diff --git a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.all-service-addons.expected.json b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.all-service-addons.expected.json index 04e3fb87689fa..4f51a31f422dd 100644 --- a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.all-service-addons.expected.json +++ b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.all-service-addons.expected.json @@ -941,8 +941,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -972,30 +972,12 @@ ] } }, - { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*" - }, { "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "nametaskdefinitionenvoyLogGroup258B673B", - "Arn" - ] - } - }, - { - "Action": [ - "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": "*" @@ -1006,38 +988,32 @@ "logs:PutLogEvents" ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "nametaskdefinitionfirelensLogGroup80DDA60F", - "Arn" - ] - } - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "nametaskdefinitionxrayLogGroup4AF4CA37", - "Arn" - ] - } - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "nametaskdefinitioncloudwatchagentLogGroup78DDC685", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "nametaskdefinitioncloudwatchagentLogGroup78DDC685", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "nametaskdefinitionenvoyLogGroup258B673B", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "nametaskdefinitionfirelensLogGroup80DDA60F", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "nametaskdefinitionxrayLogGroup4AF4CA37", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -1814,8 +1790,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -1845,30 +1821,12 @@ ] } }, - { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "greetingtaskdefinitionenvoyLogGroup6556AC35", - "Arn" - ] - } - }, { "Action": [ - "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": "*" @@ -1879,38 +1837,32 @@ "logs:PutLogEvents" ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "greetingtaskdefinitionfirelensLogGroupD7A398A7", - "Arn" - ] - } - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "greetingtaskdefinitionxrayLogGroupD25C072D", - "Arn" - ] - } - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "greetingtaskdefinitioncloudwatchagentLogGroupCEF72742", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "greetingtaskdefinitioncloudwatchagentLogGroupCEF72742", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "greetingtaskdefinitionenvoyLogGroup6556AC35", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "greetingtaskdefinitionfirelensLogGroupD7A398A7", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "greetingtaskdefinitionxrayLogGroupD25C072D", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -2810,8 +2762,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -2841,30 +2793,12 @@ ] } }, - { - "Action": "ecr:GetAuthorizationToken", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "greetertaskdefinitionenvoyLogGroup6E10B93E", - "Arn" - ] - } - }, { "Action": [ - "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": "*" @@ -2875,38 +2809,32 @@ "logs:PutLogEvents" ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "greetertaskdefinitionfirelensLogGroupD5BAAC35", - "Arn" - ] - } - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "greetertaskdefinitionxrayLogGroupBC1558B6", - "Arn" - ] - } - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "greetertaskdefinitioncloudwatchagentLogGroupE7EAF327", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "greetertaskdefinitioncloudwatchagentLogGroupE7EAF327", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "greetertaskdefinitionenvoyLogGroup6E10B93E", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "greetertaskdefinitionfirelensLogGroupD5BAAC35", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "greetertaskdefinitionxrayLogGroupBC1558B6", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.assign-public-ip.expected.json b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.assign-public-ip.expected.json index e9de0e4c0f997..0ea88dfb2d4e9 100644 --- a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.assign-public-ip.expected.json +++ b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.assign-public-ip.expected.json @@ -511,9 +511,9 @@ "Statement": [ { "Action": [ - "sqs:SendMessage", "sqs:GetQueueAttributes", - "sqs:GetQueueUrl" + "sqs:GetQueueUrl", + "sqs:SendMessage" ], "Condition": { "ArnEquals": { @@ -538,9 +538,9 @@ }, { "Action": [ - "sqs:SendMessage", "sqs:GetQueueAttributes", - "sqs:GetQueueUrl" + "sqs:GetQueueUrl", + "sqs:SendMessage" ], "Condition": { "ArnEquals": { @@ -740,11 +740,11 @@ }, { "Action": [ - "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", "sqs:DeleteMessage", - "sqs:GetQueueAttributes" + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ReceiveMessage" ], "Effect": "Allow", "Resource": { @@ -757,17 +757,17 @@ { "Action": [ "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:ConditionCheckItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", + "dynamodb:PutItem", "dynamodb:Query", - "dynamodb:GetItem", "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:BatchWriteItem", - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - "dynamodb:DescribeTable" + "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": [ @@ -1074,7 +1074,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -1087,7 +1087,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -1100,7 +1100,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -1338,17 +1338,17 @@ "Type": "String", "Description": "Artifact hash for asset \"8f06a3db22794ebc7ff89b4745fd706afd46e17816fe46da72e5125cabae725d\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", diff --git a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.multiple-environments.expected.json b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.multiple-environments.expected.json index fa97c69cefc1c..ecee47c85b2a4 100644 --- a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.multiple-environments.expected.json +++ b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.multiple-environments.expected.json @@ -1306,18 +1306,26 @@ "logs:PutLogEvents" ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "nameproductionlogsD0BFFE8C", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "nameproductionlogsD0BFFE8C", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "nameproductiontaskdefinitionenvoyLogGroupF79A2732", + "Arn" + ] + } + ] }, { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -1351,19 +1359,6 @@ "Action": "ecr:GetAuthorizationToken", "Effect": "Allow", "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "nameproductiontaskdefinitionenvoyLogGroupF79A2732", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -1868,18 +1863,26 @@ "logs:PutLogEvents" ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "namedevelopmentlogs108670CC", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "namedevelopmentlogs108670CC", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "namedevelopmenttaskdefinitionenvoyLogGroupF8FCAFD6", + "Arn" + ] + } + ] }, { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -1913,19 +1916,6 @@ "Action": "ecr:GetAuthorizationToken", "Effect": "Allow", "Resource": "*" - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "namedevelopmenttaskdefinitionenvoyLogGroupF8FCAFD6", - "Arn" - ] - } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.publish-subscribe.expected.json b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.publish-subscribe.expected.json index 24cd1d0a4e434..34ffb8672f890 100644 --- a/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.publish-subscribe.expected.json +++ b/packages/@aws-cdk-containers/ecs-service-extensions/test/integ.publish-subscribe.expected.json @@ -548,16 +548,14 @@ { "Action": "sns:Publish", "Effect": "Allow", - "Resource": { - "Ref": "signupD2AAA171" - } - }, - { - "Action": "sns:Publish", - "Effect": "Allow", - "Resource": { - "Ref": "delete1CCE71FF" - } + "Resource": [ + { + "Ref": "delete1CCE71FF" + }, + { + "Ref": "signupD2AAA171" + } + ] } ], "Version": "2012-10-17" @@ -913,35 +911,27 @@ "Statement": [ { "Action": [ - "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", "sqs:DeleteMessage", - "sqs:GetQueueAttributes" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "EventsQueueB96EB0D2", - "Arn" - ] - } - }, - { - "Action": [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", + "sqs:GetQueueAttributes", "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes" + "sqs:ReceiveMessage" ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "signupqueue33AFF2E6", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "EventsQueueB96EB0D2", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "signupqueue33AFF2E6", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/app-delivery/test/integ.cicd.expected.json b/packages/@aws-cdk/app-delivery/test/integ.cicd.expected.json index 9d53a0d8b915c..fa3888cc26741 100644 --- a/packages/@aws-cdk/app-delivery/test/integ.cicd.expected.json +++ b/packages/@aws-cdk/app-delivery/test/integ.cicd.expected.json @@ -29,16 +29,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -67,22 +67,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "CodePipelineDeployChangeSetCodePipelineActionRoleB3BCDD8A", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "CodePipelineDeployExecuteCodePipelineActionRoleAE36AF49", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -334,8 +332,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -431,8 +429,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -471,4 +469,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-amplify/test/integ.app-asset-deployment.expected.json b/packages/@aws-cdk/aws-amplify/test/integ.app-asset-deployment.expected.json index 47b29583b6a21..2bd04571ffc91 100644 --- a/packages/@aws-cdk/aws-amplify/test/integ.app-asset-deployment.expected.json +++ b/packages/@aws-cdk/aws-amplify/test/integ.app-asset-deployment.expected.json @@ -1,52 +1,52 @@ { "Parameters": { - "AssetParameters76c74dffba7c3eb9a040dc95633eac403472969bf8a18831ac1cf243971c5bf7S3Bucket3C55BA0F": { + "AssetParameters8c89eadc6be22019c81ed6b9c7d9929ae10de55679fd8e0e9fd4c00f8edc1cdaS3Bucket83484C89": { "Type": "String", - "Description": "S3 bucket for asset \"76c74dffba7c3eb9a040dc95633eac403472969bf8a18831ac1cf243971c5bf7\"" + "Description": "S3 bucket for asset \"8c89eadc6be22019c81ed6b9c7d9929ae10de55679fd8e0e9fd4c00f8edc1cda\"" }, - "AssetParameters76c74dffba7c3eb9a040dc95633eac403472969bf8a18831ac1cf243971c5bf7S3VersionKeyE1E2D7D6": { + "AssetParameters8c89eadc6be22019c81ed6b9c7d9929ae10de55679fd8e0e9fd4c00f8edc1cdaS3VersionKey70C0B407": { "Type": "String", - "Description": "S3 key for asset version \"76c74dffba7c3eb9a040dc95633eac403472969bf8a18831ac1cf243971c5bf7\"" + "Description": "S3 key for asset version \"8c89eadc6be22019c81ed6b9c7d9929ae10de55679fd8e0e9fd4c00f8edc1cda\"" }, - "AssetParameters76c74dffba7c3eb9a040dc95633eac403472969bf8a18831ac1cf243971c5bf7ArtifactHashB1665559": { + "AssetParameters8c89eadc6be22019c81ed6b9c7d9929ae10de55679fd8e0e9fd4c00f8edc1cdaArtifactHash3A9285DE": { "Type": "String", - "Description": "Artifact hash for asset \"76c74dffba7c3eb9a040dc95633eac403472969bf8a18831ac1cf243971c5bf7\"" + "Description": "Artifact hash for asset \"8c89eadc6be22019c81ed6b9c7d9929ae10de55679fd8e0e9fd4c00f8edc1cda\"" }, - "AssetParametersff9527128e3cc60cee11deb3d533504348f62709c853288178d757494fd92c56S3Bucket7A871D89": { + "AssetParametersf4c3be09f3fcdd17ab851339f091bc78984d15e3f83e6883a31e2e034ad4cce6S3Bucket3E112CA5": { "Type": "String", - "Description": "S3 bucket for asset \"ff9527128e3cc60cee11deb3d533504348f62709c853288178d757494fd92c56\"" + "Description": "S3 bucket for asset \"f4c3be09f3fcdd17ab851339f091bc78984d15e3f83e6883a31e2e034ad4cce6\"" }, - "AssetParametersff9527128e3cc60cee11deb3d533504348f62709c853288178d757494fd92c56S3VersionKeyAACF81DD": { + "AssetParametersf4c3be09f3fcdd17ab851339f091bc78984d15e3f83e6883a31e2e034ad4cce6S3VersionKeyE9CF14C0": { "Type": "String", - "Description": "S3 key for asset version \"ff9527128e3cc60cee11deb3d533504348f62709c853288178d757494fd92c56\"" + "Description": "S3 key for asset version \"f4c3be09f3fcdd17ab851339f091bc78984d15e3f83e6883a31e2e034ad4cce6\"" }, - "AssetParametersff9527128e3cc60cee11deb3d533504348f62709c853288178d757494fd92c56ArtifactHash2A4E644A": { + "AssetParametersf4c3be09f3fcdd17ab851339f091bc78984d15e3f83e6883a31e2e034ad4cce6ArtifactHash3B9A157C": { "Type": "String", - "Description": "Artifact hash for asset \"ff9527128e3cc60cee11deb3d533504348f62709c853288178d757494fd92c56\"" + "Description": "Artifact hash for asset \"f4c3be09f3fcdd17ab851339f091bc78984d15e3f83e6883a31e2e034ad4cce6\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersa1ec2b3c34d7ba5b1816474781916bb1c8a8086a266e6d7cf88a0720b114d2ddS3Bucket456FC783": { + "AssetParameterse3304a59a46a1ac955511f11bdfe439a31c567da6faab8390ac987e9c9edff8aS3Bucket0A5FA7C6": { "Type": "String", - "Description": "S3 bucket for asset \"a1ec2b3c34d7ba5b1816474781916bb1c8a8086a266e6d7cf88a0720b114d2dd\"" + "Description": "S3 bucket for asset \"e3304a59a46a1ac955511f11bdfe439a31c567da6faab8390ac987e9c9edff8a\"" }, - "AssetParametersa1ec2b3c34d7ba5b1816474781916bb1c8a8086a266e6d7cf88a0720b114d2ddS3VersionKey4A933266": { + "AssetParameterse3304a59a46a1ac955511f11bdfe439a31c567da6faab8390ac987e9c9edff8aS3VersionKey657A1204": { "Type": "String", - "Description": "S3 key for asset version \"a1ec2b3c34d7ba5b1816474781916bb1c8a8086a266e6d7cf88a0720b114d2dd\"" + "Description": "S3 key for asset version \"e3304a59a46a1ac955511f11bdfe439a31c567da6faab8390ac987e9c9edff8a\"" }, - "AssetParametersa1ec2b3c34d7ba5b1816474781916bb1c8a8086a266e6d7cf88a0720b114d2ddArtifactHash7857C55E": { + "AssetParameterse3304a59a46a1ac955511f11bdfe439a31c567da6faab8390ac987e9c9edff8aArtifactHash065BBA17": { "Type": "String", - "Description": "Artifact hash for asset \"a1ec2b3c34d7ba5b1816474781916bb1c8a8086a266e6d7cf88a0720b114d2dd\"" + "Description": "Artifact hash for asset \"e3304a59a46a1ac955511f11bdfe439a31c567da6faab8390ac987e9c9edff8a\"" } }, "Resources": { @@ -123,7 +123,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters76c74dffba7c3eb9a040dc95633eac403472969bf8a18831ac1cf243971c5bf7S3VersionKeyE1E2D7D6" + "Ref": "AssetParameters8c89eadc6be22019c81ed6b9c7d9929ae10de55679fd8e0e9fd4c00f8edc1cdaS3VersionKey70C0B407" } ] } @@ -136,7 +136,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters76c74dffba7c3eb9a040dc95633eac403472969bf8a18831ac1cf243971c5bf7S3VersionKeyE1E2D7D6" + "Ref": "AssetParameters8c89eadc6be22019c81ed6b9c7d9929ae10de55679fd8e0e9fd4c00f8edc1cdaS3VersionKey70C0B407" } ] } @@ -146,7 +146,7 @@ ] }, "S3BucketName": { - "Ref": "AssetParameters76c74dffba7c3eb9a040dc95633eac403472969bf8a18831ac1cf243971c5bf7S3Bucket3C55BA0F" + "Ref": "AssetParameters8c89eadc6be22019c81ed6b9c7d9929ae10de55679fd8e0e9fd4c00f8edc1cdaS3Bucket83484C89" } }, "UpdateReplacePolicy": "Delete", @@ -169,7 +169,7 @@ }, "/", { - "Ref": "AssetParametersa1ec2b3c34d7ba5b1816474781916bb1c8a8086a266e6d7cf88a0720b114d2ddS3Bucket456FC783" + "Ref": "AssetParameterse3304a59a46a1ac955511f11bdfe439a31c567da6faab8390ac987e9c9edff8aS3Bucket0A5FA7C6" }, "/", { @@ -179,7 +179,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersa1ec2b3c34d7ba5b1816474781916bb1c8a8086a266e6d7cf88a0720b114d2ddS3VersionKey4A933266" + "Ref": "AssetParameterse3304a59a46a1ac955511f11bdfe439a31c567da6faab8390ac987e9c9edff8aS3VersionKey657A1204" } ] } @@ -192,7 +192,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersa1ec2b3c34d7ba5b1816474781916bb1c8a8086a266e6d7cf88a0720b114d2ddS3VersionKey4A933266" + "Ref": "AssetParameterse3304a59a46a1ac955511f11bdfe439a31c567da6faab8390ac987e9c9edff8aS3VersionKey657A1204" } ] } @@ -202,17 +202,17 @@ ] }, "Parameters": { - "referencetocdkamplifyappassetdeploymentAssetParametersff9527128e3cc60cee11deb3d533504348f62709c853288178d757494fd92c56S3BucketA0EDA7B5Ref": { - "Ref": "AssetParametersff9527128e3cc60cee11deb3d533504348f62709c853288178d757494fd92c56S3Bucket7A871D89" + "referencetocdkamplifyappassetdeploymentAssetParametersf4c3be09f3fcdd17ab851339f091bc78984d15e3f83e6883a31e2e034ad4cce6S3Bucket3462E0F4Ref": { + "Ref": "AssetParametersf4c3be09f3fcdd17ab851339f091bc78984d15e3f83e6883a31e2e034ad4cce6S3Bucket3E112CA5" }, - "referencetocdkamplifyappassetdeploymentAssetParametersff9527128e3cc60cee11deb3d533504348f62709c853288178d757494fd92c56S3VersionKeyD32C918ARef": { - "Ref": "AssetParametersff9527128e3cc60cee11deb3d533504348f62709c853288178d757494fd92c56S3VersionKeyAACF81DD" + "referencetocdkamplifyappassetdeploymentAssetParametersf4c3be09f3fcdd17ab851339f091bc78984d15e3f83e6883a31e2e034ad4cce6S3VersionKey4934CDF2Ref": { + "Ref": "AssetParametersf4c3be09f3fcdd17ab851339f091bc78984d15e3f83e6883a31e2e034ad4cce6S3VersionKeyE9CF14C0" }, - "referencetocdkamplifyappassetdeploymentAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketA5B3B03BRef": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetocdkamplifyappassetdeploymentAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket2F32F802Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetocdkamplifyappassetdeploymentAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey61CE3542Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetocdkamplifyappassetdeploymentAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKey3B80829BRef": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.iam.expected.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.iam.expected.json index be1c18a7e49f7..4993cbdffad53 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.iam.expected.