lambdaS3BucketAllowBucketNotificationsTotests3lambdaLambdaFunction5728304630C49926": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "tests3lambdaLambdaFunctionB56B7023", - "Arn", - ], - }, - "Principal": "s3.amazonaws.com", - "SourceAccount": Object { - "Ref": "AWS::AccountId", - }, - "SourceArn": Object { - "Fn::GetAtt": Array [ - "tests3lambdaS3BucketBE7C1B8E", - "Arn", - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "tests3lambdaS3BucketBE7C1B8E": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "tests3lambdaS3LoggingBucket0C3BBFDC", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "tests3lambdaS3BucketNotifications1943E9B3": Object { - "DependsOn": Array [ - "tests3lambdaS3BucketAllowBucketNotificationsTotests3lambdaLambdaFunction5728304630C49926", - ], - "Properties": Object { - "BucketName": Object { - "Ref": "tests3lambdaS3BucketBE7C1B8E", - }, - "Managed": true, - "NotificationConfiguration": Object { - "LambdaFunctionConfigurations": Array [ - Object { - "Events": Array [ - "s3:ObjectCreated:*", - ], - "LambdaFunctionArn": Object { - "Fn::GetAtt": Array [ - "tests3lambdaLambdaFunctionB56B7023", - "Arn", - ], - }, - }, - ], - }, - "ServiceToken": Object { - "Fn::GetAtt": Array [ - "BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691", - "Arn", - ], - }, - }, - "Type": "Custom::S3BucketNotifications", - }, - "tests3lambdaS3BucketPolicyE0402ABD": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3lambdaS3BucketBE7C1B8E", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3lambdaS3BucketBE7C1B8E", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3lambdaS3BucketBE7C1B8E", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "tests3lambdaS3LoggingBucket0C3BBFDC": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "tests3lambdaS3LoggingBucketPolicyC349F74C": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3lambdaS3LoggingBucket0C3BBFDC", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3lambdaS3LoggingBucket0C3BBFDC", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3lambdaS3LoggingBucket0C3BBFDC", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/s3-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/s3-lambda.test.ts index cee26e1b0..0f3f4a39b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/s3-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-s3-lambda/test/s3-lambda.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { S3ToLambda, S3ToLambdaProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; import * as s3 from '@aws-cdk/aws-s3'; @@ -33,12 +32,6 @@ function deployNewFunc(stack: cdk.Stack) { return new S3ToLambda(stack, 'test-s3-lambda', props); } -test('snapshot test S3ToLambda default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check properties', () => { const stack = new cdk.Stack(); @@ -49,24 +42,6 @@ test('check properties', () => { expect(construct.s3LoggingBucket !== null); }); -test('snapshot test S3ToLambda with versioning turned off', () => { - const stack = new cdk.Stack(); - - const props: S3ToLambdaProps = { - lambdaFunctionProps: { - code: lambda.Code.fromAsset(`${__dirname}/lambda`), - runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler' - }, - bucketProps: { - versioned: false - } - }; - - new S3ToLambda(stack, 'test-s3-lambda', props); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test bad call with existingBucket and bucketProps // -------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/test.s3-sqs.test.ts b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/test.s3-sqs.test.ts index 399f9ba1d..a7a5e5efe 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/test.s3-sqs.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-s3-sqs/test/test.s3-sqs.test.ts @@ -209,84 +209,6 @@ test('Test deployment w/ SSE encryption enabled using customer managed KMS CMK', // Assertion 3 expect(stack).toHaveResource('AWS::KMS::Key', { - KeyPolicy: { - Statement: [ - { - Action: [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource" - ], - Effect: "Allow", - Principal: { - AWS: { - "Fn::Join": [ - "", - [ - "arn:", - { - Ref: "AWS::Partition" - }, - ":iam::", - { - Ref: "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - Resource: "*" - }, - { - Action: [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - Condition: { - ArnLike: { - "aws:SourceArn": { - "Fn::GetAtt": [ - "tests3sqsS3BucketFF76CDA6", - "Arn" - ] - } - } - }, - Effect: "Allow", - Principal: { - Service: "s3.amazonaws.com" - }, - Resource: "*" - }, - { - Action: [ - "kms:GenerateDataKey*", - "kms:Decrypt" - ], - Effect: "Allow", - Principal: { - Service: "s3.amazonaws.com" - }, - Resource: "*" - } - ], - Version: "2012-10-17" - }, EnableKeyRotation: true }); }); diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/__snapshots__/s3-step-function.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/__snapshots__/s3-step-function.test.js.snap deleted file mode 100644 index a50e9547c..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/__snapshots__/s3-step-function.test.js.snap +++ /dev/null @@ -1,737 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test S3ToStepFunction default params 1`] = ` -Object { - "Resources": Object { - "tests3stepfunctiontests3stepfunctionWCloudTrailS3Bucket24C50489": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWCloudTrailS3LoggingBucket449D5AB7", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "tests3stepfunctiontests3stepfunctionWCloudTrailS3BucketPolicy9ACF9ADC": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWCloudTrailS3Bucket24C50489", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWCloudTrailS3Bucket24C50489", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWCloudTrailS3Bucket24C50489", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - Object { - "Action": "s3:GetBucketAcl", - "Effect": "Allow", - "Principal": Object { - "Service": "cloudtrail.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWCloudTrailS3Bucket24C50489", - "Arn", - ], - }, - }, - Object { - "Action": "s3:PutObject", - "Condition": Object { - "StringEquals": Object { - "s3:x-amz-acl": "bucket-owner-full-control", - }, - }, - "Effect": "Allow", - "Principal": Object { - "Service": "cloudtrail.amazonaws.com", - }, - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWCloudTrailS3Bucket24C50489", - "Arn", - ], - }, - "/AWSLogs/", - Object { - "Ref": "AWS::AccountId", - }, - "/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "tests3stepfunctiontests3stepfunctionWCloudTrailS3LoggingBucket449D5AB7": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "tests3stepfunctiontests3stepfunctionWCloudTrailS3LoggingBucketPolicy7547A73F": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWCloudTrailS3LoggingBucket449D5AB7", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWCloudTrailS3LoggingBucket449D5AB7", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWCloudTrailS3LoggingBucket449D5AB7", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "tests3stepfunctiontests3stepfunctionWS3Bucket9BE64924": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWS3LoggingBucketB716417C", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "tests3stepfunctiontests3stepfunctionWS3BucketPolicy6A88EABC": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWS3Bucket9BE64924", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWS3Bucket9BE64924", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWS3Bucket9BE64924", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "tests3stepfunctiontests3stepfunctionWS3EventsTrailA0FDE626": Object { - "DependsOn": Array [ - "tests3stepfunctiontests3stepfunctionWCloudTrailS3BucketPolicy9ACF9ADC", - ], - "Properties": Object { - "EnableLogFileValidation": true, - "EventSelectors": Array [ - Object { - "DataResources": Array [ - Object { - "Type": "AWS::S3::Object", - "Values": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWS3Bucket9BE64924", - "Arn", - ], - }, - "/", - ], - ], - }, - ], - }, - ], - "IncludeManagementEvents": false, - "ReadWriteType": "All", - }, - ], - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "IsMultiRegionTrail": true, - "S3BucketName": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWCloudTrailS3Bucket24C50489", - }, - }, - "Type": "AWS::CloudTrail::Trail", - }, - "tests3stepfunctiontests3stepfunctionWS3LoggingBucketB716417C": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "tests3stepfunctiontests3stepfunctionWS3LoggingBucketPolicy8E5E6292": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWS3LoggingBucketB716417C", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWS3LoggingBucketB716417C", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWS3LoggingBucketB716417C", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructEventsRule2C8C073A": Object { - "Properties": Object { - "EventPattern": Object { - "detail": Object { - "eventName": Array [ - "PutObject", - "CopyObject", - "CompleteMultipartUpload", - ], - "eventSource": Array [ - "s3.amazonaws.com", - ], - "requestParameters": Object { - "bucketName": Array [ - Object { - "Ref": "tests3stepfunctiontests3stepfunctionWS3Bucket9BE64924", - }, - ], - }, - }, - "detail-type": Array [ - "AWS API Call via CloudTrail", - ], - "source": Array [ - "aws.s3", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineAAE00FFE", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructEventsRuleRole1B233B12", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructEventsRuleRole1B233B12": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructEventsRuleRoleDefaultPolicyA55D44AB": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineAAE00FFE", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructEventsRuleRoleDefaultPolicyA55D44AB", - "Roles": Array [ - Object { - "Ref": "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructEventsRuleRole1B233B12", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructExecutionAbortedAlarm0D634092": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineAAE00FFE", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructExecutionFailedAlarm0292B991": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineAAE00FFE", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructExecutionThrottledAlarmC8F77F85": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineAAE00FFE", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineAAE00FFE": Object { - "DependsOn": Array [ - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineRoleDefaultPolicyC73B582F", - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineRoleDCB350A2", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineLogGroupE83EECDD", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineRoleDCB350A2", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineLogGroupE83EECDD": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttests3stepfunctionweventrulestepfunctionconstructstatemachinelogfb43dc28fae1", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineRoleDCB350A2": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineRoleDefaultPolicyC73B582F": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineRoleDefaultPolicyC73B582F", - "Roles": Array [ - Object { - "Ref": "tests3stepfunctiontests3stepfunctionWtests3stepfunctionWeventrulestepfunctionconstructStateMachineRoleDCB350A2", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/s3-step-function.test.ts b/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/s3-step-function.test.ts index fcb2aa34d..d43027768 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/s3-step-function.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-s3-step-function/test/s3-step-function.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { S3ToStepFunction, S3ToStepFunctionProps } from '../lib/index'; import * as sfn from '@aws-cdk/aws-stepfunctions'; import '@aws-cdk/assert/jest'; @@ -31,12 +30,6 @@ function deployNewStateMachine(stack: cdk.Stack) { return new S3ToStepFunction(stack, 'test-s3-step-function', props); } -test('snapshot test S3ToStepFunction default params', () => { - const stack = new cdk.Stack(); - deployNewStateMachine(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check deployCloudTrail = false', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/__snapshots__/s3-stepfunctions.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/__snapshots__/s3-stepfunctions.test.js.snap deleted file mode 100644 index 1311051ea..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/__snapshots__/s3-stepfunctions.test.js.snap +++ /dev/null @@ -1,737 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test S3ToStepfunctions default params 1`] = ` -Object { - "Resources": Object { - "tests3stepfunctionsCloudTrailS3BucketA4862EB5": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "tests3stepfunctionsCloudTrailS3LoggingBucket6C453FDC", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "tests3stepfunctionsCloudTrailS3BucketPolicyFABF3402": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3stepfunctionsCloudTrailS3BucketA4862EB5", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionsCloudTrailS3BucketA4862EB5", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionsCloudTrailS3BucketA4862EB5", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - Object { - "Action": "s3:GetBucketAcl", - "Effect": "Allow", - "Principal": Object { - "Service": "cloudtrail.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionsCloudTrailS3BucketA4862EB5", - "Arn", - ], - }, - }, - Object { - "Action": "s3:PutObject", - "Condition": Object { - "StringEquals": Object { - "s3:x-amz-acl": "bucket-owner-full-control", - }, - }, - "Effect": "Allow", - "Principal": Object { - "Service": "cloudtrail.amazonaws.com", - }, - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionsCloudTrailS3BucketA4862EB5", - "Arn", - ], - }, - "/AWSLogs/", - Object { - "Ref": "AWS::AccountId", - }, - "/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "tests3stepfunctionsCloudTrailS3LoggingBucket6C453FDC": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "tests3stepfunctionsCloudTrailS3LoggingBucketPolicy7ECEA4CB": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3stepfunctionsCloudTrailS3LoggingBucket6C453FDC", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionsCloudTrailS3LoggingBucket6C453FDC", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionsCloudTrailS3LoggingBucket6C453FDC", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "tests3stepfunctionsS3Bucket2B08AD28": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "tests3stepfunctionsS3LoggingBucketF7586A92", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "tests3stepfunctionsS3BucketPolicy816CD289": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3stepfunctionsS3Bucket2B08AD28", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionsS3Bucket2B08AD28", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionsS3Bucket2B08AD28", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "tests3stepfunctionsS3EventsTrailD0D47427": Object { - "DependsOn": Array [ - "tests3stepfunctionsCloudTrailS3BucketPolicyFABF3402", - ], - "Properties": Object { - "EnableLogFileValidation": true, - "EventSelectors": Array [ - Object { - "DataResources": Array [ - Object { - "Type": "AWS::S3::Object", - "Values": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionsS3Bucket2B08AD28", - "Arn", - ], - }, - "/", - ], - ], - }, - ], - }, - ], - "IncludeManagementEvents": false, - "ReadWriteType": "All", - }, - ], - "IncludeGlobalServiceEvents": true, - "IsLogging": true, - "IsMultiRegionTrail": true, - "S3BucketName": Object { - "Ref": "tests3stepfunctionsCloudTrailS3BucketA4862EB5", - }, - }, - "Type": "AWS::CloudTrail::Trail", - }, - "tests3stepfunctionsS3LoggingBucketF7586A92": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "tests3stepfunctionsS3LoggingBucketPolicyA69F8114": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "tests3stepfunctionsS3LoggingBucketF7586A92", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionsS3LoggingBucketF7586A92", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionsS3LoggingBucketF7586A92", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructEventsRuleEF658568": Object { - "Properties": Object { - "EventPattern": Object { - "detail": Object { - "eventName": Array [ - "PutObject", - "CopyObject", - "CompleteMultipartUpload", - ], - "eventSource": Array [ - "s3.amazonaws.com", - ], - "requestParameters": Object { - "bucketName": Array [ - Object { - "Ref": "tests3stepfunctionsS3Bucket2B08AD28", - }, - ], - }, - }, - "detail-type": Array [ - "AWS API Call via CloudTrail", - ], - "source": Array [ - "aws.s3", - ], - }, - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Ref": "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachine67197269", - }, - "Id": "Target0", - "RoleArn": Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructEventsRuleRoleE7CAD359", - "Arn", - ], - }, - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructEventsRuleRoleDefaultPolicy0353F447": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": Object { - "Ref": "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachine67197269", - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructEventsRuleRoleDefaultPolicy0353F447", - "Roles": Array [ - Object { - "Ref": "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructEventsRuleRoleE7CAD359", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructEventsRuleRoleE7CAD359": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "events.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructExecutionAbortedAlarm1689CFA6": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that aborted exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachine67197269", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsAborted", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Maximum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructExecutionFailedAlarm9C7AF57A": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that failed exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachine67197269", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionsFailed", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructExecutionThrottledAlarm99D8FF54": Object { - "Properties": Object { - "AlarmDescription": "Alarm for the number of executions that throttled exceeded the threshold of 1. ", - "ComparisonOperator": "GreaterThanOrEqualToThreshold", - "Dimensions": Array [ - Object { - "Name": "StateMachineArn", - "Value": Object { - "Ref": "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachine67197269", - }, - }, - ], - "EvaluationPeriods": 1, - "MetricName": "ExecutionThrottled", - "Namespace": "AWS/States", - "Period": 300, - "Statistic": "Sum", - "Threshold": 1, - }, - "Type": "AWS::CloudWatch::Alarm", - }, - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachine67197269": Object { - "DependsOn": Array [ - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachineRoleDefaultPolicy2A86AA4F", - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachineRoleEAF485A9", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachineLogGroupB4555776", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachineRoleEAF485A9", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachineLogGroupB4555776": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaulttests3stepfunctionseventrulestepfunctionconstructstatemachineloge4b8ed454bdb", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachineRoleDefaultPolicy2A86AA4F": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachineRoleDefaultPolicy2A86AA4F", - "Roles": Array [ - Object { - "Ref": "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachineRoleEAF485A9", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "tests3stepfunctionstests3stepfunctionseventrulestepfunctionconstructStateMachineRoleEAF485A9": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/s3-stepfunctions.test.ts b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/s3-stepfunctions.test.ts index 88e8725eb..aea634fb5 100644 --- a/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/s3-stepfunctions.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-s3-stepfunctions/test/s3-stepfunctions.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { S3ToStepfunctions, S3ToStepfunctionsProps } from '../lib/index'; import * as sfn from '@aws-cdk/aws-stepfunctions'; import '@aws-cdk/assert/jest'; @@ -31,12 +30,6 @@ function deployNewStateMachine(stack: cdk.Stack) { return new S3ToStepfunctions(stack, 'test-s3-stepfunctions', props); } -test('snapshot test S3ToStepfunctions default params', () => { - const stack = new cdk.Stack(); - deployNewStateMachine(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check deployCloudTrail = false', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/README.md b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/README.md index bfb608619..a0a4bc8f9 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/README.md +++ b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/README.md @@ -45,7 +45,7 @@ _Parameters_ * scope [`Construct`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_core.Construct.html) * id `string` -* props [`S3ToLambdaProps`](#pattern-construct-props) +* props [`SnsToLambdaProps`](#pattern-construct-props) ## Pattern Construct Props @@ -83,4 +83,4 @@ Out of the box implementation of the Construct without any override will set the ![Architecture Diagram](architecture.png) *** -© Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. \ No newline at end of file +© Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/__snapshots__/sns-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/__snapshots__/sns-lambda.test.js.snap deleted file mode 100644 index 526f8f285..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/__snapshots__/sns-lambda.test.js.snap +++ /dev/null @@ -1,332 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test SnsToLambda default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8ArtifactHash8D9AD644": Object { - "Description": "Artifact hash for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB": Object { - "Description": "S3 bucket for asset \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7": Object { - "Description": "S3 key for asset version \\"0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testsnslambdaLambdaFunctionAllowInvoketestsnslambdaSnsTopicEB0543A09281910D": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "testsnslambdaLambdaFunctionEE9A249B", - "Arn", - ], - }, - "Principal": "sns.amazonaws.com", - "SourceArn": Object { - "Ref": "testsnslambdaSnsTopic52CA159E", - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "testsnslambdaLambdaFunctionEE9A249B": Object { - "DependsOn": Array [ - "testsnslambdaLambdaFunctionServiceRoleDefaultPolicy3E6745ED", - "testsnslambdaLambdaFunctionServiceRole23794781", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3Bucket9E1964CB", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters0c3255e93ffe7a906c7422e9f0e9cc4c7fd86ee996ee3bb302e2f134b38463c8S3VersionKey7153CEE7", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testsnslambdaLambdaFunctionServiceRole23794781", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testsnslambdaLambdaFunctionServiceRole23794781": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testsnslambdaLambdaFunctionServiceRoleDefaultPolicy3E6745ED": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testsnslambdaLambdaFunctionServiceRoleDefaultPolicy3E6745ED", - "Roles": Array [ - Object { - "Ref": "testsnslambdaLambdaFunctionServiceRole23794781", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testsnslambdaLambdaFunctionSnsTopic9C14F333": Object { - "Properties": Object { - "Endpoint": Object { - "Fn::GetAtt": Array [ - "testsnslambdaLambdaFunctionEE9A249B", - "Arn", - ], - }, - "Protocol": "lambda", - "TopicArn": Object { - "Ref": "testsnslambdaSnsTopic52CA159E", - }, - }, - "Type": "AWS::SNS::Subscription", - }, - "testsnslambdaSnsTopic52CA159E": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/sns", - ], - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testsnslambdaSnsTopicPolicyDA4647EB": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testsnslambdaSnsTopic52CA159E", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testsnslambdaSnsTopic52CA159E", - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testsnslambdaSnsTopic52CA159E", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/sns-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/sns-lambda.test.ts index b49f48dd9..c3024d419 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/sns-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-sns-lambda/test/sns-lambda.test.ts @@ -11,7 +11,7 @@ * and limitations under the License. */ -import { SynthUtils, expect as expectCDK, haveResource } from '@aws-cdk/assert'; +import { expect as expectCDK, haveResource } from '@aws-cdk/assert'; import { SnsToLambda, SnsToLambdaProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; import * as sns from '@aws-cdk/aws-sns'; @@ -30,12 +30,6 @@ function deployNewFunc(stack: cdk.Stack) { return new SnsToLambda(stack, 'test-sns-lambda', props); } -test('snapshot test SnsToLambda default params', () => { - const stack = new cdk.Stack(); - deployNewFunc(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check properties', () => { const stack = new cdk.Stack(); diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/__snapshots__/sns-sqs.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/__snapshots__/sns-sqs.test.js.snap deleted file mode 100644 index cca619511..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/__snapshots__/sns-sqs.test.js.snap +++ /dev/null @@ -1,1287 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Pattern deployment w/ new Topic, new Queue and default props 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:GenerateDataKey", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "sns.amazonaws.com", - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "sns.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testsnssqsSnsTopic2CD0065B": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "EncryptionKey1B843E66", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "testsnssqsSnsTopicPolicy604079F2": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "testsnssqsSnsTopic2CD0065B", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "testsnssqsSnsTopic2CD0065B", - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "testsnssqsSnsTopic2CD0065B", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - "testsnssqsdeadLetterQueue8DACC0A1": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testsnssqsdeadLetterQueuePolicyAB8A9883": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testsnssqsdeadLetterQueue8DACC0A1", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testsnssqsdeadLetterQueue8DACC0A1", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testsnssqsdeadLetterQueue8DACC0A1", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testsnssqsqueueB02504BF": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "EncryptionKey1B843E66", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testsnssqsdeadLetterQueue8DACC0A1", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testsnssqsqueuePolicyE64464B6": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testsnssqsqueueB02504BF", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testsnssqsqueueB02504BF", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sqs:SendMessage", - "Condition": Object { - "ArnEquals": Object { - "aws:SourceArn": Object { - "Ref": "testsnssqsSnsTopic2CD0065B", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "Service": "sns.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testsnssqsqueueB02504BF", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testsnssqsqueueB02504BF", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testsnssqsqueuetestsnssqsSnsTopicE16CFFE0983CE231": Object { - "Properties": Object { - "Endpoint": Object { - "Fn::GetAtt": Array [ - "testsnssqsqueueB02504BF", - "Arn", - ], - }, - "Protocol": "sqs", - "TopicArn": Object { - "Ref": "testsnssqsSnsTopic2CD0065B", - }, - }, - "Type": "AWS::SNS::Subscription", - }, - }, -} -`; - -exports[`Test deployment w/ existing queue, and topic 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "existingqueueobjF8AF0ED1": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "QueueName": "existing-queue-obj", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "existingqueueobjPolicy847305AE": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sqs:SendMessage", - "Condition": Object { - "ArnEquals": Object { - "aws:SourceArn": Object { - "Ref": "existingtopicobjF4A24735", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "Service": "sns.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueueobjF8AF0ED1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "existingqueueobjF8AF0ED1", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "existingqueueobjexistingtopicobjF03E40E2": Object { - "Properties": Object { - "Endpoint": Object { - "Fn::GetAtt": Array [ - "existingqueueobjF8AF0ED1", - "Arn", - ], - }, - "Protocol": "sqs", - "TopicArn": Object { - "Ref": "existingtopicobjF4A24735", - }, - }, - "Type": "AWS::SNS::Subscription", - }, - "existingtopicobjF4A24735": Object { - "Properties": Object { - "TopicName": "existing-topic-obj", - }, - "Type": "AWS::SNS::Topic", - }, - }, -} -`; - -exports[`Test deployment with SNS managed KMS key 1`] = ` -Object { - "Resources": Object { - "snstosqsstackSnsTopicB387685B": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/sns", - ], - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "snstosqsstackSnsTopicPolicy824AEFAD": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "snstosqsstackSnsTopicB387685B", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "snstosqsstackSnsTopicB387685B", - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "snstosqsstackSnsTopicB387685B", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - "snstosqsstackdeadLetterQueueA02EB1B1": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "snstosqsstackdeadLetterQueuePolicy4E639DF8": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "snstosqsstackdeadLetterQueueA02EB1B1", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "snstosqsstackdeadLetterQueueA02EB1B1", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "snstosqsstackdeadLetterQueueA02EB1B1", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "snstosqsstackqueue262BCE03": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "snstosqsstackqueueKey743636E7", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "snstosqsstackdeadLetterQueueA02EB1B1", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "snstosqsstackqueueKey743636E7": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "Description": "Created by Default/sns-to-sqs-stack/queue", - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:GenerateDataKey", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "sns.amazonaws.com", - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "sns.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "snstosqsstackqueuePolicy4A9E8A77": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "snstosqsstackqueue262BCE03", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "snstosqsstackqueue262BCE03", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sqs:SendMessage", - "Condition": Object { - "ArnEquals": Object { - "aws:SourceArn": Object { - "Ref": "snstosqsstackSnsTopicB387685B", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "Service": "sns.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "snstosqsstackqueue262BCE03", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "snstosqsstackqueue262BCE03", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "snstosqsstackqueuesnstosqsstackSnsTopic1DC3C73AEA256098": Object { - "Properties": Object { - "Endpoint": Object { - "Fn::GetAtt": Array [ - "snstosqsstackqueue262BCE03", - "Arn", - ], - }, - "Protocol": "sqs", - "TopicArn": Object { - "Ref": "snstosqsstackSnsTopicB387685B", - }, - }, - "Type": "AWS::SNS::Subscription", - }, - }, -} -`; - -exports[`Test deployment with imported encryption key 1`] = ` -Object { - "Resources": Object { - "importedkey38675D68": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": false, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:GenerateDataKey", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "sns.amazonaws.com", - }, - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Decrypt", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Principal": Object { - "Service": "sns.amazonaws.com", - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "snstosqsstackSnsTopicB387685B": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "importedkey38675D68", - "Arn", - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "snstosqsstackSnsTopicPolicy824AEFAD": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "snstosqsstackSnsTopicB387685B", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "snstosqsstackSnsTopicB387685B", - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "snstosqsstackSnsTopicB387685B", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - "snstosqsstackdeadLetterQueueA02EB1B1": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "snstosqsstackdeadLetterQueuePolicy4E639DF8": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "snstosqsstackdeadLetterQueueA02EB1B1", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "snstosqsstackdeadLetterQueueA02EB1B1", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "snstosqsstackdeadLetterQueueA02EB1B1", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "snstosqsstackqueue262BCE03": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "importedkey38675D68", - "Arn", - ], - }, - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "snstosqsstackdeadLetterQueueA02EB1B1", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "snstosqsstackqueuePolicy4A9E8A77": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "snstosqsstackqueue262BCE03", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "snstosqsstackqueue262BCE03", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - Object { - "Action": "sqs:SendMessage", - "Condition": Object { - "ArnEquals": Object { - "aws:SourceArn": Object { - "Ref": "snstosqsstackSnsTopicB387685B", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "Service": "sns.amazonaws.com", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "snstosqsstackqueue262BCE03", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "snstosqsstackqueue262BCE03", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "snstosqsstackqueuesnstosqsstackSnsTopic1DC3C73AEA256098": Object { - "Properties": Object { - "Endpoint": Object { - "Fn::GetAtt": Array [ - "snstosqsstackqueue262BCE03", - "Arn", - ], - }, - "Protocol": "sqs", - "TopicArn": Object { - "Ref": "snstosqsstackSnsTopicB387685B", - }, - }, - "Type": "AWS::SNS::Subscription", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/sns-sqs.test.ts b/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/sns-sqs.test.ts index af96b63cc..697e7df71 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/sns-sqs.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-sns-sqs/test/sns-sqs.test.ts @@ -17,7 +17,6 @@ import { SnsToSqs, SnsToSqsProps } from "../lib"; import * as sqs from '@aws-cdk/aws-sqs'; import * as sns from '@aws-cdk/aws-sns'; import * as kms from '@aws-cdk/aws-kms'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; // -------------------------------------------------------------- @@ -29,8 +28,7 @@ test('Pattern deployment w/ new Topic, new Queue and default props', () => { const stack = new Stack(); const props: SnsToSqsProps = {}; new SnsToSqs(stack, 'test-sns-sqs', props); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); + // Assertion 2 expect(stack).toHaveResource("AWS::SNS::Topic", { KmsMasterKeyId: { @@ -147,8 +145,6 @@ test('Test deployment w/ existing queue, and topic', () => { existingTopicObj: topic, existingQueueObj: queue }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Assertion 2 expect(app.snsTopic !