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.iam.expected.json @@ -11,50 +11,48 @@ { "Action": "execute-api:Invoke", "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "HttpApiF5A9A8A7" - }, - "/*/*/foo" + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:aws:execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "HttpApiF5A9A8A7" + }, + "/*/*/books/*" + ] ] - ] - } - }, - { - "Action": "execute-api:Invoke", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:aws:execute-api:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":", - { - "Ref": "HttpApiF5A9A8A7" - }, - "/*/*/books/*" + }, + { + "Fn::Join": [ + "", + [ + "arn:aws:execute-api:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":", + { + "Ref": "HttpApiF5A9A8A7" + }, + "/*/*/foo" + ] ] - ] - } + } + ] } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.lambda.expected.json b/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.lambda.expected.json index 921b4b1876d8f..1f4a0445f9243 100644 --- a/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.lambda.expected.json +++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/http/integ.lambda.expected.json @@ -209,7 +209,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters7f2fe4e4fa40a84f0f773203f5c5fdaac31c80ce42c5185ed2659a049db03043S3BucketC7E46972" + "Ref": "AssetParameters74589072567ba0ad5a12f277a47a8c3b7b5151e9290901fae0a4ce72fe7e3a3aS3Bucket7FA0095F" }, "S3Key": { "Fn::Join": [ @@ -222,7 +222,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters7f2fe4e4fa40a84f0f773203f5c5fdaac31c80ce42c5185ed2659a049db03043S3VersionKeyA8ECA032" + "Ref": "AssetParameters74589072567ba0ad5a12f277a47a8c3b7b5151e9290901fae0a4ce72fe7e3a3aS3VersionKeyC54BEE58" } ] } @@ -235,7 +235,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters7f2fe4e4fa40a84f0f773203f5c5fdaac31c80ce42c5185ed2659a049db03043S3VersionKeyA8ECA032" + "Ref": "AssetParameters74589072567ba0ad5a12f277a47a8c3b7b5151e9290901fae0a4ce72fe7e3a3aS3VersionKeyC54BEE58" } ] } @@ -345,17 +345,17 @@ } }, "Parameters": { - "AssetParameters7f2fe4e4fa40a84f0f773203f5c5fdaac31c80ce42c5185ed2659a049db03043S3BucketC7E46972": { + "AssetParameters74589072567ba0ad5a12f277a47a8c3b7b5151e9290901fae0a4ce72fe7e3a3aS3Bucket7FA0095F": { "Type": "String", - "Description": "S3 bucket for asset \"7f2fe4e4fa40a84f0f773203f5c5fdaac31c80ce42c5185ed2659a049db03043\"" + "Description": "S3 bucket for asset \"74589072567ba0ad5a12f277a47a8c3b7b5151e9290901fae0a4ce72fe7e3a3a\"" }, - "AssetParameters7f2fe4e4fa40a84f0f773203f5c5fdaac31c80ce42c5185ed2659a049db03043S3VersionKeyA8ECA032": { + "AssetParameters74589072567ba0ad5a12f277a47a8c3b7b5151e9290901fae0a4ce72fe7e3a3aS3VersionKeyC54BEE58": { "Type": "String", - "Description": "S3 key for asset version \"7f2fe4e4fa40a84f0f773203f5c5fdaac31c80ce42c5185ed2659a049db03043\"" + "Description": "S3 key for asset version \"74589072567ba0ad5a12f277a47a8c3b7b5151e9290901fae0a4ce72fe7e3a3a\"" }, - "AssetParameters7f2fe4e4fa40a84f0f773203f5c5fdaac31c80ce42c5185ed2659a049db03043ArtifactHashE679D99A": { + "AssetParameters74589072567ba0ad5a12f277a47a8c3b7b5151e9290901fae0a4ce72fe7e3a3aArtifactHash06752181": { "Type": "String", - "Description": "Artifact hash for asset \"7f2fe4e4fa40a84f0f773203f5c5fdaac31c80ce42c5185ed2659a049db03043\"" + "Description": "Artifact hash for asset \"74589072567ba0ad5a12f277a47a8c3b7b5151e9290901fae0a4ce72fe7e3a3a\"" }, "AssetParameters1fd1c15cb7d5e2e36a11745fd10b4b7c3ca8eb30642b41954630413d2b913cdaS3Bucket2E6D85D3": { "Type": "String", diff --git a/packages/@aws-cdk/aws-apprunner/test/integ.service.expected.json b/packages/@aws-cdk/aws-apprunner/test/integ.service.expected.json index ed37fa7666d4c..9ca183c3ca56a 100644 --- a/packages/@aws-cdk/aws-apprunner/test/integ.service.expected.json +++ b/packages/@aws-cdk/aws-apprunner/test/integ.service.expected.json @@ -46,8 +46,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -153,8 +153,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-appsync/test/integ.api-import.expected.json b/packages/@aws-cdk/aws-appsync/test/integ.api-import.expected.json index 269f986d16838..496d000a2d3b3 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.api-import.expected.json +++ b/packages/@aws-cdk/aws-appsync/test/integ.api-import.expected.json @@ -76,17 +76,17 @@ { "Action": [ "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:ConditionCheckItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", + "dynamodb:PutItem", "dynamodb:Query", - "dynamodb:GetItem", "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:BatchWriteItem", - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - "dynamodb:DescribeTable" + "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": [ diff --git a/packages/@aws-cdk/aws-appsync/test/integ.auth-apikey.expected.json b/packages/@aws-cdk/aws-appsync/test/integ.auth-apikey.expected.json index 2eb81b6793f66..5a00755f91307 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.auth-apikey.expected.json +++ b/packages/@aws-cdk/aws-appsync/test/integ.auth-apikey.expected.json @@ -59,17 +59,17 @@ { "Action": [ "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:ConditionCheckItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", + "dynamodb:PutItem", "dynamodb:Query", - "dynamodb:GetItem", "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:BatchWriteItem", - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - "dynamodb:DescribeTable" + "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": [ diff --git a/packages/@aws-cdk/aws-appsync/test/integ.graphql-elasticsearch.expected.json b/packages/@aws-cdk/aws-appsync/test/integ.graphql-elasticsearch.expected.json index 22e64957700e9..f425d5be9a287 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.graphql-elasticsearch.expected.json +++ b/packages/@aws-cdk/aws-appsync/test/integ.graphql-elasticsearch.expected.json @@ -105,12 +105,12 @@ "Statement": [ { "Action": [ + "es:ESHttpDelete", "es:ESHttpGet", "es:ESHttpHead", - "es:ESHttpDelete", + "es:ESHttpPatch", "es:ESHttpPost", - "es:ESHttpPut", - "es:ESHttpPatch" + "es:ESHttpPut" ], "Effect": "Allow", "Resource": [ diff --git a/packages/@aws-cdk/aws-appsync/test/integ.graphql-iam.expected.json b/packages/@aws-cdk/aws-appsync/test/integ.graphql-iam.expected.json index 91af2e3102a2a..2077eae3e3308 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.graphql-iam.expected.json +++ b/packages/@aws-cdk/aws-appsync/test/integ.graphql-iam.expected.json @@ -90,17 +90,17 @@ { "Action": [ "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:ConditionCheckItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", + "dynamodb:PutItem", "dynamodb:Query", - "dynamodb:GetItem", "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:BatchWriteItem", - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - "dynamodb:DescribeTable" + "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": [ @@ -292,64 +292,62 @@ { "Action": "appsync:GraphQL", "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":appsync:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":apis/", - { - "Fn::GetAtt": [ - "ApiF70053CD", - "ApiId" - ] - }, - "/types/test/*" + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":appsync:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":apis/", + { + "Fn::GetAtt": [ + "ApiF70053CD", + "ApiId" + ] + }, + "/types/Mutation/fields/addTest" + ] ] - ] - } - }, - { - "Action": "appsync:GraphQL", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":appsync:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":apis/", - { - "Fn::GetAtt": [ - "ApiF70053CD", - "ApiId" - ] - }, - "/types/Mutation/fields/addTest" + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":appsync:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":apis/", + { + "Fn::GetAtt": [ + "ApiF70053CD", + "ApiId" + ] + }, + "/types/test/*" + ] ] - ] - } + } + ] } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.expected.json b/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.expected.json index 9de84b5ba5944..1977b2d346896 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.expected.json +++ b/packages/@aws-cdk/aws-appsync/test/integ.graphql-opensearch.expected.json @@ -105,12 +105,12 @@ "Statement": [ { "Action": [ + "es:ESHttpDelete", "es:ESHttpGet", "es:ESHttpHead", - "es:ESHttpDelete", + "es:ESHttpPatch", "es:ESHttpPost", - "es:ESHttpPut", - "es:ESHttpPatch" + "es:ESHttpPut" ], "Effect": "Allow", "Resource": [ diff --git a/packages/@aws-cdk/aws-appsync/test/integ.graphql-schema.expected.json b/packages/@aws-cdk/aws-appsync/test/integ.graphql-schema.expected.json index 44c75a74f0f8f..37f1d635fd1a0 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.graphql-schema.expected.json +++ b/packages/@aws-cdk/aws-appsync/test/integ.graphql-schema.expected.json @@ -58,17 +58,17 @@ { "Action": [ "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:ConditionCheckItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", + "dynamodb:PutItem", "dynamodb:Query", - "dynamodb:GetItem", "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:BatchWriteItem", - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - "dynamodb:DescribeTable" + "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": [ diff --git a/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json b/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json index ca8ee1a1c7b5b..ac78e134f2fd7 100644 --- a/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json +++ b/packages/@aws-cdk/aws-appsync/test/integ.graphql.expected.json @@ -138,17 +138,17 @@ { "Action": [ "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:ConditionCheckItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", + "dynamodb:PutItem", "dynamodb:Query", - "dynamodb:GetItem", "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:BatchWriteItem", - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - "dynamodb:DescribeTable" + "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": [ @@ -352,17 +352,17 @@ { "Action": [ "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:ConditionCheckItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", + "dynamodb:PutItem", "dynamodb:Query", - "dynamodb:GetItem", "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:BatchWriteItem", - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - "dynamodb:DescribeTable" + "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": [ @@ -745,17 +745,17 @@ { "Action": [ "dynamodb:BatchGetItem", + "dynamodb:BatchWriteItem", + "dynamodb:ConditionCheckItem", + "dynamodb:DeleteItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", + "dynamodb:PutItem", "dynamodb:Query", - "dynamodb:GetItem", "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:BatchWriteItem", - "dynamodb:PutItem", - "dynamodb:UpdateItem", - "dynamodb:DeleteItem", - "dynamodb:DescribeTable" + "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": [ diff --git a/packages/@aws-cdk/aws-chatbot/test/integ.chatbot-logretention.expected.json b/packages/@aws-cdk/aws-chatbot/test/integ.chatbot-logretention.expected.json index c6d56914ef5a3..894a8938f900f 100644 --- a/packages/@aws-cdk/aws-chatbot/test/integ.chatbot-logretention.expected.json +++ b/packages/@aws-cdk/aws-chatbot/test/integ.chatbot-logretention.expected.json @@ -63,8 +63,8 @@ ] }, "LogGroupName": "/aws/chatbot/test-channel", - "RetentionInDays": 30, - "LogGroupRegion": "us-east-1" + "LogGroupRegion": "us-east-1", + "RetentionInDays": 30 } }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { @@ -105,8 +105,8 @@ "Statement": [ { "Action": [ - "logs:PutRetentionPolicy", - "logs:DeleteRetentionPolicy" + "logs:DeleteRetentionPolicy", + "logs:PutRetentionPolicy" ], "Effect": "Allow", "Resource": "*" @@ -125,9 +125,11 @@ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { "Type": "AWS::Lambda::Function", "Properties": { + "Handler": "index.handler", + "Runtime": "nodejs14.x", "Code": { "S3Bucket": { - "Ref": "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147S3BucketAE1150B3" + "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3Bucket0D8A173B" }, "S3Key": { "Fn::Join": [ @@ -140,7 +142,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147S3VersionKeyC76660C1" + "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332" } ] } @@ -153,7 +155,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147S3VersionKeyC76660C1" + "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332" } ] } @@ -163,14 +165,12 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", "Arn" ] - }, - "Runtime": "nodejs14.x" + } }, "DependsOn": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", @@ -179,17 +179,17 @@ } }, "Parameters": { - "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147S3BucketAE1150B3": { + "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3Bucket0D8A173B": { "Type": "String", - "Description": "S3 bucket for asset \"884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147\"" + "Description": "S3 bucket for asset \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\"" }, - "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147S3VersionKeyC76660C1": { + "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332": { "Type": "String", - "Description": "S3 key for asset version \"884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147\"" + "Description": "S3 key for asset version \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\"" }, - "AssetParameters884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147ArtifactHash717FC602": { + "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665ArtifactHashF4A1E70E": { "Type": "String", - "Description": "Artifact hash for asset \"884431e2bc651d2b61bd699a29dc9684b0f66911f06bd3ed0635f854bf18e147\"" + "Description": "Artifact hash for asset \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\"" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudformation/test/integ.core-custom-resources.expected.json b/packages/@aws-cdk/aws-cloudformation/test/integ.core-custom-resources.expected.json index e5db15d48809b..8c3fc43456cb2 100644 --- a/packages/@aws-cdk/aws-cloudformation/test/integ.core-custom-resources.expected.json +++ b/packages/@aws-cdk/aws-cloudformation/test/integ.core-custom-resources.expected.json @@ -27,7 +27,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters925e7fbbec7bdbf0136ef5a07b8a0fbe0b1f1bb4ea50ae2154163df78aa9f226S3Bucket8B4D0E9E" + "Ref": "AssetParametersf668ac061a3c96c2a1ff8d441720965e8a44caf19c1c7efb7e648e51d0f742b2S3Bucket583D2319" }, "S3Key": { "Fn::Join": [ @@ -40,7 +40,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters925e7fbbec7bdbf0136ef5a07b8a0fbe0b1f1bb4ea50ae2154163df78aa9f226S3VersionKeyDECB34FE" + "Ref": "AssetParametersf668ac061a3c96c2a1ff8d441720965e8a44caf19c1c7efb7e648e51d0f742b2S3VersionKey9E55A55A" } ] } @@ -53,7 +53,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters925e7fbbec7bdbf0136ef5a07b8a0fbe0b1f1bb4ea50ae2154163df78aa9f226S3VersionKeyDECB34FE" + "Ref": "AssetParametersf668ac061a3c96c2a1ff8d441720965e8a44caf19c1c7efb7e648e51d0f742b2S3VersionKey9E55A55A" } ] } @@ -99,17 +99,17 @@ } }, "Parameters": { - "AssetParameters925e7fbbec7bdbf0136ef5a07b8a0fbe0b1f1bb4ea50ae2154163df78aa9f226S3Bucket8B4D0E9E": { + "AssetParametersf668ac061a3c96c2a1ff8d441720965e8a44caf19c1c7efb7e648e51d0f742b2S3Bucket583D2319": { "Type": "String", - "Description": "S3 bucket for asset \"925e7fbbec7bdbf0136ef5a07b8a0fbe0b1f1bb4ea50ae2154163df78aa9f226\"" + "Description": "S3 bucket for asset \"f668ac061a3c96c2a1ff8d441720965e8a44caf19c1c7efb7e648e51d0f742b2\"" }, - "AssetParameters925e7fbbec7bdbf0136ef5a07b8a0fbe0b1f1bb4ea50ae2154163df78aa9f226S3VersionKeyDECB34FE": { + "AssetParametersf668ac061a3c96c2a1ff8d441720965e8a44caf19c1c7efb7e648e51d0f742b2S3VersionKey9E55A55A": { "Type": "String", - "Description": "S3 key for asset version \"925e7fbbec7bdbf0136ef5a07b8a0fbe0b1f1bb4ea50ae2154163df78aa9f226\"" + "Description": "S3 key for asset version \"f668ac061a3c96c2a1ff8d441720965e8a44caf19c1c7efb7e648e51d0f742b2\"" }, - "AssetParameters925e7fbbec7bdbf0136ef5a07b8a0fbe0b1f1bb4ea50ae2154163df78aa9f226ArtifactHashEEC400F2": { + "AssetParametersf668ac061a3c96c2a1ff8d441720965e8a44caf19c1c7efb7e648e51d0f742b2ArtifactHashD6C9265F": { "Type": "String", - "Description": "Artifact hash for asset \"925e7fbbec7bdbf0136ef5a07b8a0fbe0b1f1bb4ea50ae2154163df78aa9f226\"" + "Description": "Artifact hash for asset \"f668ac061a3c96c2a1ff8d441720965e8a44caf19c1c7efb7e648e51d0f742b2\"" } }, "Outputs": { @@ -135,4 +135,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json index eb45a5dd3192d..8759a3b629e14 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.cloudfront-lambda-association.expected.json @@ -14,14 +14,10 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "lambda.amazonaws.com" - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "edgelambda.amazonaws.com" + "Service": [ + "edgelambda.amazonaws.com", + "lambda.amazonaws.com" + ] } } ], @@ -49,13 +45,13 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "LambdaServiceRoleA8ED4D3B", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda-cross-region.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda-cross-region.expected.json index bc5f2284b77ca..6558d75227882 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda-cross-region.