== null); // Assertion 3 @@ -176,8 +172,6 @@ test('Test deployment with imported encryption key', () => { enableEncryptionWithCustomerManagedKey: true, encryptionKey: kmsKey }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Assertion 2 expect(stack).toHaveResource("AWS::KMS::Key", { EnableKeyRotation: false @@ -209,8 +203,6 @@ test('Test deployment with SNS managed KMS key', () => { }, enableEncryptionWithCustomerManagedKey: false }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // Assertion 2 expect(stack).toHaveResource("AWS::SNS::Topic", { KmsMasterKeyId: { diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/__snapshots__/test.sqs-lambda.test.js.snap b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/__snapshots__/test.sqs-lambda.test.js.snap deleted file mode 100644 index 83a7c31a3..000000000 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/__snapshots__/test.sqs-lambda.test.js.snap +++ /dev/null @@ -1,850 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Pattern deployment w/ Existing Lambda Function 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "ExistingLambdaFunctionF606C520": Object { - "DependsOn": Array [ - "ExistingLambdaFunctionServiceRoleDefaultPolicy2431D213", - "ExistingLambdaFunctionServiceRole7CC6DE65", - ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "ExistingLambdaFunctionServiceRole7CC6DE65", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - }, - "Type": "AWS::Lambda::Function", - }, - "ExistingLambdaFunctionServiceRole7CC6DE65": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "ExistingLambdaFunctionServiceRoleDefaultPolicy2431D213": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaqueue1FFAE03C", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "ExistingLambdaFunctionServiceRoleDefaultPolicy2431D213", - "Roles": Array [ - Object { - "Ref": "ExistingLambdaFunctionServiceRole7CC6DE65", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "ExistingLambdaFunctionSqsEventSourcetestapigatewaylambdaqueueFD30FF33BE4927D4": Object { - "Properties": Object { - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaqueue1FFAE03C", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "ExistingLambdaFunctionF606C520", - }, - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - "testapigatewaylambdaqueue1FFAE03C": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testapigatewaylambdaqueuePolicyD735D909": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaqueue1FFAE03C", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testapigatewaylambdaqueue1FFAE03C", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testapigatewaylambdaqueue1FFAE03C", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Pattern deployment w/ new Lambda function and default props 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "testsqslambdaLambdaFunction58720146": Object { - "DependsOn": Array [ - "testsqslambdaLambdaFunctionServiceRoleDefaultPolicy380B065C", - "testsqslambdaLambdaFunctionServiceRoleF623B438", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "testsqslambdaLambdaFunctionServiceRoleF623B438", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "testsqslambdaLambdaFunctionServiceRoleDefaultPolicy380B065C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "testsqslambdaqueue601203B8", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "testsqslambdaLambdaFunctionServiceRoleDefaultPolicy380B065C", - "Roles": Array [ - Object { - "Ref": "testsqslambdaLambdaFunctionServiceRoleF623B438", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "testsqslambdaLambdaFunctionServiceRoleF623B438": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "testsqslambdaLambdaFunctionSqsEventSourcetestsqslambdaqueue583E2E6CB891E0FC": Object { - "Properties": Object { - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "testsqslambdaqueue601203B8", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "testsqslambdaLambdaFunction58720146", - }, - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - "testsqslambdadeadLetterQueue85BDB0A3": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testsqslambdadeadLetterQueuePolicy8C08D1A5": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testsqslambdadeadLetterQueue85BDB0A3", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testsqslambdadeadLetterQueue85BDB0A3", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testsqslambdadeadLetterQueue85BDB0A3", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "testsqslambdaqueue601203B8": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "testsqslambdadeadLetterQueue85BDB0A3", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "testsqslambdaqueuePolicy29B871D4": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testsqslambdaqueue601203B8", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "testsqslambdaqueue601203B8", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "testsqslambdaqueue601203B8", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test deployment w/ existing queue 1`] = ` -Object { - "Parameters": Object { - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420ArtifactHashA71E92AD": Object { - "Description": "Artifact hash for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458": Object { - "Description": "S3 bucket for asset \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D": Object { - "Description": "S3 key for asset version \\"8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420\\"", - "Type": "String", - }, - }, - "Resources": Object { - "existingqueueobjF8AF0ED1": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "QueueName": "existing-queue-obj", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "lambdatosqsstackLambdaFunctionDAB62CB1": Object { - "DependsOn": Array [ - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3Bucket749AC458", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters8efd3dd9643a4d64a128ad582cab718a1e464bcc719bbbcf0e7b0481188a0420S3VersionKeyFF5CC16D", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - "Arn", - ], - }, - "Runtime": "nodejs10.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueueobjF8AF0ED1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "lambdatosqsstackLambdaFunctionServiceRoleDefaultPolicy467E145A", - "Roles": Array [ - Object { - "Ref": "lambdatosqsstackLambdaFunctionServiceRole0AD9DDDF", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "lambdatosqsstackLambdaFunctionSqsEventSourceexistingqueueobj3C4A9AF1": Object { - "Properties": Object { - "EventSourceArn": Object { - "Fn::GetAtt": Array [ - "existingqueueobjF8AF0ED1", - "Arn", - ], - }, - "FunctionName": Object { - "Ref": "lambdatosqsstackLambdaFunctionDAB62CB1", - }, - }, - "Type": "AWS::Lambda::EventSourceMapping", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/test.sqs-lambda.test.ts b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/test.sqs-lambda.test.ts index beabede7b..134059711 100644 --- a/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/test.sqs-lambda.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-sqs-lambda/test/test.sqs-lambda.test.ts @@ -15,29 +15,8 @@ import { Stack } from "@aws-cdk/core"; import { SqsToLambda, SqsToLambdaProps } from "../lib"; import * as lambda from '@aws-cdk/aws-lambda'; -import * as sqs from '@aws-cdk/aws-sqs'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; -// -------------------------------------------------------------- -// Pattern deployment w/ new Lambda function and -// default properties -// -------------------------------------------------------------- -test('Pattern deployment w/ new Lambda function and default props', () => { - // Initial Setup - const stack = new Stack(); - const props: SqsToLambdaProps = { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - } - }; - new SqsToLambda(stack, 'test-sqs-lambda', props); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Pattern deployment w/ new Lambda function and // overridden properties @@ -74,28 +53,6 @@ test('Pattern deployment w/ new Lambda function and overridden props', () => { }); }); -// -------------------------------------------------------------- -// Pattern Deployment w/ Existing Lambda function -// -------------------------------------------------------------- -test('Pattern deployment w/ Existing Lambda Function', () => { - // Initial Setup - const stack = new Stack(); - const fn = new lambda.Function(stack, 'ExistingLambdaFunction', { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }); - const props: SqsToLambdaProps = { - existingLambdaObj: fn, - deployDeadLetterQueue: false, - maxReceiveCount: 0, - queueProps: {} - }; - new SqsToLambda(stack, 'test-apigateway-lambda', props); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test the getter methods // -------------------------------------------------------------- @@ -157,28 +114,6 @@ test('Test error handling for new Lambda function w/o required properties', () = }).toThrowError(); }); -// -------------------------------------------------------------- -// Test deployment w/ existing queue -// -------------------------------------------------------------- -test('Test deployment w/ existing queue', () => { - // Stack - const stack = new Stack(); - // Helper declaration - const queue = new sqs.Queue(stack, 'existing-queue-obj', { - queueName: 'existing-queue-obj' - }); - new SqsToLambda(stack, 'lambda-to-sqs-stack', { - lambdaFunctionProps: { - runtime: lambda.Runtime.NODEJS_10_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }, - existingQueueObj: queue - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Pattern deployment w/ batch size // -------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/apigateway-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/apigateway-helper.test.js.snap deleted file mode 100644 index 0ad1c4bb0..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/apigateway-helper.test.js.snap +++ /dev/null @@ -1,1947 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test addMethodToApiResource with action 1`] = ` -Object { - "Outputs": Object { - "RestApiEndpoint0551178A": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "RestApi0C43BF4B", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "ApiAccessLogGroupCEA70788": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "LambdaRestApiAccount": Object { - "DependsOn": Array [ - "RestApi0C43BF4B", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "LambdaRestApiCloudWatchRoleF339D4E6", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "LambdaRestApiCloudWatchRoleF339D4E6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "RestApi0C43BF4B": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "RestApiDeployment180EC503d679a55f3e81b32d52afab47c5cfbe0b": Object { - "DependsOn": Array [ - "RestApiapigatewayresourceGET3FA98628", - "RestApiapigatewayresourcePUT15FB0206", - "RestApiapigatewayresource242D19A1", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "RestApiDeploymentStageprod3855DE66": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "ApiAccessLogGroupCEA70788", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "RestApiDeployment180EC503d679a55f3e81b32d52afab47c5cfbe0b", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "RestApiUsagePlan6E1C537A": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - "Stage": Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "RestApiapigatewayresource242D19A1": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "api-gateway-resource", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApiapigatewayresourceGET3FA98628": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "GET", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayroleE6D48DBD", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - }, - "RequestTemplates": Object { - "application/json": "{}", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":dynamodb:action/Query", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "ResourceId": Object { - "Ref": "RestApiapigatewayresource242D19A1", - }, - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApiapigatewayresourcePUT15FB0206": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "PUT", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayroleE6D48DBD", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/json'", - }, - "RequestTemplates": Object { - "application/json": "{}", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":sqs:path/11112222/thisqueuequeueName", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "ResourceId": Object { - "Ref": "RestApiapigatewayresource242D19A1", - }, - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "apigatewayroleE6D48DBD": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - }, -} -`; - -exports[`Test default RestApi deployment w/ ApiGatewayProps 1`] = ` -Object { - "Outputs": Object { - "RestApiEndpoint0551178A": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "RestApi0C43BF4B", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "ApiAccessLogGroupCEA70788": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "LambdaRestApiAccount": Object { - "DependsOn": Array [ - "RestApi0C43BF4B", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "LambdaRestApiCloudWatchRoleF339D4E6", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "LambdaRestApiCloudWatchRoleF339D4E6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "RestApi0C43BF4B": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "customRestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "RestApiDeployment180EC5035dc263e471f85ee42d6a531c41635aa8": Object { - "DependsOn": Array [ - "RestApiapigatewayresourcePOST2678115A", - "RestApiapigatewayresource242D19A1", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "RestApiDeploymentStageprod3855DE66": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "ApiAccessLogGroupCEA70788", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "RestApiDeployment180EC5035dc263e471f85ee42d6a531c41635aa8", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "RestApiUsagePlan6E1C537A": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - "Stage": Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "RestApiapigatewayresource242D19A1": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "api-gateway-resource", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApiapigatewayresourcePOST2678115A": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "text/html": "Success", - }, - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/x-www-form-urlencoded'", - }, - "RequestTemplates": Object { - "application/x-www-form-urlencoded": "Action=SendMessage&MessageBody=$util.urlEncode(\\"$input.body\\")&MessageAttribute.1.Name=queryParam1&MessageAttribute.1.Value.StringValue=$input.params(\\"query_param_1\\")&MessageAttribute.1.Value.DataType=String", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":sqs:path/11112222/thisqueuequeueName", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "RequestParameters": Object { - "method.request.querystring.query_param_1": true, - }, - "ResourceId": Object { - "Ref": "RestApiapigatewayresource242D19A1", - }, - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - }, -} -`; - -exports[`Test default RestApi deployment w/o ApiGatewayProps 1`] = ` -Object { - "Outputs": Object { - "RestApiEndpoint0551178A": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "RestApi0C43BF4B", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "ApiAccessLogGroupCEA70788": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "LambdaRestApiAccount": Object { - "DependsOn": Array [ - "RestApi0C43BF4B", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "LambdaRestApiCloudWatchRoleF339D4E6", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "LambdaRestApiCloudWatchRoleF339D4E6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "RestApi0C43BF4B": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "RestApiDeployment180EC50384cfe003d392d0389584019196bfb581": Object { - "DependsOn": Array [ - "RestApiapigatewayresourcePOST2678115A", - "RestApiapigatewayresource242D19A1", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "RestApiDeploymentStageprod3855DE66": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "ApiAccessLogGroupCEA70788", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "RestApiDeployment180EC50384cfe003d392d0389584019196bfb581", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "RestApiUsagePlan6E1C537A": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - "Stage": Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "RestApiapigatewayresource242D19A1": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "api-gateway-resource", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApiapigatewayresourcePOST2678115A": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "ResponseTemplates": Object { - "text/html": "Success", - }, - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'application/x-www-form-urlencoded'", - }, - "RequestTemplates": Object { - "application/x-www-form-urlencoded": "Action=SendMessage&MessageBody=$util.urlEncode(\\"$input.body\\")&MessageAttribute.1.Name=queryParam1&MessageAttribute.1.Value.StringValue=$input.params(\\"query_param_1\\")&MessageAttribute.1.Value.DataType=String", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":sqs:path/11112222/thisqueuequeueName", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "RequestParameters": Object { - "method.request.querystring.query_param_1": true, - }, - "ResourceId": Object { - "Ref": "RestApiapigatewayresource242D19A1", - }, - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - }, -} -`; - -exports[`Test default RestApi w/ request model and validator 1`] = ` -Object { - "Outputs": Object { - "RestApiEndpoint0551178A": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "RestApi0C43BF4B", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/", - ], - ], - }, - }, - }, - "Resources": Object { - "ApiAccessLogGroupCEA70788": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "LambdaRestApiAccount": Object { - "DependsOn": Array [ - "RestApi0C43BF4B", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "LambdaRestApiCloudWatchRoleF339D4E6", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "LambdaRestApiCloudWatchRoleF339D4E6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "RestApi0C43BF4B": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "EDGE", - ], - }, - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "RestApiDeployment180EC503c3421c8cc4653e532d16905760ab6e22": Object { - "DependsOn": Array [ - "RestApidefaultvalidator78DAE008", - "RestApiapigatewayresourcePOST2678115A", - "RestApiapigatewayresource242D19A1", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "RestApiDeploymentStageprod3855DE66": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "ApiAccessLogGroupCEA70788", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "RestApiDeployment180EC503c3421c8cc4653e532d16905760ab6e22", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "RestApiUsagePlan6E1C537A": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - "Stage": Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "RestApiapigatewayresource242D19A1": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "api-gateway-resource", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "RestApiapigatewayresourcePOST2678115A": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "POST", - "Integration": Object { - "Credentials": Object { - "Fn::GetAtt": Array [ - "apigatewayroleE6D48DBD", - "Arn", - ], - }, - "IntegrationHttpMethod": "POST", - "IntegrationResponses": Array [ - Object { - "StatusCode": "200", - }, - Object { - "ResponseTemplates": Object { - "text/html": "Error", - }, - "SelectionPattern": "500", - "StatusCode": "500", - }, - ], - "PassthroughBehavior": "NEVER", - "RequestParameters": Object { - "integration.request.header.Content-Type": "'x-amz-json-1.1'", - }, - "RequestTemplates": Object { - "application/json": "{}", - }, - "Type": "AWS", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":kinesis:action/PutRecord", - ], - ], - }, - }, - "MethodResponses": Array [ - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "200", - }, - Object { - "ResponseParameters": Object { - "method.response.header.Content-Type": true, - }, - "StatusCode": "500", - }, - ], - "RequestModels": Object { - "application/json": "Empty", - }, - "RequestValidatorId": Object { - "Ref": "RestApidefaultvalidator78DAE008", - }, - "ResourceId": Object { - "Ref": "RestApiapigatewayresource242D19A1", - }, - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApidefaultvalidator78DAE008": Object { - "Properties": Object { - "Name": "default-validator", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - "ValidateRequestBody": true, - }, - "Type": "AWS::ApiGateway::RequestValidator", - }, - "apigatewayroleE6D48DBD": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - }, -} -`; - -exports[`snapshot test RegionalApiGateway default params 1`] = ` -Object { - "Outputs": Object { - "LambdaRestApiEndpointCCECE4C1": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "LambdaRestApi95870433", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "LambdaRestApiDeploymentStageprodB1F3862A", - }, - "/", - ], - ], - }, - }, - }, - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "ApiAccessLogGroupCEA70788": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "LambdaFunctionServiceRole0C4CDE0B", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRole0C4CDE0B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "Roles": Array [ - Object { - "Ref": "LambdaFunctionServiceRole0C4CDE0B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "LambdaRestApi95870433": Object { - "Properties": Object { - "EndpointConfiguration": Object { - "Types": Array [ - "REGIONAL", - ], - }, - "Name": "LambdaRestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "LambdaRestApiANYA831AD87": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Fn::GetAtt": Array [ - "LambdaRestApi95870433", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "LambdaRestApiANYApiPermissionLambdaRestApiANYD56C5914": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "LambdaRestApi95870433", - }, - "/", - Object { - "Ref": "LambdaRestApiDeploymentStageprodB1F3862A", - }, - "/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "LambdaRestApiANYApiPermissionTestLambdaRestApiANY9B2403A7": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "LambdaRestApi95870433", - }, - "/test-invoke-stage/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "LambdaRestApiAccount": Object { - "DependsOn": Array [ - "LambdaRestApi95870433", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "LambdaRestApiCloudWatchRoleF339D4E6", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "LambdaRestApiCloudWatchRoleF339D4E6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogGroups", - "logs:DescribeLogStreams", - "logs:PutLogEvents", - "logs:GetLogEvents", - "logs:FilterLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaRestApiCloudWatchRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "LambdaRestApiDeploymentBA640578812946cff1910fe2b8b339ee3a8d51c7": Object { - "DependsOn": Array [ - "LambdaRestApiproxyANY93D43CC0", - "LambdaRestApiproxy9F99E187", - "LambdaRestApiANYA831AD87", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W45", - "reason": "ApiGateway has AccessLogging enabled in AWS::ApiGateway::Stage resource, but cfn_nag checkes for it in AWS::ApiGateway::Deployment resource", - }, - ], - }, - }, - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "LambdaRestApiDeploymentStageprodB1F3862A": Object { - "Properties": Object { - "AccessLogSetting": Object { - "DestinationArn": Object { - "Fn::GetAtt": Array [ - "ApiAccessLogGroupCEA70788", - "Arn", - ], - }, - "Format": "{\\"requestId\\":\\"$context.requestId\\",\\"ip\\":\\"$context.identity.sourceIp\\",\\"user\\":\\"$context.identity.user\\",\\"caller\\":\\"$context.identity.caller\\",\\"requestTime\\":\\"$context.requestTime\\",\\"httpMethod\\":\\"$context.httpMethod\\",\\"resourcePath\\":\\"$context.resourcePath\\",\\"status\\":\\"$context.status\\",\\"protocol\\":\\"$context.protocol\\",\\"responseLength\\":\\"$context.responseLength\\"}", - }, - "DeploymentId": Object { - "Ref": "LambdaRestApiDeploymentBA640578812946cff1910fe2b8b339ee3a8d51c7", - }, - "MethodSettings": Array [ - Object { - "DataTraceEnabled": false, - "HttpMethod": "*", - "LoggingLevel": "INFO", - "ResourcePath": "/*", - }, - ], - "RestApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - "StageName": "prod", - "TracingEnabled": true, - }, - "Type": "AWS::ApiGateway::Stage", - }, - "LambdaRestApiUsagePlanB4DF55D0": Object { - "Properties": Object { - "ApiStages": Array [ - Object { - "ApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - "Stage": Object { - "Ref": "LambdaRestApiDeploymentStageprodB1F3862A", - }, - "Throttle": Object {}, - }, - ], - }, - "Type": "AWS::ApiGateway::UsagePlan", - }, - "LambdaRestApiproxy9F99E187": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "LambdaRestApi95870433", - "RootResourceId", - ], - }, - "PathPart": "{proxy+}", - "RestApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "LambdaRestApiproxyANY93D43CC0": Object { - "Properties": Object { - "AuthorizationType": "AWS_IAM", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Ref": "LambdaRestApiproxy9F99E187", - }, - "RestApiId": Object { - "Ref": "LambdaRestApi95870433", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "LambdaRestApiproxyANYApiPermissionLambdaRestApiANYproxy208F31EB": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "LambdaRestApi95870433", - }, - "/", - Object { - "Ref": "LambdaRestApiDeploymentStageprodB1F3862A", - }, - "/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "LambdaRestApiproxyANYApiPermissionTestLambdaRestApiANYproxyDBA3E731": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "LambdaRestApi95870433", - }, - "/test-invoke-stage/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-api-gateway-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-api-gateway-helper.test.js.snap deleted file mode 100644 index 750bde839..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-api-gateway-helper.test.js.snap +++ /dev/null @@ -1,1322 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`cloudfront distribution for ApiGateway with default params 1`] = ` -Object { - "Outputs": Object { - "RestApiEndpoint0551178A": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "RestApi0C43BF4B", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/", - ], - ], - }, - }, - }, - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "CloudFrontDistributionBA64CE3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W70", - "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion", - }, - ], - }, - }, - "Properties": Object { - "DistributionConfig": Object { - "DefaultCacheBehavior": Object { - "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", - "Compress": true, - "FunctionAssociations": Array [ - Object { - "EventType": "viewer-response", - "FunctionARN": Object { - "Fn::GetAtt": Array [ - "SetHttpSecurityHeadersEE936115", - "FunctionARN", - ], - }, - }, - ], - "TargetOriginId": "CloudFrontDistributionOrigin176EC3A12", - "ViewerProtocolPolicy": "redirect-to-https", - }, - "Enabled": true, - "HttpVersion": "http2", - "IPV6Enabled": true, - "Logging": Object { - "Bucket": Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "RegionalDomainName", - ], - }, - }, - "Origins": Array [ - Object { - "CustomOriginConfig": Object { - "OriginProtocolPolicy": "https-only", - "OriginSSLProtocols": Array [ - "TLSv1.2", - ], - }, - "DomainName": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "/", - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "://", - Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "RestApi0C43BF4B", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/", - ], - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - "Id": "CloudFrontDistributionOrigin176EC3A12", - "OriginPath": Object { - "Fn::Join": Array [ - "", - Array [ - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - ], - ], - }, - }, - ], - }, - }, - "Type": "AWS::CloudFront::Distribution", - }, - "CloudfrontLoggingBucket3C3EFAA7": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "CloudfrontLoggingBucketPolicy8FC0956D": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "CloudfrontLoggingBucket3C3EFAA7", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleC555A460", - ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRoleC555A460", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRoleC555A460": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "RestApi0C43BF4B": Object { - "Properties": Object { - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "RestApiANYA7C1DC94": Object { - "Properties": Object { - "AuthorizationType": "NONE", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Fn::GetAtt": Array [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApiANYApiPermissionRestApiANY3A99B4EE": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "RestApi0C43BF4B", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApiANYApiPermissionTestRestApiANY79BD91F2": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApiAccount7C83CF5A": Object { - "DependsOn": Array [ - "RestApi0C43BF4B", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "RestApiCloudWatchRoleE3ED6605", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "RestApiCloudWatchRoleE3ED6605": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", - ], - ], - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "RestApiDeployment180EC5037625dd9448e05124ef5f1cc2b6c3180a": Object { - "DependsOn": Array [ - "RestApiproxyANY1786B242", - "RestApiproxyC95856DD", - "RestApiANYA7C1DC94", - ], - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "RestApiDeploymentStageprod3855DE66": Object { - "Properties": Object { - "DeploymentId": Object { - "Ref": "RestApiDeployment180EC5037625dd9448e05124ef5f1cc2b6c3180a", - }, - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - "StageName": "prod", - }, - "Type": "AWS::ApiGateway::Stage", - }, - "RestApiproxyANY1786B242": Object { - "Properties": Object { - "AuthorizationType": "NONE", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Ref": "RestApiproxyC95856DD", - }, - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApiproxyANYApiPermissionRestApiANYproxy9C9912F9": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "RestApi0C43BF4B", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApiproxyANYApiPermissionTestRestApiANYproxyCB7BC56D": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApiproxyC95856DD": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "{proxy+}", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - "SetHttpSecurityHeadersEE936115": Object { - "Properties": Object { - "AutoPublish": true, - "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \\"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }", - "FunctionConfig": Object { - "Comment": "SetHttpSecurityHeadersc8adc83b19e793491b1c6ea0fd8b46cd9f32e592fc", - "Runtime": "cloudfront-js-1.0", - }, - "Name": "SetHttpSecurityHeadersc8adc83b19e793491b1c6ea0fd8b46cd9f32e592fc", - }, - "Type": "AWS::CloudFront::Function", - }, - }, -} -`; - -exports[`cloudfront distribution for ApiGateway without security headers 1`] = ` -Object { - "Outputs": Object { - "RestApiEndpoint0551178A": Object { - "Value": Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "RestApi0C43BF4B", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/", - ], - ], - }, - }, - }, - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "CloudFrontDistributionBA64CE3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W70", - "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion", - }, - ], - }, - }, - "Properties": Object { - "DistributionConfig": Object { - "DefaultCacheBehavior": Object { - "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", - "Compress": true, - "TargetOriginId": "CloudFrontDistributionOrigin176EC3A12", - "ViewerProtocolPolicy": "redirect-to-https", - }, - "Enabled": true, - "HttpVersion": "http2", - "IPV6Enabled": true, - "Logging": Object { - "Bucket": Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "RegionalDomainName", - ], - }, - }, - "Origins": Array [ - Object { - "CustomOriginConfig": Object { - "OriginProtocolPolicy": "https-only", - "OriginSSLProtocols": Array [ - "TLSv1.2", - ], - }, - "DomainName": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "/", - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "://", - Object { - "Fn::Join": Array [ - "", - Array [ - "https://", - Object { - "Ref": "RestApi0C43BF4B", - }, - ".execute-api.", - Object { - "Ref": "AWS::Region", - }, - ".", - Object { - "Ref": "AWS::URLSuffix", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/", - ], - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - "Id": "CloudFrontDistributionOrigin176EC3A12", - "OriginPath": Object { - "Fn::Join": Array [ - "", - Array [ - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - ], - ], - }, - }, - ], - }, - }, - "Type": "AWS::CloudFront::Distribution", - }, - "CloudfrontLoggingBucket3C3EFAA7": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "CloudfrontLoggingBucketPolicy8FC0956D": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "CloudfrontLoggingBucket3C3EFAA7", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleC555A460", - ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRoleC555A460", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRoleC555A460": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "RestApi0C43BF4B": Object { - "Properties": Object { - "Name": "RestApi", - }, - "Type": "AWS::ApiGateway::RestApi", - }, - "RestApiANYA7C1DC94": Object { - "Properties": Object { - "AuthorizationType": "NONE", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Fn::GetAtt": Array [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApiANYApiPermissionRestApiANY3A99B4EE": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "RestApi0C43BF4B", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApiANYApiPermissionTestRestApiANY79BD91F2": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/*/", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApiAccount7C83CF5A": Object { - "DependsOn": Array [ - "RestApi0C43BF4B", - ], - "Properties": Object { - "CloudWatchRoleArn": Object { - "Fn::GetAtt": Array [ - "RestApiCloudWatchRoleE3ED6605", - "Arn", - ], - }, - }, - "Type": "AWS::ApiGateway::Account", - }, - "RestApiCloudWatchRoleE3ED6605": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "apigateway.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs", - ], - ], - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "RestApiDeployment180EC5037625dd9448e05124ef5f1cc2b6c3180a": Object { - "DependsOn": Array [ - "RestApiproxyANY1786B242", - "RestApiproxyC95856DD", - "RestApiANYA7C1DC94", - ], - "Properties": Object { - "Description": "Automatically created by the RestApi construct", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Deployment", - }, - "RestApiDeploymentStageprod3855DE66": Object { - "Properties": Object { - "DeploymentId": Object { - "Ref": "RestApiDeployment180EC5037625dd9448e05124ef5f1cc2b6c3180a", - }, - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - "StageName": "prod", - }, - "Type": "AWS::ApiGateway::Stage", - }, - "RestApiproxyANY1786B242": Object { - "Properties": Object { - "AuthorizationType": "NONE", - "HttpMethod": "ANY", - "Integration": Object { - "IntegrationHttpMethod": "POST", - "Type": "AWS_PROXY", - "Uri": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":apigateway:", - Object { - "Ref": "AWS::Region", - }, - ":lambda:path/2015-03-31/functions/", - Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "/invocations", - ], - ], - }, - }, - "ResourceId": Object { - "Ref": "RestApiproxyC95856DD", - }, - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Method", - }, - "RestApiproxyANYApiPermissionRestApiANYproxy9C9912F9": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "RestApi0C43BF4B", - }, - "/", - Object { - "Ref": "RestApiDeploymentStageprod3855DE66", - }, - "/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApiproxyANYApiPermissionTestRestApiANYproxyCB7BC56D": Object { - "Properties": Object { - "Action": "lambda:InvokeFunction", - "FunctionName": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Principal": "apigateway.amazonaws.com", - "SourceArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":execute-api:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":", - Object { - "Ref": "RestApi0C43BF4B", - }, - "/test-invoke-stage/*/*", - ], - ], - }, - }, - "Type": "AWS::Lambda::Permission", - }, - "RestApiproxyC95856DD": Object { - "Properties": Object { - "ParentId": Object { - "Fn::GetAtt": Array [ - "RestApi0C43BF4B", - "RootResourceId", - ], - }, - "PathPart": "{proxy+}", - "RestApiId": Object { - "Ref": "RestApi0C43BF4B", - }, - }, - "Type": "AWS::ApiGateway::Resource", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-mediastore-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-mediastore-helper.test.js.snap deleted file mode 100644 index c2d7bf604..