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda-cross-region.expected.json @@ -76,7 +76,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters45b7ed524ce2b119dd4f2b8642ae8bfaf0df45bc6bd705072ae4ee6d1a999241S3BucketF1BC72A7" + "Ref": "AssetParameterse718f39096261b3e336dd6d896baabf1049bb1938cb1865de1b5e576cb57376aS3BucketA88C096E" }, "S3Key": { "Fn::Join": [ @@ -89,7 +89,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters45b7ed524ce2b119dd4f2b8642ae8bfaf0df45bc6bd705072ae4ee6d1a999241S3VersionKey7AD83AC7" + "Ref": "AssetParameterse718f39096261b3e336dd6d896baabf1049bb1938cb1865de1b5e576cb57376aS3VersionKeyF63BD825" } ] } @@ -102,7 +102,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters45b7ed524ce2b119dd4f2b8642ae8bfaf0df45bc6bd705072ae4ee6d1a999241S3VersionKey7AD83AC7" + "Ref": "AssetParameterse718f39096261b3e336dd6d896baabf1049bb1938cb1865de1b5e576cb57376aS3VersionKeyF63BD825" } ] } @@ -190,17 +190,17 @@ } }, "Parameters": { - "AssetParameters45b7ed524ce2b119dd4f2b8642ae8bfaf0df45bc6bd705072ae4ee6d1a999241S3BucketF1BC72A7": { + "AssetParameterse718f39096261b3e336dd6d896baabf1049bb1938cb1865de1b5e576cb57376aS3BucketA88C096E": { "Type": "String", - "Description": "S3 bucket for asset \"45b7ed524ce2b119dd4f2b8642ae8bfaf0df45bc6bd705072ae4ee6d1a999241\"" + "Description": "S3 bucket for asset \"e718f39096261b3e336dd6d896baabf1049bb1938cb1865de1b5e576cb57376a\"" }, - "AssetParameters45b7ed524ce2b119dd4f2b8642ae8bfaf0df45bc6bd705072ae4ee6d1a999241S3VersionKey7AD83AC7": { + "AssetParameterse718f39096261b3e336dd6d896baabf1049bb1938cb1865de1b5e576cb57376aS3VersionKeyF63BD825": { "Type": "String", - "Description": "S3 key for asset version \"45b7ed524ce2b119dd4f2b8642ae8bfaf0df45bc6bd705072ae4ee6d1a999241\"" + "Description": "S3 key for asset version \"e718f39096261b3e336dd6d896baabf1049bb1938cb1865de1b5e576cb57376a\"" }, - "AssetParameters45b7ed524ce2b119dd4f2b8642ae8bfaf0df45bc6bd705072ae4ee6d1a999241ArtifactHash1B3D1B80": { + "AssetParameterse718f39096261b3e336dd6d896baabf1049bb1938cb1865de1b5e576cb57376aArtifactHashE4754D11": { "Type": "String", - "Description": "Artifact hash for asset \"45b7ed524ce2b119dd4f2b8642ae8bfaf0df45bc6bd705072ae4ee6d1a999241\"" + "Description": "Artifact hash for asset \"e718f39096261b3e336dd6d896baabf1049bb1938cb1865de1b5e576cb57376a\"" } } }, @@ -215,14 +215,10 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "lambda.amazonaws.com" - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "edgelambda.amazonaws.com" + "Service": [ + "edgelambda.amazonaws.com", + "lambda.amazonaws.com" + ] } } ], @@ -309,14 +305,10 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "lambda.amazonaws.com" - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "edgelambda.amazonaws.com" + "Service": [ + "edgelambda.amazonaws.com", + "lambda.amazonaws.com" + ] } } ], diff --git a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json index 44ad319c62a4b..d87415745eed9 100644 --- a/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json +++ b/packages/@aws-cdk/aws-cloudfront/test/integ.distribution-lambda.expected.json @@ -9,14 +9,10 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "lambda.amazonaws.com" - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "edgelambda.amazonaws.com" + "Service": [ + "edgelambda.amazonaws.com", + "lambda.amazonaws.com" + ] } } ], @@ -44,13 +40,13 @@ "Code": { "ZipFile": "foo" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "LambdaServiceRoleA8ED4D3B", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -99,4 +95,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json index 86773e090a9fe..e115d5360fee6 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json +++ b/packages/@aws-cdk/aws-cloudtrail/test/integ.cloudtrail-supplied-bucket.lit.expected.json @@ -42,13 +42,13 @@ "Code": { "ZipFile": "exports.handler = {}" }, - "Handler": "hello.handler", "Role": { "Fn::GetAtt": [ "LambdaFunctionServiceRoleC555A460", "Arn" ] }, + "Handler": "hello.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.aws-deep-learning-container-build-image.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.aws-deep-learning-container-build-image.expected.json index 745a6588da5fb..64a8873d3f1d4 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.aws-deep-learning-container-build-image.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.aws-deep-learning-container-build-image.expected.json @@ -49,7 +49,8 @@ ":log-group:/aws/codebuild/", { "Ref": "ProjectC78D97AD" - } + }, + ":*" ] ] }, @@ -72,8 +73,7 @@ ":log-group:/aws/codebuild/", { "Ref": "ProjectC78D97AD" - }, - ":*" + } ] ] } @@ -81,11 +81,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -116,8 +116,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.caching.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.caching.expected.json index d98388270cec6..7190b590998a0 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.caching.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.caching.expected.json @@ -29,16 +29,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -91,7 +91,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -114,8 +115,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.defaults.lit.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.defaults.lit.expected.json index ff9f8df2fb326..efa59865ec87f 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.defaults.lit.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.defaults.lit.expected.json @@ -49,7 +49,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -72,8 +73,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } @@ -81,11 +81,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json index 66b816d4191af..d3c45a9bee054 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.docker-asset.lit.expected.json @@ -25,8 +25,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -82,7 +82,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -105,8 +106,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } @@ -171,4 +171,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.docker-registry.lit.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.docker-registry.lit.expected.json index 43cdce11f042f..1a5332128c23a 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.docker-registry.lit.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.docker-registry.lit.expected.json @@ -24,8 +24,8 @@ "Statement": [ { "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret" + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" ], "Effect": "Allow", "Resource": { @@ -72,7 +72,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -95,8 +96,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.ecr.lit.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.ecr.lit.expected.json index 3c34c2d44082c..b4596c6b80c9c 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.ecr.lit.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.ecr.lit.expected.json @@ -35,8 +35,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -78,7 +78,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -101,8 +102,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.github-webhook-batch.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.github-webhook-batch.expected.json index 4cedce9c2a951..81549a1ec5147 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.github-webhook-batch.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.github-webhook-batch.expected.json @@ -49,7 +49,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -72,8 +73,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } @@ -114,9 +114,9 @@ "Statement": [ { "Action": [ + "codebuild:RetryBuild", "codebuild:StartBuild", - "codebuild:StopBuild", - "codebuild:RetryBuild" + "codebuild:StopBuild" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.github.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.github.expected.json index 1fe01cff9c7b4..162a000a260a3 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.github.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.github.expected.json @@ -49,7 +49,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -72,8 +73,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.project-bucket.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.project-bucket.expected.json index 77cc168a3e0d5..026dd626f1f23 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.project-bucket.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.project-bucket.expected.json @@ -29,8 +29,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -84,7 +84,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -107,8 +108,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.project-buildspec-artifacts.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.project-buildspec-artifacts.expected.json index 011e192831fb9..5183f984b8274 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.project-buildspec-artifacts.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.project-buildspec-artifacts.expected.json @@ -29,16 +29,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -91,7 +91,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -114,8 +115,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.project-file-system-location.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.project-file-system-location.expected.json index fc1f6cffd67c6..c34c157a0999a 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.project-file-system-location.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.project-file-system-location.expected.json @@ -95,15 +95,15 @@ "MyVPCPublicSubnet1NATGateway838228A5": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "MyVPCPublicSubnet1Subnet0C75866A" + }, "AllocationId": { "Fn::GetAtt": [ "MyVPCPublicSubnet1EIP5EB6147D", "AllocationId" ] }, - "SubnetId": { - "Ref": "MyVPCPublicSubnet1Subnet0C75866A" - }, "Tags": [ { "Key": "Name", @@ -316,7 +316,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -339,8 +340,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } @@ -435,11 +435,11 @@ { "Action": [ "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.project-logging.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.project-logging.expected.json index 03ffa27190981..0f90560191381 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.project-logging.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.project-logging.expected.json @@ -37,13 +37,13 @@ "Statement": [ { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -109,7 +109,8 @@ ":log-group:/aws/codebuild/", { "Ref": "ProjectC78D97AD" - } + }, + ":*" ] ] }, @@ -132,8 +133,7 @@ ":log-group:/aws/codebuild/", { "Ref": "ProjectC78D97AD" - }, - ":*" + } ] ] } @@ -141,11 +141,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.project-notification.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.project-notification.expected.json index 829263818ad5f..5a75c6e491764 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.project-notification.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.project-notification.expected.json @@ -49,7 +49,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -72,8 +73,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } @@ -81,11 +81,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.project-secondary-sources-artifacts.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.project-secondary-sources-artifacts.expected.json index f8c74e1af60e6..9b8aff476278c 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.project-secondary-sources-artifacts.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.project-secondary-sources-artifacts.expected.json @@ -29,8 +29,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -59,16 +59,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -121,7 +121,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -144,8 +145,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } diff --git a/packages/@aws-cdk/aws-codebuild/test/integ.project-vpc.expected.json b/packages/@aws-cdk/aws-codebuild/test/integ.project-vpc.expected.json index 1d9e5d8d8959f..1ce67e3c882e0 100644 --- a/packages/@aws-cdk/aws-codebuild/test/integ.project-vpc.expected.json +++ b/packages/@aws-cdk/aws-codebuild/test/integ.project-vpc.expected.json @@ -95,15 +95,15 @@ "MyVPCPublicSubnet1NATGateway838228A5": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "MyVPCPublicSubnet1Subnet0C75866A" + }, "AllocationId": { "Fn::GetAtt": [ "MyVPCPublicSubnet1EIP5EB6147D", "AllocationId" ] }, - "SubnetId": { - "Ref": "MyVPCPublicSubnet1Subnet0C75866A" - }, "Tags": [ { "Key": "Name", @@ -316,7 +316,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -339,8 +340,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } @@ -415,11 +415,11 @@ { "Action": [ "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json b/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json index 2d9262dcf3212..d9bb6bf025c5b 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json +++ b/packages/@aws-cdk/aws-codedeploy/test/lambda/integ.deployment-group.expected.json @@ -72,13 +72,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "HandlerServiceRoleFCDC14AE", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -243,13 +243,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "PreHookServiceRoleC724B9BA", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -376,13 +376,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "PostHookServiceRoleE8A6AAC2", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -483,22 +483,20 @@ { "Action": "lambda:InvokeFunction", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PreHook8B53F672", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PostHookF2E49B30", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PostHookF2E49B30", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PreHook8B53F672", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -586,4 +584,4 @@ "Description": "Artifact hash for asset \"93dbd8c02dbfca9077c9d83cb6d3a94659988c7d143988da4a554033a58f963c\"" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codedeploy/test/server/integ.deployment-group.expected.json b/packages/@aws-cdk/aws-codedeploy/test/server/integ.deployment-group.expected.json index c5ae20b9ac145..fc56b0069796a 100644 --- a/packages/@aws-cdk/aws-codedeploy/test/server/integ.deployment-group.expected.json +++ b/packages/@aws-cdk/aws-codedeploy/test/server/integ.deployment-group.expected.json @@ -95,15 +95,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "Tags": [ { "Key": "Name", @@ -289,15 +289,15 @@ "VPCPublicSubnet3NATGatewayD3048F5C": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet3Subnet631C5E25" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet3EIPAD4BC883", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet3Subnet631C5E25" - }, "Tags": [ { "Key": "Name", @@ -576,8 +576,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -593,7 +593,8 @@ ":s3:::aws-codedeploy-", { "Ref": "AWS::Region" - } + }, + "/latest/*" ] ] }, @@ -608,8 +609,7 @@ ":s3:::aws-codedeploy-", { "Ref": "AWS::Region" - }, - "/latest/*" + } ] ] } diff --git a/packages/@aws-cdk/aws-codeguruprofiler/test/integ.profiler-group.expected.json b/packages/@aws-cdk/aws-codeguruprofiler/test/integ.profiler-group.expected.json index 8ea1221f6bbe8..3fed466911a4f 100644 --- a/packages/@aws-cdk/aws-codeguruprofiler/test/integ.profiler-group.expected.json +++ b/packages/@aws-cdk/aws-codeguruprofiler/test/integ.profiler-group.expected.json @@ -106,8 +106,8 @@ "Statement": [ { "Action": [ - "codeguru-profiler:GetProfile", - "codeguru-profiler:DescribeProfilingGroup" + "codeguru-profiler:DescribeProfilingGroup", + "codeguru-profiler:GetProfile" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json index 6df306f7f30a0..e57101d8a4892 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/cloudformation/integ.stacksets.expected.json @@ -29,16 +29,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -67,32 +67,26 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineSourceCodePipelineActionRoleC6F9E7F5", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineCfnStackSetCodePipelineActionRole9EA256DB", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineCfnInstancesCodePipelineActionRole289FD062", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineCfnInstancesCodePipelineActionRole289FD062", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineCfnStackSetCodePipelineActionRole9EA256DB", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceCodePipelineActionRoleC6F9E7F5", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -287,27 +281,12 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":s3:::", - { - "Ref": "AssetParameters5bcf205623ea5b34a1944fea4c9982e835555e710235ae6f60172097737302e2S3Bucket3C8B9651" - } - ] - ] - }, { "Fn::Join": [ "", @@ -349,18 +328,33 @@ } ] ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::", + { + "Ref": "AssetParameters5bcf205623ea5b34a1944fea4c9982e835555e710235ae6f60172097737302e2S3Bucket3C8B9651" + } + ] + ] } ] }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -465,8 +459,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.expected.json index 87d6594c254c4..bf53693d1bacc 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.expected.json @@ -154,16 +154,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -194,8 +194,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -208,42 +208,32 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineSourceCodePipelineActionRoleC6F9E7F5", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineDeployPrepareChangesCodePipelineActionRole41931444", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineDeployApproveChangesCodePipelineActionRole5AA6E21B", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineDeployExecuteChangesCodePipelineActionRole6AA2756F", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineDeployApproveChangesCodePipelineActionRole5AA6E21B", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineDeployExecuteChangesCodePipelineActionRole6AA2756F", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineDeployPrepareChangesCodePipelineActionRole41931444", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceCodePipelineActionRoleC6F9E7F5", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -439,16 +429,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -479,8 +469,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -492,11 +482,11 @@ }, { "Action": [ + "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", - "codecommit:UploadArchive", "codecommit:GetUploadArchiveStatus", - "codecommit:CancelUploadArchive" + "codecommit:UploadArchive" ], "Effect": "Allow", "Resource": { @@ -566,8 +556,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -676,8 +666,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.expected.json index 823b5af6c908b..d4ee615d4b1bf 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.expected.json @@ -148,16 +148,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -188,8 +188,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -202,52 +202,38 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineSourceCdkCodeSourceCodePipelineActionRole237947B8", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineSourceLambdaCodeSourceCodePipelineActionRole4E89EF60", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildCDKBuildCodePipelineActionRole15F4B424", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildLambdaBuildCodePipelineActionRole2DAE39E9", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineDeployLambdaCFNDeployCodePipelineActionRoleF8A74488", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineBuildCDKBuildCodePipelineActionRole15F4B424", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineBuildLambdaBuildCodePipelineActionRole2DAE39E9", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineDeployLambdaCFNDeployCodePipelineActionRoleF8A74488", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceCdkCodeSourceCodePipelineActionRole237947B8", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceLambdaCodeSourceCodePipelineActionRole4E89EF60", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -507,16 +493,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -547,8 +533,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -560,11 +546,11 @@ }, { "Action": [ + "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", - "codecommit:UploadArchive", "codecommit:GetUploadArchiveStatus", - "codecommit:CancelUploadArchive" + "codecommit:UploadArchive" ], "Effect": "Allow", "Resource": { @@ -624,16 +610,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -664,8 +650,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -677,11 +663,11 @@ }, { "Action": [ + "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", - "codecommit:UploadArchive", "codecommit:GetUploadArchiveStatus", - "codecommit:CancelUploadArchive" + "codecommit:UploadArchive" ], "Effect": "Allow", "Resource": { @@ -935,8 +921,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1043,8 +1029,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1291,7 +1277,8 @@ ":log-group:/aws/codebuild/", { "Ref": "CdkBuildProject9382C38D" - } + }, + ":*" ] ] }, @@ -1314,8 +1301,7 @@ ":log-group:/aws/codebuild/", { "Ref": "CdkBuildProject9382C38D" - }, - ":*" + } ] ] } @@ -1323,11 +1309,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1357,16 +1343,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -1397,23 +1383,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKey01D58D69", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -1517,7 +1488,8 @@ ":log-group:/aws/codebuild/", { "Ref": "LambdaBuildProject7E2DAB11" - } + }, + ":*" ] ] }, @@ -1540,8 +1512,7 @@ ":log-group:/aws/codebuild/", { "Ref": "LambdaBuildProject7E2DAB11" - }, - ":*" + } ] ] } @@ -1549,11 +1520,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1583,16 +1554,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -1623,23 +1594,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKey01D58D69", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json index 0990f457aae8f..d7d6c28eebd9f 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json @@ -148,16 +148,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -188,8 +188,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -202,22 +202,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineSourceCodePipelineActionRoleC6F9E7F5", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineLambdaCodePipelineActionRoleC6032822", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineLambdaCodePipelineActionRoleC6032822", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceCodePipelineActionRoleC6F9E7F5", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -360,8 +358,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -390,13 +388,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -424,10 +422,10 @@ }, { "Action": [ + "kms:Decrypt", "kms:Encrypt", - "kms:ReEncrypt*", "kms:GenerateDataKey*", - "kms:Decrypt" + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -839,8 +837,8 @@ "Statement": [ { "Action": [ - "codepipeline:PutJobSuccessResult", - "codepipeline:PutJobFailureResult" + "codepipeline:PutJobFailureResult", + "codepipeline:PutJobSuccessResult" ], "Effect": "Allow", "Resource": "*" @@ -862,13 +860,13 @@ "Code": { "ZipFile": "\n exports.handler = function () {\n console.log(\"Hello, world!\");\n };\n " }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "LambdaFunServiceRoleF0979767", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -877,4 +875,4 @@ ] } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json index c255275baa82b..8546b2ea0e96d 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.expected.json @@ -158,16 +158,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -198,8 +198,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -359,8 +359,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -389,13 +389,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -423,10 +423,10 @@ }, { "Action": [ + "kms:Decrypt", "kms:Encrypt", - "kms:ReEncrypt*", "kms:GenerateDataKey*", - "kms:Decrypt" + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.expected.json index 167b278084683..e84918465e0f5 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.expected.json @@ -34,16 +34,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -72,22 +72,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineSourceS3CodePipelineActionRole9F003087", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineCFNCFNDeployCodePipelineActionRole31B1904C", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "MyPipelineCFNCFNDeployCodePipelineActionRole31B1904C", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MyPipelineSourceS3CodePipelineActionRole9F003087", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -237,8 +235,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -267,13 +265,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -359,8 +357,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -450,8 +448,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -490,4 +488,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.expected.json index b3d024a33f2a8..d1f15ddedf6f4 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.expected.json @@ -64,8 +64,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -159,16 +159,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -197,22 +197,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineSourceS3CodePipelineActionRole9F003087", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "ActionRole60B0EDF7", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "ActionRole60B0EDF7", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MyPipelineSourceS3CodePipelineActionRole9F003087", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -356,8 +354,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -386,13 +384,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -453,8 +451,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -493,4 +491,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json index 53189d1369dda..689aa0a10542c 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-cfn.expected.json @@ -148,16 +148,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -188,8 +188,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -202,32 +202,26 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineSourceCodePipelineActionRoleC6F9E7F5", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineSourceAdditionalSourceCodePipelineActionRole0897461A", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineCFNDeployCFNCodePipelineActionRole444CF5DD", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineCFNDeployCFNCodePipelineActionRole444CF5DD", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceAdditionalSourceCodePipelineActionRole0897461A", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceCodePipelineActionRoleC6F9E7F5", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -412,8 +406,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -442,13 +436,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -476,10 +470,10 @@ }, { "Action": [ + "kms:Decrypt", "kms:Encrypt", - "kms:ReEncrypt*", "kms:GenerateDataKey*", - "kms:Decrypt" + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -539,8 +533,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -569,13 +563,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -603,10 +597,10 @@ }, { "Action": [ + "kms:Decrypt", "kms:Encrypt", - "kms:ReEncrypt*", "kms:GenerateDataKey*", - "kms:Decrypt" + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -676,8 +670,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.expected.json index 854b01ae12ac6..43d50d461ead0 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.expected.json @@ -105,16 +105,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -152,11 +152,11 @@ }, { "Action": [ + "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", - "codecommit:UploadArchive", "codecommit:GetUploadArchiveStatus", - "codecommit:CancelUploadArchive" + "codecommit:UploadArchive" ], "Effect": "Allow", "Resource": { @@ -391,7 +391,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyBuildProject30DB9D6E" - } + }, + ":*" ] ] }, @@ -414,8 +415,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyBuildProject30DB9D6E" - }, - ":*" + } ] ] } @@ -423,8 +423,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -522,9 +522,9 @@ "Statement": [ { "Action": [ + "codebuild:RetryBuild", "codebuild:StartBuild", - "codebuild:StopBuild", - "codebuild:RetryBuild" + "codebuild:StopBuild" ], "Effect": "Allow", "Resource": { @@ -546,4 +546,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json index c1624ab7e2f7b..c6216fb43bc54 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json @@ -105,16 +105,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -152,11 +152,11 @@ }, { "Action": [ + "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", - "codecommit:UploadArchive", "codecommit:GetUploadArchiveStatus", - "codecommit:CancelUploadArchive" + "codecommit:UploadArchive" ], "Effect": "Allow", "Resource": { @@ -168,8 +168,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -196,40 +196,6 @@ } ] }, - { - "Action": [ - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "MyBucketF68F3FF0", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "MyBucketF68F3FF0", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, { "Action": [ "codebuild:BatchGetBuilds", @@ -528,7 +494,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyBuildProject30DB9D6E" - } + }, + ":*" ] ] }, @@ -551,8 +518,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyBuildProject30DB9D6E" - }, - ":*" + } ] ] } @@ -560,16 +526,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -635,4 +601,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.expected.json index cb437e83eb651..b6e3478c077c7 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.expected.json @@ -55,7 +55,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyBuildProject30DB9D6E" - } + }, + ":*" ] ] }, @@ -78,8 +79,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyBuildProject30DB9D6E" - }, - ":*" + } ] ] } @@ -87,16 +87,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -127,23 +127,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKey01D58D69", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -176,49 +161,6 @@ ] ] } - }, - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucket22248F97", - "Arn" - ] - }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "PipelineArtifactsBucket22248F97", - "Arn" - ] - }, - "/*" - ] - ] - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKey01D58D69", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -412,16 +354,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -452,8 +394,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -466,32 +408,26 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinesourceCodePipelineActionRoleB7E0306A", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinebuildCodePipelineActionRole11BCD4FF", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinebuildtestCodePipelineActionRole467D0DFA", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelinebuildCodePipelineActionRole11BCD4FF", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelinebuildtestCodePipelineActionRole467D0DFA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelinesourceCodePipelineActionRoleB7E0306A", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -674,16 +610,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -714,8 +650,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -727,11 +663,11 @@ }, { "Action": [ + "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", - "codecommit:UploadArchive", "codecommit:GetUploadArchiveStatus", - "codecommit:CancelUploadArchive" + "codecommit:UploadArchive" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit.expected.json index 23bdec497e551..4b563e55092f9 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-commit.expected.json @@ -219,16 +219,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -259,8 +259,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -273,22 +273,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinesourceCodePipelineActionRoleB7E0306A", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinebuildmanualCodePipelineActionRoleE3306AB0", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelinebuildmanualCodePipelineActionRoleE3306AB0", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelinesourceCodePipelineActionRoleB7E0306A", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -429,16 +427,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -469,8 +467,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -482,11 +480,11 @@ }, { "Action": [ + "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", - "codecommit:UploadArchive", "codecommit:GetUploadArchiveStatus", - "codecommit:CancelUploadArchive" + "codecommit:UploadArchive" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.expected.json index 1b20a71fd7def..3693be3cc42a8 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.expected.json @@ -34,16 +34,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -72,22 +72,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineSourceS3SourceCodePipelineActionRole8DE11A40", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineDeployCodeDeployCodePipelineActionRoleFA7F8EEF", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineDeployCodeDeployCodePipelineActionRoleFA7F8EEF", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceS3SourceCodePipelineActionRole8DE11A40", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -230,8 +228,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -260,13 +258,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -438,8 +436,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -478,4 +476,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy.expected.json index eb87655dd0e60..2908540d6e921 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-code-deploy.expected.json @@ -119,16 +119,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -157,22 +157,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineSourceS3SourceCodePipelineActionRole8DE11A40", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineDeployCodeDeployCodePipelineActionRoleFA7F8EEF", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineDeployCodeDeployCodePipelineActionRoleFA7F8EEF", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceS3SourceCodePipelineActionRole8DE11A40", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -313,8 +311,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -343,13 +341,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -516,8 +514,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -556,4 +554,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecr-source.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecr-source.expected.json index 0a621dda819f1..6436188227e18 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecr-source.