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-mediastore-helper.test.js.snap +++ /dev/null @@ -1,243 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`CloudFront distribution for MediaStore with default params 1`] = ` -Object { - "Resources": Object { - "CloudFrontDistributionBA64CE3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W70", - "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion", - }, - ], - }, - }, - "Properties": Object { - "DistributionConfig": Object { - "DefaultCacheBehavior": Object { - "AllowedMethods": Array [ - "GET", - "HEAD", - "OPTIONS", - ], - "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", - "CachedMethods": Array [ - "GET", - "HEAD", - "OPTIONS", - ], - "Compress": true, - "FunctionAssociations": Array [ - Object { - "EventType": "viewer-response", - "FunctionARN": Object { - "Fn::GetAtt": Array [ - "SetHttpSecurityHeadersEE936115", - "FunctionARN", - ], - }, - }, - ], - "OriginRequestPolicyId": Object { - "Ref": "CloudfrontOriginRequestPolicy299A10DB", - }, - "TargetOriginId": "CloudFrontDistributionOrigin176EC3A12", - "ViewerProtocolPolicy": "redirect-to-https", - }, - "Enabled": true, - "HttpVersion": "http2", - "IPV6Enabled": true, - "Logging": Object { - "Bucket": Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "RegionalDomainName", - ], - }, - }, - "Origins": Array [ - Object { - "CustomOriginConfig": Object { - "OriginProtocolPolicy": "https-only", - "OriginSSLProtocols": Array [ - "TLSv1.2", - ], - }, - "DomainName": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "/", - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "://", - Object { - "Fn::GetAtt": Array [ - "MediaStoreContainer", - "Endpoint", - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - "Id": "CloudFrontDistributionOrigin176EC3A12", - }, - ], - }, - }, - "Type": "AWS::CloudFront::Distribution", - }, - "CloudfrontLoggingBucket3C3EFAA7": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "CloudfrontLoggingBucketPolicy8FC0956D": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "CloudfrontLoggingBucket3C3EFAA7", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "CloudfrontOriginRequestPolicy299A10DB": Object { - "Properties": Object { - "OriginRequestPolicyConfig": Object { - "Comment": "Policy for Constructs CloudFrontDistributionForMediaStore", - "CookiesConfig": Object { - "CookieBehavior": "none", - }, - "HeadersConfig": Object { - "HeaderBehavior": "whitelist", - "Headers": Array [ - "Access-Control-Allow-Origin", - "Access-Control-Request-Method", - "Access-Control-Request-Header", - "Origin", - ], - }, - "Name": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Ref": "AWS::StackName", - }, - "-", - Object { - "Ref": "AWS::Region", - }, - "-CloudFrontDistributionForMediaStore", - ], - ], - }, - "QueryStringsConfig": Object { - "QueryStringBehavior": "all", - }, - }, - }, - "Type": "AWS::CloudFront::OriginRequestPolicy", - }, - "MediaStoreContainer": Object { - "Properties": Object { - "ContainerName": "TestContainer", - }, - "Type": "AWS::MediaStore::Container", - }, - "SetHttpSecurityHeadersEE936115": Object { - "Properties": Object { - "AutoPublish": true, - "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \\"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }", - "FunctionConfig": Object { - "Comment": "SetHttpSecurityHeadersc8adc83b19e793491b1c6ea0fd8b46cd9f32e592fc", - "Runtime": "cloudfront-js-1.0", - }, - "Name": "SetHttpSecurityHeadersc8adc83b19e793491b1c6ea0fd8b46cd9f32e592fc", - }, - "Type": "AWS::CloudFront::Function", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-s3-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-s3-helper.test.js.snap deleted file mode 100644 index 3656b665b..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudfront-distribution-s3-helper.test.js.snap +++ /dev/null @@ -1,393 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`cloudfront distribution with default params 1`] = ` -Object { - "Resources": Object { - "CloudFrontDistributionBA64CE3A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W70", - "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion", - }, - ], - }, - }, - "Properties": Object { - "DistributionConfig": Object { - "DefaultCacheBehavior": Object { - "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", - "Compress": true, - "FunctionAssociations": Array [ - Object { - "EventType": "viewer-response", - "FunctionARN": Object { - "Fn::GetAtt": Array [ - "SetHttpSecurityHeadersEE936115", - "FunctionARN", - ], - }, - }, - ], - "TargetOriginId": "CloudFrontDistributionOrigin176EC3A12", - "ViewerProtocolPolicy": "redirect-to-https", - }, - "DefaultRootObject": "index.html", - "Enabled": true, - "HttpVersion": "http2", - "IPV6Enabled": true, - "Logging": Object { - "Bucket": Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "RegionalDomainName", - ], - }, - }, - "Origins": Array [ - Object { - "DomainName": Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "RegionalDomainName", - ], - }, - "Id": "CloudFrontDistributionOrigin176EC3A12", - "S3OriginConfig": Object { - "OriginAccessIdentity": Object { - "Fn::Join": Array [ - "", - Array [ - "origin-access-identity/cloudfront/", - Object { - "Ref": "CloudFrontDistributionOrigin1S3Origin3D9CA0E9", - }, - ], - ], - }, - }, - }, - ], - }, - }, - "Type": "AWS::CloudFront::Distribution", - }, - "CloudFrontDistributionOrigin1S3Origin3D9CA0E9": Object { - "Properties": Object { - "CloudFrontOriginAccessIdentityConfig": Object { - "Comment": "Identity for CloudFrontDistributionOrigin176EC3A12", - }, - }, - "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity", - }, - "CloudfrontLoggingBucket3C3EFAA7": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "CloudfrontLoggingBucketPolicy8FC0956D": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "CloudfrontLoggingBucket3C3EFAA7", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "CloudfrontLoggingBucket3C3EFAA7", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "S3Bucket07682993": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3BucketPolicyF560589A": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "F16", - "reason": "Public website bucket policy requires a wildcard principal", - }, - ], - }, - }, - "Properties": Object { - "Bucket": Object { - "Ref": "S3Bucket07682993", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - Object { - "Action": "s3:GetObject", - "Effect": "Allow", - "Principal": Object { - "CanonicalUser": Object { - "Fn::GetAtt": Array [ - "CloudFrontDistributionOrigin1S3Origin3D9CA0E9", - "S3CanonicalUserId", - ], - }, - }, - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "S3LoggingBucket800A2B27": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3LoggingBucketPolicy6B3AA8AF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "SetHttpSecurityHeadersEE936115": Object { - "Properties": Object { - "AutoPublish": true, - "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \\"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }", - "FunctionConfig": Object { - "Comment": "SetHttpSecurityHeadersc8adc83b19e793491b1c6ea0fd8b46cd9f32e592fc", - "Runtime": "cloudfront-js-1.0", - }, - "Name": "SetHttpSecurityHeadersc8adc83b19e793491b1c6ea0fd8b46cd9f32e592fc", - }, - "Type": "AWS::CloudFront::Function", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudwatch-log-group-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudwatch-log-group-helper.test.js.snap deleted file mode 100644 index 27b15b6f1..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/cloudwatch-log-group-helper.test.js.snap +++ /dev/null @@ -1,99 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`cw log group with default params 1`] = ` -Object { - "Resources": Object { - "CloudWatchLogGroup9E01D9EC": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; - -exports[`override cw log group props with encryptionKey and retention period 1`] = ` -Object { - "Resources": Object { - "mykeyC16225CA": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "testcwlogsdefault5C05821C": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "KmsKeyId": Object { - "Fn::GetAtt": Array [ - "mykeyC16225CA", - "Arn", - ], - }, - "RetentionInDays": 5, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/congnito-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/congnito-helper.test.js.snap deleted file mode 100644 index d478aa9e5..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/congnito-helper.test.js.snap +++ /dev/null @@ -1,109 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test buildUserPool default params 1`] = ` -Object { - "Resources": Object { - "CognitoUserPool53E37E69": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AccountRecoverySetting": Object { - "RecoveryMechanisms": Array [ - Object { - "Name": "verified_phone_number", - "Priority": 1, - }, - Object { - "Name": "verified_email", - "Priority": 2, - }, - ], - }, - "AdminCreateUserConfig": Object { - "AllowAdminCreateUserOnly": true, - }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "UserPoolAddOns": Object { - "AdvancedSecurityMode": "ENFORCED", - }, - "VerificationMessageTemplate": Object { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}", - }, - }, - "Type": "AWS::Cognito::UserPool", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; - -exports[`snapshot test buildUserPoolClient default params 1`] = ` -Object { - "Resources": Object { - "CognitoUserPool53E37E69": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AccountRecoverySetting": Object { - "RecoveryMechanisms": Array [ - Object { - "Name": "verified_phone_number", - "Priority": 1, - }, - Object { - "Name": "verified_email", - "Priority": 2, - }, - ], - }, - "AdminCreateUserConfig": Object { - "AllowAdminCreateUserOnly": true, - }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "UserPoolAddOns": Object { - "AdvancedSecurityMode": "ENFORCED", - }, - "VerificationMessageTemplate": Object { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}", - }, - }, - "Type": "AWS::Cognito::UserPool", - "UpdateReplacePolicy": "Retain", - }, - "CognitoUserPoolClient5AB59AE4": Object { - "Properties": Object { - "AllowedOAuthFlows": Array [ - "implicit", - "code", - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": Array [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin", - ], - "CallbackURLs": Array [ - "https://example.com", - ], - "SupportedIdentityProviders": Array [ - "COGNITO", - ], - "UserPoolId": Object { - "Ref": "CognitoUserPool53E37E69", - }, - }, - "Type": "AWS::Cognito::UserPoolClient", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/dynamo-table.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/dynamo-table.test.js.snap deleted file mode 100644 index 89340a794..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/dynamo-table.test.js.snap +++ /dev/null @@ -1,70 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test TableProps default params 1`] = ` -Object { - "Resources": Object { - "testdynamodefaults72AF3E8C": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AttributeDefinitions": Array [ - Object { - "AttributeName": "id", - "AttributeType": "S", - }, - ], - "BillingMode": "PAY_PER_REQUEST", - "KeySchema": Array [ - Object { - "AttributeName": "id", - "KeyType": "HASH", - }, - ], - "PointInTimeRecoverySpecification": Object { - "PointInTimeRecoveryEnabled": true, - }, - "SSESpecification": Object { - "SSEEnabled": true, - }, - }, - "Type": "AWS::DynamoDB::Table", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; - -exports[`snapshot test TableWithStream default params 1`] = ` -Object { - "Resources": Object { - "testdynamostreamdefaultsFD08DF32": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AttributeDefinitions": Array [ - Object { - "AttributeName": "id", - "AttributeType": "S", - }, - ], - "BillingMode": "PAY_PER_REQUEST", - "KeySchema": Array [ - Object { - "AttributeName": "id", - "KeyType": "HASH", - }, - ], - "PointInTimeRecoverySpecification": Object { - "PointInTimeRecoveryEnabled": true, - }, - "SSESpecification": Object { - "SSEEnabled": true, - }, - "StreamSpecification": Object { - "StreamViewType": "NEW_AND_OLD_IMAGES", - }, - }, - "Type": "AWS::DynamoDB::Table", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/elasticsearch-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/elasticsearch-helper.test.js.snap deleted file mode 100644 index f19da26d0..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/elasticsearch-helper.test.js.snap +++ /dev/null @@ -1,377 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test buildElasticSearch default params 1`] = ` -Object { - "Resources": Object { - "CognitoAuthorizedRole14E74FE0": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRoleWithWebIdentity", - "Condition": Object { - "ForAnyValue:StringLike": Object { - "cognito-identity.amazonaws.com:amr": "authenticated", - }, - "StringEquals": Object { - "cognito-identity.amazonaws.com:aud": Object { - "Ref": "CognitoIdentityPool", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "Federated": "cognito-identity.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "es:ESHttp*", - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "CognitoAccessPolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "CognitoIdentityPool": Object { - "Properties": Object { - "AllowUnauthenticatedIdentities": false, - "CognitoIdentityProviders": Array [ - Object { - "ClientId": Object { - "Ref": "CognitoUserPoolClient5AB59AE4", - }, - "ProviderName": Object { - "Fn::GetAtt": Array [ - "CognitoUserPool53E37E69", - "ProviderName", - ], - }, - "ServerSideTokenCheck": true, - }, - ], - }, - "Type": "AWS::Cognito::IdentityPool", - }, - "CognitoKibanaConfigureRole62CCE76A": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "es.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "CognitoKibanaConfigureRolePolicy76F46A5E": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "cognito-idp:DescribeUserPool", - "cognito-idp:CreateUserPoolClient", - "cognito-idp:DeleteUserPoolClient", - "cognito-idp:DescribeUserPoolClient", - "cognito-idp:AdminInitiateAuth", - "cognito-idp:AdminUserGlobalSignOut", - "cognito-idp:ListUserPoolClients", - "cognito-identity:DescribeIdentityPool", - "cognito-identity:UpdateIdentityPool", - "cognito-identity:SetIdentityPoolRoles", - "cognito-identity:GetIdentityPoolRoles", - "es:UpdateElasticsearchDomainConfig", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "CognitoUserPool53E37E69", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:cognito-identity:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":identitypool/", - Object { - "Ref": "CognitoIdentityPool", - }, - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain", - ], - ], - }, - ], - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "cognito-identity.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "CognitoKibanaConfigureRole62CCE76A", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "CognitoKibanaConfigureRolePolicy76F46A5E", - "Roles": Array [ - Object { - "Ref": "CognitoKibanaConfigureRole62CCE76A", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "CognitoUserPool53E37E69": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AccountRecoverySetting": Object { - "RecoveryMechanisms": Array [ - Object { - "Name": "verified_phone_number", - "Priority": 1, - }, - Object { - "Name": "verified_email", - "Priority": 2, - }, - ], - }, - "AdminCreateUserConfig": Object { - "AllowAdminCreateUserOnly": true, - }, - "EmailVerificationMessage": "The verification code to your new account is {####}", - "EmailVerificationSubject": "Verify your new account", - "SmsVerificationMessage": "The verification code to your new account is {####}", - "UserPoolAddOns": Object { - "AdvancedSecurityMode": "ENFORCED", - }, - "VerificationMessageTemplate": Object { - "DefaultEmailOption": "CONFIRM_WITH_CODE", - "EmailMessage": "The verification code to your new account is {####}", - "EmailSubject": "Verify your new account", - "SmsMessage": "The verification code to your new account is {####}", - }, - }, - "Type": "AWS::Cognito::UserPool", - "UpdateReplacePolicy": "Retain", - }, - "CognitoUserPoolClient5AB59AE4": Object { - "Properties": Object { - "AllowedOAuthFlows": Array [ - "implicit", - "code", - ], - "AllowedOAuthFlowsUserPoolClient": true, - "AllowedOAuthScopes": Array [ - "profile", - "phone", - "email", - "openid", - "aws.cognito.signin.user.admin", - ], - "CallbackURLs": Array [ - "https://example.com", - ], - "ClientName": "test", - "SupportedIdentityProviders": Array [ - "COGNITO", - ], - "UserPoolId": Object { - "Ref": "CognitoUserPool53E37E69", - }, - }, - "Type": "AWS::Cognito::UserPoolClient", - }, - "ElasticsearchDomain": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W28", - "reason": "The ES Domain is passed dynamically as as parameter and explicitly specified to ensure that IAM policies are configured to lockdown access to this specific ES instance only", - }, - Object { - "id": "W90", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - ], - }, - }, - "Properties": Object { - "AccessPolicies": Object { - "Statement": Array [ - Object { - "Action": "es:ESHttp*", - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::GetAtt": Array [ - "CognitoAuthorizedRole14E74FE0", - "Arn", - ], - }, - }, - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:aws:es:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":domain/test-domain/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "CognitoOptions": Object { - "Enabled": true, - "IdentityPoolId": Object { - "Ref": "CognitoIdentityPool", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "CognitoKibanaConfigureRole62CCE76A", - "Arn", - ], - }, - "UserPoolId": Object { - "Ref": "CognitoUserPool53E37E69", - }, - }, - "DomainName": "test-domain", - "EBSOptions": Object { - "EBSEnabled": true, - "VolumeSize": 10, - }, - "ElasticsearchClusterConfig": Object { - "DedicatedMasterCount": 3, - "DedicatedMasterEnabled": true, - "InstanceCount": 3, - "ZoneAwarenessConfig": Object { - "AvailabilityZoneCount": 3, - }, - "ZoneAwarenessEnabled": true, - }, - "ElasticsearchVersion": "6.3", - "EncryptionAtRestOptions": Object { - "Enabled": true, - }, - "NodeToNodeEncryptionOptions": Object { - "Enabled": true, - }, - "SnapshotOptions": Object { - "AutomatedSnapshotStartHour": 1, - }, - }, - "Type": "AWS::Elasticsearch::Domain", - }, - "IdentityPoolRoleMapping": Object { - "Properties": Object { - "IdentityPoolId": Object { - "Ref": "CognitoIdentityPool", - }, - "Roles": Object { - "authenticated": Object { - "Fn::GetAtt": Array [ - "CognitoAuthorizedRole14E74FE0", - "Arn", - ], - }, - }, - }, - "Type": "AWS::Cognito::IdentityPoolRoleAttachment", - }, - "UserPoolDomain": Object { - "DependsOn": Array [ - "CognitoUserPool53E37E69", - ], - "Properties": Object { - "Domain": "test-domain", - "UserPoolId": Object { - "Ref": "CognitoUserPool53E37E69", - }, - }, - "Type": "AWS::Cognito::UserPoolDomain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/eventbridge-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/eventbridge-helper.test.js.snap deleted file mode 100644 index d51d90051..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/eventbridge-helper.test.js.snap +++ /dev/null @@ -1,42 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment with existing EventBus 1`] = ` -Object { - "Resources": Object { - "existingeventbusA5B80487": Object { - "Properties": Object { - "Name": "existingeventbus", - }, - "Type": "AWS::Events::EventBus", - }, - }, -} -`; - -exports[`Test deployment with new EventBus no props 1`] = ` -Object { - "Resources": Object { - "CustomEventBusEC0C3CB8": Object { - "Properties": Object { - "Name": "CustomEventBus", - }, - "Type": "AWS::Events::EventBus", - }, - }, -} -`; - -exports[`Test deployment with new EventBus with props 1`] = ` -Object { - "Resources": Object { - "testneweventbus87AFE59D": Object { - "Properties": Object { - "Name": "testneweventbus", - }, - "Type": "AWS::Events::EventBus", - }, - }, -} -`; - -exports[`Test deployment with no properties 1`] = `Object {}`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/events-rule.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/events-rule.test.js.snap deleted file mode 100644 index 746dfbbbd..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/events-rule.test.js.snap +++ /dev/null @@ -1,210 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test EventsRuleProps default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "EventsD32975C2": Object { - "Properties": Object { - "ScheduleExpression": "rate(5 minutes)", - "State": "ENABLED", - "Targets": Array [ - Object { - "Arn": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - "Id": "Target0", - }, - ], - }, - "Type": "AWS::Events::Rule", - }, - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "LambdaFunctionServiceRole0C4CDE0B", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRole0C4CDE0B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "Roles": Array [ - Object { - "Ref": "LambdaFunctionServiceRole0C4CDE0B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/glue-database-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/glue-database-helper.test.js.snap deleted file mode 100644 index 33e623408..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/glue-database-helper.test.js.snap +++ /dev/null @@ -1,19 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`create default CfnTable 1`] = ` -Object { - "Resources": Object { - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/glue-job-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/glue-job-helper.test.js.snap deleted file mode 100644 index 80c5befc6..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/glue-job-helper.test.js.snap +++ /dev/null @@ -1,2352 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Create a Glue Job outside the construct 1`] = ` -Object { - "Resources": Object { - "ExistingJob": Object { - "Properties": Object { - "AllocatedCapacity": 2, - "Command": Object { - "Name": "pythonshell", - "PythonVersion": "2", - "ScriptLocation": "s3://existingFakeLocation/existingScript", - }, - "GlueVersion": "1", - "MaxCapacity": 4, - "NumberOfWorkers": 2, - "Role": Object { - "Fn::GetAtt": Array [ - "ExistingJobRole8F750976", - "Arn", - ], - }, - "WorkerType": "Standard", - }, - "Type": "AWS::Glue::Job", - }, - "ExistingJobRole8F750976": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazon.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Existing role", - }, - "Type": "AWS::IAM::Role", - }, - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "", - "Name": "id", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": "testStream", - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": "testStream", - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - }, -} -`; - -exports[`GlueJob configuration with glueVersion 1.0 should support maxCapacity 1`] = ` -Object { - "Resources": Object { - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueSecurityConfig": Object { - "Properties": Object { - "EncryptionConfiguration": Object { - "JobBookmarksEncryption": Object { - "JobBookmarksEncryptionMode": "CSE-KMS", - "KmsKeyArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/glue", - ], - ], - }, - }, - "S3Encryptions": Array [ - Object { - "S3EncryptionMode": "SSE-S3", - }, - ], - }, - "Name": "ETLJobSecurityConfig", - }, - "Type": "AWS::Glue::SecurityConfiguration", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "", - "Name": "id", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": "testStream", - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": "testStream", - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - "JobRole014917C6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Service role that Glue custom ETL jobs will assume for exeuction", - }, - "Type": "AWS::IAM::Role", - }, - "JobRoleDefaultPolicy5DE0D8F9": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakelocation/script", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakelocation/script/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "JobRoleDefaultPolicy5DE0D8F9", - "Roles": Array [ - Object { - "Ref": "JobRole014917C6", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "KinesisETLJob": Object { - "Properties": Object { - "Command": Object { - "Name": "gluejob1.0", - "PythonVersion": "3", - "ScriptLocation": "s3://fakelocation/script", - }, - "DefaultArguments": Object { - "--database_name": Object { - "Ref": "GlueDatabase", - }, - "--enable-continuous-cloudwatch-log": true, - "--enable-metrics": true, - "--output_path": Object { - "Fn::Join": Array [ - "", - Array [ - "s3a://", - Object { - "Ref": "S3Bucket07682993", - }, - "/output/", - ], - ], - }, - "--table_name": Object { - "Ref": "GlueTable", - }, - }, - "GlueVersion": "1.0", - "MaxCapacity": 2, - "Role": Object { - "Fn::GetAtt": Array [ - "JobRole014917C6", - "Arn", - ], - }, - "SecurityConfiguration": "ETLJobSecurityConfig", - }, - "Type": "AWS::Glue::Job", - }, - "LogPolicy9292E033": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws-glue/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LogPolicy9292E033", - "Roles": Array [ - Object { - "Ref": "JobRole014917C6", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "S3Bucket07682993": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3BucketPolicyF560589A": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3Bucket07682993", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "S3LoggingBucket800A2B27": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3LoggingBucketPolicy6B3AA8AF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test custom deployment properties 1`] = ` -Object { - "Resources": Object { - "ExistingJobRole8F750976": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazon.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Existing role", - }, - "Type": "AWS::IAM::Role", - }, - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueSecurityConfig": Object { - "Properties": Object { - "EncryptionConfiguration": Object { - "JobBookmarksEncryption": Object { - "JobBookmarksEncryptionMode": "CSE-KMS", - "KmsKeyArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/glue", - ], - ], - }, - }, - "S3Encryptions": Array [ - Object { - "S3EncryptionMode": "SSE-S3", - }, - ], - }, - "Name": "ETLJobSecurityConfig", - }, - "Type": "AWS::Glue::SecurityConfiguration", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "", - "Name": "id", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": "testStream", - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": "testStream", - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - "JobRolePolicyE31720DC": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::existingFakeLocation/existingScript", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::existingFakeLocation/existingScript/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "JobRolePolicyE31720DC", - "Roles": Array [ - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "/", - Object { - "Fn::Select": Array [ - 5, - Object { - "Fn::Split": Array [ - ":", - Object { - "Fn::GetAtt": Array [ - "ExistingJobRole8F750976", - "Arn", - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "KinesisETLJob": Object { - "Properties": Object { - "Command": Object { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": "s3://existingFakeLocation/existingScript", - }, - "DefaultArguments": Object { - "--database_name": Object { - "Ref": "GlueDatabase", - }, - "--enable-continuous-cloudwatch-log": true, - "--enable-metrics": true, - "--output_path": Object { - "Fn::Join": Array [ - "", - Array [ - "s3a://", - Object { - "Ref": "S3Bucket07682993", - }, - "/output/", - ], - ], - }, - "--table_name": Object { - "Ref": "GlueTable", - }, - }, - "GlueVersion": "1", - "NumberOfWorkers": 2, - "Role": Object { - "Fn::GetAtt": Array [ - "ExistingJobRole8F750976", - "Arn", - ], - }, - "SecurityConfiguration": "ETLJobSecurityConfig", - "WorkerType": "Standard", - }, - "Type": "AWS::Glue::Job", - }, - "LogPolicy9292E033": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws-glue/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LogPolicy9292E033", - "Roles": Array [ - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "/", - Object { - "Fn::Select": Array [ - 5, - Object { - "Fn::Split": Array [ - ":", - Object { - "Fn::GetAtt": Array [ - "ExistingJobRole8F750976", - "Arn", - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "S3Bucket07682993": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3BucketPolicyF560589A": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3Bucket07682993", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "S3LoggingBucket800A2B27": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3LoggingBucketPolicy6B3AA8AF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test deployment with role creation 1`] = ` -Object { - "Resources": Object { - "CustomETLJobRole90A83A66": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "", - "Name": "id", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": "testStream", - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": "testStream", - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - "JobRolePolicyE31720DC": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakescriptlocation/fakebucket", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakescriptlocation/fakebucket/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "JobRolePolicyE31720DC", - "Roles": Array [ - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "/", - Object { - "Fn::Select": Array [ - 5, - Object { - "Fn::Split": Array [ - ":", - Object { - "Fn::GetAtt": Array [ - "CustomETLJobRole90A83A66", - "Arn", - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "KinesisETLJob": Object { - "Properties": Object { - "Command": Object { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": "s3://fakescriptlocation/fakebucket", - }, - "DefaultArguments": Object { - "--database_name": Object { - "Ref": "GlueDatabase", - }, - "--enable-continuous-cloudwatch-log": true, - "--enable-metrics": true, - "--output_path": Object { - "Fn::Join": Array [ - "", - Array [ - "s3a://", - Object { - "Ref": "S3Bucket07682993", - }, - "/output/", - ], - ], - }, - "--table_name": Object { - "Ref": "GlueTable", - }, - }, - "GlueVersion": "2.0", - "NumberOfWorkers": 2, - "Role": Object { - "Fn::GetAtt": Array [ - "CustomETLJobRole90A83A66", - "Arn", - ], - }, - "SecurityConfiguration": "testETLJob", - "WorkerType": "G.1X", - }, - "Type": "AWS::Glue::Job", - }, - "LogPolicy9292E033": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws-glue/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LogPolicy9292E033", - "Roles": Array [ - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "/", - Object { - "Fn::Select": Array [ - 5, - Object { - "Fn::Split": Array [ - ":", - Object { - "Fn::GetAtt": Array [ - "CustomETLJobRole90A83A66", - "Arn", - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "S3Bucket07682993": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3BucketPolicyF560589A": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3Bucket07682993", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "S3LoggingBucket800A2B27": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3LoggingBucketPolicy6B3AA8AF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test deployment with role creation 2`] = ` -Object { - "Resources": Object { - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueSecurityConfig": Object { - "Properties": Object { - "EncryptionConfiguration": Object { - "JobBookmarksEncryption": Object { - "JobBookmarksEncryptionMode": "CSE-KMS", - "KmsKeyArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/glue", - ], - ], - }, - }, - "S3Encryptions": Array [ - Object { - "S3EncryptionMode": "SSE-S3", - }, - ], - }, - "Name": "ETLJobSecurityConfig", - }, - "Type": "AWS::Glue::SecurityConfiguration", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "", - "Name": "id", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": "testStream", - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": "testStream", - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - "JobRole014917C6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Service role that Glue custom ETL jobs will assume for exeuction", - }, - "Type": "AWS::IAM::Role", - }, - "JobRoleDefaultPolicy5DE0D8F9": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakelocation/script", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakelocation/script/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "JobRoleDefaultPolicy5DE0D8F9", - "Roles": Array [ - Object { - "Ref": "JobRole014917C6", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "KinesisETLJob": Object { - "Properties": Object { - "Command": Object { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": "s3://fakelocation/script", - }, - "DefaultArguments": Object { - "--database_name": Object { - "Ref": "GlueDatabase", - }, - "--enable-continuous-cloudwatch-log": true, - "--enable-metrics": true, - "--output_path": Object { - "Fn::Join": Array [ - "", - Array [ - "s3a://", - Object { - "Ref": "S3Bucket07682993", - }, - "/output/", - ], - ], - }, - "--table_name": Object { - "Ref": "GlueTable", - }, - }, - "GlueVersion": "2.0", - "NumberOfWorkers": 2, - "Role": Object { - "Fn::GetAtt": Array [ - "JobRole014917C6", - "Arn", - ], - }, - "SecurityConfiguration": "ETLJobSecurityConfig", - "WorkerType": "G.1X", - }, - "Type": "AWS::Glue::Job", - }, - "LogPolicy9292E033": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws-glue/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LogPolicy9292E033", - "Roles": Array [ - Object { - "Ref": "JobRole014917C6", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "S3Bucket07682993": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3BucketPolicyF560589A": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3Bucket07682993", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "S3LoggingBucket800A2B27": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3LoggingBucketPolicy6B3AA8AF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`Test deployment with role creation 3`] = ` -Object { - "Resources": Object { - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueSecurityConfig": Object { - "Properties": Object { - "EncryptionConfiguration": Object { - "JobBookmarksEncryption": Object { - "JobBookmarksEncryptionMode": "CSE-KMS", - "KmsKeyArn": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/glue", - ], - ], - }, - }, - "S3Encryptions": Array [ - Object { - "S3EncryptionMode": "SSE-S3", - }, - ], - }, - "Name": "ETLJobSecurityConfig", - }, - "Type": "AWS::Glue::SecurityConfiguration", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "", - "Name": "id", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": "testStream", - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": "testStream", - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - "JobRole014917C6": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "glue.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Description": "Service role that Glue custom ETL jobs will assume for exeuction", - }, - "Type": "AWS::IAM::Role", - }, - "JobRoleDefaultPolicy5DE0D8F9": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::GetAtt": Array [ - "OutputBucket7114EB27", - "Arn", - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "OutputBucket7114EB27", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakelocation/script", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":s3:::fakelocation/script/*", - ], - ], - }, - ], - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "JobRoleDefaultPolicy5DE0D8F9", - "Roles": Array [ - Object { - "Ref": "JobRole014917C6", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "KinesisETLJob": Object { - "Properties": Object { - "Command": Object { - "Name": "glueetl", - "PythonVersion": "3", - "ScriptLocation": "s3://fakelocation/script", - }, - "DefaultArguments": Object { - "--database_name": Object { - "Ref": "GlueDatabase", - }, - "--enable-continuous-cloudwatch-log": true, - "--enable-metrics": true, - "--output_path": Object { - "Fn::Join": Array [ - "", - Array [ - "s3a://", - Object { - "Ref": "OutputBucket7114EB27", - }, - "/output/", - ], - ], - }, - "--table_name": Object { - "Ref": "GlueTable", - }, - }, - "GlueVersion": "2.0", - "NumberOfWorkers": 2, - "Role": Object { - "Fn::GetAtt": Array [ - "JobRole014917C6", - "Arn", - ], - }, - "SecurityConfiguration": "ETLJobSecurityConfig", - "WorkerType": "G.1X", - }, - "Type": "AWS::Glue::Job", - }, - "LogPolicy9292E033": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws-glue/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LogPolicy9292E033", - "Roles": Array [ - Object { - "Ref": "JobRole014917C6", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "OutputBucket7114EB27": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "BucketName": "outputbucket", - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/glue-table-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/glue-table-helper.test.js.snap deleted file mode 100644 index c89cbdc2f..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/glue-table-helper.test.js.snap +++ /dev/null @@ -1,124 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Create table 1`] = ` -Object { - "Resources": Object { - "GlueDatabase": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseInput": Object { - "Description": "An AWS Glue database generated by AWS Solutions Construct", - }, - }, - "Type": "AWS::Glue::Database", - }, - "GlueTable": Object { - "Properties": Object { - "CatalogId": Object { - "Ref": "AWS::AccountId", - }, - "DatabaseName": Object { - "Ref": "GlueDatabase", - }, - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Columns": Array [ - Object { - "Comment": "Identifier for the record", - "Name": "id", - "Type": "int", - }, - Object { - "Comment": "The name of the record", - "Name": "name", - "Type": "string", - }, - Object { - "Comment": "The type of the record", - "Name": "type", - "Type": "string", - }, - Object { - "Comment": "Some value associated with the record", - "Name": "numericvalue", - "Type": "int", - }, - ], - "Compressed": false, - "InputFormat": "org.apache.hadoop.mapred.TextInputFormat", - "Location": "testStream", - "NumberOfBuckets": -1, - "OutputFormat": "org.apache.hadoop.hive.ql.io.HiveIgnoreKeyTextOutputFormat", - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": "testStream", - "typeOfData": "kinesis", - }, - "SerdeInfo": Object { - "Parameters": Object { - "paths": "id,name,type,numericvalue", - }, - "SerializationLibrary": "org.openx.data.jsonserde.JsonSerDe", - }, - }, - "TableType": "EXTERNAL_TABLE", - }, - }, - "Type": "AWS::Glue::Table", - }, - }, -} -`; - -exports[`create default CfnTable with default props 1`] = ` -Object { - "Resources": Object { - "GlueTable": Object { - "Properties": Object { - "CatalogId": "fakecatalogfortest", - "DatabaseName": "fakedatabase", - "TableInput": Object { - "Parameters": Object { - "classification": "json", - }, - "StorageDescriptor": Object { - "Parameters": Object { - "endpointUrl": Object { - "Fn::Join": Array [ - "", - Array [ - "https://kinesis.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - "streamName": "testStream", - "typeOfData": "kinesis", - }, - }, - }, - }, - "Type": "AWS::Glue::Table", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/iot-rule.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/iot-rule.test.js.snap deleted file mode 100644 index 749c4ad7d..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/iot-rule.test.js.snap +++ /dev/null @@ -1,128 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test TopicRuleProps default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "IotTopic": Object { - "Properties": Object { - "TopicRulePayload": Object { - "Actions": Array [ - Object { - "Lambda": Object { - "FunctionArn": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionBF21E41F", - "Arn", - ], - }, - }, - }, - ], - "RuleDisabled": false, - "Sql": "SELECT * FROM 'topic/#'", - }, - }, - "Type": "AWS::IoT::TopicRule", - }, - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleC555A460", - ], - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRoleC555A460", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRoleC555A460": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", - ], - ], - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-analytics-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-analytics-helper.test.js.snap deleted file mode 100644 index bc64ef78a..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-analytics-helper.test.js.snap +++ /dev/null @@ -1,112 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test default functionality 1`] = ` -Object { - "Resources": Object { - "KinesisAnalytics": Object { - "DependsOn": Array [ - "KinesisAnalyticsPolicy88FFA7CD", - ], - "Properties": Object { - "Inputs": Array [ - Object { - "InputSchema": Object { - "RecordColumns": Array [ - Object { - "Mapping": "$.ticker_symbol", - "Name": "ticker_symbol", - "SqlType": "VARCHAR(4)", - }, - Object { - "Mapping": "$.sector", - "Name": "sector", - "SqlType": "VARCHAR(16)", - }, - Object { - "Mapping": "$.change", - "Name": "change", - "SqlType": "REAL", - }, - Object { - "Mapping": "$.price", - "Name": "price", - "SqlType": "REAL", - }, - ], - "RecordEncoding": "UTF-8", - "RecordFormat": Object { - "RecordFormatType": "JSON", - }, - }, - "KinesisFirehoseInput": Object { - "ResourceARN": Object { - "Fn::GetAtt": Array [ - "KinesisFirehose", - "Arn", - ], - }, - "RoleARN": Object { - "Fn::GetAtt": Array [ - "KinesisAnalyticsRoleCBFE2DD3", - "Arn", - ], - }, - }, - "NamePrefix": "SOURCE_SQL_STREAM", - }, - ], - }, - "Type": "AWS::KinesisAnalytics::Application", - }, - "KinesisAnalyticsPolicy88FFA7CD": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "firehose:DescribeDeliveryStream", - "firehose:Get*", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "KinesisFirehose", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "KinesisAnalyticsPolicy88FFA7CD", - "Roles": Array [ - Object { - "Ref": "KinesisAnalyticsRoleCBFE2DD3", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "KinesisAnalyticsRoleCBFE2DD3": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "kinesisanalytics.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "KinesisFirehose": Object { - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-analytics.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-analytics.test.js.snap deleted file mode 100644 index a34b3b7b2..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-analytics.test.js.snap +++ /dev/null @@ -1,14 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test kinesisanalytics default params 1`] = ` -Object { - "Resources": Object { - "KinesisAnalytics": Object { - "Properties": Object { - "Inputs": Array [], - }, - "Type": "AWS::KinesisAnalytics::Application", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-firehose-s3-defaults.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-firehose-s3-defaults.test.js.snap deleted file mode 100644 index c6b9fe0bc..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-firehose-s3-defaults.test.js.snap +++ /dev/null @@ -1,51 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test kinesisfirehose default params 1`] = ` -Object { - "Resources": Object { - "KinesisFirehose": Object { - "Properties": Object { - "ExtendedS3DestinationConfiguration": Object { - "BucketARN": "bucket_arn", - "BufferingHints": Object { - "IntervalInSeconds": 300, - "SizeInMBs": 5, - }, - "CloudWatchLoggingOptions": Object { - "Enabled": true, - "LogGroupName": "log_group", - "LogStreamName": "log_stream", - }, - "CompressionFormat": "GZIP", - "EncryptionConfiguration": Object { - "KMSEncryptionConfig": Object { - "AWSKMSKeyARN": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/s3", - ], - ], - }, - }, - }, - "RoleARN": "role_arn", - }, - }, - "Type": "AWS::KinesisFirehose::DeliveryStream", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-streams-defaults.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-streams-defaults.test.js.snap deleted file mode 100644 index 0a475c44c..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-streams-defaults.test.js.snap +++ /dev/null @@ -1,19 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test kinesisstream default params 1`] = ` -Object { - "Resources": Object { - "KinesisStream46752A3E": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-streams-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-streams-helper.test.js.snap deleted file mode 100644 index 7b3dc78c3..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kinesis-streams-helper.test.js.snap +++ /dev/null @@ -1,143 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment w/ custom properties 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "KinesisStream46752A3E": Object { - "Properties": Object { - "Name": "myCustomKinesisStream", - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": Object { - "Fn::GetAtt": Array [ - "EncryptionKey1B843E66", - "Arn", - ], - }, - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - }, -} -`; - -exports[`Test deployment w/ existing stream 1`] = ` -Object { - "Conditions": Object { - "AwsCdkKinesisEncryptedStreamsUnsupportedRegions": Object { - "Fn::Or": Array [ - Object { - "Fn::Equals": Array [ - Object { - "Ref": "AWS::Region", - }, - "cn-north-1", - ], - }, - Object { - "Fn::Equals": Array [ - Object { - "Ref": "AWS::Region", - }, - "cn-northwest-1", - ], - }, - ], - }, - }, - "Resources": Object { - "existingstream0A902451": Object { - "Properties": Object { - "RetentionPeriodHours": 72, - "ShardCount": 2, - "StreamEncryption": Object { - "Fn::If": Array [ - "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", - Object { - "Ref": "AWS::NoValue", - }, - Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - ], - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - }, -} -`; - -exports[`Test minimal deployment with no properties 1`] = ` -Object { - "Resources": Object { - "KinesisStream46752A3E": Object { - "Properties": Object { - "RetentionPeriodHours": 24, - "ShardCount": 1, - "StreamEncryption": Object { - "EncryptionType": "KMS", - "KeyId": "alias/aws/kinesis", - }, - }, - "Type": "AWS::Kinesis::Stream", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kms-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kms-helper.test.js.snap deleted file mode 100644 index ff88da21a..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/kms-helper.test.js.snap +++ /dev/null @@ -1,119 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test minimal deployment with custom properties 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": false, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; - -exports[`Test minimal deployment with no properties 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/lambda-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/lambda-helper.test.js.snap deleted file mode 100644 index 2e922c3dd..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/lambda-helper.test.js.snap +++ /dev/null @@ -1,192 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`snapshot test LambdaFunction default params 1`] = ` -Object { - "Parameters": Object { - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cArtifactHash00A70A91": Object { - "Description": "Artifact hash for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC": Object { - "Description": "S3 bucket for asset \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872": Object { - "Description": "S3 key for asset version \\"42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198c\\"", - "Type": "String", - }, - }, - "Resources": Object { - "LambdaFunctionBF21E41F": Object { - "DependsOn": Array [ - "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "LambdaFunctionServiceRole0C4CDE0B", - ], - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W58", - "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with tighter permissions.", - }, - Object { - "id": "W89", - "reason": "This is not a rule for the general case, just for specific use cases/industries", - }, - Object { - "id": "W92", - "reason": "Impossible for us to define the correct concurrency for clients", - }, - ], - }, - }, - "Properties": Object { - "Code": Object { - "S3Bucket": Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3Bucket1F467BCC", - }, - "S3Key": Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::Split": Array [ - "||", - Object { - "Ref": "AssetParameters42a35bbf0dec9ef0ac5b0dde87e71a1b8929e8d2d178dd09ccfb2c928ec0198cS3VersionKey9E4F7872", - }, - ], - }, - ], - }, - ], - ], - }, - }, - "Environment": Object { - "Variables": Object { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1", - }, - }, - "Handler": "index.handler", - "Role": Object { - "Fn::GetAtt": Array [ - "LambdaFunctionServiceRole0C4CDE0B", - "Arn", - ], - }, - "Runtime": "nodejs12.x", - "TracingConfig": Object { - "Mode": "Active", - }, - }, - "Type": "AWS::Lambda::Function", - }, - "LambdaFunctionServiceRole0C4CDE0B": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "lambda.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Policies": Array [ - Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/lambda/*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRolePolicy", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "LambdaFunctionServiceRoleDefaultPolicy126C8897": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray and access ENIs in a VPC.", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "xray:PutTraceSegments", - "xray:PutTelemetryRecords", - ], - "Effect": "Allow", - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "Roles": Array [ - Object { - "Ref": "LambdaFunctionServiceRole0C4CDE0B", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/mediastore-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/mediastore-helper.test.js.snap deleted file mode 100644 index 0b6ee1a00..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/mediastore-helper.test.js.snap +++ /dev/null @@ -1,63 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`MediaStore container with default params 1`] = ` -Object { - "Resources": Object { - "MediaStoreContainer": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "AccessLoggingEnabled": true, - "ContainerName": Object { - "Ref": "AWS::StackName", - }, - "CorsPolicy": Array [ - Object { - "AllowedHeaders": Array [ - "*", - ], - "AllowedMethods": Array [ - "GET", - ], - "AllowedOrigins": Array [ - "*", - ], - "ExposeHeaders": Array [ - "*", - ], - "MaxAgeSeconds": 3000, - }, - ], - "LifecyclePolicy": "{\\"rules\\":[{\\"definition\\":{\\"path\\":[{\\"wildcard\\":\\"*\\"}],\\"days_since_create\\":[{\\"numeric\\":[\\">\\",30]}]},\\"action\\":\\"EXPIRE\\"}]}", - "MetricPolicy": Object { - "ContainerLevelMetrics": "ENABLED", - }, - "Policy": Object { - "Fn::Join": Array [ - "", - Array [ - "{\\"Version\\":\\"2012-10-17\\",\\"Statement\\":[{\\"Sid\\":\\"MediaStoreDefaultPolicy\\",\\"Effect\\":\\"Allow\\",\\"Principal\\":\\"*\\",\\"Action\\":[\\"mediastore:GetObject\\",\\"mediastore:DescribeObject\\"],\\"Resource\\":\\"arn:", - Object { - "Ref": "AWS::Partition", - }, - ":mediastore:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":container/", - Object { - "Ref": "AWS::StackName", - }, - "/*\\",\\"Condition\\":{\\"Bool\\":{\\"aws:SecureTransport\\":\\"true\\"}}}]}", - ], - ], - }, - }, - "Type": "AWS::MediaStore::Container", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/s3-bucket-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/s3-bucket-helper.test.js.snap deleted file mode 100644 index bf61be9a2..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/s3-bucket-helper.test.js.snap +++ /dev/null @@ -1,548 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`s3 bucket and logging bucket withe delete removal policy 1`] = ` -Object { - "Resources": Object { - "S3Bucket07682993": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - }, - "S3BucketPolicyF560589A": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3Bucket07682993", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "S3LoggingBucket800A2B27": Object { - "DeletionPolicy": "Delete", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - }, - "S3LoggingBucketPolicy6B3AA8AF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`s3 bucket with default params 1`] = ` -Object { - "Resources": Object { - "S3Bucket07682993": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3BucketPolicyF560589A": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3Bucket07682993", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "S3LoggingBucket800A2B27": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3LoggingBucketPolicy6B3AA8AF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; - -exports[`s3 bucket with default params and bucket names 1`] = ` -Object { - "Resources": Object { - "S3Bucket07682993": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "BucketName": "my-bucket", - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "LoggingConfiguration": Object { - "DestinationBucketName": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3BucketPolicyF560589A": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3Bucket07682993", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3Bucket07682993", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - "S3LoggingBucket800A2B27": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W35", - "reason": "This S3 bucket is used as the access logging bucket for another bucket", - }, - ], - }, - }, - "Properties": Object { - "AccessControl": "LogDeliveryWrite", - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "S3LoggingBucketPolicy6B3AA8AF": Object { - "Properties": Object { - "Bucket": Object { - "Ref": "S3LoggingBucket800A2B27", - }, - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - "/*", - ], - ], - }, - Object { - "Fn::GetAtt": Array [ - "S3LoggingBucket800A2B27", - "Arn", - ], - }, - ], - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::S3::BucketPolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/s3-bucket.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/s3-bucket.test.js.snap deleted file mode 100644 index 29a1258eb..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/s3-bucket.test.js.snap +++ /dev/null @@ -1,46 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`s3 bucket with default params 1`] = ` -Object { - "Resources": Object { - "tests3defaults80430774": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "BucketEncryption": Object { - "ServerSideEncryptionConfiguration": Array [ - Object { - "ServerSideEncryptionByDefault": Object { - "SSEAlgorithm": "AES256", - }, - }, - ], - }, - "LifecycleConfiguration": Object { - "Rules": Array [ - Object { - "NoncurrentVersionTransitions": Array [ - Object { - "StorageClass": "GLACIER", - "TransitionInDays": 90, - }, - ], - "Status": "Enabled", - }, - ], - }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - "VersioningConfiguration": Object { - "Status": "Enabled", - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/sagemaker-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/sagemaker-helper.test.js.snap deleted file mode 100644 index beaee8ed2..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/sagemaker-helper.test.js.snap +++ /dev/null @@ -1,5368 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment of Sagemaker Inference Endpoint with properties overwrite 1`] = ` -Object { - "Resources": Object { - "DefaultSAGEMAKERRUNTIMEsecuritygroup32609E8C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/Default-SAGEMAKER_RUNTIME-security-group", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1", - }, - ], - "SecurityGroupIngress": Array [ - Object { - "CidrIp": Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - "Description": Object { - "Fn::Join": Array [ - "", - Array [ - "from ", - Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - ":443", - ], - ], - }, - "FromPort": 443, - "IpProtocol": "tcp", - "ToPort": 443, - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "MyEndpointConfigEncryptionKey42E27FFC": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "ReplaceModelDefaultSecurityGroup38936A39": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/ReplaceModelDefaultSecurityGroup", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1", - }, - ], - "SecurityGroupIngress": Array [ - Object { - "CidrIp": Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - "Description": Object { - "Fn::Join": Array [ - "", - Array [ - "from ", - Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - ":443", - ], - ], - }, - "FromPort": 443, - "IpProtocol": "tcp", - "ToPort": 443, - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "SagemakerEndpoint": Object { - "DependsOn": Array [ - "SagemakerEndpointConfig", - ], - "Properties": Object { - "EndpointConfigName": "linear-learner-endpoint-config", - "EndpointName": "linear-learner-endpoint", - }, - "Type": "AWS::SageMaker::Endpoint", - }, - "SagemakerEndpointConfig": Object { - "DependsOn": Array [ - "SagemakerModel", - ], - "Properties": Object { - "EndpointConfigName": "linear-learner-endpoint-config", - "KmsKeyId": Object { - "Fn::GetAtt": Array [ - "MyEndpointConfigEncryptionKey42E27FFC", - "Arn", - ], - }, - "ProductionVariants": Array [ - Object { - "AcceleratorType": "ml.eia2.medium", - "InitialInstanceCount": 1, - "InitialVariantWeight": 1, - "InstanceType": "ml.m4.large", - "ModelName": "linear-learner-model", - "VariantName": "AllTraffic", - }, - ], - }, - "Type": "AWS::SageMaker::EndpointConfig", - }, - "SagemakerModel": Object { - "DependsOn": Array [ - "SagemakerRoleDefaultPolicy9DD21C3C", - "SagemakerRole5FDB64E1", - ], - "Properties": Object { - "ExecutionRoleArn": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - "ModelName": "linear-learner-model", - "PrimaryContainer": Object { - "Image": ".dkr.ecr..amazonaws.com/linear-learner:latest", - "ModelDataUrl": "s3:////model.tar.gz", - }, - "VpcConfig": Object { - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ - "ReplaceModelDefaultSecurityGroup38936A39", - "GroupId", - ], - }, - ], - "Subnets": Array [ - Object { - "Ref": "VpcisolatedSubnet1SubnetE62B1B9B", - }, - Object { - "Ref": "VpcisolatedSubnet2Subnet39217055", - }, - ], - }, - }, - "Type": "AWS::SageMaker::Model", - }, - "SagemakerRole5FDB64E1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "sagemaker.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "SagemakerRoleDefaultPolicy9DD21C3C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Sagemaker needs the following minimum required permissions to access ENIs in a VPC, ECR for custom model images, and elastic inference.", - }, - Object { - "id": "W76", - "reason": "Complex role becuase Sagemaker needs permissions to access several services", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sagemaker:CreateTrainingJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:CreateModel", - "sagemaker:DescribeModel", - "sagemaker:DeleteModel", - "sagemaker:CreateEndpoint", - "sagemaker:CreateEndpointConfig", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DeleteEndpoint", - "sagemaker:DeleteEndpointConfig", - "sagemaker:InvokeEndpoint", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/sagemaker/*", - ], - ], - }, - }, - Object { - "Action": Array [ - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DescribeNetworkInterfaces", - "ec2:AssignPrivateIpAddresses", - "ec2:UnassignPrivateIpAddresses", - "ec2:DescribeVpcs", - "ec2:DescribeDhcpOptions", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:DescribeRepositories", - "ecr:DescribeImages", - "ecr:BatchGetImage", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":ecr:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": "elastic-inference:Connect", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":key/*", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*", - }, - Object { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "sagemaker.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SagemakerRoleDefaultPolicy9DD21C3C", - "Roles": Array [ - Object { - "Ref": "SagemakerRole5FDB64E1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "Vpc8378EB38": Object { - "Properties": Object { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "VpcFlowLog8FF33A73": Object { - "Properties": Object { - "DeliverLogsPermissionArn": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - "LogDestinationType": "cloud-watch-logs", - "LogGroupName": Object { - "Ref": "VpcFlowLogLogGroup7B5C56B9", - }, - "ResourceId": Object { - "Ref": "Vpc8378EB38", - }, - "ResourceType": "VPC", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - "TrafficType": "ALL", - }, - "Type": "AWS::EC2::FlowLog", - }, - "VpcFlowLogIAMRole6A475D41": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "vpc-flow-logs.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "VpcFlowLogIAMRoleDefaultPolicy406FB995": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogLogGroup7B5C56B9", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", - "Roles": Array [ - Object { - "Ref": "VpcFlowLogIAMRole6A475D41", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "VpcFlowLogLogGroup7B5C56B9": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "RetentionInDays": 731, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "VpcS3A5408339": Object { - "Properties": Object { - "RouteTableIds": Array [ - Object { - "Ref": "VpcisolatedSubnet1RouteTableE442650B", - }, - Object { - "Ref": "VpcisolatedSubnet2RouteTable334F9764", - }, - ], - "ServiceName": Object { - "Fn::Join": Array [ - "", - Array [ - "com.amazonaws.", - Object { - "Ref": "AWS::Region", - }, - ".s3", - ], - ], - }, - "VpcEndpointType": "Gateway", - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::VPCEndpoint", - }, - "VpcSAGEMAKERRUNTIME337E125A": Object { - "Properties": Object { - "PrivateDnsEnabled": true, - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ - "DefaultSAGEMAKERRUNTIMEsecuritygroup32609E8C", - "GroupId", - ], - }, - ], - "ServiceName": Object { - "Fn::Join": Array [ - "", - Array [ - "com.amazonaws.", - Object { - "Ref": "AWS::Region", - }, - ".sagemaker.runtime", - ], - ], - }, - "SubnetIds": Array [ - Object { - "Ref": "VpcisolatedSubnet1SubnetE62B1B9B", - }, - Object { - "Ref": "VpcisolatedSubnet2Subnet39217055", - }, - ], - "VpcEndpointType": "Interface", - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::VPCEndpoint", - }, - "VpcisolatedSubnet1RouteTableAssociationD259E31A": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcisolatedSubnet1RouteTableE442650B", - }, - "SubnetId": Object { - "Ref": "VpcisolatedSubnet1SubnetE62B1B9B", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcisolatedSubnet1RouteTableE442650B": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcisolatedSubnet1SubnetE62B1B9B": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "isolated", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcisolatedSubnet2RouteTable334F9764": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcisolatedSubnet2RouteTableAssociation25A4716F": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcisolatedSubnet2RouteTable334F9764", - }, - "SubnetId": Object { - "Ref": "VpcisolatedSubnet2Subnet39217055", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcisolatedSubnet2Subnet39217055": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "isolated", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - }, -} -`; - -exports[`Test deployment of existing Sagemaker Endpoint 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "SagemakerEndpoint": Object { - "DependsOn": Array [ - "SagemakerEndpointConfig", - ], - "Properties": Object { - "EndpointConfigName": Object { - "Fn::GetAtt": Array [ - "SagemakerEndpointConfig", - "EndpointConfigName", - ], - }, - }, - "Type": "AWS::SageMaker::Endpoint", - }, - "SagemakerEndpointConfig": Object { - "DependsOn": Array [ - "SagemakerModel", - ], - "Properties": Object { - "KmsKeyId": Object { - "Ref": "EncryptionKey1B843E66", - }, - "ProductionVariants": Array [ - Object { - "InitialInstanceCount": 1, - "InitialVariantWeight": 1, - "InstanceType": "ml.m4.xlarge", - "ModelName": Object { - "Fn::GetAtt": Array [ - "SagemakerModel", - "ModelName", - ], - }, - "VariantName": "AllTraffic", - }, - ], - }, - "Type": "AWS::SageMaker::EndpointConfig", - }, - "SagemakerModel": Object { - "DependsOn": Array [ - "SagemakerRoleDefaultPolicy9DD21C3C", - "SagemakerRole5FDB64E1", - ], - "Properties": Object { - "ExecutionRoleArn": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - "PrimaryContainer": Object { - "Image": ".dkr.ecr..amazonaws.com/linear-learner:latest", - "ModelDataUrl": "s3:////model.tar.gz", - }, - }, - "Type": "AWS::SageMaker::Model", - }, - "SagemakerRole5FDB64E1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "sagemaker.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "SagemakerRoleDefaultPolicy9DD21C3C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Sagemaker needs the following minimum required permissions to access ENIs in a VPC, ECR for custom model images, and elastic inference.", - }, - Object { - "id": "W76", - "reason": "Complex role becuase Sagemaker needs permissions to access several services", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sagemaker:CreateTrainingJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:CreateModel", - "sagemaker:DescribeModel", - "sagemaker:DeleteModel", - "sagemaker:CreateEndpoint", - "sagemaker:CreateEndpointConfig", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DeleteEndpoint", - "sagemaker:DeleteEndpointConfig", - "sagemaker:InvokeEndpoint", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/sagemaker/*", - ], - ], - }, - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:DescribeRepositories", - "ecr:DescribeImages", - "ecr:BatchGetImage", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":ecr:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":key/*", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*", - }, - Object { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "sagemaker.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SagemakerRoleDefaultPolicy9DD21C3C", - "Roles": Array [ - Object { - "Ref": "SagemakerRole5FDB64E1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`Test deployment of sagemaker endpoint with a customer provided role 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "SagemakerEndpoint": Object { - "DependsOn": Array [ - "SagemakerEndpointConfig", - ], - "Properties": Object { - "EndpointConfigName": Object { - "Fn::GetAtt": Array [ - "SagemakerEndpointConfig", - "EndpointConfigName", - ], - }, - }, - "Type": "AWS::SageMaker::Endpoint", - }, - "SagemakerEndpointConfig": Object { - "DependsOn": Array [ - "SagemakerModel", - ], - "Properties": Object { - "KmsKeyId": Object { - "Ref": "EncryptionKey1B843E66", - }, - "ProductionVariants": Array [ - Object { - "InitialInstanceCount": 1, - "InitialVariantWeight": 1, - "InstanceType": "ml.m4.xlarge", - "ModelName": Object { - "Fn::GetAtt": Array [ - "SagemakerModel", - "ModelName", - ], - }, - "VariantName": "AllTraffic", - }, - ], - }, - "Type": "AWS::SageMaker::EndpointConfig", - }, - "SagemakerModel": Object { - "Properties": Object { - "ExecutionRoleArn": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - "PrimaryContainer": Object { - "Image": ".dkr.ecr..amazonaws.com/linear-learner:latest", - "ModelDataUrl": "s3:////model.tar.gz", - }, - }, - "Type": "AWS::SageMaker::Model", - }, - "SagemakerRole5FDB64E1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "sagemaker.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "ManagedPolicyArns": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::aws:policy/AmazonSageMakerFullAccess", - ], - ], - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - }, -} -`; - -exports[`Test deployment w/o VPC 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "SagemakerNotebook": Object { - "Properties": Object { - "InstanceType": "ml.t2.medium", - "KmsKeyId": Object { - "Ref": "EncryptionKey1B843E66", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - "Type": "AWS::SageMaker::NotebookInstance", - }, - "SagemakerRole5FDB64E1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "sagemaker.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "SagemakerRoleDefaultPolicy9DD21C3C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Sagemaker needs the following minimum required permissions to access ENIs in a VPC, ECR for custom model images, and elastic inference.", - }, - Object { - "id": "W76", - "reason": "Complex role becuase Sagemaker needs permissions to access several services", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sagemaker:CreateTrainingJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:CreateModel", - "sagemaker:DescribeModel", - "sagemaker:DeleteModel", - "sagemaker:CreateEndpoint", - "sagemaker:CreateEndpointConfig", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DeleteEndpoint", - "sagemaker:DeleteEndpointConfig", - "sagemaker:InvokeEndpoint", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/sagemaker/*", - ], - ], - }, - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:DescribeRepositories", - "ecr:DescribeImages", - "ecr:BatchGetImage", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":ecr:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":key/*", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*", - }, - Object { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "sagemaker.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SagemakerRoleDefaultPolicy9DD21C3C", - "Roles": Array [ - Object { - "Ref": "SagemakerRole5FDB64E1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; - -exports[`Test deployment with VPC 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "SagemakerNotebook": Object { - "Properties": Object { - "DirectInternetAccess": "Disabled", - "InstanceType": "ml.t2.medium", - "KmsKeyId": Object { - "Ref": "EncryptionKey1B843E66", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ - "SecurityGroupsecuritygroup00653C55", - "GroupId", - ], - }, - ], - "SubnetId": Object { - "Ref": "VpcPrivateSubnet1Subnet536B997A", - }, - }, - "Type": "AWS::SageMaker::NotebookInstance", - }, - "SagemakerRole5FDB64E1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "sagemaker.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "SagemakerRoleDefaultPolicy9DD21C3C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Sagemaker needs the following minimum required permissions to access ENIs in a VPC, ECR for custom model images, and elastic inference.", - }, - Object { - "id": "W76", - "reason": "Complex role becuase Sagemaker needs permissions to access several services", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sagemaker:CreateTrainingJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:CreateModel", - "sagemaker:DescribeModel", - "sagemaker:DeleteModel", - "sagemaker:CreateEndpoint", - "sagemaker:CreateEndpointConfig", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DeleteEndpoint", - "sagemaker:DeleteEndpointConfig", - "sagemaker:InvokeEndpoint", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/sagemaker/*", - ], - ], - }, - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:DescribeRepositories", - "ecr:DescribeImages", - "ecr:BatchGetImage", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":ecr:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":key/*", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*", - }, - Object { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "sagemaker.