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecr-source.expected.json @@ -29,16 +29,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -67,22 +67,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineSourceECRSourceCodePipelineActionRole4C6714EE", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineApproveManualApprovalCodePipelineActionRole9E338F01", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "MyPipelineApproveManualApprovalCodePipelineActionRole9E338F01", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MyPipelineSourceECRSourceCodePipelineActionRole4C6714EE", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -219,13 +217,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -428,4 +426,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.expected.json index 1e2a16d9d0825..067cd58ef2d4d 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.expected.json @@ -95,15 +95,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "Name", @@ -361,7 +361,8 @@ ":log-group:/aws/codebuild/", { "Ref": "EcsProject54EFDCA6" - } + }, + ":*" ] ] }, @@ -384,8 +385,7 @@ ":log-group:/aws/codebuild/", { "Ref": "EcsProject54EFDCA6" - }, - ":*" + } ] ] } @@ -394,8 +394,12 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:CompleteLayerUpload", "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:InitiateLayerUpload", + "ecr:PutImage", + "ecr:UploadLayerPart" ], "Effect": "Allow", "Resource": { @@ -412,31 +416,16 @@ }, { "Action": [ - "ecr:PutImage", - "ecr:InitiateLayerUpload", - "ecr:UploadLayerPart", - "ecr:CompleteLayerUpload" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "EcrRepoBB83A592", - "Arn" - ] - } - }, - { - "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -580,16 +569,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -618,32 +607,26 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineSourceCodePipelineActionRoleAA05D76F", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineBuildCodeBuildCodePipelineActionRoleCAE538CA", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineDeployDeployActionCodePipelineActionRole854184EF", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "MyPipelineBuildCodeBuildCodePipelineActionRoleCAE538CA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MyPipelineDeployDeployActionCodePipelineActionRole854184EF", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MyPipelineSourceCodePipelineActionRoleAA05D76F", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -824,8 +807,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -854,13 +837,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -1023,8 +1006,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1063,4 +1046,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.expected.json index 391acf442e961..dd96ee385872c 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.expected.json @@ -60,7 +60,8 @@ ":log-group:/aws/codebuild/", { "Ref": "AppCodeDockerImageBuildAndPushProject00DD6671" - } + }, + ":*" ] ] }, @@ -83,8 +84,7 @@ ":log-group:/aws/codebuild/", { "Ref": "AppCodeDockerImageBuildAndPushProject00DD6671" - }, - ":*" + } ] ] } @@ -92,11 +92,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -127,8 +127,12 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:CompleteLayerUpload", "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:InitiateLayerUpload", + "ecr:PutImage", + "ecr:UploadLayerPart" ], "Effect": "Allow", "Resource": { @@ -145,23 +149,8 @@ }, { "Action": [ - "ecr:PutImage", - "ecr:InitiateLayerUpload", - "ecr:UploadLayerPart", - "ecr:CompleteLayerUpload" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "EcsDeployRepositoryE7A569C0", - "Arn" - ] - } - }, - { - "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -331,7 +320,8 @@ ":log-group:/aws/codebuild/", { "Ref": "CdkCodeBuildProject98C8CAB8" - } + }, + ":*" ] ] }, @@ -354,8 +344,7 @@ ":log-group:/aws/codebuild/", { "Ref": "CdkCodeBuildProject98C8CAB8" - }, - ":*" + } ] ] } @@ -363,11 +352,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -397,16 +386,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -643,16 +632,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -681,52 +670,38 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "CodePipelineDeployingEcsApplicationSourceAppCodeSourceCodePipelineActionRole6D88B36F", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "CodePipelineDeployingEcsApplicationSourceCdkCodeSourceCodePipelineActionRoleA1E3A5E9", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "CodePipelineDeployingEcsApplicationBuildAppCodeDockerImageBuildAndPushCodePipelineActionRole9B025737", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "CodePipelineDeployingEcsApplicationBuildCdkCodeBuildAndSynthCodePipelineActionRole54094521", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "CodePipelineDeployingEcsApplicationDeployCFNDeployCodePipelineActionRoleC97FFCE2", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "CodePipelineDeployingEcsApplicationBuildAppCodeDockerImageBuildAndPushCodePipelineActionRole9B025737", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "CodePipelineDeployingEcsApplicationBuildCdkCodeBuildAndSynthCodePipelineActionRole54094521", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "CodePipelineDeployingEcsApplicationDeployCFNDeployCodePipelineActionRoleC97FFCE2", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "CodePipelineDeployingEcsApplicationSourceAppCodeSourceCodePipelineActionRole6D88B36F", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "CodePipelineDeployingEcsApplicationSourceCdkCodeSourceCodePipelineActionRoleA1E3A5E9", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -970,16 +945,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -1007,11 +982,11 @@ }, { "Action": [ + "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", - "codecommit:UploadArchive", "codecommit:GetUploadArchiveStatus", - "codecommit:CancelUploadArchive" + "codecommit:UploadArchive" ], "Effect": "Allow", "Resource": { @@ -1071,16 +1046,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -1108,11 +1083,11 @@ }, { "Action": [ + "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", - "codecommit:UploadArchive", "codecommit:GetUploadArchiveStatus", - "codecommit:CancelUploadArchive" + "codecommit:UploadArchive" ], "Effect": "Allow", "Resource": { @@ -1366,8 +1341,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1461,8 +1436,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1648,8 +1623,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -1767,15 +1742,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "Tags": [ { "Key": "Name", @@ -1929,4 +1904,4 @@ } } } -] +] \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-events.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-events.expected.json index 0a7d958491359..2463346d5f924 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-events.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-events.expected.json @@ -148,16 +148,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -188,8 +188,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -202,22 +202,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineSourceCodeCommitSourceCodePipelineActionRole0B6D0F4F", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineBuildCodeBuildActionCodePipelineActionRole3185ADC7", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "MyPipelineBuildCodeBuildActionCodePipelineActionRole3185ADC7", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MyPipelineSourceCodeCommitSourceCodePipelineActionRole0B6D0F4F", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -373,16 +371,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -413,8 +411,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -426,11 +424,11 @@ }, { "Action": [ + "codecommit:CancelUploadArchive", "codecommit:GetBranch", "codecommit:GetCommit", - "codecommit:UploadArchive", "codecommit:GetUploadArchiveStatus", - "codecommit:CancelUploadArchive" + "codecommit:UploadArchive" ], "Effect": "Allow", "Resource": { @@ -732,7 +730,8 @@ ":log-group:/aws/codebuild/", { "Ref": "BuildProject097C5DB7" - } + }, + ":*" ] ] }, @@ -755,8 +754,7 @@ ":log-group:/aws/codebuild/", { "Ref": "BuildProject097C5DB7" - }, - ":*" + } ] ] } @@ -764,16 +762,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -804,23 +802,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineArtifactsBucketEncryptionKey8BF0A7F3", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-jenkins.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-jenkins.expected.json index eda778cf7ec55..5fc5cc38226da 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-jenkins.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-jenkins.expected.json @@ -34,16 +34,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -248,8 +248,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -278,13 +278,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -380,4 +380,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-manual-approval.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-manual-approval.expected.json index 1193cbb2f30d0..271e03333b4a4 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-manual-approval.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-manual-approval.expected.json @@ -29,16 +29,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -67,22 +67,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineSourceS3CodePipelineActionRole3CAFD08F", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineApproveManualApprovalCodePipelineActionRole51D669A5", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineApproveManualApprovalCodePipelineActionRole51D669A5", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceS3CodePipelineActionRole3CAFD08F", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -215,8 +213,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -245,13 +243,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -357,4 +355,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.expected.json index 9cc08aec93f44..0cac0ad6b45ef 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.expected.json @@ -39,16 +39,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -77,22 +77,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineSourceCodePipelineActionRoleC6F9E7F5", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineDeployDeployActionCodePipelineActionRole1C288A60", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineDeployDeployActionCodePipelineActionRole1C288A60", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineSourceCodePipelineActionRoleC6F9E7F5", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -233,8 +231,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -263,13 +261,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -345,13 +343,13 @@ "Statement": [ { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -400,8 +398,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -440,4 +438,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.expected.json index d35d3f59e6bb2..2b47ced6d3afb 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.expected.json @@ -191,16 +191,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -231,8 +231,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -245,22 +245,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineSourceCodePipelineActionRoleAA05D76F", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyPipelineInvokeCodePipelineActionRole006B5BAD", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "MyPipelineInvokeCodePipelineActionRole006B5BAD", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MyPipelineSourceCodePipelineActionRoleAA05D76F", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -405,8 +403,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -435,13 +433,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -469,10 +467,10 @@ }, { "Action": [ + "kms:Decrypt", "kms:Encrypt", - "kms:ReEncrypt*", "kms:GenerateDataKey*", - "kms:Decrypt" + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -532,8 +530,8 @@ "Statement": [ { "Action": [ - "states:StartExecution", - "states:DescribeStateMachine" + "states:DescribeStateMachine", + "states:StartExecution" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.expected.json b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.expected.json index 31a16a8f26393..a5e10b6059b72 100644 --- a/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.expected.json +++ b/packages/@aws-cdk/aws-cognito/test/integ.user-pool-domain-cfdist.expected.json @@ -146,7 +146,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3BucketD609D0D9" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -159,7 +159,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -172,7 +172,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -213,17 +213,17 @@ } }, "Parameters": { - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3BucketD609D0D9": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cArtifactHash86CFA15D": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-dynamodb-global/test/integ.dynamodb.global.expected.json b/packages/@aws-cdk/aws-dynamodb-global/test/integ.dynamodb.global.expected.json index 3aab4c4f3a64b..092eaa51cc403 100644 --- a/packages/@aws-cdk/aws-dynamodb-global/test/integ.dynamodb.global.expected.json +++ b/packages/@aws-cdk/aws-dynamodb-global/test/integ.dynamodb.global.expected.json @@ -132,14 +132,14 @@ "Statement": [ { "Action": [ - "iam:CreateServiceLinkedRole", "application-autoscaling:DeleteScalingPolicy", "application-autoscaling:DeregisterScalableTarget", "dynamodb:CreateGlobalTable", - "dynamodb:DescribeLimits", "dynamodb:DeleteTable", "dynamodb:DescribeGlobalTable", - "dynamodb:UpdateGlobalTable" + "dynamodb:DescribeLimits", + "dynamodb:UpdateGlobalTable", + "iam:CreateServiceLinkedRole" ], "Effect": "Allow", "Resource": "*" diff --git a/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.expected.json b/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.expected.json index 9d33338172a7a..1e923947b0287 100644 --- a/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.expected.json +++ b/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.expected.json @@ -382,13 +382,13 @@ { "Action": [ "dynamodb:BatchGetItem", + "dynamodb:ConditionCheckItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", - "dynamodb:GetItem", - "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:DescribeTable" + "dynamodb:Scan" ], "Effect": "Allow", "Resource": [ @@ -398,24 +398,6 @@ "Arn" ] }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Action": [ - "dynamodb:BatchGetItem", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:Query", - "dynamodb:GetItem", - "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:DescribeTable" - ], - "Effect": "Allow", - "Resource": [ { "Fn::GetAtt": [ "TableWithGlobalAndLocalSecondaryIndexBC540710", @@ -435,6 +417,9 @@ "/index/*" ] ] + }, + { + "Ref": "AWS::NoValue" } ] } diff --git a/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.sse.expected.json b/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.sse.expected.json index 7c07d9a4339c9..01279e64a2b1c 100644 --- a/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.sse.expected.json +++ b/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.sse.expected.json @@ -492,13 +492,13 @@ { "Action": [ "dynamodb:BatchGetItem", + "dynamodb:ConditionCheckItem", + "dynamodb:DescribeTable", + "dynamodb:GetItem", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:Query", - "dynamodb:GetItem", - "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:DescribeTable" + "dynamodb:Scan" ], "Effect": "Allow", "Resource": [ @@ -508,37 +508,6 @@ "Arn" ] }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TableKey25666F95", - "Arn" - ] - } - }, - { - "Action": [ - "dynamodb:BatchGetItem", - "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:Query", - "dynamodb:GetItem", - "dynamodb:Scan", - "dynamodb:ConditionCheckItem", - "dynamodb:DescribeTable" - ], - "Effect": "Allow", - "Resource": [ { "Fn::GetAtt": [ "TableWithGlobalAndLocalSecondaryIndexBC540710", @@ -558,8 +527,24 @@ "/index/*" ] ] + }, + { + "Ref": "AWS::NoValue" } ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "TableKey25666F95", + "Arn" + ] + } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-dynamodb/test/integ.global-replicas-provisioned.expected.json b/packages/@aws-cdk/aws-dynamodb/test/integ.global-replicas-provisioned.expected.json index ce43b532ea7c6..7ac67ff4f0a2c 100644 --- a/packages/@aws-cdk/aws-dynamodb/test/integ.global-replicas-provisioned.expected.json +++ b/packages/@aws-cdk/aws-dynamodb/test/integ.global-replicas-provisioned.expected.json @@ -41,15 +41,6 @@ "Arn" ] }, - { - "Ref": "AWS::NoValue" - } - ] - }, - { - "Action": "dynamodb:*", - "Effect": "Allow", - "Resource": [ { "Fn::Join": [ "", @@ -58,7 +49,7 @@ { "Ref": "AWS::Partition" }, - ":dynamodb:us-east-2:", + ":dynamodb:eu-west-3:", { "Ref": "AWS::AccountId" }, @@ -77,7 +68,7 @@ { "Ref": "AWS::Partition" }, - ":dynamodb:eu-west-3:", + ":dynamodb:us-east-2:", { "Ref": "AWS::AccountId" }, @@ -87,6 +78,9 @@ } ] ] + }, + { + "Ref": "AWS::NoValue" } ] } @@ -290,7 +284,7 @@ }, "/", { - "Ref": "AssetParameters9971e87ecc84219610f1dfbd0fbdd30e29f8d1f408df3f645299eb48b1c1ed00S3BucketC986830C" + "Ref": "AssetParameters35892afbe8ff840a389ee91c3cce6d47b648fe4046b59d612100737b1486a4c1S3Bucket63728AAD" }, "/", { @@ -300,7 +294,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters9971e87ecc84219610f1dfbd0fbdd30e29f8d1f408df3f645299eb48b1c1ed00S3VersionKeyE0DA9F9E" + "Ref": "AssetParameters35892afbe8ff840a389ee91c3cce6d47b648fe4046b59d612100737b1486a4c1S3VersionKey40482FB9" } ] } @@ -313,7 +307,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters9971e87ecc84219610f1dfbd0fbdd30e29f8d1f408df3f645299eb48b1c1ed00S3VersionKeyE0DA9F9E" + "Ref": "AssetParameters35892afbe8ff840a389ee91c3cce6d47b648fe4046b59d612100737b1486a4c1S3VersionKey40482FB9" } ] } @@ -323,17 +317,17 @@ ] }, "Parameters": { - "referencetoawscdkdynamodbglobalreplicasprovisionedAssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3BucketD1258B42Ref": { - "Ref": "AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3BucketDEBF01E6" + "referencetoawscdkdynamodbglobalreplicasprovisionedAssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3Bucket5157987FRef": { + "Ref": "AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3Bucket1685F95F" }, - "referencetoawscdkdynamodbglobalreplicasprovisionedAssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3VersionKey0F5C355ERef": { - "Ref": "AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3VersionKey42EBA2AE" + "referencetoawscdkdynamodbglobalreplicasprovisionedAssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3VersionKey001ABDFDRef": { + "Ref": "AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3VersionKey11815B6C" }, - "referencetoawscdkdynamodbglobalreplicasprovisionedAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket6C51C355Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkdynamodbglobalreplicasprovisionedAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket162B76E0Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkdynamodbglobalreplicasprovisionedAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey84AB7371Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkdynamodbglobalreplicasprovisionedAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyF86DF1C2Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -368,41 +362,41 @@ } }, "Parameters": { - "AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3BucketDEBF01E6": { + "AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3Bucket1685F95F": { "Type": "String", - "Description": "S3 bucket for asset \"dd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776\"" + "Description": "S3 bucket for asset \"5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80f\"" }, - "AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3VersionKey42EBA2AE": { + "AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3VersionKey11815B6C": { "Type": "String", - "Description": "S3 key for asset version \"dd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776\"" + "Description": "S3 key for asset version \"5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80f\"" }, - "AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776ArtifactHash692B4CCE": { + "AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fArtifactHash259515A1": { "Type": "String", - "Description": "Artifact hash for asset \"dd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776\"" + "Description": "Artifact hash for asset \"5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80f\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParameters9971e87ecc84219610f1dfbd0fbdd30e29f8d1f408df3f645299eb48b1c1ed00S3BucketC986830C": { + "AssetParameters35892afbe8ff840a389ee91c3cce6d47b648fe4046b59d612100737b1486a4c1S3Bucket63728AAD": { "Type": "String", - "Description": "S3 bucket for asset \"9971e87ecc84219610f1dfbd0fbdd30e29f8d1f408df3f645299eb48b1c1ed00\"" + "Description": "S3 bucket for asset \"35892afbe8ff840a389ee91c3cce6d47b648fe4046b59d612100737b1486a4c1\"" }, - "AssetParameters9971e87ecc84219610f1dfbd0fbdd30e29f8d1f408df3f645299eb48b1c1ed00S3VersionKeyE0DA9F9E": { + "AssetParameters35892afbe8ff840a389ee91c3cce6d47b648fe4046b59d612100737b1486a4c1S3VersionKey40482FB9": { "Type": "String", - "Description": "S3 key for asset version \"9971e87ecc84219610f1dfbd0fbdd30e29f8d1f408df3f645299eb48b1c1ed00\"" + "Description": "S3 key for asset version \"35892afbe8ff840a389ee91c3cce6d47b648fe4046b59d612100737b1486a4c1\"" }, - "AssetParameters9971e87ecc84219610f1dfbd0fbdd30e29f8d1f408df3f645299eb48b1c1ed00ArtifactHash57FC5CA2": { + "AssetParameters35892afbe8ff840a389ee91c3cce6d47b648fe4046b59d612100737b1486a4c1ArtifactHash40AE3BC3": { "Type": "String", - "Description": "Artifact hash for asset \"9971e87ecc84219610f1dfbd0fbdd30e29f8d1f408df3f645299eb48b1c1ed00\"" + "Description": "Artifact hash for asset \"35892afbe8ff840a389ee91c3cce6d47b648fe4046b59d612100737b1486a4c1\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-dynamodb/test/integ.global.expected.json b/packages/@aws-cdk/aws-dynamodb/test/integ.global.expected.json index b1ca3b99819a0..0200e430246e0 100644 --- a/packages/@aws-cdk/aws-dynamodb/test/integ.global.expected.json +++ b/packages/@aws-cdk/aws-dynamodb/test/integ.global.expected.json @@ -56,26 +56,6 @@ "Arn" ] }, - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "TableCD117FA1", - "Arn" - ] - }, - "/index/*" - ] - ] - } - ] - }, - { - "Action": "dynamodb:*", - "Effect": "Allow", - "Resource": [ { "Fn::Join": [ "", @@ -84,7 +64,7 @@ { "Ref": "AWS::Partition" }, - ":dynamodb:eu-west-2:", + ":dynamodb:eu-central-1:", { "Ref": "AWS::AccountId" }, @@ -103,7 +83,7 @@ { "Ref": "AWS::Partition" }, - ":dynamodb:eu-central-1:", + ":dynamodb:eu-west-2:", { "Ref": "AWS::AccountId" }, @@ -113,6 +93,20 @@ } ] ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "TableCD117FA1", + "Arn" + ] + }, + "/index/*" + ] + ] } ] } @@ -253,7 +247,7 @@ }, "/", { - "Ref": "AssetParameters96d72e249e15863715342dcc64ec41ea99be4dece8798e9e96a0da55763aa4b6S3BucketB5739B2A" + "Ref": "AssetParameters380d18478d8d888ec191e1db553dc09fc6f0b9a18f335f70b5a36bc745333e9eS3Bucket30A96578" }, "/", { @@ -263,7 +257,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters96d72e249e15863715342dcc64ec41ea99be4dece8798e9e96a0da55763aa4b6S3VersionKey5404A90E" + "Ref": "AssetParameters380d18478d8d888ec191e1db553dc09fc6f0b9a18f335f70b5a36bc745333e9eS3VersionKeyD7726444" } ] } @@ -276,7 +270,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters96d72e249e15863715342dcc64ec41ea99be4dece8798e9e96a0da55763aa4b6S3VersionKey5404A90E" + "Ref": "AssetParameters380d18478d8d888ec191e1db553dc09fc6f0b9a18f335f70b5a36bc745333e9eS3VersionKeyD7726444" } ] } @@ -286,17 +280,17 @@ ] }, "Parameters": { - "referencetocdkdynamodbglobal20191121AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3Bucket06999F76Ref": { - "Ref": "AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3BucketDEBF01E6" + "referencetocdkdynamodbglobal20191121AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3BucketAE26619BRef": { + "Ref": "AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3Bucket1685F95F" }, - "referencetocdkdynamodbglobal20191121AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3VersionKey3D988AD7Ref": { - "Ref": "AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3VersionKey42EBA2AE" + "referencetocdkdynamodbglobal20191121AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3VersionKey4B0E314FRef": { + "Ref": "AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3VersionKey11815B6C" }, - "referencetocdkdynamodbglobal20191121AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketC7F3A147Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetocdkdynamodbglobal20191121AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketC23121D6Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetocdkdynamodbglobal20191121AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyB6346792Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetocdkdynamodbglobal20191121AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyDCD22417Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -305,41 +299,41 @@ } }, "Parameters": { - "AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3BucketDEBF01E6": { + "AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3Bucket1685F95F": { "Type": "String", - "Description": "S3 bucket for asset \"dd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776\"" + "Description": "S3 bucket for asset \"5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80f\"" }, - "AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776S3VersionKey42EBA2AE": { + "AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fS3VersionKey11815B6C": { "Type": "String", - "Description": "S3 key for asset version \"dd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776\"" + "Description": "S3 key for asset version \"5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80f\"" }, - "AssetParametersdd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776ArtifactHash692B4CCE": { + "AssetParameters5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80fArtifactHash259515A1": { "Type": "String", - "Description": "Artifact hash for asset \"dd0a4ac30ffa331e472caec08a7784ac440d122a6f924b1bea7d48dc85f8f776\"" + "Description": "Artifact hash for asset \"5d88959fad6bed204d22b24bf15826b8c7591c586a60a313e54f1948d9cdf80f\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParameters96d72e249e15863715342dcc64ec41ea99be4dece8798e9e96a0da55763aa4b6S3BucketB5739B2A": { + "AssetParameters380d18478d8d888ec191e1db553dc09fc6f0b9a18f335f70b5a36bc745333e9eS3Bucket30A96578": { "Type": "String", - "Description": "S3 bucket for asset \"96d72e249e15863715342dcc64ec41ea99be4dece8798e9e96a0da55763aa4b6\"" + "Description": "S3 bucket for asset \"380d18478d8d888ec191e1db553dc09fc6f0b9a18f335f70b5a36bc745333e9e\"" }, - "AssetParameters96d72e249e15863715342dcc64ec41ea99be4dece8798e9e96a0da55763aa4b6S3VersionKey5404A90E": { + "AssetParameters380d18478d8d888ec191e1db553dc09fc6f0b9a18f335f70b5a36bc745333e9eS3VersionKeyD7726444": { "Type": "String", - "Description": "S3 key for asset version \"96d72e249e15863715342dcc64ec41ea99be4dece8798e9e96a0da55763aa4b6\"" + "Description": "S3 key for asset version \"380d18478d8d888ec191e1db553dc09fc6f0b9a18f335f70b5a36bc745333e9e\"" }, - "AssetParameters96d72e249e15863715342dcc64ec41ea99be4dece8798e9e96a0da55763aa4b6ArtifactHash539C11C9": { + "AssetParameters380d18478d8d888ec191e1db553dc09fc6f0b9a18f335f70b5a36bc745333e9eArtifactHash232CC7FB": { "Type": "String", - "Description": "Artifact hash for asset \"96d72e249e15863715342dcc64ec41ea99be4dece8798e9e96a0da55763aa4b6\"" + "Description": "Artifact hash for asset \"380d18478d8d888ec191e1db553dc09fc6f0b9a18f335f70b5a36bc745333e9e\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.bastion-host-arm-support.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.bastion-host-arm-support.expected.json index 81f4ae3377d40..7ad67dbd9e172 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.bastion-host-arm-support.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.bastion-host-arm-support.expected.json @@ -95,15 +95,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "Tags": [ { "Key": "Name", @@ -289,15 +289,15 @@ "VPCPublicSubnet3NATGatewayD3048F5C": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet3Subnet631C5E25" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet3EIPAD4BC883", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet3Subnet631C5E25" - }, "Tags": [ { "Key": "Name", @@ -576,9 +576,9 @@ "Statement": [ { "Action": [ - "ssmmessages:*", + "ec2messages:*", "ssm:UpdateInstanceInformation", - "ec2messages:*" + "ssmmessages:*" ], "Effect": "Allow", "Resource": "*" diff --git a/packages/@aws-cdk/aws-ec2/test/integ.bastion-host.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.bastion-host.expected.json index 4943873897e75..bbea0d3ffacd3 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.bastion-host.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.bastion-host.expected.json @@ -95,15 +95,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "Tags": [ { "Key": "Name", @@ -289,15 +289,15 @@ "VPCPublicSubnet3NATGatewayD3048F5C": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet3Subnet631C5E25" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet3EIPAD4BC883", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet3Subnet631C5E25" - }, "Tags": [ { "Key": "Name", @@ -576,9 +576,9 @@ "Statement": [ { "Action": [ - "ssmmessages:*", + "ec2messages:*", "ssm:UpdateInstanceInformation", - "ec2messages:*" + "ssmmessages:*" ], "Effect": "Allow", "Resource": "*" diff --git a/packages/@aws-cdk/aws-ec2/test/integ.client-vpn-endpoint.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.client-vpn-endpoint.expected.json index 17e0059d601d1..75e40ab98259b 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.client-vpn-endpoint.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.client-vpn-endpoint.expected.json @@ -83,7 +83,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersbb3ce11d35aa60dce674523850f7a4a038127a6c48af335699cff4cc55cb0957S3Bucket60FDAA05" + "Ref": "AssetParametersc0eca79e4277becf35cc23c67499f47e70fd50078e025e595c51ed97b9699c5fS3Bucket42BD8ED5" }, "S3Key": { "Fn::Join": [ @@ -96,7 +96,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersbb3ce11d35aa60dce674523850f7a4a038127a6c48af335699cff4cc55cb0957S3VersionKeyF2886582" + "Ref": "AssetParametersc0eca79e4277becf35cc23c67499f47e70fd50078e025e595c51ed97b9699c5fS3VersionKeyA7C3DEE3" } ] } @@ -109,7 +109,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersbb3ce11d35aa60dce674523850f7a4a038127a6c48af335699cff4cc55cb0957S3VersionKeyF2886582" + "Ref": "AssetParametersc0eca79e4277becf35cc23c67499f47e70fd50078e025e595c51ed97b9699c5fS3VersionKeyA7C3DEE3" } ] } @@ -596,17 +596,17 @@ } }, "Parameters": { - "AssetParametersbb3ce11d35aa60dce674523850f7a4a038127a6c48af335699cff4cc55cb0957S3Bucket60FDAA05": { + "AssetParametersc0eca79e4277becf35cc23c67499f47e70fd50078e025e595c51ed97b9699c5fS3Bucket42BD8ED5": { "Type": "String", - "Description": "S3 bucket for asset \"bb3ce11d35aa60dce674523850f7a4a038127a6c48af335699cff4cc55cb0957\"" + "Description": "S3 bucket for asset \"c0eca79e4277becf35cc23c67499f47e70fd50078e025e595c51ed97b9699c5f\"" }, - "AssetParametersbb3ce11d35aa60dce674523850f7a4a038127a6c48af335699cff4cc55cb0957S3VersionKeyF2886582": { + "AssetParametersc0eca79e4277becf35cc23c67499f47e70fd50078e025e595c51ed97b9699c5fS3VersionKeyA7C3DEE3": { "Type": "String", - "Description": "S3 key for asset version \"bb3ce11d35aa60dce674523850f7a4a038127a6c48af335699cff4cc55cb0957\"" + "Description": "S3 key for asset version \"c0eca79e4277becf35cc23c67499f47e70fd50078e025e595c51ed97b9699c5f\"" }, - "AssetParametersbb3ce11d35aa60dce674523850f7a4a038127a6c48af335699cff4cc55cb0957ArtifactHashF17C10B6": { + "AssetParametersc0eca79e4277becf35cc23c67499f47e70fd50078e025e595c51ed97b9699c5fArtifactHash18BB2B9F": { "Type": "String", - "Description": "Artifact hash for asset \"bb3ce11d35aa60dce674523850f7a4a038127a6c48af335699cff4cc55cb0957\"" + "Description": "Artifact hash for asset \"c0eca79e4277becf35cc23c67499f47e70fd50078e025e595c51ed97b9699c5f\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json index 2b736d3961b4c..e287246eda0a7 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.instance-init.expected.json @@ -60,8 +60,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -77,7 +77,8 @@ ":s3:::", { "Ref": "AssetParametersf8a1af398dac2fad92eeea4fb7620be1c4f504e23e3bfcd859fbb5744187930bS3Bucket597083AB" - } + }, + "/*" ] ] }, @@ -92,8 +93,7 @@ ":s3:::", { "Ref": "AssetParametersf8a1af398dac2fad92eeea4fb7620be1c4f504e23e3bfcd859fbb5744187930bS3Bucket597083AB" - }, - "/*" + } ] ] } @@ -319,4 +319,4 @@ "Description": "Artifact hash for asset \"f8a1af398dac2fad92eeea4fb7620be1c4f504e23e3bfcd859fbb5744187930b\"" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.instance-multipart-userdata.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.instance-multipart-userdata.expected.json index 371a30e7456f6..b2ec45e8accf3 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.instance-multipart-userdata.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.instance-multipart-userdata.expected.json @@ -95,15 +95,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "Tags": [ { "Key": "Name", @@ -289,15 +289,15 @@ "VPCPublicSubnet3NATGatewayD3048F5C": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet3Subnet631C5E25" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet3EIPAD4BC883", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet3Subnet631C5E25" - }, "Tags": [ { "Key": "Name", @@ -585,9 +585,9 @@ "Statement": [ { "Action": [ + "ec2messages:GetMessages", "ssm:*", - "ssmmessages:*", - "ec2messages:GetMessages" + "ssmmessages:*" ], "Effect": "Allow", "Resource": "*" diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json index ab9eb13b2c415..24d55d814adad 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.vpc-flow-logs.expected.json @@ -95,15 +95,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "Tags": [ { "Key": "Name", @@ -289,15 +289,15 @@ "VPCPublicSubnet3NATGatewayD3048F5C": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet3Subnet631C5E25" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet3EIPAD4BC883", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet3Subnet631C5E25" - }, "Tags": [ { "Key": "Name", @@ -606,8 +606,8 @@ { "Action": [ "logs:CreateLogStream", - "logs:PutLogEvents", - "logs:DescribeLogStreams" + "logs:DescribeLogStreams", + "logs:PutLogEvents" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json b/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json index e2aefa9185424..3f6dd7b36d92e 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json +++ b/packages/@aws-cdk/aws-ecr-assets/test/integ.assets-docker.expected.json @@ -11,8 +11,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -76,4 +76,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json b/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json index 7e23b25796d4e..8860ef52935b1 100644 --- a/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json +++ b/packages/@aws-cdk/aws-ecr-assets/test/integ.nested-stacks-docker.expected.json @@ -17,7 +17,7 @@ }, "/", { - "Ref": "AssetParameters08bf71a5b9aa57c58cc7510137ed079260aac01394d01f4c29a9778ac890b816S3Bucket40925BAC" + "Ref": "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3Bucket74894234" }, "/", { @@ -27,7 +27,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters08bf71a5b9aa57c58cc7510137ed079260aac01394d01f4c29a9778ac890b816S3VersionKey30F5671B" + "Ref": "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3VersionKeyD1E9C856" } ] } @@ -40,7 +40,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters08bf71a5b9aa57c58cc7510137ed079260aac01394d01f4c29a9778ac890b816S3VersionKey30F5671B" + "Ref": "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3VersionKeyD1E9C856" } ] } @@ -55,17 +55,17 @@ } }, "Parameters": { - "AssetParameters08bf71a5b9aa57c58cc7510137ed079260aac01394d01f4c29a9778ac890b816S3Bucket40925BAC": { + "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3Bucket74894234": { "Type": "String", - "Description": "S3 bucket for asset \"08bf71a5b9aa57c58cc7510137ed079260aac01394d01f4c29a9778ac890b816\"" + "Description": "S3 bucket for asset \"1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39\"" }, - "AssetParameters08bf71a5b9aa57c58cc7510137ed079260aac01394d01f4c29a9778ac890b816S3VersionKey30F5671B": { + "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39S3VersionKeyD1E9C856": { "Type": "String", - "Description": "S3 key for asset version \"08bf71a5b9aa57c58cc7510137ed079260aac01394d01f4c29a9778ac890b816\"" + "Description": "S3 key for asset version \"1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39\"" }, - "AssetParameters08bf71a5b9aa57c58cc7510137ed079260aac01394d01f4c29a9778ac890b816ArtifactHash98F3F6F7": { + "AssetParameters1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39ArtifactHash4D458F5E": { "Type": "String", - "Description": "Artifact hash for asset \"08bf71a5b9aa57c58cc7510137ed079260aac01394d01f4c29a9778ac890b816\"" + "Description": "Artifact hash for asset \"1107443cdc71fce9cccfb7fb4c7c73078878ffb8d631c739c41d45ae40616f39\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service.expected.json index 2364b79c8b0b5..885d665752a94 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/ec2/integ.multiple-application-load-balanced-ecs-service.expected.json @@ -473,8 +473,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -617,10 +617,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -655,7 +655,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -683,24 +685,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "ClusterEB0386A7", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -778,6 +762,17 @@ } } }, + "ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicFE5437FB": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/Cluster/DefaultAutoScalingGroup" + } + ] + } + }, "ClusterDefaultAutoScalingGroupLifecycleHookDrainHookRole70201663": { "Type": "AWS::IAM::Role", "Properties": { @@ -824,17 +819,6 @@ ] } }, - "ClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicFE5437FB": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/Cluster/DefaultAutoScalingGroup" - } - ] - } - }, "ClusterDefaultAutoScalingGroupLifecycleHookDrainHook4A9A4325": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.lit.