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SagemakerRoleDefaultPolicy9DD21C3C", - "Roles": Array [ - Object { - "Ref": "SagemakerRole5FDB64E1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "SecurityGroupsecuritygroup00653C55": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/SecurityGroup-security-group", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "from 0.0.0.0/0:443", - "FromPort": 443, - "IpProtocol": "tcp", - "ToPort": 443, - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "Vpc8378EB38": Object { - "Properties": Object { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "VpcFlowLog8FF33A73": Object { - "Properties": Object { - "DeliverLogsPermissionArn": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - "LogDestinationType": "cloud-watch-logs", - "LogGroupName": Object { - "Ref": "VpcFlowLogLogGroup7B5C56B9", - }, - "ResourceId": Object { - "Ref": "Vpc8378EB38", - }, - "ResourceType": "VPC", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - "TrafficType": "ALL", - }, - "Type": "AWS::EC2::FlowLog", - }, - "VpcFlowLogIAMRole6A475D41": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "vpc-flow-logs.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "VpcFlowLogIAMRoleDefaultPolicy406FB995": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogLogGroup7B5C56B9", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", - "Roles": Array [ - Object { - "Ref": "VpcFlowLogIAMRole6A475D41", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "VpcFlowLogLogGroup7B5C56B9": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "RetentionInDays": 731, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "VpcIGWD7BA715C": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::InternetGateway", - }, - "VpcPrivateSubnet1DefaultRouteBE02A9ED": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "VpcPublicSubnet1NATGateway4D7517AA", - }, - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPrivateSubnet1RouteTableAssociation70C59FA6": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", - }, - "SubnetId": Object { - "Ref": "VpcPrivateSubnet1Subnet536B997A", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPrivateSubnet1RouteTableB2C5B500": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPrivateSubnet1Subnet536B997A": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPrivateSubnet2DefaultRoute060D2087": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "VpcPublicSubnet2NATGateway9182C01D", - }, - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet2RouteTableA678073B", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPrivateSubnet2RouteTableA678073B": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPrivateSubnet2RouteTableAssociationA89CAD56": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet2RouteTableA678073B", - }, - "SubnetId": Object { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPrivateSubnet2Subnet3788AAA1": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPublicSubnet1DefaultRoute3DA9E72A": Object { - "DependsOn": Array [ - "VpcVPCGWBF912B6E", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "RouteTableId": Object { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPublicSubnet1EIPD7E02669": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "VpcPublicSubnet1NATGateway4D7517AA": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "VpcPublicSubnet1EIPD7E02669", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "VpcPublicSubnet1RouteTable6C95E38E": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPublicSubnet1RouteTableAssociation97140677": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E", - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPublicSubnet1Subnet5C2D37C4": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W33", - "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true", - }, - ], - }, - }, - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPublicSubnet2DefaultRoute97F91067": Object { - "DependsOn": Array [ - "VpcVPCGWBF912B6E", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "RouteTableId": Object { - "Ref": "VpcPublicSubnet2RouteTable94F7E489", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPublicSubnet2EIP3C605A87": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "VpcPublicSubnet2NATGateway9182C01D": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "VpcPublicSubnet2EIP3C605A87", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet2Subnet691E08A3", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "VpcPublicSubnet2RouteTable94F7E489": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPublicSubnet2RouteTableAssociationDD5762D8": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPublicSubnet2RouteTable94F7E489", - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet2Subnet691E08A3", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPublicSubnet2Subnet691E08A3": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W33", - "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true", - }, - ], - }, - }, - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcVPCGWBF912B6E": Object { - "Properties": Object { - "InternetGatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::VPCGatewayAttachment", - }, - }, -} -`; - -exports[`Test deployment with existing Sagemaker Notebook instance 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "SagemakerNotebook": Object { - "Properties": Object { - "DirectInternetAccess": "Disabled", - "InstanceType": "ml.t2.medium", - "KmsKeyId": Object { - "Ref": "EncryptionKey1B843E66", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ - "SecurityGroupsecuritygroup00653C55", - "GroupId", - ], - }, - ], - "SubnetId": Object { - "Ref": "VpcPrivateSubnet1Subnet536B997A", - }, - }, - "Type": "AWS::SageMaker::NotebookInstance", - }, - "SagemakerRole5FDB64E1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "sagemaker.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "SagemakerRoleDefaultPolicy9DD21C3C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Sagemaker needs the following minimum required permissions to access ENIs in a VPC, ECR for custom model images, and elastic inference.", - }, - Object { - "id": "W76", - "reason": "Complex role becuase Sagemaker needs permissions to access several services", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sagemaker:CreateTrainingJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:CreateModel", - "sagemaker:DescribeModel", - "sagemaker:DeleteModel", - "sagemaker:CreateEndpoint", - "sagemaker:CreateEndpointConfig", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DeleteEndpoint", - "sagemaker:DeleteEndpointConfig", - "sagemaker:InvokeEndpoint", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/sagemaker/*", - ], - ], - }, - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:DescribeRepositories", - "ecr:DescribeImages", - "ecr:BatchGetImage", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":ecr:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":key/*", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*", - }, - Object { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "sagemaker.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SagemakerRoleDefaultPolicy9DD21C3C", - "Roles": Array [ - Object { - "Ref": "SagemakerRole5FDB64E1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "SecurityGroupsecuritygroup00653C55": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/SecurityGroup-security-group", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "from 0.0.0.0/0:443", - "FromPort": 443, - "IpProtocol": "tcp", - "ToPort": 443, - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "Vpc8378EB38": Object { - "Properties": Object { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "VpcFlowLog8FF33A73": Object { - "Properties": Object { - "DeliverLogsPermissionArn": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - "LogDestinationType": "cloud-watch-logs", - "LogGroupName": Object { - "Ref": "VpcFlowLogLogGroup7B5C56B9", - }, - "ResourceId": Object { - "Ref": "Vpc8378EB38", - }, - "ResourceType": "VPC", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - "TrafficType": "ALL", - }, - "Type": "AWS::EC2::FlowLog", - }, - "VpcFlowLogIAMRole6A475D41": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "vpc-flow-logs.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "VpcFlowLogIAMRoleDefaultPolicy406FB995": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogLogGroup7B5C56B9", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", - "Roles": Array [ - Object { - "Ref": "VpcFlowLogIAMRole6A475D41", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "VpcFlowLogLogGroup7B5C56B9": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "RetentionInDays": 731, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "VpcIGWD7BA715C": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::InternetGateway", - }, - "VpcPrivateSubnet1DefaultRouteBE02A9ED": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "VpcPublicSubnet1NATGateway4D7517AA", - }, - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPrivateSubnet1RouteTableAssociation70C59FA6": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", - }, - "SubnetId": Object { - "Ref": "VpcPrivateSubnet1Subnet536B997A", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPrivateSubnet1RouteTableB2C5B500": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPrivateSubnet1Subnet536B997A": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPrivateSubnet2DefaultRoute060D2087": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "VpcPublicSubnet2NATGateway9182C01D", - }, - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet2RouteTableA678073B", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPrivateSubnet2RouteTableA678073B": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPrivateSubnet2RouteTableAssociationA89CAD56": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet2RouteTableA678073B", - }, - "SubnetId": Object { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPrivateSubnet2Subnet3788AAA1": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPublicSubnet1DefaultRoute3DA9E72A": Object { - "DependsOn": Array [ - "VpcVPCGWBF912B6E", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "RouteTableId": Object { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPublicSubnet1EIPD7E02669": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "VpcPublicSubnet1NATGateway4D7517AA": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "VpcPublicSubnet1EIPD7E02669", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "VpcPublicSubnet1RouteTable6C95E38E": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPublicSubnet1RouteTableAssociation97140677": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E", - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPublicSubnet1Subnet5C2D37C4": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W33", - "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true", - }, - ], - }, - }, - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPublicSubnet2DefaultRoute97F91067": Object { - "DependsOn": Array [ - "VpcVPCGWBF912B6E", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "RouteTableId": Object { - "Ref": "VpcPublicSubnet2RouteTable94F7E489", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPublicSubnet2EIP3C605A87": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "VpcPublicSubnet2NATGateway9182C01D": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "VpcPublicSubnet2EIP3C605A87", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet2Subnet691E08A3", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "VpcPublicSubnet2RouteTable94F7E489": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPublicSubnet2RouteTableAssociationDD5762D8": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPublicSubnet2RouteTable94F7E489", - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet2Subnet691E08A3", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPublicSubnet2Subnet691E08A3": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W33", - "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true", - }, - ], - }, - }, - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcVPCGWBF912B6E": Object { - "Properties": Object { - "InternetGatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::VPCGatewayAttachment", - }, - }, -} -`; - -exports[`Test minimal deployment of Sagemaker Inference Endpoint with VPC 1`] = ` -Object { - "Resources": Object { - "DefaultSAGEMAKERRUNTIMEsecuritygroup32609E8C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/Default-SAGEMAKER_RUNTIME-security-group", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1", - }, - ], - "SecurityGroupIngress": Array [ - Object { - "CidrIp": Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - "Description": Object { - "Fn::Join": Array [ - "", - Array [ - "from ", - Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - ":443", - ], - ], - }, - "FromPort": 443, - "IpProtocol": "tcp", - "ToPort": 443, - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "ReplaceModelDefaultSecurityGroup38936A39": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/ReplaceModelDefaultSecurityGroup", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1", - }, - ], - "SecurityGroupIngress": Array [ - Object { - "CidrIp": Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - "Description": Object { - "Fn::Join": Array [ - "", - Array [ - "from ", - Object { - "Fn::GetAtt": Array [ - "Vpc8378EB38", - "CidrBlock", - ], - }, - ":443", - ], - ], - }, - "FromPort": 443, - "IpProtocol": "tcp", - "ToPort": 443, - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "SagemakerEndpoint": Object { - "DependsOn": Array [ - "SagemakerEndpointConfig", - ], - "Properties": Object { - "EndpointConfigName": Object { - "Fn::GetAtt": Array [ - "SagemakerEndpointConfig", - "EndpointConfigName", - ], - }, - }, - "Type": "AWS::SageMaker::Endpoint", - }, - "SagemakerEndpointConfig": Object { - "DependsOn": Array [ - "SagemakerModel", - ], - "Properties": Object { - "KmsKeyId": Object { - "Ref": "EncryptionKey1B843E66", - }, - "ProductionVariants": Array [ - Object { - "InitialInstanceCount": 1, - "InitialVariantWeight": 1, - "InstanceType": "ml.m4.xlarge", - "ModelName": Object { - "Fn::GetAtt": Array [ - "SagemakerModel", - "ModelName", - ], - }, - "VariantName": "AllTraffic", - }, - ], - }, - "Type": "AWS::SageMaker::EndpointConfig", - }, - "SagemakerModel": Object { - "DependsOn": Array [ - "SagemakerRoleDefaultPolicy9DD21C3C", - "SagemakerRole5FDB64E1", - ], - "Properties": Object { - "ExecutionRoleArn": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - "PrimaryContainer": Object { - "Image": ".dkr.ecr..amazonaws.com/linear-learner:latest", - "ModelDataUrl": "s3:////model.tar.gz", - }, - "VpcConfig": Object { - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ - "ReplaceModelDefaultSecurityGroup38936A39", - "GroupId", - ], - }, - ], - "Subnets": Array [ - Object { - "Ref": "VpcisolatedSubnet1SubnetE62B1B9B", - }, - Object { - "Ref": "VpcisolatedSubnet2Subnet39217055", - }, - ], - }, - }, - "Type": "AWS::SageMaker::Model", - }, - "SagemakerRole5FDB64E1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "sagemaker.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "SagemakerRoleDefaultPolicy9DD21C3C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Sagemaker needs the following minimum required permissions to access ENIs in a VPC, ECR for custom model images, and elastic inference.", - }, - Object { - "id": "W76", - "reason": "Complex role becuase Sagemaker needs permissions to access several services", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sagemaker:CreateTrainingJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:CreateModel", - "sagemaker:DescribeModel", - "sagemaker:DeleteModel", - "sagemaker:CreateEndpoint", - "sagemaker:CreateEndpointConfig", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DeleteEndpoint", - "sagemaker:DeleteEndpointConfig", - "sagemaker:InvokeEndpoint", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/sagemaker/*", - ], - ], - }, - }, - Object { - "Action": Array [ - "ec2:CreateNetworkInterface", - "ec2:CreateNetworkInterfacePermission", - "ec2:DeleteNetworkInterface", - "ec2:DeleteNetworkInterfacePermission", - "ec2:DescribeNetworkInterfaces", - "ec2:AssignPrivateIpAddresses", - "ec2:UnassignPrivateIpAddresses", - "ec2:DescribeVpcs", - "ec2:DescribeDhcpOptions", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:DescribeRepositories", - "ecr:DescribeImages", - "ecr:BatchGetImage", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":ecr:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":key/*", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*", - }, - Object { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "sagemaker.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SagemakerRoleDefaultPolicy9DD21C3C", - "Roles": Array [ - Object { - "Ref": "SagemakerRole5FDB64E1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "Vpc8378EB38": Object { - "Properties": Object { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "VpcFlowLog8FF33A73": Object { - "Properties": Object { - "DeliverLogsPermissionArn": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - "LogDestinationType": "cloud-watch-logs", - "LogGroupName": Object { - "Ref": "VpcFlowLogLogGroup7B5C56B9", - }, - "ResourceId": Object { - "Ref": "Vpc8378EB38", - }, - "ResourceType": "VPC", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - "TrafficType": "ALL", - }, - "Type": "AWS::EC2::FlowLog", - }, - "VpcFlowLogIAMRole6A475D41": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "vpc-flow-logs.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "VpcFlowLogIAMRoleDefaultPolicy406FB995": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogLogGroup7B5C56B9", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", - "Roles": Array [ - Object { - "Ref": "VpcFlowLogIAMRole6A475D41", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "VpcFlowLogLogGroup7B5C56B9": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "RetentionInDays": 731, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "VpcS3A5408339": Object { - "Properties": Object { - "RouteTableIds": Array [ - Object { - "Ref": "VpcisolatedSubnet1RouteTableE442650B", - }, - Object { - "Ref": "VpcisolatedSubnet2RouteTable334F9764", - }, - ], - "ServiceName": Object { - "Fn::Join": Array [ - "", - Array [ - "com.amazonaws.", - Object { - "Ref": "AWS::Region", - }, - ".s3", - ], - ], - }, - "VpcEndpointType": "Gateway", - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::VPCEndpoint", - }, - "VpcSAGEMAKERRUNTIME337E125A": Object { - "Properties": Object { - "PrivateDnsEnabled": true, - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ - "DefaultSAGEMAKERRUNTIMEsecuritygroup32609E8C", - "GroupId", - ], - }, - ], - "ServiceName": Object { - "Fn::Join": Array [ - "", - Array [ - "com.amazonaws.", - Object { - "Ref": "AWS::Region", - }, - ".sagemaker.runtime", - ], - ], - }, - "SubnetIds": Array [ - Object { - "Ref": "VpcisolatedSubnet1SubnetE62B1B9B", - }, - Object { - "Ref": "VpcisolatedSubnet2Subnet39217055", - }, - ], - "VpcEndpointType": "Interface", - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::VPCEndpoint", - }, - "VpcisolatedSubnet1RouteTableAssociationD259E31A": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcisolatedSubnet1RouteTableE442650B", - }, - "SubnetId": Object { - "Ref": "VpcisolatedSubnet1SubnetE62B1B9B", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcisolatedSubnet1RouteTableE442650B": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcisolatedSubnet1SubnetE62B1B9B": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "isolated", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcisolatedSubnet2RouteTable334F9764": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcisolatedSubnet2RouteTableAssociation25A4716F": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcisolatedSubnet2RouteTable334F9764", - }, - "SubnetId": Object { - "Ref": "VpcisolatedSubnet2Subnet39217055", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcisolatedSubnet2Subnet39217055": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "isolated", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - }, -} -`; - -exports[`Test minimal deployment with no properties 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "SagemakerNotebook": Object { - "Properties": Object { - "DirectInternetAccess": "Disabled", - "InstanceType": "ml.t2.medium", - "KmsKeyId": Object { - "Ref": "EncryptionKey1B843E66", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - "SecurityGroupIds": Array [ - Object { - "Fn::GetAtt": Array [ - "SecurityGroupsecuritygroup00653C55", - "GroupId", - ], - }, - ], - "SubnetId": Object { - "Ref": "VpcPrivateSubnet1Subnet536B997A", - }, - }, - "Type": "AWS::SageMaker::NotebookInstance", - }, - "SagemakerRole5FDB64E1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "sagemaker.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "SagemakerRoleDefaultPolicy9DD21C3C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Sagemaker needs the following minimum required permissions to access ENIs in a VPC, ECR for custom model images, and elastic inference.", - }, - Object { - "id": "W76", - "reason": "Complex role becuase Sagemaker needs permissions to access several services", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sagemaker:CreateTrainingJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:CreateModel", - "sagemaker:DescribeModel", - "sagemaker:DeleteModel", - "sagemaker:CreateEndpoint", - "sagemaker:CreateEndpointConfig", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DeleteEndpoint", - "sagemaker:DeleteEndpointConfig", - "sagemaker:InvokeEndpoint", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/sagemaker/*", - ], - ], - }, - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:DescribeRepositories", - "ecr:DescribeImages", - "ecr:BatchGetImage", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":ecr:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":key/*", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*", - }, - Object { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "sagemaker.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SagemakerRoleDefaultPolicy9DD21C3C", - "Roles": Array [ - Object { - "Ref": "SagemakerRole5FDB64E1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "SecurityGroupsecuritygroup00653C55": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/SecurityGroup-security-group", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "from 0.0.0.0/0:443", - "FromPort": 443, - "IpProtocol": "tcp", - "ToPort": 443, - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "Vpc8378EB38": Object { - "Properties": Object { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "VpcFlowLog8FF33A73": Object { - "Properties": Object { - "DeliverLogsPermissionArn": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - "LogDestinationType": "cloud-watch-logs", - "LogGroupName": Object { - "Ref": "VpcFlowLogLogGroup7B5C56B9", - }, - "ResourceId": Object { - "Ref": "Vpc8378EB38", - }, - "ResourceType": "VPC", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - "TrafficType": "ALL", - }, - "Type": "AWS::EC2::FlowLog", - }, - "VpcFlowLogIAMRole6A475D41": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "vpc-flow-logs.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "VpcFlowLogIAMRoleDefaultPolicy406FB995": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogLogGroup7B5C56B9", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", - "Roles": Array [ - Object { - "Ref": "VpcFlowLogIAMRole6A475D41", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "VpcFlowLogLogGroup7B5C56B9": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "RetentionInDays": 731, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "VpcIGWD7BA715C": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::InternetGateway", - }, - "VpcPrivateSubnet1DefaultRouteBE02A9ED": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "VpcPublicSubnet1NATGateway4D7517AA", - }, - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPrivateSubnet1RouteTableAssociation70C59FA6": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", - }, - "SubnetId": Object { - "Ref": "VpcPrivateSubnet1Subnet536B997A", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPrivateSubnet1RouteTableB2C5B500": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPrivateSubnet1Subnet536B997A": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPrivateSubnet2DefaultRoute060D2087": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "VpcPublicSubnet2NATGateway9182C01D", - }, - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet2RouteTableA678073B", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPrivateSubnet2RouteTableA678073B": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPrivateSubnet2RouteTableAssociationA89CAD56": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet2RouteTableA678073B", - }, - "SubnetId": Object { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPrivateSubnet2Subnet3788AAA1": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPublicSubnet1DefaultRoute3DA9E72A": Object { - "DependsOn": Array [ - "VpcVPCGWBF912B6E", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "RouteTableId": Object { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPublicSubnet1EIPD7E02669": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "VpcPublicSubnet1NATGateway4D7517AA": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "VpcPublicSubnet1EIPD7E02669", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "VpcPublicSubnet1RouteTable6C95E38E": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPublicSubnet1RouteTableAssociation97140677": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E", - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPublicSubnet1Subnet5C2D37C4": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W33", - "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true", - }, - ], - }, - }, - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPublicSubnet2DefaultRoute97F91067": Object { - "DependsOn": Array [ - "VpcVPCGWBF912B6E", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "RouteTableId": Object { - "Ref": "VpcPublicSubnet2RouteTable94F7E489", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPublicSubnet2EIP3C605A87": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "VpcPublicSubnet2NATGateway9182C01D": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "VpcPublicSubnet2EIP3C605A87", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet2Subnet691E08A3", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "VpcPublicSubnet2RouteTable94F7E489": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPublicSubnet2RouteTableAssociationDD5762D8": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPublicSubnet2RouteTable94F7E489", - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet2Subnet691E08A3", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPublicSubnet2Subnet691E08A3": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W33", - "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true", - }, - ], - }, - }, - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcVPCGWBF912B6E": Object { - "Properties": Object { - "InternetGatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::VPCGatewayAttachment", - }, - }, -} -`; - -exports[`Test minimal deployment with no properties using internal IAM role 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "SagemakerEndpoint": Object { - "DependsOn": Array [ - "SagemakerEndpointConfig", - ], - "Properties": Object { - "EndpointConfigName": Object { - "Fn::GetAtt": Array [ - "SagemakerEndpointConfig", - "EndpointConfigName", - ], - }, - }, - "Type": "AWS::SageMaker::Endpoint", - }, - "SagemakerEndpointConfig": Object { - "DependsOn": Array [ - "SagemakerModel", - ], - "Properties": Object { - "KmsKeyId": Object { - "Ref": "EncryptionKey1B843E66", - }, - "ProductionVariants": Array [ - Object { - "InitialInstanceCount": 1, - "InitialVariantWeight": 1, - "InstanceType": "ml.m4.xlarge", - "ModelName": Object { - "Fn::GetAtt": Array [ - "SagemakerModel", - "ModelName", - ], - }, - "VariantName": "AllTraffic", - }, - ], - }, - "Type": "AWS::SageMaker::EndpointConfig", - }, - "SagemakerModel": Object { - "DependsOn": Array [ - "SagemakerRoleDefaultPolicy9DD21C3C", - "SagemakerRole5FDB64E1", - ], - "Properties": Object { - "ExecutionRoleArn": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - "PrimaryContainer": Object { - "Image": ".dkr.ecr..amazonaws.com/linear-learner:latest", - "ModelDataUrl": "s3:////model.tar.gz", - }, - }, - "Type": "AWS::SageMaker::Model", - }, - "SagemakerRole5FDB64E1": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "sagemaker.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "SagemakerRoleDefaultPolicy9DD21C3C": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "Sagemaker needs the following minimum required permissions to access ENIs in a VPC, ECR for custom model images, and elastic inference.", - }, - Object { - "id": "W76", - "reason": "Complex role becuase Sagemaker needs permissions to access several services", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sagemaker:CreateTrainingJob", - "sagemaker:DescribeTrainingJob", - "sagemaker:CreateModel", - "sagemaker:DescribeModel", - "sagemaker:DeleteModel", - "sagemaker:CreateEndpoint", - "sagemaker:CreateEndpointConfig", - "sagemaker:DescribeEndpoint", - "sagemaker:DescribeEndpointConfig", - "sagemaker:DeleteEndpoint", - "sagemaker:DeleteEndpointConfig", - "sagemaker:InvokeEndpoint", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":sagemaker:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - Object { - "Action": Array [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:DescribeLogStreams", - "logs:GetLogEvents", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":log-group:/aws/sagemaker/*", - ], - ], - }, - }, - Object { - "Action": Array [ - "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:DescribeRepositories", - "ecr:DescribeImages", - "ecr:BatchGetImage", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":ecr:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":repository/*", - ], - ], - }, - }, - Object { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "kms:Encrypt", - "kms:Decrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:DescribeKey", - ], - "Effect": "Allow", - "Resource": Array [ - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":key/*", - ], - ], - }, - Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/*", - ], - ], - }, - ], - }, - Object { - "Action": Array [ - "s3:GetObject", - "s3:PutObject", - "s3:DeleteObject", - "s3:ListBucket", - ], - "Effect": "Allow", - "Resource": "arn:aws:s3:::*", - }, - Object { - "Action": "iam:GetRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Condition": Object { - "StringLike": Object { - "iam:PassedToService": "sagemaker.amazonaws.com", - }, - }, - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "SagemakerRole5FDB64E1", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "SagemakerRoleDefaultPolicy9DD21C3C", - "Roles": Array [ - Object { - "Ref": "SagemakerRole5FDB64E1", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/secretsmanager-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/secretsmanager-helper.test.js.snap deleted file mode 100644 index 36f575add..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/secretsmanager-helper.test.js.snap +++ /dev/null @@ -1,26 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test minimal deployment with no properties 1`] = ` -Object { - "Resources": Object { - "secret4DA88516": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W77", - "reason": "We allow the use of the AWS account default key aws/secretsmanager for secret encryption.", - }, - ], - }, - }, - "Properties": Object { - "GenerateSecretString": Object {}, - }, - "Type": "AWS::SecretsManager::Secret", - "UpdateReplacePolicy": "Retain", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/security-group-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/security-group-helper.test.js.snap deleted file mode 100644 index 8246c1985..