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.lit.expected.json index e96ad6a2bbad7..c068504073cba 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.lit.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/ec2/integ.scheduled-ecs-task.lit.expected.json @@ -293,8 +293,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -434,10 +434,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -472,7 +472,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -500,24 +502,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -595,6 +579,17 @@ } } }, + "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup" + } + ] + } + }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B": { "Type": "AWS::IAM::Role", "Properties": { @@ -641,17 +636,6 @@ ] } }, - "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup" - } - ] - } - }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookFFA63029": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json index 1be85fbb5e688..01c7cb601a90c 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.asset-image.expected.json @@ -579,8 +579,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json index 74e53d75a507a..8e44e25a0c5ac 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.circuit-breaker-queue-processing-fargate-service.expected.json @@ -403,11 +403,11 @@ "Statement": [ { "Action": [ - "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", "sqs:DeleteMessage", - "sqs:GetQueueAttributes" + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ReceiveMessage" ], "Effect": "Allow", "Resource": { @@ -530,8 +530,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.executionrole.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.executionrole.expected.json index dc83169a668a9..e05187b70855e 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.executionrole.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.executionrole.expected.json @@ -367,14 +367,10 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "ecs.amazonaws.com" - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" + "Service": [ + "ecs-tasks.amazonaws.com", + "ecs.amazonaws.com" + ] } } ], diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json index 2414ce426a716..07eefdc4a2629 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-isolated.expected.json @@ -712,11 +712,11 @@ "Statement": [ { "Action": [ - "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", "sqs:DeleteMessage", - "sqs:GetQueueAttributes" + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ReceiveMessage" ], "Effect": "Allow", "Resource": { @@ -839,8 +839,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json index 8af962023d1d2..66c9a16e4a4e4 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service-public.expected.json @@ -562,11 +562,11 @@ "Statement": [ { "Action": [ - "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", "sqs:DeleteMessage", - "sqs:GetQueueAttributes" + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ReceiveMessage" ], "Effect": "Allow", "Resource": { @@ -606,8 +606,8 @@ "Essential": true, "HealthCheck": { "Command": [ - "CMD-SHELL", - "curl -f http://localhost/ || exit 1" + "CMD-SHELL", + "curl -f http://localhost/ || exit 1" ], "Interval": 720, "Retries": 34, @@ -698,8 +698,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json index 48bab449fe610..1eab7f10bddc6 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.queue-processing-fargate-service.expected.json @@ -403,11 +403,11 @@ "Statement": [ { "Action": [ - "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", "sqs:DeleteMessage", - "sqs:GetQueueAttributes" + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ReceiveMessage" ], "Effect": "Allow", "Resource": { @@ -530,8 +530,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json index e580c83502abd..5110af7cc54eb 100644 --- a/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json +++ b/packages/@aws-cdk/aws-ecs-patterns/test/fargate/integ.scheduled-fargate-task.lit.expected.json @@ -363,8 +363,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -459,22 +459,20 @@ { "Action": "iam:PassRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "ScheduledFargateTaskScheduledTaskDefExecutionRoleD37356D5", - "Arn" - ] - } - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "ScheduledFargateTaskScheduledTaskDefTaskRoleD0FF16AD", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "ScheduledFargateTaskScheduledTaskDefExecutionRoleD37356D5", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "ScheduledFargateTaskScheduledTaskDefTaskRoleD0FF16AD", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.app-mesh-proxy-config.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.app-mesh-proxy-config.expected.json index 2e5eed7f911c6..f7b2939f2f34d 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.app-mesh-proxy-config.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.app-mesh-proxy-config.expected.json @@ -95,15 +95,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VpcPublicSubnet2NATGateway9182C01D": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "Tags": [ { "Key": "Name", @@ -452,8 +452,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -596,10 +596,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -634,7 +634,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -662,24 +664,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -757,6 +741,17 @@ } } }, + "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/EcsCluster/DefaultAutoScalingGroup" + } + ] + } + }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B": { "Type": "AWS::IAM::Role", "Properties": { @@ -803,17 +798,6 @@ ] } }, - "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/EcsCluster/DefaultAutoScalingGroup" - } - ] - } - }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookFFA63029": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.bottlerocket.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.bottlerocket.expected.json index 45ea355b976e9..5a406ea170864 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.bottlerocket.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.bottlerocket.expected.json @@ -446,8 +446,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -590,10 +590,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -628,7 +628,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -656,24 +658,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -751,6 +735,17 @@ } } }, + "EcsClusterbottlerocketasgLifecycleHookDrainHookTopic64509A74": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-bottlerocket/EcsCluster/bottlerocket-asg" + } + ] + } + }, "EcsClusterbottlerocketasgLifecycleHookDrainHookRoleDE4D94EB": { "Type": "AWS::IAM::Role", "Properties": { @@ -797,17 +792,6 @@ ] } }, - "EcsClusterbottlerocketasgLifecycleHookDrainHookTopic64509A74": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ-bottlerocket/EcsCluster/bottlerocket-asg" - } - ] - } - }, "EcsClusterbottlerocketasgLifecycleHookDrainHook59C31812": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.capacity-provider.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.capacity-provider.expected.json index 555d9acc46764..49a82b3c29e9d 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.capacity-provider.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.capacity-provider.expected.json @@ -95,15 +95,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VpcPublicSubnet2NATGateway9182C01D": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "Tags": [ { "Key": "Name", @@ -509,8 +509,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -650,10 +650,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -688,7 +688,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -716,24 +718,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EC2CPClusterD5F0FD32", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -811,6 +795,17 @@ } } }, + "ASGLifecycleHookDrainHookTopicA8AD4ACB": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "integ-ec2-capacity-provider/ASG" + } + ] + } + }, "ASGLifecycleHookDrainHookRoleD640316C": { "Type": "AWS::IAM::Role", "Properties": { @@ -857,17 +852,6 @@ ] } }, - "ASGLifecycleHookDrainHookTopicA8AD4ACB": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "integ-ec2-capacity-provider/ASG" - } - ] - } - }, "ASGLifecycleHookDrainHookFE4AFEBE": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.clb-host-nw.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.clb-host-nw.expected.json index 77ccc9c6c36c6..2443f10d52c04 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.clb-host-nw.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.clb-host-nw.expected.json @@ -95,15 +95,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VpcPublicSubnet2NATGateway9182C01D": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "Tags": [ { "Key": "Name", @@ -473,8 +473,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -617,10 +617,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -655,7 +655,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -683,24 +685,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -778,6 +762,17 @@ } } }, + "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/EcsCluster/DefaultAutoScalingGroup" + } + ] + } + }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B": { "Type": "AWS::IAM::Role", "Properties": { @@ -824,17 +819,6 @@ ] } }, - "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/EcsCluster/DefaultAutoScalingGroup" - } - ] - } - }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookFFA63029": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.cloudmap-container-port.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.cloudmap-container-port.expected.json index da866432d8539..6ff4de4f72d44 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.cloudmap-container-port.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.cloudmap-container-port.expected.json @@ -273,8 +273,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -418,10 +418,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -456,7 +456,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -484,24 +486,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "FargateCluster7CCD5F93", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -579,6 +563,17 @@ } } }, + "FargateClustercapacityLifecycleHookDrainHookTopic390A0E34": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/FargateCluster/capacity" + } + ] + } + }, "FargateClustercapacityLifecycleHookDrainHookRoleDD26E39B": { "Type": "AWS::IAM::Role", "Properties": { @@ -625,17 +620,6 @@ ] } }, - "FargateClustercapacityLifecycleHookDrainHookTopic390A0E34": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/FargateCluster/capacity" - } - ] - } - }, "FargateClustercapacityLifecycleHookDrainHook8AEDE53B": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.environment-file.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.environment-file.expected.json index 9219258ba7016..875db62f1a654 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.environment-file.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.environment-file.expected.json @@ -33,9 +33,9 @@ "Statement": [ { "Action": [ + "s3:DeleteObject*", "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*" + "s3:List*" ], "Effect": "Allow", "Principal": { @@ -635,8 +635,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -779,10 +779,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -817,7 +817,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -845,24 +847,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1174,7 +1158,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, "S3Key": { "Fn::Join": [ @@ -1187,7 +1171,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -1200,7 +1184,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -1308,8 +1292,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1325,7 +1309,8 @@ ":s3:::", { "Ref": "AssetParameters972240f9dd6e036a93d5f081af9a24315b2053828ac049b3b19b2fa12d7ae64aS3Bucket1F1A8472" - } + }, + "/*" ] ] }, @@ -1340,8 +1325,7 @@ ":s3:::", { "Ref": "AssetParameters972240f9dd6e036a93d5f081af9a24315b2053828ac049b3b19b2fa12d7ae64aS3Bucket1F1A8472" - }, - "/*" + } ] ] } @@ -1349,16 +1333,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -1400,7 +1384,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameterse3d9996b6fafcc7da88312672e15e3cc925b02cffc6f01a615d81f22303e3ae0S3BucketB3DDCC13" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3BucketF23C0DE7" }, "S3Key": { "Fn::Join": [ @@ -1413,7 +1397,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameterse3d9996b6fafcc7da88312672e15e3cc925b02cffc6f01a615d81f22303e3ae0S3VersionKey3418DF70" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D" } ] } @@ -1426,7 +1410,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameterse3d9996b6fafcc7da88312672e15e3cc925b02cffc6f01a615d81f22303e3ae0S3VersionKey3418DF70" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D" } ] } @@ -1525,29 +1509,29 @@ "Type": "String", "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse3d9996b6fafcc7da88312672e15e3cc925b02cffc6f01a615d81f22303e3ae0S3BucketB3DDCC13": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3BucketF23C0DE7": { "Type": "String", - "Description": "S3 bucket for asset \"e3d9996b6fafcc7da88312672e15e3cc925b02cffc6f01a615d81f22303e3ae0\"" + "Description": "S3 bucket for asset \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, - "AssetParameterse3d9996b6fafcc7da88312672e15e3cc925b02cffc6f01a615d81f22303e3ae0S3VersionKey3418DF70": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D": { "Type": "String", - "Description": "S3 key for asset version \"e3d9996b6fafcc7da88312672e15e3cc925b02cffc6f01a615d81f22303e3ae0\"" + "Description": "S3 key for asset version \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, - "AssetParameterse3d9996b6fafcc7da88312672e15e3cc925b02cffc6f01a615d81f22303e3ae0ArtifactHash9D8F179A": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daArtifactHashD85D28D8": { "Type": "String", - "Description": "Artifact hash for asset \"e3d9996b6fafcc7da88312672e15e3cc925b02cffc6f01a615d81f22303e3ae0\"" + "Description": "Artifact hash for asset \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, "AssetParameters972240f9dd6e036a93d5f081af9a24315b2053828ac049b3b19b2fa12d7ae64aS3Bucket1F1A8472": { "Type": "String", diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.exec-command.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.exec-command.expected.json index 8748132b68636..7e4e0f4fb0eb4 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.exec-command.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.exec-command.expected.json @@ -385,11 +385,11 @@ }, { "Action": [ - "kms:Encrypt*", "kms:Decrypt*", - "kms:ReEncrypt*", + "kms:Describe*", + "kms:Encrypt*", "kms:GenerateDataKey*", - "kms:Describe*" + "kms:ReEncrypt*" ], "Condition": { "ArnLike": { @@ -596,8 +596,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -740,10 +740,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -778,7 +778,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -806,24 +808,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "Ec2ClusterEE43E89D", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1006,6 +990,8 @@ "Statement": [ { "Action": [ + "logs:DescribeLogGroups", + "s3:GetBucketLocation", "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", @@ -1027,11 +1013,6 @@ ] } }, - { - "Action": "logs:DescribeLogGroups", - "Effect": "Allow", - "Resource": "*" - }, { "Action": [ "logs:CreateLogStream", @@ -1064,11 +1045,6 @@ ] } }, - { - "Action": "s3:GetBucketLocation", - "Effect": "Allow", - "Resource": "*" - }, { "Action": "s3:PutObject", "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.firelens-s3-config.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.firelens-s3-config.expected.json index b082b18fd7281..aca6607f04d70 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.firelens-s3-config.