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/security-group-helper.test.js.snap +++ /dev/null @@ -1,1279 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment with egress rule 1`] = ` -Object { - "Resources": Object { - "primaryqueuesecuritygroup10C955CC": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/primary-queue-security-group", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "1.1.1.1/16", - "Description": "from 1.1.1.1/16:100", - "FromPort": 100, - "IpProtocol": "tcp", - "ToPort": 100, - }, - Object { - "CidrIp": "2.2.2.2/24", - "Description": "from 2.2.2.2/24:200", - "FromPort": 200, - "IpProtocol": "tcp", - "ToPort": 200, - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "testvpc8985080E": Object { - "Properties": Object { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "testvpcIGW2C2BA83F": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc", - }, - ], - }, - "Type": "AWS::EC2::InternetGateway", - }, - "testvpcPrivateSubnet1DefaultRouteF07B0F68": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "testvpcPublicSubnet1NATGateway50787A07", - }, - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet1RouteTableC6BCA266", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPrivateSubnet1RouteTableAssociation0E625B49": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet1RouteTableC6BCA266", - }, - "SubnetId": Object { - "Ref": "testvpcPrivateSubnet1Subnet865FB50A", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPrivateSubnet1RouteTableC6BCA266": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPrivateSubnet1Subnet865FB50A": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcPrivateSubnet2DefaultRouteC94968D3": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "testvpcPublicSubnet2NATGateway8D7A9976", - }, - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet2RouteTable26C5E053", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPrivateSubnet2RouteTable26C5E053": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPrivateSubnet2RouteTableAssociationB60494EA": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet2RouteTable26C5E053", - }, - "SubnetId": Object { - "Ref": "testvpcPrivateSubnet2Subnet23D3396F", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPrivateSubnet2Subnet23D3396F": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcPublicSubnet1DefaultRouteB1E474AB": Object { - "DependsOn": Array [ - "testvpcVPCGW7060AA15", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "testvpcIGW2C2BA83F", - }, - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet1RouteTable180BB588", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPublicSubnet1EIP84634DA0": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "testvpcPublicSubnet1NATGateway50787A07": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "testvpcPublicSubnet1EIP84634DA0", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet1Subnet01CF7554", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "testvpcPublicSubnet1RouteTable180BB588": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPublicSubnet1RouteTableAssociation14A2D92F": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet1RouteTable180BB588", - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet1Subnet01CF7554", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPublicSubnet1Subnet01CF7554": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcPublicSubnet2DefaultRoute39BC0F35": Object { - "DependsOn": Array [ - "testvpcVPCGW7060AA15", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "testvpcIGW2C2BA83F", - }, - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet2RouteTable28A079F9", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPublicSubnet2EIP6819FC49": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "testvpcPublicSubnet2NATGateway8D7A9976": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "testvpcPublicSubnet2EIP6819FC49", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet2Subnet4E9D9728", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "testvpcPublicSubnet2RouteTable28A079F9": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPublicSubnet2RouteTableAssociationACF92511": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet2RouteTable28A079F9", - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet2Subnet4E9D9728", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPublicSubnet2Subnet4E9D9728": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcVPCGW7060AA15": Object { - "Properties": Object { - "InternetGatewayId": Object { - "Ref": "testvpcIGW2C2BA83F", - }, - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::VPCGatewayAttachment", - }, - }, -} -`; - -exports[`Test deployment with ingress rules 1`] = ` -Object { - "Resources": Object { - "primaryqueuesecuritygroup10C955CC": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/primary-queue-security-group", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1", - }, - ], - "SecurityGroupIngress": Array [ - Object { - "CidrIp": "1.1.1.1/16", - "Description": "from 1.1.1.1/16:100", - "FromPort": 100, - "IpProtocol": "tcp", - "ToPort": 100, - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "testvpc8985080E": Object { - "Properties": Object { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "testvpcIGW2C2BA83F": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc", - }, - ], - }, - "Type": "AWS::EC2::InternetGateway", - }, - "testvpcPrivateSubnet1DefaultRouteF07B0F68": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "testvpcPublicSubnet1NATGateway50787A07", - }, - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet1RouteTableC6BCA266", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPrivateSubnet1RouteTableAssociation0E625B49": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet1RouteTableC6BCA266", - }, - "SubnetId": Object { - "Ref": "testvpcPrivateSubnet1Subnet865FB50A", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPrivateSubnet1RouteTableC6BCA266": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPrivateSubnet1Subnet865FB50A": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcPrivateSubnet2DefaultRouteC94968D3": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "testvpcPublicSubnet2NATGateway8D7A9976", - }, - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet2RouteTable26C5E053", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPrivateSubnet2RouteTable26C5E053": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPrivateSubnet2RouteTableAssociationB60494EA": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet2RouteTable26C5E053", - }, - "SubnetId": Object { - "Ref": "testvpcPrivateSubnet2Subnet23D3396F", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPrivateSubnet2Subnet23D3396F": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcPublicSubnet1DefaultRouteB1E474AB": Object { - "DependsOn": Array [ - "testvpcVPCGW7060AA15", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "testvpcIGW2C2BA83F", - }, - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet1RouteTable180BB588", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPublicSubnet1EIP84634DA0": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "testvpcPublicSubnet1NATGateway50787A07": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "testvpcPublicSubnet1EIP84634DA0", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet1Subnet01CF7554", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "testvpcPublicSubnet1RouteTable180BB588": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPublicSubnet1RouteTableAssociation14A2D92F": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet1RouteTable180BB588", - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet1Subnet01CF7554", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPublicSubnet1Subnet01CF7554": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcPublicSubnet2DefaultRoute39BC0F35": Object { - "DependsOn": Array [ - "testvpcVPCGW7060AA15", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "testvpcIGW2C2BA83F", - }, - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet2RouteTable28A079F9", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPublicSubnet2EIP6819FC49": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "testvpcPublicSubnet2NATGateway8D7A9976": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "testvpcPublicSubnet2EIP6819FC49", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet2Subnet4E9D9728", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "testvpcPublicSubnet2RouteTable28A079F9": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPublicSubnet2RouteTableAssociationACF92511": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet2RouteTable28A079F9", - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet2Subnet4E9D9728", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPublicSubnet2Subnet4E9D9728": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcVPCGW7060AA15": Object { - "Properties": Object { - "InternetGatewayId": Object { - "Ref": "testvpcIGW2C2BA83F", - }, - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::VPCGatewayAttachment", - }, - }, -} -`; - -exports[`Test minimal deployment with no properties 1`] = ` -Object { - "Resources": Object { - "primaryqueuesecuritygroup10C955CC": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W5", - "reason": "Egress of 0.0.0.0/0 is default and generally considered OK", - }, - Object { - "id": "W40", - "reason": "Egress IPProtocol of -1 is default and generally considered OK", - }, - ], - }, - }, - "Properties": Object { - "GroupDescription": "Default/primary-queue-security-group", - "SecurityGroupEgress": Array [ - Object { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::SecurityGroup", - }, - "testvpc8985080E": Object { - "Properties": Object { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "testvpcIGW2C2BA83F": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc", - }, - ], - }, - "Type": "AWS::EC2::InternetGateway", - }, - "testvpcPrivateSubnet1DefaultRouteF07B0F68": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "testvpcPublicSubnet1NATGateway50787A07", - }, - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet1RouteTableC6BCA266", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPrivateSubnet1RouteTableAssociation0E625B49": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet1RouteTableC6BCA266", - }, - "SubnetId": Object { - "Ref": "testvpcPrivateSubnet1Subnet865FB50A", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPrivateSubnet1RouteTableC6BCA266": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPrivateSubnet1Subnet865FB50A": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcPrivateSubnet2DefaultRouteC94968D3": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "testvpcPublicSubnet2NATGateway8D7A9976", - }, - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet2RouteTable26C5E053", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPrivateSubnet2RouteTable26C5E053": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPrivateSubnet2RouteTableAssociationB60494EA": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPrivateSubnet2RouteTable26C5E053", - }, - "SubnetId": Object { - "Ref": "testvpcPrivateSubnet2Subnet23D3396F", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPrivateSubnet2Subnet23D3396F": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcPublicSubnet1DefaultRouteB1E474AB": Object { - "DependsOn": Array [ - "testvpcVPCGW7060AA15", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "testvpcIGW2C2BA83F", - }, - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet1RouteTable180BB588", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPublicSubnet1EIP84634DA0": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "testvpcPublicSubnet1NATGateway50787A07": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "testvpcPublicSubnet1EIP84634DA0", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet1Subnet01CF7554", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "testvpcPublicSubnet1RouteTable180BB588": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPublicSubnet1RouteTableAssociation14A2D92F": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet1RouteTable180BB588", - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet1Subnet01CF7554", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPublicSubnet1Subnet01CF7554": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcPublicSubnet2DefaultRoute39BC0F35": Object { - "DependsOn": Array [ - "testvpcVPCGW7060AA15", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "testvpcIGW2C2BA83F", - }, - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet2RouteTable28A079F9", - }, - }, - "Type": "AWS::EC2::Route", - }, - "testvpcPublicSubnet2EIP6819FC49": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "testvpcPublicSubnet2NATGateway8D7A9976": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "testvpcPublicSubnet2EIP6819FC49", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet2Subnet4E9D9728", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "testvpcPublicSubnet2RouteTable28A079F9": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "testvpcPublicSubnet2RouteTableAssociationACF92511": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "testvpcPublicSubnet2RouteTable28A079F9", - }, - "SubnetId": Object { - "Ref": "testvpcPublicSubnet2Subnet4E9D9728", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "testvpcPublicSubnet2Subnet4E9D9728": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/test-vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "testvpcVPCGW7060AA15": Object { - "Properties": Object { - "InternetGatewayId": Object { - "Ref": "testvpcIGW2C2BA83F", - }, - "VpcId": Object { - "Ref": "testvpc8985080E", - }, - }, - "Type": "AWS::EC2::VPCGatewayAttachment", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/sns-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/sns-helper.test.js.snap deleted file mode 100644 index cd441c529..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/sns-helper.test.js.snap +++ /dev/null @@ -1,427 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment w/ imported encryption key 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "SnsTopic2C1570A4": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "EncryptionKey1B843E66", - "Arn", - ], - }, - "TopicName": "custom-topic", - }, - "Type": "AWS::SNS::Topic", - }, - "SnsTopicPolicy520DD923": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "SnsTopic2C1570A4", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "SnsTopic2C1570A4", - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "SnsTopic2C1570A4", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; - -exports[`Test deployment with no properties using AWS Managed KMS Key 1`] = ` -Object { - "Resources": Object { - "SnsTopic2C1570A4": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":kms:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":alias/aws/sns", - ], - ], - }, - }, - "Type": "AWS::SNS::Topic", - }, - "SnsTopicPolicy520DD923": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "SnsTopic2C1570A4", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "SnsTopic2C1570A4", - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "SnsTopic2C1570A4", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; - -exports[`Test deployment without imported encryption key 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "SnsTopic2C1570A4": Object { - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "EncryptionKey1B843E66", - "Arn", - ], - }, - "TopicName": "custom-topic", - }, - "Type": "AWS::SNS::Topic", - }, - "SnsTopicPolicy520DD923": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "StringEquals": Object { - "AWS:SourceOwner": Object { - "Ref": "AWS::AccountId", - }, - }, - }, - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Ref": "SnsTopic2C1570A4", - }, - "Sid": "TopicOwnerOnlyAccess", - }, - Object { - "Action": Array [ - "SNS:Publish", - "SNS:RemovePermission", - "SNS:SetTopicAttributes", - "SNS:DeleteTopic", - "SNS:ListSubscriptionsByTopic", - "SNS:GetTopicAttributes", - "SNS:Receive", - "SNS:AddPermission", - "SNS:Subscribe", - ], - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Ref": "SnsTopic2C1570A4", - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Topics": Array [ - Object { - "Ref": "SnsTopic2C1570A4", - }, - ], - }, - "Type": "AWS::SNS::TopicPolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/sqs-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/sqs-helper.test.js.snap deleted file mode 100644 index 1f7aa8ce9..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/sqs-helper.test.js.snap +++ /dev/null @@ -1,1013 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test dead letter queue deployment/configuration 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "deadLetterQueue3F848E28": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "deadLetterQueuePolicy14A9D269": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "deadLetterQueue3F848E28", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "deadLetterQueue3F848E28", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "deadLetterQueue3F848E28", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "primaryqueue045A5712": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "EncryptionKey1B843E66", - "Arn", - ], - }, - "QueueName": "not-the-dead-letter-queue-props", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "deadLetterQueue3F848E28", - "Arn", - ], - }, - "maxReceiveCount": 3, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "primaryqueuePolicy3A8A9471": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "primaryqueue045A5712", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "primaryqueue045A5712", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "primaryqueue045A5712", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test dead letter queue deployment/configuration w/o mrc 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "deadLetterQueue3F848E28": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "deadLetterQueuePolicy14A9D269": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "deadLetterQueue3F848E28", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "deadLetterQueue3F848E28", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "deadLetterQueue3F848E28", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - "primaryqueue045A5712": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "EncryptionKey1B843E66", - "Arn", - ], - }, - "QueueName": "not-the-dead-letter-queue-props", - "RedrivePolicy": Object { - "deadLetterTargetArn": Object { - "Fn::GetAtt": Array [ - "deadLetterQueue3F848E28", - "Arn", - ], - }, - "maxReceiveCount": 15, - }, - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "primaryqueuePolicy3A8A9471": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "primaryqueue045A5712", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "primaryqueue045A5712", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "primaryqueue045A5712", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test deployment w/ custom properties 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "primaryqueue045A5712": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "EncryptionKey1B843E66", - "Arn", - ], - }, - "QueueName": "custom-queue-props", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "primaryqueuePolicy3A8A9471": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "primaryqueue045A5712", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "primaryqueue045A5712", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "primaryqueue045A5712", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test deployment w/ imported encryption key 1`] = ` -Object { - "Resources": Object { - "EncryptionKey1B843E66": Object { - "DeletionPolicy": "Retain", - "Properties": Object { - "EnableKeyRotation": true, - "KeyPolicy": Object { - "Statement": Array [ - Object { - "Action": Array [ - "kms:Create*", - "kms:Describe*", - "kms:Enable*", - "kms:List*", - "kms:Put*", - "kms:Update*", - "kms:Revoke*", - "kms:Disable*", - "kms:Get*", - "kms:Delete*", - "kms:ScheduleKeyDeletion", - "kms:CancelKeyDeletion", - "kms:GenerateDataKey", - "kms:TagResource", - "kms:UntagResource", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "existingqueue03D57A53": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": Object { - "Fn::GetAtt": Array [ - "EncryptionKey1B843E66", - "Arn", - ], - }, - "QueueName": "existing-queue", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "existingqueuePolicy8BCB024D": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueue03D57A53", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueue03D57A53", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "existingqueue03D57A53", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test deployment without imported encryption key 1`] = ` -Object { - "Resources": Object { - "existingqueue03D57A53": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "QueueName": "existing-queue", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "existingqueuePolicy8BCB024D": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueue03D57A53", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueue03D57A53", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "existingqueue03D57A53", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test existingQueueObj 1`] = ` -Object { - "Resources": Object { - "existingqueue03D57A53": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - "QueueName": "existing-queue", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "existingqueuePolicy8BCB024D": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueue03D57A53", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "existingqueue03D57A53", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "existingqueue03D57A53", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; - -exports[`Test minimal deployment with no properties 1`] = ` -Object { - "Resources": Object { - "primaryqueue045A5712": Object { - "DeletionPolicy": "Delete", - "Properties": Object { - "KmsMasterKeyId": "alias/aws/sqs", - }, - "Type": "AWS::SQS::Queue", - "UpdateReplacePolicy": "Delete", - }, - "primaryqueuePolicy3A8A9471": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "sqs:DeleteMessage", - "sqs:ReceiveMessage", - "sqs:SendMessage", - "sqs:GetQueueAttributes", - "sqs:RemovePermission", - "sqs:AddPermission", - "sqs:SetQueueAttributes", - ], - "Effect": "Allow", - "Principal": Object { - "AWS": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":iam::", - Object { - "Ref": "AWS::AccountId", - }, - ":root", - ], - ], - }, - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "primaryqueue045A5712", - "Arn", - ], - }, - "Sid": "QueueOwnerOnlyAccess", - }, - Object { - "Action": "SQS:*", - "Condition": Object { - "Bool": Object { - "aws:SecureTransport": "false", - }, - }, - "Effect": "Deny", - "Principal": Object { - "AWS": "*", - }, - "Resource": Object { - "Fn::GetAtt": Array [ - "primaryqueue045A5712", - "Arn", - ], - }, - "Sid": "HttpsOnly", - }, - ], - "Version": "2012-10-17", - }, - "Queues": Array [ - Object { - "Ref": "primaryqueue045A5712", - }, - ], - }, - "Type": "AWS::SQS::QueuePolicy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/ssm-string-parameter-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/ssm-string-parameter-helper.test.js.snap deleted file mode 100644 index 7176006a0..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/ssm-string-parameter-helper.test.js.snap +++ /dev/null @@ -1,29 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test minimal deployment with required properties 1`] = ` -Object { - "Resources": Object { - "parameterName95084137": Object { - "Properties": Object { - "Type": "String", - "Value": "test-val", - }, - "Type": "AWS::SSM::Parameter", - }, - }, -} -`; - -exports[`Test minimal deployment with required properties 2`] = ` -Object { - "Resources": Object { - "parameterName95084137": Object { - "Properties": Object { - "Type": "String", - "Value": "test-val", - }, - "Type": "AWS::SSM::Parameter", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/step-function-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/step-function-helper.test.js.snap deleted file mode 100644 index b44edca4a..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/step-function-helper.test.js.snap +++ /dev/null @@ -1,154 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test minimal deployment with no properties 1`] = ` -Object { - "Resources": Object { - "StateMachine2E01A3A5": Object { - "DependsOn": Array [ - "StateMachineRoleDefaultPolicyDF1E6607", - "StateMachineRoleB840431D", - ], - "Properties": Object { - "DefinitionString": "{\\"StartAt\\":\\"StartState\\",\\"States\\":{\\"StartState\\":{\\"Type\\":\\"Pass\\",\\"End\\":true}}}", - "LoggingConfiguration": Object { - "Destinations": Array [ - Object { - "CloudWatchLogsLogGroup": Object { - "LogGroupArn": Object { - "Fn::GetAtt": Array [ - "StateMachineLogGroup15B91BCB", - "Arn", - ], - }, - }, - }, - ], - "Level": "ERROR", - }, - "RoleArn": Object { - "Fn::GetAtt": Array [ - "StateMachineRoleB840431D", - "Arn", - ], - }, - }, - "Type": "AWS::StepFunctions::StateMachine", - }, - "StateMachineLogGroup15B91BCB": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W86", - "reason": "Retention period for CloudWatchLogs LogGroups are set to 'Never Expire' to preserve customer data indefinitely", - }, - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "LogGroupName": "/aws/vendedlogs/states/defaultdefaultstatemachinelogc54daeb0a037", - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "StateMachineRoleB840431D": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": Object { - "Fn::Join": Array [ - "", - Array [ - "states.", - Object { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "StateMachineRoleDefaultPolicyDF1E6607": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W12", - "reason": "The 'LogDelivery' actions do not support resource-level authorizations", - }, - ], - }, - }, - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogDelivery", - "logs:GetLogDelivery", - "logs:UpdateLogDelivery", - "logs:DeleteLogDelivery", - "logs:ListLogDeliveries", - ], - "Effect": "Allow", - "Resource": "*", - }, - Object { - "Action": Array [ - "logs:PutResourcePolicy", - "logs:DescribeResourcePolicies", - "logs:DescribeLogGroups", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::Join": Array [ - "", - Array [ - "arn:", - Object { - "Ref": "AWS::Partition", - }, - ":logs:", - Object { - "Ref": "AWS::Region", - }, - ":", - Object { - "Ref": "AWS::AccountId", - }, - ":*", - ], - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "StateMachineRoleDefaultPolicyDF1E6607", - "Roles": Array [ - Object { - "Ref": "StateMachineRoleB840431D", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/vpc-helper.test.js.snap b/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/vpc-helper.test.js.snap deleted file mode 100644 index 5ef9bfefe..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/__snapshots__/vpc-helper.test.js.snap +++ /dev/null @@ -1,1278 +0,0 @@ -// Jest Snapshot v1, https://goo.gl/fbAQLP - -exports[`Test deployment w/ custom CIDR 1`] = ` -Object { - "Resources": Object { - "Vpc8378EB38": Object { - "Properties": Object { - "CidrBlock": "172.168.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "VpcFlowLog8FF33A73": Object { - "Properties": Object { - "DeliverLogsPermissionArn": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - "LogDestinationType": "cloud-watch-logs", - "LogGroupName": Object { - "Ref": "VpcFlowLogLogGroup7B5C56B9", - }, - "ResourceId": Object { - "Ref": "Vpc8378EB38", - }, - "ResourceType": "VPC", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - "TrafficType": "ALL", - }, - "Type": "AWS::EC2::FlowLog", - }, - "VpcFlowLogIAMRole6A475D41": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "vpc-flow-logs.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "VpcFlowLogIAMRoleDefaultPolicy406FB995": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogLogGroup7B5C56B9", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", - "Roles": Array [ - Object { - "Ref": "VpcFlowLogIAMRole6A475D41", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "VpcFlowLogLogGroup7B5C56B9": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "RetentionInDays": 731, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "VpcIGWD7BA715C": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::InternetGateway", - }, - "VpcPrivateSubnet1DefaultRouteBE02A9ED": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "VpcPublicSubnet1NATGateway4D7517AA", - }, - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPrivateSubnet1RouteTableAssociation70C59FA6": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", - }, - "SubnetId": Object { - "Ref": "VpcPrivateSubnet1Subnet536B997A", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPrivateSubnet1RouteTableB2C5B500": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPrivateSubnet1Subnet536B997A": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "172.168.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPrivateSubnet2DefaultRoute060D2087": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "VpcPublicSubnet2NATGateway9182C01D", - }, - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet2RouteTableA678073B", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPrivateSubnet2RouteTableA678073B": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPrivateSubnet2RouteTableAssociationA89CAD56": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet2RouteTableA678073B", - }, - "SubnetId": Object { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPrivateSubnet2Subnet3788AAA1": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "172.168.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPublicSubnet1DefaultRoute3DA9E72A": Object { - "DependsOn": Array [ - "VpcVPCGWBF912B6E", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "RouteTableId": Object { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPublicSubnet1EIPD7E02669": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "VpcPublicSubnet1NATGateway4D7517AA": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "VpcPublicSubnet1EIPD7E02669", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "VpcPublicSubnet1RouteTable6C95E38E": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPublicSubnet1RouteTableAssociation97140677": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E", - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPublicSubnet1Subnet5C2D37C4": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W33", - "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true", - }, - ], - }, - }, - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "172.168.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPublicSubnet2DefaultRoute97F91067": Object { - "DependsOn": Array [ - "VpcVPCGWBF912B6E", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "RouteTableId": Object { - "Ref": "VpcPublicSubnet2RouteTable94F7E489", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPublicSubnet2EIP3C605A87": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "VpcPublicSubnet2NATGateway9182C01D": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "VpcPublicSubnet2EIP3C605A87", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet2Subnet691E08A3", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "VpcPublicSubnet2RouteTable94F7E489": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPublicSubnet2RouteTableAssociationDD5762D8": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPublicSubnet2RouteTable94F7E489", - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet2Subnet691E08A3", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPublicSubnet2Subnet691E08A3": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W33", - "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true", - }, - ], - }, - }, - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "172.168.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcVPCGWBF912B6E": Object { - "Properties": Object { - "InternetGatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::VPCGatewayAttachment", - }, - }, -} -`; - -exports[`Test minimal deployment with no properties 1`] = ` -Object { - "Resources": Object { - "Vpc8378EB38": Object { - "Properties": Object { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "VpcFlowLog8FF33A73": Object { - "Properties": Object { - "DeliverLogsPermissionArn": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - "LogDestinationType": "cloud-watch-logs", - "LogGroupName": Object { - "Ref": "VpcFlowLogLogGroup7B5C56B9", - }, - "ResourceId": Object { - "Ref": "Vpc8378EB38", - }, - "ResourceType": "VPC", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - "TrafficType": "ALL", - }, - "Type": "AWS::EC2::FlowLog", - }, - "VpcFlowLogIAMRole6A475D41": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "vpc-flow-logs.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "VpcFlowLogIAMRoleDefaultPolicy406FB995": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogLogGroup7B5C56B9", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", - "Roles": Array [ - Object { - "Ref": "VpcFlowLogIAMRole6A475D41", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "VpcFlowLogLogGroup7B5C56B9": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "RetentionInDays": 731, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "VpcIGWD7BA715C": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::InternetGateway", - }, - "VpcPrivateSubnet1DefaultRouteBE02A9ED": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "VpcPublicSubnet1NATGateway4D7517AA", - }, - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPrivateSubnet1RouteTableAssociation70C59FA6": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet1RouteTableB2C5B500", - }, - "SubnetId": Object { - "Ref": "VpcPrivateSubnet1Subnet536B997A", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPrivateSubnet1RouteTableB2C5B500": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPrivateSubnet1Subnet536B997A": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.128.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPrivateSubnet2DefaultRoute060D2087": Object { - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": Object { - "Ref": "VpcPublicSubnet2NATGateway9182C01D", - }, - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet2RouteTableA678073B", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPrivateSubnet2RouteTableA678073B": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPrivateSubnet2RouteTableAssociationA89CAD56": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPrivateSubnet2RouteTableA678073B", - }, - "SubnetId": Object { - "Ref": "VpcPrivateSubnet2Subnet3788AAA1", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPrivateSubnet2Subnet3788AAA1": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.192.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Private", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Private", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PrivateSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPublicSubnet1DefaultRoute3DA9E72A": Object { - "DependsOn": Array [ - "VpcVPCGWBF912B6E", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "RouteTableId": Object { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPublicSubnet1EIPD7E02669": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "VpcPublicSubnet1NATGateway4D7517AA": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "VpcPublicSubnet1EIPD7E02669", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "VpcPublicSubnet1RouteTable6C95E38E": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPublicSubnet1RouteTableAssociation97140677": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPublicSubnet1RouteTable6C95E38E", - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPublicSubnet1Subnet5C2D37C4": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W33", - "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true", - }, - ], - }, - }, - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcPublicSubnet2DefaultRoute97F91067": Object { - "DependsOn": Array [ - "VpcVPCGWBF912B6E", - ], - "Properties": Object { - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "RouteTableId": Object { - "Ref": "VpcPublicSubnet2RouteTable94F7E489", - }, - }, - "Type": "AWS::EC2::Route", - }, - "VpcPublicSubnet2EIP3C605A87": Object { - "Properties": Object { - "Domain": "vpc", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::EIP", - }, - "VpcPublicSubnet2NATGateway9182C01D": Object { - "Properties": Object { - "AllocationId": Object { - "Fn::GetAtt": Array [ - "VpcPublicSubnet2EIP3C605A87", - "AllocationId", - ], - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet2Subnet691E08A3", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - }, - "Type": "AWS::EC2::NatGateway", - }, - "VpcPublicSubnet2RouteTable94F7E489": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcPublicSubnet2RouteTableAssociationDD5762D8": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcPublicSubnet2RouteTable94F7E489", - }, - "SubnetId": Object { - "Ref": "VpcPublicSubnet2Subnet691E08A3", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcPublicSubnet2Subnet691E08A3": Object { - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W33", - "reason": "Allow Public Subnets to have MapPublicIpOnLaunch set to true", - }, - ], - }, - }, - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": true, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "Public", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Public", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/PublicSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcVPCGWBF912B6E": Object { - "Properties": Object { - "InternetGatewayId": Object { - "Ref": "VpcIGWD7BA715C", - }, - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::VPCGatewayAttachment", - }, - }, -} -`; - -exports[`Test minimal deployment with no properties 2`] = ` -Object { - "Resources": Object { - "Vpc8378EB38": Object { - "Properties": Object { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::EC2::VPC", - }, - "VpcFlowLog8FF33A73": Object { - "Properties": Object { - "DeliverLogsPermissionArn": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - "LogDestinationType": "cloud-watch-logs", - "LogGroupName": Object { - "Ref": "VpcFlowLogLogGroup7B5C56B9", - }, - "ResourceId": Object { - "Ref": "Vpc8378EB38", - }, - "ResourceType": "VPC", - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - "TrafficType": "ALL", - }, - "Type": "AWS::EC2::FlowLog", - }, - "VpcFlowLogIAMRole6A475D41": Object { - "Properties": Object { - "AssumeRolePolicyDocument": Object { - "Statement": Array [ - Object { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": Object { - "Service": "vpc-flow-logs.amazonaws.com", - }, - }, - ], - "Version": "2012-10-17", - }, - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc", - }, - ], - }, - "Type": "AWS::IAM::Role", - }, - "VpcFlowLogIAMRoleDefaultPolicy406FB995": Object { - "Properties": Object { - "PolicyDocument": Object { - "Statement": Array [ - Object { - "Action": Array [ - "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams", - ], - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogLogGroup7B5C56B9", - "Arn", - ], - }, - }, - Object { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": Object { - "Fn::GetAtt": Array [ - "VpcFlowLogIAMRole6A475D41", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "VpcFlowLogIAMRoleDefaultPolicy406FB995", - "Roles": Array [ - Object { - "Ref": "VpcFlowLogIAMRole6A475D41", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "VpcFlowLogLogGroup7B5C56B9": Object { - "DeletionPolicy": "Retain", - "Metadata": Object { - "cfn_nag": Object { - "rules_to_suppress": Array [ - Object { - "id": "W84", - "reason": "By default CloudWatchLogs LogGroups data is encrypted using the CloudWatch server-side encryption keys (AWS Managed Keys)", - }, - ], - }, - }, - "Properties": Object { - "RetentionInDays": 731, - }, - "Type": "AWS::Logs::LogGroup", - "UpdateReplacePolicy": "Retain", - }, - "VpcisolatedSubnet1RouteTableAssociationD259E31A": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcisolatedSubnet1RouteTableE442650B", - }, - "SubnetId": Object { - "Ref": "VpcisolatedSubnet1SubnetE62B1B9B", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcisolatedSubnet1RouteTableE442650B": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcisolatedSubnet1SubnetE62B1B9B": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 0, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.0.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "isolated", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet1", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - "VpcisolatedSubnet2RouteTable334F9764": Object { - "Properties": Object { - "Tags": Array [ - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::RouteTable", - }, - "VpcisolatedSubnet2RouteTableAssociation25A4716F": Object { - "Properties": Object { - "RouteTableId": Object { - "Ref": "VpcisolatedSubnet2RouteTable334F9764", - }, - "SubnetId": Object { - "Ref": "VpcisolatedSubnet2Subnet39217055", - }, - }, - "Type": "AWS::EC2::SubnetRouteTableAssociation", - }, - "VpcisolatedSubnet2Subnet39217055": Object { - "Properties": Object { - "AvailabilityZone": Object { - "Fn::Select": Array [ - 1, - Object { - "Fn::GetAZs": "", - }, - ], - }, - "CidrBlock": "10.0.64.0/18", - "MapPublicIpOnLaunch": false, - "Tags": Array [ - Object { - "Key": "aws-cdk:subnet-name", - "Value": "isolated", - }, - Object { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated", - }, - Object { - "Key": "Name", - "Value": "Default/Vpc/isolatedSubnet2", - }, - ], - "VpcId": Object { - "Ref": "Vpc8378EB38", - }, - }, - "Type": "AWS::EC2::Subnet", - }, - }, -} -`; diff --git a/source/patterns/@aws-solutions-constructs/core/test/apigateway-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/apigateway-helper.test.ts index 70ee74811..f6580cdf9 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/apigateway-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/apigateway-helper.test.ts @@ -11,7 +11,7 @@ * and limitations under the License. */ -import { SynthUtils, ResourcePart } from '@aws-cdk/assert'; +import { ResourcePart } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as lambda from '@aws-cdk/aws-lambda'; import * as api from '@aws-cdk/aws-apigateway'; @@ -87,13 +87,6 @@ function setupRestApi(stack: Stack, apiProps?: any): void { }); } -test('snapshot test RegionalApiGateway default params', () => { - const stack = new Stack(); - deployRegionalApiGateway(stack); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('Test override for RegionalApiGateway', () => { const stack = new Stack(); @@ -197,21 +190,12 @@ test('Test ApiGateway::Account resource for GlobalApiGateway', () => { }); }); -test('Test default RestApi deployment w/o ApiGatewayProps', () => { - const stack = new Stack(); - setupRestApi(stack); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('Test default RestApi deployment w/ ApiGatewayProps', () => { const stack = new Stack(); setupRestApi(stack, { restApiName: "customRestApi" }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResource('AWS::ApiGateway::RestApi', { Name: "customRestApi" }); @@ -272,8 +256,6 @@ test('Test addMethodToApiResource with action', () => { requestTemplate: getRequestTemplate }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Error scenario: missing action and path try { defaults.addProxyMethodToApiResource({ @@ -317,8 +299,6 @@ test('Test default RestApi w/ request model and validator', () => { requestModel: { "application/json": api.Model.EMPTY_MODEL } }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - expect(stack).toHaveResource('AWS::ApiGateway::RequestValidator', { Name: "default-validator", ValidateRequestBody: true diff --git a/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-api-gateway-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-api-gateway-helper.test.ts index a03b19109..3b98ae6a0 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-api-gateway-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-api-gateway-helper.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as cloudfront from '@aws-cdk/aws-cloudfront'; import * as api from '@aws-cdk/aws-apigateway'; @@ -23,40 +22,6 @@ import '@aws-cdk/assert/jest'; import * as origins from '@aws-cdk/aws-cloudfront-origins'; import { LambdaEdgeEventType } from '@aws-cdk/aws-cloudfront'; -test('cloudfront distribution for ApiGateway with default params', () => { - const stack = new Stack(); - - const lambdaFunctionProps: lambda.FunctionProps = { - runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }; - - const func = new lambda.Function(stack, 'LambdaFunction', lambdaFunctionProps); - const _api = new api.LambdaRestApi(stack, 'RestApi', { - handler: func - }); - CloudFrontDistributionForApiGateway(stack, _api); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -test('cloudfront distribution for ApiGateway without security headers', () => { - const stack = new Stack(); - - const lambdaFunctionProps: lambda.FunctionProps = { - runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }; - - const func = new lambda.Function(stack, 'LambdaFunction', lambdaFunctionProps); - const _api = new api.LambdaRestApi(stack, 'RestApi', { - handler: func - }); - CloudFrontDistributionForApiGateway(stack, _api, {}, false); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('test cloudfront for Api Gateway with user provided logging bucket', () => { const stack = new Stack(); diff --git a/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-mediastore-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-mediastore-helper.test.ts index cdca6f698..202520283 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-mediastore-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-mediastore-helper.test.ts @@ -12,7 +12,6 @@ */ import '@aws-cdk/assert/jest'; -import { SynthUtils } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as s3 from '@aws-cdk/aws-s3'; import * as mediastore from '@aws-cdk/aws-mediastore'; @@ -20,17 +19,6 @@ import * as cloudfront from '@aws-cdk/aws-cloudfront'; import * as origins from '@aws-cdk/aws-cloudfront-origins'; import { CloudFrontDistributionForMediaStore, CloudFrontOriginAccessIdentity } from '../lib/cloudfront-distribution-helper'; -test('CloudFront distribution for MediaStore with default params', () => { - const stack = new Stack(); - const mediaStoreContainerProps: mediastore.CfnContainerProps = { - containerName: 'TestContainer' - }; - const mediaStoreContainer = new mediastore.CfnContainer(stack, 'MediaStoreContainer', mediaStoreContainerProps); - - CloudFrontDistributionForMediaStore(stack, mediaStoreContainer); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('CloudFront distribution for MediaStore with user provided log bucket', () => { const stack = new Stack(); const mediaStoreContainerProps: mediastore.CfnContainerProps = { diff --git a/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts index 5765181bf..38f2e75a3 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/cloudfront-distribution-s3-helper.test.ts @@ -11,7 +11,7 @@ * and limitations under the License. */ -import { SynthUtils, ResourcePart } from '@aws-cdk/assert'; +import { ResourcePart } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as cloudfront from '@aws-cdk/aws-cloudfront'; import * as lambda from '@aws-cdk/aws-lambda'; @@ -23,13 +23,6 @@ import * as origins from '@aws-cdk/aws-cloudfront-origins'; import * as acm from '@aws-cdk/aws-certificatemanager'; import { LambdaEdgeEventType } from '@aws-cdk/aws-cloudfront'; -test('cloudfront distribution with default params', () => { - const stack = new Stack(); - const [sourceBucket] = buildS3Bucket(stack, {}); - CloudFrontDistributionForS3(stack, sourceBucket); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check bucket policy metadata', () => { const stack = new Stack(); const [sourceBucket] = buildS3Bucket(stack, {}); diff --git a/source/patterns/@aws-solutions-constructs/core/test/cloudwatch-log-group-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/cloudwatch-log-group-helper.test.ts index b41ddbc8e..dc622a58c 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/cloudwatch-log-group-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/cloudwatch-log-group-helper.test.ts @@ -11,31 +11,13 @@ * and limitations under the License. */ -import { ResourcePart, SynthUtils } from '@aws-cdk/assert'; +import { ResourcePart } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import '@aws-cdk/assert/jest'; import * as logs from '@aws-cdk/aws-logs'; import { buildLogGroup } from '../lib/cloudwatch-log-group-helper'; import * as kms from '@aws-cdk/aws-kms'; -test('cw log group with default params', () => { - const stack = new Stack(); - buildLogGroup(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -test('override cw log group props with encryptionKey and retention period', () => { - const stack = new Stack(); - - const key = new kms.Key(stack, 'mykey'); - - buildLogGroup(stack, 'test-cw-logs-default', { - encryptionKey: key, - retention: logs.RetentionDays.FIVE_DAYS - }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('override cw log group props with encryptionKey only', () => { const stack = new Stack(); diff --git a/source/patterns/@aws-solutions-constructs/core/test/congnito-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/congnito-helper.test.ts index e21758bc4..e10c1ada6 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/congnito-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/congnito-helper.test.ts @@ -11,27 +11,11 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as cognito from '@aws-cdk/aws-cognito'; import * as defaults from '../index'; import '@aws-cdk/assert/jest'; -test('snapshot test buildUserPool default params', () => { - const stack = new Stack(); - defaults.buildUserPool(stack); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -test('snapshot test buildUserPoolClient default params', () => { - const stack = new Stack(); - const userpool = defaults.buildUserPool(stack); - defaults.buildUserPoolClient(stack, userpool); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('Test override for buildUserPool', () => { const stack = new Stack(); diff --git a/source/patterns/@aws-solutions-constructs/core/test/dynamo-table.test.ts b/source/patterns/@aws-solutions-constructs/core/test/dynamo-table.test.ts index 64a097f7a..73b8df105 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/dynamo-table.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/dynamo-table.test.ts @@ -11,7 +11,7 @@ * and limitations under the License. */ -import { SynthUtils, expect as expectCDK, haveResource } from '@aws-cdk/assert'; +import { expect as expectCDK, haveResource } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as dynamodb from '@aws-cdk/aws-dynamodb'; import * as defaults from '../index'; @@ -19,18 +19,6 @@ import { overrideProps } from '../lib/utils'; import '@aws-cdk/assert/jest'; import { getPartitionKeyNameFromTable } from '../lib/dynamodb-table-helper'; -test('snapshot test TableProps default params', () => { - const stack = new Stack(); - new dynamodb.Table(stack, 'test-dynamo-defaults', defaults.DefaultTableProps); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -test('snapshot test TableWithStream default params', () => { - const stack = new Stack(); - new dynamodb.Table(stack, 'test-dynamo-stream-defaults', defaults.DefaultTableWithStreamProps); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('test TableProps change billing mode', () => { const stack = new Stack(); diff --git a/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts index d485c5127..7912d821a 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as elasticsearch from '@aws-cdk/aws-elasticsearch'; import * as defaults from '../index'; @@ -49,13 +48,6 @@ function deployES(stack: Stack, domainName: string, cfnDomainProps?: elasticsear } } -test('snapshot test buildElasticSearch default params', () => { - const stack = new Stack(); - deployES(stack, 'test-domain'); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('Test override SnapshotOptions for buildElasticSearch', () => { const stack = new Stack(); deployES(stack, 'test-domain', { diff --git a/source/patterns/@aws-solutions-constructs/core/test/eventbridge-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/eventbridge-helper.test.ts index fc9e508d9..d0f9aa686 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/eventbridge-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/eventbridge-helper.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as events from '@aws-cdk/aws-events'; import * as defaults from '../index'; @@ -25,9 +24,7 @@ test('Test deployment with no properties', () => { const stack = new Stack(); // Helper declaration defaults.buildEventBus(stack, {}); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).not.toHaveResource("AWS::EventBridge::EventBus"); }); @@ -41,25 +38,7 @@ test('Test deployment with existing EventBus', () => { defaults.buildEventBus(stack, { existingEventBusInterface: new events.EventBus(stack, `existing-event-bus`, {}) }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 - expect(stack).toHaveResource('AWS::Events::EventBus', {}); -}); -// -------------------------------------------------------------- -// Test deployment with new EventBus no props -// -------------------------------------------------------------- -test('Test deployment with new EventBus no props', () => { - // Stack - const stack = new Stack(); - // Helper declaration - defaults.buildEventBus(stack, { - eventBusProps: {} - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 expect(stack).toHaveResource('AWS::Events::EventBus', {}); }); @@ -75,9 +54,7 @@ test('Test deployment with new EventBus with props', () => { eventBusName: 'testneweventbus' } }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResource('AWS::Events::EventBus', { Name: 'testneweventbus' }); diff --git a/source/patterns/@aws-solutions-constructs/core/test/events-rule.test.ts b/source/patterns/@aws-solutions-constructs/core/test/events-rule.test.ts index 3d669eb72..be52bb15f 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/events-rule.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/events-rule.test.ts @@ -11,9 +11,7 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; -import * as lambda from '@aws-cdk/aws-lambda'; import * as events from '@aws-cdk/aws-events'; import * as defaults from '../index'; import '@aws-cdk/assert/jest'; @@ -21,33 +19,6 @@ import { Schedule } from '@aws-cdk/aws-events'; import { Duration } from '@aws-cdk/core'; import { overrideProps } from '../lib/utils'; -test('snapshot test EventsRuleProps default params', () => { - const stack = new Stack(); - - const lambdaFunctionProps: lambda.FunctionProps = { - runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }; - - const fn = defaults.deployLambdaFunction(stack, lambdaFunctionProps); - - const lambdaFunc: events.IRuleTarget = { - bind: () => ({ - id: '', - arn: fn.functionArn - }) - }; - - const defaultEventsRuleProps = defaults.DefaultEventsRuleProps([lambdaFunc]); - const eventsRuleProps = overrideProps(defaultEventsRuleProps, { - schedule: Schedule.rate(Duration.minutes(5)) - }); - - new events.Rule(stack, 'Events', eventsRuleProps); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('test EventsRuleProps override ruleName and description', () => { const stack = new Stack(); diff --git a/source/patterns/@aws-solutions-constructs/core/test/glue-database-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/glue-database-helper.test.ts deleted file mode 100644 index 18aed5eb8..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/glue-database-helper.test.ts +++ /dev/null @@ -1,22 +0,0 @@ -/** - * Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance - * with the License. A copy of the License is located at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES - * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions - * and limitations under the License. - */ - -import { SynthUtils } from '@aws-cdk/assert'; -import { Stack } from '@aws-cdk/core'; -import * as defaults from '../'; - -test('create default CfnTable', () => { - const stack = new Stack(); - defaults.DefaultGlueDatabase(stack, defaults.DefaultGlueDatabaseProps()); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/core/test/glue-job-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/glue-job-helper.test.ts index e34ecc327..732f893ff 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/glue-job-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/glue-job-helper.test.ts @@ -12,7 +12,7 @@ */ // Imports -import { ResourcePart, SynthUtils } from '@aws-cdk/assert'; +import { ResourcePart } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import { CfnJob, CfnJobProps } from '@aws-cdk/aws-glue'; import { Role, ServicePrincipal } from '@aws-cdk/aws-iam'; @@ -51,9 +51,7 @@ test('Test deployment with role creation', () => { comment: "" }], 'kinesis', {STREAM_NAME: 'testStream'}) }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike('AWS::Glue::Job', { Type: "AWS::Glue::Job", Properties: { @@ -113,7 +111,6 @@ test('Create a Glue Job outside the construct', () => { comment: "" }], 'kinesis', {STREAM_NAME: 'testStream'}) }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(stack).toHaveResourceLike('AWS::Glue::Job', { Type: "AWS::Glue::Job", Properties: { @@ -174,8 +171,6 @@ test('Test custom deployment properties', () => { comment: "" }], 'kinesis', {STREAM_NAME: 'testStream'}) }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); // check if Glue Job Resource was created correctly expect(stack).toHaveResourceLike('AWS::Glue::Job', { @@ -305,8 +300,6 @@ test('Test deployment with role creation', () => { comment: "" }], 'kinesis', {STREAM_NAME: 'testStream'}) }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(stack).toHaveResourceLike('AWS::IAM::Role', { Type: "AWS::IAM::Role", Properties: { @@ -361,8 +354,6 @@ test('Test deployment with role creation', () => { comment: "" }], 'kinesis', {STREAM_NAME: 'testStream'}) }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(stack).toHaveResourceLike('AWS::S3::Bucket', { Type: 'AWS::S3::Bucket', Properties: { @@ -491,35 +482,6 @@ test('GlueJob configuration with glueVersion 2.0 should not support maxCapacity } }); -// -------------------------------------------------------------- -// Supply maxCapacity with GlueVersion 1.0 -// -------------------------------------------------------------- -test('GlueJob configuration with glueVersion 1.0 should support maxCapacity', () => { - const stack = new Stack(); - const _database = defaults.createGlueDatabase(stack); - defaults.buildGlueJob(stack, { - outputDataStore: { - datastoreType: defaults.SinkStoreType.S3 - }, - database: _database, - table: defaults.createGlueTable(stack, _database, defaults.DefaultGlueTableProps(_database, [{ - name: "id", - type: "int", - comment: "" - }], 'kinesis', {STREAM_NAME: 'testStream'})), - glueJobProps: { - command: { - name: "gluejob1.0", - pythonVersion: '3', - scriptLocation: 's3://fakelocation/script' - }, - glueVersion: '1.0', - maxCapacity: 2 - } - }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Fail if setting maxCapacity and WorkerType/ NumberOfWorkers // -------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/core/test/glue-table-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/glue-table-helper.test.ts index 997c0af6b..806a017f9 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/glue-table-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/glue-table-helper.test.ts @@ -11,7 +11,7 @@ * and limitations under the License. */ -import { ResourcePart, SynthUtils } from '@aws-cdk/assert'; +import { ResourcePart } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import { Aws, Stack } from '@aws-cdk/core'; import * as defaults from '..'; @@ -56,8 +56,6 @@ test('create default CfnTable with default props', () => { } }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - expect(stack).toHaveResourceLike('AWS::Glue::Table', { Type: "AWS::Glue::Table", Properties: { @@ -98,7 +96,6 @@ test('Create table', () => { defaults.createGlueTable(stack, defaults.createGlueDatabase(stack), undefined, _fieldSchema, 'kinesis', { STREAM_NAME: 'testStream' }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(stack).toHaveResourceLike('AWS::Glue::Database', { Type: "AWS::Glue::Database", Properties: { diff --git a/source/patterns/@aws-solutions-constructs/core/test/iot-rule.test.ts b/source/patterns/@aws-solutions-constructs/core/test/iot-rule.test.ts index 7e9270470..03144f3aa 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/iot-rule.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/iot-rule.test.ts @@ -11,34 +11,12 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as iot from '@aws-cdk/aws-iot'; -import * as lambda from '@aws-cdk/aws-lambda'; import * as defaults from '../index'; import { overrideProps } from '../lib/utils'; import '@aws-cdk/assert/jest'; -test('snapshot test TopicRuleProps default params', () => { - const stack = new Stack(); - - const lambdaFunctionProps: lambda.FunctionProps = { - runtime: lambda.Runtime.NODEJS_12_X, - handler: 'index.handler', - code: lambda.Code.fromAsset(`${__dirname}/lambda`) - }; - - const fn = new lambda.Function(stack, 'LambdaFunction', lambdaFunctionProps); - - const defaultIotTopicProps = defaults.DefaultCfnTopicRuleProps([{ - lambda: { - functionArn: fn.functionArn - } - }], "SELECT * FROM 'topic/#'"); - new iot.CfnTopicRule(stack, 'IotTopic', defaultIotTopicProps); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('test TopicRuleProps override sql and description', () => { const stack = new Stack(); diff --git a/source/patterns/@aws-solutions-constructs/core/test/kinesis-analytics-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/kinesis-analytics-helper.test.ts deleted file mode 100644 index 8364bd924..000000000 --- a/source/patterns/@aws-solutions-constructs/core/test/kinesis-analytics-helper.test.ts +++ /dev/null @@ -1,62 +0,0 @@ -/** - * Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance - * with the License. A copy of the License is located at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES - * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions - * and limitations under the License. - */ - -// Imports -import { Stack } from "@aws-cdk/core"; -import * as kinesisFirehose from "@aws-cdk/aws-kinesisfirehose"; -import * as defaults from '../'; -import { SynthUtils } from '@aws-cdk/assert'; -import '@aws-cdk/assert/jest'; - -// -------------------------------------------------------------- -// Test default functionality -// -------------------------------------------------------------- -test('Test default functionality', () => { - // Setup the stack - const stack = new Stack(); - const firehose = new kinesisFirehose.CfnDeliveryStream(stack, 'KinesisFirehose'); - // Setup the Kinesis Analytics application - defaults.buildKinesisAnalyticsApp(stack, { - kinesisFirehose: firehose, - kinesisAnalyticsProps: { - inputs: [{ - inputSchema: { - recordColumns: [{ - name: 'ticker_symbol', - sqlType: 'VARCHAR(4)', - mapping: '$.ticker_symbol' - }, { - name: 'sector', - sqlType: 'VARCHAR(16)', - mapping: '$.sector' - }, { - name: 'change', - sqlType: 'REAL', - mapping: '$.change' - }, { - name: 'price', - sqlType: 'REAL', - mapping: '$.price' - }], - recordFormat: { - recordFormatType: 'JSON' - }, - recordEncoding: 'UTF-8' - }, - namePrefix: 'SOURCE_SQL_STREAM' - }] - } - }); - // Assertions - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); \ No newline at end of file diff --git a/source/patterns/@aws-solutions-constructs/core/test/kinesis-analytics.test.ts b/source/patterns/@aws-solutions-constructs/core/test/kinesis-analytics.test.ts index 9a2fba389..488c51263 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/kinesis-analytics.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/kinesis-analytics.test.ts @@ -11,19 +11,12 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as kinesisanalytics from '@aws-cdk/aws-kinesisanalytics'; import * as defaults from '../index'; import { overrideProps } from '../lib/utils'; import '@aws-cdk/assert/jest'; -test('snapshot test kinesisanalytics default params', () => { - const stack = new Stack(); - new kinesisanalytics.CfnApplication(stack, 'KinesisAnalytics', defaults.DefaultCfnApplicationProps); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('test kinesisanalytics override inputProperty', () => { const stack = new Stack(); diff --git a/source/patterns/@aws-solutions-constructs/core/test/kinesis-firehose-s3-defaults.test.ts b/source/patterns/@aws-solutions-constructs/core/test/kinesis-firehose-s3-defaults.test.ts index 68b9732b7..34765cf32 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/kinesis-firehose-s3-defaults.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/kinesis-firehose-s3-defaults.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as kinesisfirehose from '@aws-cdk/aws-kinesisfirehose'; import * as defaults from '../index'; @@ -19,16 +18,6 @@ import { overrideProps } from '../lib/utils'; import '@aws-cdk/assert/jest'; import * as kms from '@aws-cdk/aws-kms'; -test('snapshot test kinesisfirehose default params', () => { - const stack = new Stack(); - - const awsManagedKey: kms.IKey = kms.Alias.fromAliasName(stack, 'aws-managed-key', 'alias/aws/s3'); - - new kinesisfirehose.CfnDeliveryStream(stack, 'KinesisFirehose', - defaults.DefaultCfnDeliveryStreamProps('bucket_arn', 'role_arn', 'log_group', 'log_stream', awsManagedKey)); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('test kinesisanalytics override buffer conditions', () => { const stack = new Stack(); diff --git a/source/patterns/@aws-solutions-constructs/core/test/kinesis-streams-defaults.test.ts b/source/patterns/@aws-solutions-constructs/core/test/kinesis-streams-defaults.test.ts index 572f854f2..0d2b13a4d 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/kinesis-streams-defaults.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/kinesis-streams-defaults.test.ts @@ -11,19 +11,12 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { Stack, Duration } from '@aws-cdk/core'; import * as kinesis from '@aws-cdk/aws-kinesis'; import * as defaults from '../index'; import { overrideProps } from '../lib/utils'; import '@aws-cdk/assert/jest'; -test('snapshot test kinesisstream default params', () => { - const stack = new Stack(); - new kinesis.Stream(stack, 'KinesisStream', defaults.DefaultStreamProps); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('test kinesisstream override RetentionPeriodHours', () => { const stack = new Stack(); diff --git a/source/patterns/@aws-solutions-constructs/core/test/kinesis-streams-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/kinesis-streams-helper.test.ts index ec3118213..4333685a7 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/kinesis-streams-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/kinesis-streams-helper.test.ts @@ -15,7 +15,7 @@ import { Stack, Duration } from "@aws-cdk/core"; import * as defaults from '../'; import * as kinesis from '@aws-cdk/aws-kinesis'; -import { SynthUtils, ResourcePart } from '@aws-cdk/assert'; +import { ResourcePart } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; // -------------------------------------------------------------- @@ -26,9 +26,7 @@ test('Test minimal deployment with no properties', () => { const stack = new Stack(); // Helper declaration defaults.buildKinesisStream(stack, {}); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike('AWS::Kinesis::Stream', { Type: "AWS::Kinesis::Stream", Properties: { @@ -55,9 +53,7 @@ test('Test deployment w/ custom properties', () => { encryptionKey: encKey } }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResource('AWS::Kinesis::Stream', { Name: 'myCustomKinesisStream' }); @@ -88,9 +84,7 @@ test('Test deployment w/ existing stream', () => { retentionPeriod: Duration.days(1) } }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResource('AWS::Kinesis::Stream', { ShardCount: 2, RetentionPeriodHours: 72 diff --git a/source/patterns/@aws-solutions-constructs/core/test/kms-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/kms-helper.test.ts index 8da375932..51391abd1 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/kms-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/kms-helper.test.ts @@ -14,7 +14,7 @@ // Imports import { Stack } from "@aws-cdk/core"; import * as defaults from '../'; -import { SynthUtils, ResourcePart } from '@aws-cdk/assert'; +import { ResourcePart } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; // -------------------------------------------------------------- @@ -25,9 +25,7 @@ test('Test minimal deployment with no properties', () => { const stack = new Stack(); // Helper declaration defaults.buildEncryptionKey(stack); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike('AWS::KMS::Key', { Type: "AWS::KMS::Key", Properties: { @@ -46,9 +44,7 @@ test('Test minimal deployment with custom properties', () => { defaults.buildEncryptionKey(stack, { enableKeyRotation: false }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike('AWS::KMS::Key', { Type: "AWS::KMS::Key", Properties: { diff --git a/source/patterns/@aws-solutions-constructs/core/test/lambda-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/lambda-helper.test.ts index 04a778ec1..d62f3ace7 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/lambda-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/lambda-helper.test.ts @@ -11,7 +11,6 @@ * and limitations under the License. */ -import { SynthUtils, ResourcePart } from "@aws-cdk/assert"; import { Stack } from "@aws-cdk/core"; import * as ec2 from "@aws-cdk/aws-ec2"; import * as lambda from "@aws-cdk/aws-lambda"; @@ -20,20 +19,6 @@ import "@aws-cdk/assert/jest"; import { Duration } from "@aws-cdk/core"; import * as iam from '@aws-cdk/aws-iam'; -test("snapshot test LambdaFunction default params", () => { - const stack = new Stack(); - - const lambdaFunctionProps: lambda.FunctionProps = { - runtime: lambda.Runtime.NODEJS_12_X, - handler: "index.handler", - code: lambda.Code.fromAsset(`${__dirname}/lambda`), - }; - - defaults.deployLambdaFunction(stack, lambdaFunctionProps); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test("test FunctionProps override code and runtime", () => { const stack = new Stack(); @@ -101,7 +86,7 @@ test("test FunctionProps for environment variable when runtime = NODEJS", () => }); }); -test("test FunctionProps for no envrionment variable when runtime = PYTHON", () => { +test("test FunctionProps when runtime = PYTHON", () => { const stack = new Stack(); const inProps: lambda.FunctionProps = { @@ -115,64 +100,15 @@ test("test FunctionProps for no envrionment variable when runtime = PYTHON", () expect(stack).toHaveResource( "AWS::Lambda::Function", { - Type: "AWS::Lambda::Function", - Properties: { - Code: { - S3Bucket: { - Ref: - "AssetParametersb472c1cea6f4795d84eb1b97e37bfa1f79f1c744caebeb372f30dbf716299895S3Bucket0A3514D6", - }, - S3Key: { - "Fn::Join": [ - "", - [ - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "||", - { - Ref: - "AssetParametersb472c1cea6f4795d84eb1b97e37bfa1f79f1c744caebeb372f30dbf716299895S3VersionKey0DB6BEDE", - }, - ], - }, - ], - }, - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "||", - { - Ref: - "AssetParametersb472c1cea6f4795d84eb1b97e37bfa1f79f1c744caebeb372f30dbf716299895S3VersionKey0DB6BEDE", - }, - ], - }, - ], - }, - ], - ], - }, - }, - Handler: "index.handler", - Role: { - "Fn::GetAtt": ["LambdaFunctionServiceRole0C4CDE0B", "Arn"], - }, - Runtime: "python3.6", - TracingConfig: { - Mode: "Active", - }, + Handler: "index.handler", + Role: { + "Fn::GetAtt": ["LambdaFunctionServiceRole0C4CDE0B", "Arn"], }, - DependsOn: [ - "LambdaFunctionServiceRoleDefaultPolicy126C8897", - "LambdaFunctionServiceRole0C4CDE0B", - ], - }, - ResourcePart.CompleteDefinition + Runtime: "python3.6", + TracingConfig: { + Mode: "Active", + }, + } ); }); diff --git a/source/patterns/@aws-solutions-constructs/core/test/mediastore-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/mediastore-helper.test.ts index d9dac1429..7af5513d8 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/mediastore-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/mediastore-helper.test.ts @@ -12,18 +12,10 @@ */ import '@aws-cdk/assert/jest'; -import { SynthUtils } from '@aws-cdk/assert'; import { Stack } from '@aws-cdk/core'; import * as mediastore from '@aws-cdk/aws-mediastore'; import { MediaStoreContainer } from '../lib/mediastore-helper'; -test('MediaStore container with default params', () => { - const stack = new Stack(); - - MediaStoreContainer(stack); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('MediaStore container override params', () => { const stack = new Stack(); const mediaStoreContainerProps: mediastore.CfnContainerProps = { diff --git a/source/patterns/@aws-solutions-constructs/core/test/s3-bucket-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/s3-bucket-helper.test.ts index 596dc5ab9..f3c97850d 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/s3-bucket-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/s3-bucket-helper.test.ts @@ -11,8 +11,8 @@ * and limitations under the License. */ -import { SynthUtils, expect as expectCDK, haveResource, ResourcePart } from '@aws-cdk/assert'; -import { Duration, RemovalPolicy, Stack } from '@aws-cdk/core'; +import { expect as expectCDK, haveResource, ResourcePart } from '@aws-cdk/assert'; +import { Duration, Stack } from '@aws-cdk/core'; import * as s3 from '@aws-cdk/aws-s3'; import * as s3n from '@aws-cdk/aws-s3-notifications'; import * as sqs from '@aws-cdk/aws-sqs'; @@ -20,23 +20,6 @@ import * as defaults from '../index'; import '@aws-cdk/assert/jest'; import { Bucket, StorageClass } from '@aws-cdk/aws-s3'; -test('s3 bucket with default params', () => { - const stack = new Stack(); - defaults.buildS3Bucket(stack, {}); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -test('s3 bucket with default params and bucket names', () => { - const stack = new Stack(); - const s3BucketProps: s3.BucketProps = { - bucketName: 'my-bucket' - }; - defaults.buildS3Bucket(stack, { - bucketProps: s3BucketProps - }); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('check exception for Missing existingBucketObj from props for deploy = false', () => { const stack = new Stack(); @@ -257,18 +240,6 @@ test('s3 bucket versioning turned off', () => { })); }); -test('s3 bucket and logging bucket withe delete removal policy', () => { - const stack = new Stack(); - - defaults.buildS3Bucket(stack, { - bucketProps: { - removalPolicy: RemovalPolicy.DESTROY, - } - }); - - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - test('s3 bucket versioning turned on', () => { const stack = new Stack(); diff --git a/source/patterns/@aws-solutions-constructs/core/test/s3-bucket.test.ts b/source/patterns/@aws-solutions-constructs/core/test/s3-bucket.test.ts index bf04f95c4..513fda070 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/s3-bucket.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/s3-bucket.test.ts @@ -11,29 +11,12 @@ * and limitations under the License. */ -import { SynthUtils } from '@aws-cdk/assert'; import { Duration, Stack } from '@aws-cdk/core'; import * as s3 from '@aws-cdk/aws-s3'; import * as kms from '@aws-cdk/aws-kms'; import * as defaults from '../index'; import { overrideProps } from '../lib/utils'; import '@aws-cdk/assert/jest'; -import { StorageClass } from '@aws-cdk/aws-s3'; - -test('s3 bucket with default params', () => { - const stack = new Stack(); - - /** Default Life Cycle policy to transition older versions to Glacier after 90 days */ - const lifecycleRules: s3.LifecycleRule[] = [{ - noncurrentVersionTransitions: [{ - storageClass: StorageClass.GLACIER, - transitionAfter: Duration.days(90) - }] - }]; - - new s3.Bucket(stack, 'test-s3-defaults', defaults.DefaultS3Props(undefined, lifecycleRules)); - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); test('test s3Bucket override versioningConfiguration', () => { const stack = new Stack(); diff --git a/source/patterns/@aws-solutions-constructs/core/test/sagemaker-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/sagemaker-helper.test.ts index 524efb383..42bc49e71 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/sagemaker-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/sagemaker-helper.test.ts @@ -16,26 +16,8 @@ import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; import * as ec2 from '@aws-cdk/aws-ec2'; import * as defaults from '../'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; -// -------------------------------------------------------------- -// Test minimal deployment with no properties -// -------------------------------------------------------------- -test('Test minimal deployment with no properties', () => { - // Stack - const stack = new Stack(); - const sagemakerRole = new iam.Role(stack, 'SagemakerRole', { - assumedBy: new iam.ServicePrincipal('sagemaker.amazonaws.com'), - }); - // Build Sagemaker Notebook Instance - defaults.buildSagemakerNotebook(stack, { - role: sagemakerRole, - }); - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test deployment with VPC // -------------------------------------------------------------- @@ -54,31 +36,12 @@ test('Test deployment with VPC', () => { role: sagemakerRole, }); // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(vpc?.privateSubnets.length).toEqual(2); expect(vpc?.publicSubnets.length).toEqual(2); expect(sagemaker.instanceType).toEqual('ml.t2.medium'); expect(sg).toBeInstanceOf(ec2.SecurityGroup); }); -// -------------------------------------------------------------- -// Test deployment witout VPC -// -------------------------------------------------------------- -test('Test deployment w/o VPC', () => { - // Stack - const stack = new Stack(); - const sagemakerRole = new iam.Role(stack, 'SagemakerRole', { - assumedBy: new iam.ServicePrincipal('sagemaker.amazonaws.com'), - }); - // Build Sagemaker Notebook Instance - defaults.buildSagemakerNotebook(stack, { - role: sagemakerRole, - deployInsideVpc: false, - }); - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test deployment in existing VPC // -------------------------------------------------------------- @@ -131,29 +94,6 @@ test('Test deployment w/ override', () => { }); }); -// ---------------------------------------------------------- -// Test deployment with existing Sagemaker Notebook instance -// ---------------------------------------------------------- -test('Test deployment with existing Sagemaker Notebook instance', () => { - // Stack - const stack = new Stack(); - const sagemakerRole = new iam.Role(stack, 'SagemakerRole', { - assumedBy: new iam.ServicePrincipal('sagemaker.amazonaws.com'), - }); - // Build Sagemaker Notebook Instance - const [noteBookInstance] = defaults.buildSagemakerNotebook(stack, { - role: sagemakerRole, - }); - - // Build Sagemaker Notebook Instance - defaults.buildSagemakerNotebook(stack, { - existingNotebookObj: noteBookInstance, - role: sagemakerRole, - }); - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test exception // -------------------------------------------------------------- @@ -176,167 +116,6 @@ test('Test exception', () => { }).toThrowError(); }); -// -------------------------------------------------------------------------------------- -// Test minimal deployment of Sagemaker Inference Endpoint no VPC using internal IAM role -// -------------------------------------------------------------------------------------- -test('Test minimal deployment with no properties using internal IAM role', () => { - // Stack - const stack = new Stack(); - // Build Sagemaker Inference Endpoint - defaults.BuildSagemakerEndpoint(stack, { - modelProps: { - primaryContainer: { - image: '.dkr.ecr..amazonaws.com/linear-learner:latest', - modelDataUrl: 's3:////model.tar.gz', - }, - }, - }); - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// ---------------------------------------------------------------- -// Test minimal deployment of Sagemaker Inference Endpoint with VPC -// ---------------------------------------------------------------- -test('Test minimal deployment of Sagemaker Inference Endpoint with VPC', () => { - // Stack - const stack = new Stack(); - - // create a VPC with required VPC S3 gateway and SAGEMAKER_RUNTIME Interface - const vpc = defaults.buildVpc(stack, { - defaultVpcProps: defaults.DefaultIsolatedVpcProps(), - constructVpcProps: { - enableDnsHostnames: true, - enableDnsSupport: true, - }, - }); - - // Add S3 VPC Gateway Endpint, required by Sagemaker to access Models artifacts via AWS private network - defaults.AddAwsServiceEndpoint(stack, vpc, defaults.ServiceEndpointTypes.S3); - // Add SAGEMAKER_RUNTIME VPC Interface Endpint, required by the lambda function to invoke the SageMaker endpoint - defaults.AddAwsServiceEndpoint(stack, vpc, defaults.ServiceEndpointTypes.SAGEMAKER_RUNTIME); - - // Build Sagemaker Inference Endpoint - defaults.BuildSagemakerEndpoint(stack, { - modelProps: { - primaryContainer: { - image: '.dkr.ecr..amazonaws.com/linear-learner:latest', - modelDataUrl: 's3:////model.tar.gz', - }, - }, - vpc, - }); - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// ------------------------------------------------------------------------- -// Test deployment of Sagemaker Inference Endpoint with properties overwrite -// ------------------------------------------------------------------------- -test('Test deployment of Sagemaker Inference Endpoint with properties overwrite', () => { - // Stack - const stack = new Stack(); - - // create a VPC with required VPC S3 gateway and SAGEMAKER_RUNTIME Interface - const vpc = defaults.buildVpc(stack, { - defaultVpcProps: defaults.DefaultIsolatedVpcProps(), - constructVpcProps: { - enableDnsHostnames: true, - enableDnsSupport: true, - }, - }); - - // Add S3 VPC Gateway Endpint, required by Sagemaker to access Models artifacts via AWS private network - defaults.AddAwsServiceEndpoint(stack, vpc, defaults.ServiceEndpointTypes.S3); - // Add SAGEMAKER_RUNTIME VPC Interface Endpint, required by the lambda function to invoke the SageMaker endpoint - defaults.AddAwsServiceEndpoint(stack, vpc, defaults.ServiceEndpointTypes.SAGEMAKER_RUNTIME); - - // create encryption key - const encryptionkey = new kms.Key(stack, 'MyEndpointConfigEncryptionKey'); - // Build Sagemaker Inference Endpoint - defaults.BuildSagemakerEndpoint(stack, { - modelProps: { - modelName: 'linear-learner-model', - primaryContainer: { - image: '.dkr.ecr..amazonaws.com/linear-learner:latest', - modelDataUrl: 's3:////model.tar.gz', - }, - }, - endpointConfigProps: { - endpointConfigName: 'linear-learner-endpoint-config', - productionVariants: [ - { - modelName: 'linear-learner-model', - initialInstanceCount: 1, - initialVariantWeight: 1.0, - instanceType: 'ml.m4.large', - variantName: 'AllTraffic', - acceleratorType: 'ml.eia2.medium', - }, - ], - kmsKeyId: encryptionkey.keyArn, - }, - endpointProps: { - endpointConfigName: 'linear-learner-endpoint-config', - endpointName: 'linear-learner-endpoint', - }, - vpc, - }); - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment of existing Sagemaker Endpoint -// -------------------------------------------------------------- -test('Test deployment of existing Sagemaker Endpoint', () => { - // Stack - const stack = new Stack(); - - const [sagemakerEndpoint] = defaults.deploySagemakerEndpoint(stack, { - modelProps: { - primaryContainer: { - image: '.dkr.ecr..amazonaws.com/linear-learner:latest', - modelDataUrl: 's3:////model.tar.gz', - }, - }, - }); - - // Build Sagemaker Inference Endpoint - defaults.BuildSagemakerEndpoint(stack, { - existingSagemakerEndpointObj: sagemakerEndpoint, - }); - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// ------------------------------------------------------------------------ -// Test deployment of sagemaker endpoint with a customer provided role -// ------------------------------------------------------------------------ -test('Test deployment of sagemaker endpoint with a customer provided role', () => { - // Stack - const stack = new Stack(); - // Create IAM Role to be assumed by Sagemaker - const sagemakerRole = new iam.Role(stack, 'SagemakerRole', { - assumedBy: new iam.ServicePrincipal('sagemaker.amazonaws.com'), - }); - sagemakerRole.addManagedPolicy(iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSageMakerFullAccess')); - - // Build Sagemaker Inference Endpoint - defaults.BuildSagemakerEndpoint(stack, { - modelProps: { - executionRoleArn: sagemakerRole.roleArn, - primaryContainer: { - image: '.dkr.ecr..amazonaws.com/linear-learner:latest', - modelDataUrl: 's3:////model.tar.gz', - }, - }, - }); - - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // --------------------------------------------------------------- // Test exception for not providing primaryContainer in modelProps // --------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/core/test/secretsmanager-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/secretsmanager-helper.test.ts index f8f4c18a8..c1bb5cd4e 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/secretsmanager-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/secretsmanager-helper.test.ts @@ -13,7 +13,7 @@ import {RemovalPolicy, Stack} from '@aws-cdk/core'; import * as defaults from '../'; -import {ResourcePart, SynthUtils} from '@aws-cdk/assert'; +import {ResourcePart} from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; const DESCRIPTION = 'test secret description'; @@ -27,9 +27,7 @@ test('Test minimal deployment with no properties', () => { const stack = new Stack(); // Helper declaration defaults.buildSecretsManagerSecret(stack, 'secret', {}); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike('AWS::SecretsManager::Secret', { Type: 'AWS::SecretsManager::Secret', UpdateReplacePolicy: 'Retain', diff --git a/source/patterns/@aws-solutions-constructs/core/test/security-group-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/security-group-helper.test.ts index e71a250c4..fb1e2d7bd 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/security-group-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/security-group-helper.test.ts @@ -13,7 +13,6 @@ import { Stack } from "@aws-cdk/core"; import * as defaults from "../"; -import { SynthUtils } from "@aws-cdk/assert"; import "@aws-cdk/assert/jest"; import * as ec2 from "@aws-cdk/aws-ec2"; @@ -38,9 +37,6 @@ test("Test minimal deployment with no properties", () => { [] ); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - expect(stack).toHaveResource("AWS::EC2::SecurityGroup", { SecurityGroupEgress: [ { @@ -70,9 +66,6 @@ test("Test deployment with ingress rules", () => { [] ); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - expect(stack).toHaveResource("AWS::EC2::SecurityGroup", { SecurityGroupIngress: [ { @@ -107,9 +100,6 @@ test("Test deployment with egress rule", () => { ] ); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - expect(stack).toHaveResource("AWS::EC2::SecurityGroup", { SecurityGroupEgress: [ { diff --git a/source/patterns/@aws-solutions-constructs/core/test/sns-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/sns-helper.test.ts index 6e8d07146..e6b264ebb 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/sns-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/sns-helper.test.ts @@ -14,7 +14,7 @@ // Imports import { Stack } from "@aws-cdk/core"; import * as defaults from '../'; -import { SynthUtils, expect as expectCDK, haveResource } from '@aws-cdk/assert'; +import { expect as expectCDK, haveResource } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; // -------------------------------------------------------------- @@ -25,9 +25,7 @@ test('Test deployment with no properties using AWS Managed KMS Key', () => { const stack = new Stack(); // Helper declaration defaults.buildTopic(stack, {}); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResource("AWS::SNS::Topic", { KmsMasterKeyId: { "Fn::Join": [ @@ -65,9 +63,7 @@ test('Test deployment without imported encryption key', () => { }, enableEncryptionWithCustomerManagedKey: true }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResource("AWS::SNS::Topic", { TopicName: "custom-topic" }); @@ -93,9 +89,7 @@ test('Test deployment w/ imported encryption key', () => { enableEncryptionWithCustomerManagedKey: true, encryptionKey: key }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResource("AWS::SNS::Topic", { KmsMasterKeyId: { "Fn::GetAtt": [ diff --git a/source/patterns/@aws-solutions-constructs/core/test/sqs-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/sqs-helper.test.ts index 4e3e0cf23..3e3670b2f 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/sqs-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/sqs-helper.test.ts @@ -14,112 +14,7 @@ // Imports import { Stack } from "@aws-cdk/core"; import * as defaults from '../'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; -import * as sqs from '@aws-cdk/aws-sqs'; - -// -------------------------------------------------------------- -// Test minimal deployment with no properties -// -------------------------------------------------------------- -test('Test minimal deployment with no properties', () => { - // Stack - const stack = new Stack(); - // Helper declaration - defaults.buildQueue(stack, 'primary-queue', {}); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test deployment w/ custom properties -// -------------------------------------------------------------- -test('Test deployment w/ custom properties', () => { - // Stack - const stack = new Stack(); - // Helper setup - const encKey = defaults.buildEncryptionKey(stack); - // Helper declaration - defaults.buildQueue(stack, 'primary-queue', { - queueProps: { - queueName: "custom-queue-props", - encryption: sqs.QueueEncryption.KMS, - encryptionMasterKey: encKey - } - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test dead letter queue deployment/configuration -// -------------------------------------------------------------- -test('Test dead letter queue deployment/configuration', () => { - // Stack - const stack = new Stack(); - // Helper setup - const encKey = defaults.buildEncryptionKey(stack); - // const [dlq] = defaults.buildQueue(stack, 'dead-letter-queue', {}); - const dlqi = defaults.buildDeadLetterQueue(stack, { - deployDeadLetterQueue: true, - maxReceiveCount: 3 - }); - // Helper declaration - defaults.buildQueue(stack, 'primary-queue', { - queueProps: { - queueName: "not-the-dead-letter-queue-props", - encryption: sqs.QueueEncryption.KMS, - encryptionMasterKey: encKey - }, - deadLetterQueue: dlqi - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test dead letter queue deployment/configuration w/o mrc -// -------------------------------------------------------------- -test('Test dead letter queue deployment/configuration w/o mrc', () => { - // Stack - const stack = new Stack(); - // Helper setup - const encKey = defaults.buildEncryptionKey(stack); - // const [dlq] = defaults.buildQueue(stack, 'dead-letter-queue', {}); - const dlqi = defaults.buildDeadLetterQueue(stack, { - deployDeadLetterQueue: true - }); - // Helper declaration - defaults.buildQueue(stack, 'primary-queue', { - queueProps: { - queueName: "not-the-dead-letter-queue-props", - encryption: sqs.QueueEncryption.KMS, - encryptionMasterKey: encKey - }, - deadLetterQueue: dlqi - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - -// -------------------------------------------------------------- -// Test existingQueueObj -// -------------------------------------------------------------- -test('Test existingQueueObj', () => { - // Stack - const stack = new Stack(); - // Helper setup - const [existingQueue] = defaults.buildQueue(stack, 'existing-queue', { - queueProps: { - queueName: 'existing-queue' - } - }); - // Helper declaration - defaults.buildQueue(stack, 'primary-queue', { - existingQueueObj: existingQueue - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); // -------------------------------------------------------------- // Test deployment w/ imported encryption key @@ -135,13 +30,10 @@ test('Test deployment w/ imported encryption key', () => { enableEncryptionWithCustomerManagedKey: true, encryptionKey: defaults.buildEncryptionKey(stack) }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResource("AWS::SQS::Queue", { QueueName: "existing-queue" }); - // Assertion 3 expect(stack).toHaveResource("AWS::KMS::Key", { EnableKeyRotation: true }); @@ -159,9 +51,7 @@ test('Test deployment without imported encryption key', () => { queueName: 'existing-queue' } }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResource("AWS::SQS::Queue", { QueueName: "existing-queue", KmsMasterKeyId: "alias/aws/sqs" diff --git a/source/patterns/@aws-solutions-constructs/core/test/ssm-string-parameter-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/ssm-string-parameter-helper.test.ts index 12ef59101..23db7fc8d 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/ssm-string-parameter-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/ssm-string-parameter-helper.test.ts @@ -13,7 +13,6 @@ import {Stack} from '@aws-cdk/core'; import * as defaults from '../'; -import {SynthUtils} from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import {ParameterType} from '@aws-cdk/aws-ssm'; @@ -26,9 +25,7 @@ test('Test minimal deployment with required properties', () => { // Helper declaration const parameterValue = "test-val"; defaults.buildSsmStringParameter(stack, 'parameterName', {stringValue: parameterValue}); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike('AWS::SSM::Parameter', { Type: 'String', Value: parameterValue @@ -48,9 +45,7 @@ test('Test minimal deployment with required properties', () => { stringValue: parameterValue, type: ParameterType.STRING_LIST, }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); - // Assertion 2 + expect(stack).toHaveResourceLike('AWS::SSM::Parameter', { Type: 'String', Value: parameterValue diff --git a/source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts index 1e84347d0..0d200a319 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/step-function-helper.test.ts @@ -14,27 +14,10 @@ // Imports import { Stack } from "@aws-cdk/core"; import * as defaults from '../'; -import { SynthUtils } from '@aws-cdk/assert'; import '@aws-cdk/assert/jest'; import * as sfn from '@aws-cdk/aws-stepfunctions'; import { buildLogGroup } from '../lib/cloudwatch-log-group-helper'; -// -------------------------------------------------------------- -// Test minimal deployment with no properties -// -------------------------------------------------------------- -test('Test minimal deployment with no properties', () => { - // Stack - const stack = new Stack(); - // Step function definition - const startState = new sfn.Pass(stack, 'StartState'); - // Build state machine - defaults.buildStateMachine(stack, { - definition: startState - }); - // Assertion 1 - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test deployment w/ custom properties // -------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/core/test/vpc-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/vpc-helper.test.ts index e56c2f38d..ae6497b17 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/vpc-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/vpc-helper.test.ts @@ -19,20 +19,6 @@ import '@aws-cdk/assert/jest'; import { AddAwsServiceEndpoint, ServiceEndpointTypes } from '../lib/vpc-helper'; import { DefaultPublicPrivateVpcProps, DefaultIsolatedVpcProps } from '../lib/vpc-defaults'; -// -------------------------------------------------------------- -// Test minimal Public/Private deployment with no properties -// -------------------------------------------------------------- -test('Test minimal deployment with no properties', () => { - // Stack - const stack = new Stack(); - // Build VPC - defaults.buildVpc(stack, { - defaultVpcProps: DefaultPublicPrivateVpcProps(), - }); - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test minimal Isolated deployment with no properties // -------------------------------------------------------------- @@ -43,8 +29,6 @@ test("Test minimal deployment with no properties", () => { defaults.buildVpc(stack, { defaultVpcProps: DefaultIsolatedVpcProps(), }); - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); expect(SynthUtils.toCloudFormation(stack)).toHaveResource('AWS::EC2::VPC', { EnableDnsHostnames: true, @@ -55,23 +39,6 @@ test("Test minimal deployment with no properties", () => { expect(SynthUtils.toCloudFormation(stack)).toCountResources('AWS::EC2::InternetGateway', 0); }); -// -------------------------------------------------------------- -// Test deployment w/ custom CIDR -// -------------------------------------------------------------- -test('Test deployment w/ custom CIDR', () => { - // Stack - const stack = new Stack(); - // Build VPC - defaults.buildVpc(stack, { - defaultVpcProps: DefaultPublicPrivateVpcProps(), - userVpcProps: { - cidr: '172.168.0.0/16', - }, - }); - // Assertion - expect(SynthUtils.toCloudFormation(stack)).toMatchSnapshot(); -}); - // -------------------------------------------------------------- // Test deployment w/ user provided custom properties // -------------------------------------------------------------- diff --git a/source/patterns/@aws-solutions-constructs/eslintrc.yml b/source/patterns/@aws-solutions-constructs/eslintrc.yml index 6dbd48011..d0c0e999a 100644 --- a/source/patterns/@aws-solutions-constructs/eslintrc.yml +++ b/source/patterns/@aws-solutions-constructs/eslintrc.yml @@ -34,6 +34,7 @@ rules: 'import/no-extraneous-dependencies': - error - devDependencies: # Only allow importing devDependencies from: + - '**/lib/**' # --> Due to CDK v2 which only requires modules from devDependencies - '**/test/**' # --> Unit tests - '**/utils.ts' # --> uses deepmerge optionalDependencies: false # Disallow importing optional dependencies (those shouldn't be in use in the project) diff --git a/source/tools/aws-cdk-migration/.gitignore b/source/tools/aws-cdk-migration/.gitignore new file mode 100644 index 000000000..fdfdd65c4 --- /dev/null +++ b/source/tools/aws-cdk-migration/.gitignore @@ -0,0 +1,12 @@ +*.js +*.js.map +*.d.ts +dist + +.LAST_BUILD +*.snk +.nyc_output +coverage +nyc.config.js +node_modules/ +package-lock.json \ No newline at end of file diff --git a/source/tools/aws-cdk-migration/.npmignore b/source/tools/aws-cdk-migration/.npmignore new file mode 100644 index 000000000..89a519f1e --- /dev/null +++ b/source/tools/aws-cdk-migration/.npmignore @@ -0,0 +1,9 @@ +# Don't include original .ts files when doing `npm pack` +*.ts +!*.d.ts +coverage +.nyc_output +*.tgz + +.LAST_BUILD +*.snk \ No newline at end of file diff --git a/source/tools/aws-cdk-migration/LICENSE b/source/tools/aws-cdk-migration/LICENSE new file mode 100644 index 000000000..28e4bdcec --- /dev/null +++ b/source/tools/aws-cdk-migration/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2018-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/source/tools/aws-cdk-migration/NOTICE b/source/tools/aws-cdk-migration/NOTICE new file mode 100644 index 000000000..5fc382692 --- /dev/null +++ b/source/tools/aws-cdk-migration/NOTICE @@ -0,0 +1,2 @@ +AWS Cloud Development Kit (AWS CDK) +Copyright 2018-2021 Amazon.com, Inc. or its affiliates. All Rights Reserved. diff --git a/source/tools/aws-cdk-migration/README.md b/source/tools/aws-cdk-migration/README.md new file mode 100644 index 000000000..7fd8b2ff7 --- /dev/null +++ b/source/tools/aws-cdk-migration/README.md @@ -0,0 +1,11 @@ +# aws-cdk-migration + +Migrate TypeScript `import` statements from modular CDK (i.e. `@aws-cdk/aws-s3`) to aws-cdk-lib (i.e. `aws-cdk-lib`), as well as imports of `Construct` from `@aws-cdk/core` to `constructs`. + +Usage: + +```shell +$ npx -p aws-cdk-migration rewrite-imports-v2 lib/**/*.ts +``` + +NOTE: `node_modules` and `*.d.ts` files are ignored. \ No newline at end of file diff --git a/source/tools/aws-cdk-migration/bin/rewrite-imports-v2 b/source/tools/aws-cdk-migration/bin/rewrite-imports-v2 new file mode 100755 index 000000000..ddc257a65 --- /dev/null +++ b/source/tools/aws-cdk-migration/bin/rewrite-imports-v2 @@ -0,0 +1,2 @@ +#!/usr/bin/env node +require('./rewrite-imports-v2.js'); \ No newline at end of file diff --git a/source/tools/aws-cdk-migration/bin/rewrite-imports-v2.ts b/source/tools/aws-cdk-migration/bin/rewrite-imports-v2.ts new file mode 100644 index 000000000..5dd7973a9 --- /dev/null +++ b/source/tools/aws-cdk-migration/bin/rewrite-imports-v2.ts @@ -0,0 +1,37 @@ +/* eslint-disable no-console */ +import * as fs from 'fs'; +import { promisify } from 'util'; +import * as _glob from 'glob'; + +import { rewriteImports } from '../lib/rewrite'; + +const glob = promisify(_glob); + +async function main() { + if (!process.argv[2]) { + console.error('usage: rewrite-imports **/*.ts'); + return; + } + + const ignore = [ + '**/*.d.ts', + 'node_modules/**', + ]; + + const args = process.argv.slice(2); + for (const arg of args) { + const files = await glob(arg, { ignore, matchBase: true }); + for (const file of files) { + const input = await fs.promises.readFile(file, { encoding: 'utf8' }); + const output = rewriteImports(input, file); + if (output.trim() !== input.trim()) { + await fs.promises.writeFile(file, output); + } + } + } +} + +main().catch(e => { + console.error(e.stack); + process.exit(1); +}); \ No newline at end of file diff --git a/source/tools/aws-cdk-migration/lib/rewrite.ts b/source/tools/aws-cdk-migration/lib/rewrite.ts new file mode 100644 index 000000000..0ee2ece35 --- /dev/null +++ b/source/tools/aws-cdk-migration/lib/rewrite.ts @@ -0,0 +1,294 @@ +import * as ts from 'typescript'; + +interface Import { + location: ts.StringLiteral; + value?: ts.Identifier | ts.NodeArray; +} + +interface Replacement { + original: ts.Node; + updated: string; +} + +/** + * Re-writes "hyper-modular" CDK imports (most packages in `@aws-cdk/*`) to the + * relevant "mono" CDK import path. The re-writing will only modify the imported + * library path, preserving the existing quote style, etc... + * + * Syntax errors in the source file being processed may cause some import + * statements to not be re-written. + * + * Supported import statement forms are: + * - `import * as lib from '@aws-cdk/lib';` + * - `import { Type } from '@aws-cdk/lib';` + * - `import '@aws-cdk/lib';` + * - `import lib = require('@aws-cdk/lib');` + * - `require('@aws-cdk/lib'); + * + * @param sourceText the source code where imports should be re-written. + * @param fileName a customized file name to provide the TypeScript processor. + * + * @returns the updated source code. + */ +export function rewriteImports(sourceText: string, fileName: string = 'index.ts'): string { + const sourceFile = ts.createSourceFile(fileName, sourceText, ts.ScriptTarget.ES2018); + + const replacements = new Array(); + + let lookForConstruct: { + searchName: string, + replacementName: string, + } | undefined; + + const visitor = (node: T): ts.VisitResult => { + const { location: moduleSpecifier, value: importedValue } = getModuleSpecifier(node) ?? {}; + if (moduleSpecifier) { + lookForConstruct = extractConstructImport(moduleSpecifier, importedValue, node, sourceFile, replacements); + replaceModuleLocation(moduleSpecifier, sourceFile, replacements); + } + + if (lookForConstruct) { + replaceConstruct(lookForConstruct, node, sourceFile, replacements); + } + + node.forEachChild(visitor); + + return undefined; + }; + + sourceFile.forEachChild(visitor); + + return executeReplacements(sourceFile, replacements); +} + +function getModuleSpecifier(node: ts.Node): Import | undefined { + if (ts.isImportDeclaration(node) && ts.isStringLiteral(node.moduleSpecifier)) { + // import { Type } from 'location'; + // import * as name from 'location'; + const location = node.moduleSpecifier; + if (node.importClause && node.importClause.namedBindings) { + if (ts.isNamespaceImport(node.importClause.namedBindings)) { + return { + location: location, + value: node.importClause.namedBindings.name, + }; + } else if (ts.isNamedImports(node.importClause.namedBindings)) { + return { + location: location, + value: node.importClause.namedBindings.elements, + }; + } + } else { + return { + location: location, + }; + } + } else if ( + ts.isImportEqualsDeclaration(node) + && ts.isExternalModuleReference(node.moduleReference) + && ts.isStringLiteral(node.moduleReference.expression) + ) { + // import name = require('location'); + return { + location: node.moduleReference.expression, + value: node.name, + }; + } else if ( + (ts.isCallExpression(node)) + && ts.isIdentifier(node.expression) + && node.expression.escapedText === 'require' + && node.arguments.length === 1 + ) { + // require('location'); + const argument = node.arguments[0]; + if (ts.isStringLiteral(argument)) { + return { + location: argument, + }; + } + } + return undefined; +} + +function extractConstructImport( + moduleSpecifier: ts.StringLiteral, + importedValue: ts.Identifier | ts.NodeArray | undefined, + node: ts.Node, + sourceFile: ts.SourceFile, + replacements: Replacement[], +): { searchName: string, replacementName: string } | undefined { + if (moduleSpecifier.text === '@aws-cdk/core' && importedValue) { + let constructImport: { searchName: string, replacementName: string, newImport: string } | undefined; + if (Array.isArray(importedValue)) { + // import { ..., Construct, ... } from '@aws-cdk/core'; + constructImport = extractBarrelConstructImport(importedValue, sourceFile, replacements); + } else if (ts.isIdentifier(importedValue as ts.Node)) { + // import * as cdk from '@aws-cdk/core'; + constructImport = extractNamespaceConstructImport(importedValue as ts.Identifier, node); + } + if (constructImport) { + addNewConstructImport(constructImport.newImport, node, sourceFile, replacements); + return { + searchName: constructImport.searchName, + replacementName: constructImport.replacementName, + }; + } + } + return undefined; +} + +function extractBarrelConstructImport( + importedNames: ts.NodeArray, + sourceFile: ts.SourceFile, + replacements: Replacement[], +): { searchName: string, replacementName: string, newImport: string } | undefined { + // if the imported name is an alias (`{ Construct as CoreConstruct }`), then `name` holds the alias and `propertyName` holds the original name + // if the imported name is not an alias (`{ Construct }`), then `name` holds the original name and `propertyName` is `undefined` + const constructName = importedNames.find((name) => (name.propertyName ?? name.name).text === 'Construct' || (name.propertyName ?? name.name).text === 'IConstruct'); + if (constructName) { + // remove the old import to avoid a name conflict + const constructIndex = importedNames.indexOf(constructName); + let importSpecifierStart = constructName.getStart(sourceFile); + let importSpecifierEnd = constructName.getEnd(); + // remove a leading or trailing comma, if they exist + if (constructIndex > 0) { + importSpecifierStart = importedNames[constructIndex - 1].getEnd(); + } else if (constructIndex < importedNames.length - 1) { + importSpecifierEnd = importedNames[constructIndex + 1].getStart(sourceFile); + } + replacements.push({ + original: { + getStart() { + return importSpecifierStart; + }, + getEnd() { + return importSpecifierEnd; + }, + } as ts.Node, + updated: '', + }); + + const aliasStatement = constructName.propertyName ? ` as ${constructName.name.text}` : ''; + + if (constructName.name.text === 'Construct') { + return { + searchName: constructName.name.text, + replacementName: constructName.name.text, + newImport: `import { Construct${aliasStatement} } from 'constructs';`, + }; + } else { + return { + searchName: constructName.name.text, + replacementName: constructName.name.text, + newImport: `import { IConstruct${aliasStatement} } from 'constructs';`, + }; + } + } + return undefined; +} + +function extractNamespaceConstructImport( + constructNamespace: ts.Identifier, + node: ts.Node, +): { searchName: string, replacementName: string, newImport: string } | undefined { + + // HACK + return undefined; + // HACK + + const searchName = `${(constructNamespace as ts.Identifier).text}.Construct`; + const replacementName = 'constructs.Construct'; + if (ts.isImportDeclaration(node)) { + return { + searchName, + replacementName, + newImport: 'import * as constructs from \'constructs\';', + }; + } else if (ts.isImportEqualsDeclaration(node)) { + return { + searchName, + replacementName, + newImport: 'import constructs = require(\'constructs\');', + }; + } else { + return undefined; + } +} + +function addNewConstructImport(newImport: string, node: ts.Node, sourceFile: ts.SourceFile, replacements: Replacement[]) { + // insert a new line and indent + const beginningLinePos = Array.from(sourceFile.getLineStarts()) + .reverse() + .find((start) => start <= node.getStart(sourceFile)) + ?? node.getStart(sourceFile); + const leadingSpaces = node.getStart(sourceFile) - beginningLinePos; + const newImportPrefix = `\n${' '.repeat(leadingSpaces)}`; + + replacements.push({ + original: { + getStart() { + return node.getEnd(); + }, + getEnd() { + return node.getEnd(); + }, + } as ts.Node, + updated: `${newImportPrefix}${newImport}`, + }); +} + +function replaceModuleLocation(moduleSpecifier: ts.StringLiteral, sourceFile: ts.SourceFile, replacements: Replacement[]) { + const newModuleLocation = updatedLocationOf(moduleSpecifier.text); + if (newModuleLocation) { + replacements.push({ + // keep the original quotation marks + original: { + getStart() { + return moduleSpecifier.getStart(sourceFile) + 1; + }, + getEnd() { + return moduleSpecifier.getEnd() - 1; + }, + } as ts.Node, + updated: newModuleLocation, + }); + } +} + +const MODULE_EXEMPTIONS = new Set([ + '@aws-cdk/cloudformation-diff', + '@aws-cdk/assert', + '@aws-cdk/assert/jest', +]); + +function updatedLocationOf(modulePath: string): string | undefined { + if (!modulePath.startsWith('@aws-cdk/') || MODULE_EXEMPTIONS.has(modulePath)) { + return undefined; + } else if (modulePath === '@aws-cdk/core') { + return 'aws-cdk-lib'; + } else { + return `aws-cdk-lib/${modulePath.substring(9)}`; + } +} + +function replaceConstruct( + { searchName, replacementName }: { searchName: string, replacementName: string }, + node: ts.Node, + sourceFile: ts.SourceFile, + replacements: Replacement[], +) { + if ((ts.isTypeReferenceNode(node) || ts.isPropertyAccessExpression(node)) && node.getText(sourceFile) === searchName) { + replacements.push({ original: node, updated: replacementName }); + } +} + +function executeReplacements(sourceFile: ts.SourceFile, replacements: Replacement[]): string { + let updatedSourceText = sourceFile.getFullText(); + // Applying replacements in reverse order, so node positions remain valid. + for (const replacement of replacements.sort(({ original: l }, { original: r }) => r.getStart(sourceFile) - l.getStart(sourceFile))) { + const prefix = updatedSourceText.substring(0, replacement.original.getStart(sourceFile)); + const suffix = updatedSourceText.substring(replacement.original.getEnd()); + updatedSourceText = prefix + replacement.updated + suffix; + } + return updatedSourceText; +} diff --git a/source/tools/aws-cdk-migration/package.json b/source/tools/aws-cdk-migration/package.json new file mode 100644 index 000000000..a6d550e27 --- /dev/null +++ b/source/tools/aws-cdk-migration/package.json @@ -0,0 +1,50 @@ +{ + "name": "aws-cdk-migration", + "private": true, + "version": "0.0.0", + "description": "Rewrites typescript 'import' statements from @aws-cdk/xxx to aws-cdk-lib", + "bin": { + "rewrite-imports-v2": "bin/rewrite-imports-v2" + }, + "main": "lib/rewrite.js", + "types": "lib/rewrite.d.ts", + "repository": { + "type": "git", + "url": "https://github.com/aws/aws-cdk.git", + "directory": "tools/aws-cdk-migration" + }, + "scripts": { + "build": "tsc -b .", + "watch": "tsc -b -w", + "lint": "tslint --project ." + }, + "author": { + "name": "Amazon Web Services", + "url": "https://aws.amazon.com", + "organization": true + }, + "license": "Apache-2.0", + "devDependencies": { + "@types/glob": "^7.1.3", + "@types/jest": "^26.0.23", + "@types/node": "^10.17.60", + "aws-cdk-lib": "2.0.0-rc.16", + "constructs": "^10.0.0" + }, + "dependencies": { + "glob": "^7.1.7", + "typescript": "~3.9.9" + }, + "keywords": [ + "aws", + "cdk" + ], + "homepage": "https://github.com/aws/aws-cdk", + "engines": { + "node": ">= 10.13.0 <13 || >=13.7.0" + }, + "peerDependencies": { + "aws-cdk-lib": "^2.0.0-rc.16", + "constructs": "^10.0.0" + } +} diff --git a/source/tools/aws-cdk-migration/tsconfig.json b/source/tools/aws-cdk-migration/tsconfig.json new file mode 100644 index 000000000..14499cd2a --- /dev/null +++ b/source/tools/aws-cdk-migration/tsconfig.json @@ -0,0 +1,20 @@ +{ + "compilerOptions": { + "target": "ES2018", + "module": "commonjs", + "lib": ["es2018"], + "strict": true, + "alwaysStrict": true, + "declaration": true, + "inlineSourceMap": true, + "inlineSources": true, + "noUnusedLocals": true, + "noUnusedParameters": true, + "noImplicitReturns": true, + "noFallthroughCasesInSwitch": true, + "resolveJsonModule": true, + "composite": true, + "incremental": true + }, + "include": ["**/*.ts"] +}