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.firelens-s3-config.expected.json @@ -452,8 +452,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -596,10 +596,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -634,7 +634,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -662,24 +664,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -757,6 +741,17 @@ } } }, + "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/EcsCluster/DefaultAutoScalingGroup" + } + ] + } + }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B": { "Type": "AWS::IAM::Role", "Properties": { @@ -803,17 +798,6 @@ ] } }, - "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/EcsCluster/DefaultAutoScalingGroup" - } - ] - } - }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookFFA63029": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { @@ -996,10 +980,10 @@ "Statement": [ { "Action": [ - "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": "*" diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.graviton-bottlerocket.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.graviton-bottlerocket.expected.json index f2c15441bbe28..6dfbe283bb327 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.graviton-bottlerocket.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.graviton-bottlerocket.expected.json @@ -478,8 +478,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -622,10 +622,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -660,7 +660,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -688,24 +690,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -783,6 +767,17 @@ } } }, + "EcsClustergravitonclusterLifecycleHookDrainHookTopic0A778AAC": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/EcsCluster/graviton-cluster" + } + ] + } + }, "EcsClustergravitonclusterLifecycleHookDrainHookRoleA16C85AD": { "Type": "AWS::IAM::Role", "Properties": { @@ -829,17 +824,6 @@ ] } }, - "EcsClustergravitonclusterLifecycleHookDrainHookTopic0A778AAC": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/EcsCluster/graviton-cluster" - } - ] - } - }, "EcsClustergravitonclusterLifecycleHookDrainHookA1F91B1B": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { @@ -871,4 +855,4 @@ "Default": "/aws/service/bottlerocket/aws-ecs-1/arm64/latest/image_id" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.graviton.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.graviton.expected.json index c2b3eeecc8ddf..16c47fb72cba6 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.graviton.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.graviton.expected.json @@ -452,8 +452,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -596,10 +596,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -634,7 +634,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -662,24 +664,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -757,6 +741,17 @@ } } }, + "EcsClustergravitonclusterLifecycleHookDrainHookTopic0A778AAC": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/EcsCluster/graviton-cluster" + } + ] + } + }, "EcsClustergravitonclusterLifecycleHookDrainHookRoleA16C85AD": { "Type": "AWS::IAM::Role", "Properties": { @@ -803,17 +798,6 @@ ] } }, - "EcsClustergravitonclusterLifecycleHookDrainHookTopic0A778AAC": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/EcsCluster/graviton-cluster" - } - ] - } - }, "EcsClustergravitonclusterLifecycleHookDrainHookA1F91B1B": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-awsvpc-nw.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-awsvpc-nw.expected.json index fb1143317da2c..d46faf1396a29 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-awsvpc-nw.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-awsvpc-nw.expected.json @@ -452,8 +452,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -596,10 +596,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -634,7 +634,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -662,24 +664,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -757,6 +741,17 @@ } } }, + "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ/EcsCluster/DefaultAutoScalingGroup" + } + ] + } + }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B": { "Type": "AWS::IAM::Role", "Properties": { @@ -803,17 +798,6 @@ ] } }, - "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ/EcsCluster/DefaultAutoScalingGroup" - } - ] - } - }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookFFA63029": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-bridge-nw.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-bridge-nw.expected.json index 662773111278c..d5599176ddb20 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-bridge-nw.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.lb-bridge-nw.expected.json @@ -473,8 +473,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -617,10 +617,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -655,7 +655,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -683,24 +685,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -778,6 +762,17 @@ } } }, + "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup" + } + ] + } + }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B": { "Type": "AWS::IAM::Role", "Properties": { @@ -824,17 +819,6 @@ ] } }, - "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup" - } - ] - } - }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookFFA63029": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.sd-awsvpc-nw.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.sd-awsvpc-nw.expected.json index 353debc6de544..5faebad17a091 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.sd-awsvpc-nw.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.sd-awsvpc-nw.expected.json @@ -95,15 +95,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VpcPublicSubnet2NATGateway9182C01D": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "Tags": [ { "Key": "Name", @@ -452,8 +452,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -596,10 +596,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -634,7 +634,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -662,24 +664,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -757,6 +741,17 @@ } } }, + "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup" + } + ] + } + }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B": { "Type": "AWS::IAM::Role", "Properties": { @@ -803,17 +798,6 @@ ] } }, - "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup" - } - ] - } - }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookFFA63029": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.sd-bridge-nw.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.sd-bridge-nw.expected.json index 4722ee003bef2..b5b5299e5dc50 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.sd-bridge-nw.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.sd-bridge-nw.expected.json @@ -95,15 +95,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VpcPublicSubnet2NATGateway9182C01D": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "Tags": [ { "Key": "Name", @@ -452,8 +452,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -596,10 +596,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -634,7 +634,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -662,24 +664,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -757,6 +741,17 @@ } } }, + "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup" + } + ] + } + }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B": { "Type": "AWS::IAM::Role", "Properties": { @@ -803,17 +798,6 @@ ] } }, - "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup" - } - ] - } - }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookFFA63029": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.secret-json-field.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.secret-json-field.expected.json index b14c1d7855e8c..e48ef0159d603 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.secret-json-field.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.secret-json-field.expected.json @@ -98,8 +98,8 @@ "Statement": [ { "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret" + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-ecs/test/ec2/integ.spot-drain.expected.json b/packages/@aws-cdk/aws-ecs/test/ec2/integ.spot-drain.expected.json index 20ba3cf89516e..15f4ab5f3a8fb 100644 --- a/packages/@aws-cdk/aws-ecs/test/ec2/integ.spot-drain.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/ec2/integ.spot-drain.expected.json @@ -95,15 +95,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VpcPublicSubnet2NATGateway9182C01D": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "Tags": [ { "Key": "Name", @@ -452,8 +452,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -598,10 +598,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -636,7 +636,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -664,24 +666,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -759,6 +743,17 @@ } } }, + "EcsClusterasgSpotLifecycleHookDrainHookTopic6212EC83": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-spot/EcsCluster/asgSpot" + } + ] + } + }, "EcsClusterasgSpotLifecycleHookDrainHookRole1B427C77": { "Type": "AWS::IAM::Role", "Properties": { @@ -805,17 +800,6 @@ ] } }, - "EcsClusterasgSpotLifecycleHookDrainHookTopic6212EC83": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ-spot/EcsCluster/asgSpot" - } - ] - } - }, "EcsClusterasgSpotLifecycleHookDrainHook91178D34": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { @@ -934,8 +918,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -1079,10 +1063,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -1117,7 +1101,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -1145,24 +1131,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1240,6 +1208,17 @@ } } }, + "EcsClusterasgOdLifecycleHookDrainHookTopic673CE202": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-spot/EcsCluster/asgOd" + } + ] + } + }, "EcsClusterasgOdLifecycleHookDrainHookRole695B2DF1": { "Type": "AWS::IAM::Role", "Properties": { @@ -1286,17 +1265,6 @@ ] } }, - "EcsClusterasgOdLifecycleHookDrainHookTopic673CE202": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ-spot/EcsCluster/asgOd" - } - ] - } - }, "EcsClusterasgOdLifecycleHookDrainHook03AC5A9E": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { diff --git a/packages/@aws-cdk/aws-ecs/test/fargate/integ.exec-command.expected.json b/packages/@aws-cdk/aws-ecs/test/fargate/integ.exec-command.expected.json index 19e6073340ac7..c721e1a88a58f 100644 --- a/packages/@aws-cdk/aws-ecs/test/fargate/integ.exec-command.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/fargate/integ.exec-command.expected.json @@ -385,11 +385,11 @@ }, { "Action": [ - "kms:Encrypt*", "kms:Decrypt*", - "kms:ReEncrypt*", + "kms:Describe*", + "kms:Encrypt*", "kms:GenerateDataKey*", - "kms:Describe*" + "kms:ReEncrypt*" ], "Condition": { "ArnLike": { @@ -526,6 +526,8 @@ "Statement": [ { "Action": [ + "logs:DescribeLogGroups", + "s3:GetBucketLocation", "ssmmessages:CreateControlChannel", "ssmmessages:CreateDataChannel", "ssmmessages:OpenControlChannel", @@ -547,11 +549,6 @@ ] } }, - { - "Action": "logs:DescribeLogGroups", - "Effect": "Allow", - "Resource": "*" - }, { "Action": [ "logs:CreateLogStream", @@ -584,11 +581,6 @@ ] } }, - { - "Action": "s3:GetBucketLocation", - "Effect": "Allow", - "Resource": "*" - }, { "Action": "s3:PutObject", "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-ecs/test/fargate/integ.firelens-cloudwatch.expected.json b/packages/@aws-cdk/aws-ecs/test/fargate/integ.firelens-cloudwatch.expected.json index a10c635e498d6..cb9c0a2de453d 100644 --- a/packages/@aws-cdk/aws-ecs/test/fargate/integ.firelens-cloudwatch.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/fargate/integ.firelens-cloudwatch.expected.json @@ -497,10 +497,10 @@ "Statement": [ { "Action": [ - "ecr:GetAuthorizationToken", "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetAuthorizationToken", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": "*" diff --git a/packages/@aws-cdk/aws-ecs/test/fargate/integ.secret.expected.json b/packages/@aws-cdk/aws-ecs/test/fargate/integ.secret.expected.json index f86ae24841bbf..b67b0d4c5df1d 100644 --- a/packages/@aws-cdk/aws-ecs/test/fargate/integ.secret.expected.json +++ b/packages/@aws-cdk/aws-ecs/test/fargate/integ.secret.expected.json @@ -105,8 +105,8 @@ "Statement": [ { "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret" + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-cluster.defaults.expected.json b/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-cluster.defaults.expected.json index f98225e84b35e..5c74a6682063e 100644 --- a/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-cluster.defaults.expected.json +++ b/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-cluster.defaults.expected.json @@ -108,15 +108,15 @@ "ClusterDefaultVpcPublicSubnet1NATGateway6E21013E": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA" + }, "AllocationId": { "Fn::GetAtt": [ "ClusterDefaultVpcPublicSubnet1EIP498E2BD2", "AllocationId" ] }, - "SubnetId": { - "Ref": "ClusterDefaultVpcPublicSubnet1Subnet3BFE1BDA" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -221,15 +221,15 @@ "ClusterDefaultVpcPublicSubnet2NATGateway4AF4B728": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966" + }, "AllocationId": { "Fn::GetAtt": [ "ClusterDefaultVpcPublicSubnet2EIP265F4810", "AllocationId" ] }, - "SubnetId": { - "Ref": "ClusterDefaultVpcPublicSubnet2SubnetC4E9A966" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -334,15 +334,15 @@ "ClusterDefaultVpcPublicSubnet3NATGatewayEF4BA49A": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "ClusterDefaultVpcPublicSubnet3Subnet1A46184A" + }, "AllocationId": { "Fn::GetAtt": [ "ClusterDefaultVpcPublicSubnet3EIP0CBF6D05", "AllocationId" ] }, - "SubnetId": { - "Ref": "ClusterDefaultVpcPublicSubnet3Subnet1A46184A" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -706,8 +706,8 @@ { "Action": [ "eks:CreateCluster", - "eks:DescribeCluster", "eks:DeleteCluster", + "eks:DescribeCluster", "eks:UpdateClusterVersion" ], "Effect": "Allow", @@ -775,14 +775,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "ClusterResourceHandlerServiceRole7FB16465", "Arn" ] }, - "Runtime": "python3.7", + "Handler": "index.handler", "Layers": [ { "Fn::GetAtt": [ @@ -792,6 +791,7 @@ } ], "MemorySize": 512, + "Runtime": "python3.7", "Timeout": 900 }, "DependsOn": [ @@ -891,14 +891,12 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "ClusterResourceHandlerServiceRole7FB16465", "Arn" ] }, - "Runtime": "python3.7", "Environment": { "Variables": { "CLUSTER_NAME": { @@ -906,6 +904,7 @@ } } }, + "Handler": "index.handler", "Layers": [ { "Fn::GetAtt": [ @@ -915,6 +914,7 @@ } ], "MemorySize": 256, + "Runtime": "python3.7", "Timeout": 900 }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-cluster.lit.expected.json b/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-cluster.lit.expected.json index 254e46a33dfd5..d393b5ea37f10 100644 --- a/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-cluster.lit.expected.json +++ b/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-cluster.lit.expected.json @@ -108,15 +108,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -221,15 +221,15 @@ "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -334,15 +334,15 @@ "VPCPublicSubnet3NATGatewayD3048F5C": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet3Subnet631C5E25" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet3EIPAD4BC883", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet3Subnet631C5E25" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -706,8 +706,8 @@ { "Action": [ "eks:CreateCluster", - "eks:DescribeCluster", "eks:DeleteCluster", + "eks:DescribeCluster", "eks:UpdateClusterVersion" ], "Effect": "Allow", @@ -775,14 +775,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "EKSClusterResourceHandlerServiceRoleFD631254", "Arn" ] }, - "Runtime": "python3.7", + "Handler": "index.handler", "Layers": [ { "Fn::GetAtt": [ @@ -792,6 +791,7 @@ } ], "MemorySize": 512, + "Runtime": "python3.7", "Timeout": 900 }, "DependsOn": [ @@ -891,14 +891,12 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "EKSClusterResourceHandlerServiceRoleFD631254", "Arn" ] }, - "Runtime": "python3.7", "Environment": { "Variables": { "CLUSTER_NAME": { @@ -906,6 +904,7 @@ } } }, + "Handler": "index.handler", "Layers": [ { "Fn::GetAtt": [ @@ -915,6 +914,7 @@ } ], "MemorySize": 256, + "Runtime": "python3.7", "Timeout": 900 }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-helm.lit.expected.json b/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-helm.lit.expected.json index ba37ddbe77d70..114dd6f18a77c 100644 --- a/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-helm.lit.expected.json +++ b/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-helm.lit.expected.json @@ -108,15 +108,15 @@ "vpcPublicSubnet1NATGateway9C16659E": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, "AllocationId": { "Fn::GetAtt": [ "vpcPublicSubnet1EIPDA49DCBE", "AllocationId" ] }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -221,15 +221,15 @@ "vpcPublicSubnet2NATGateway9B8AE11A": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, "AllocationId": { "Fn::GetAtt": [ "vpcPublicSubnet2EIP9B3743B1", "AllocationId" ] }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -570,8 +570,8 @@ { "Action": [ "eks:CreateCluster", - "eks:DescribeCluster", "eks:DeleteCluster", + "eks:DescribeCluster", "eks:UpdateClusterVersion" ], "Effect": "Allow", @@ -639,14 +639,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "cluster22ResourceHandlerServiceRoleC2E4F327", "Arn" ] }, - "Runtime": "python3.7", + "Handler": "index.handler", "Layers": [ { "Fn::GetAtt": [ @@ -656,6 +655,7 @@ } ], "MemorySize": 512, + "Runtime": "python3.7", "Timeout": 900 }, "DependsOn": [ @@ -749,14 +749,12 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "cluster22ResourceHandlerServiceRoleC2E4F327", "Arn" ] }, - "Runtime": "python3.7", "Environment": { "Variables": { "CLUSTER_NAME": { @@ -764,6 +762,7 @@ } } }, + "Handler": "index.handler", "Layers": [ { "Fn::GetAtt": [ @@ -773,6 +772,7 @@ } ], "MemorySize": 256, + "Runtime": "python3.7", "Timeout": 900 }, "DependsOn": [ @@ -1159,14 +1159,12 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "cluster22ResourceHandlerServiceRoleC2E4F327", "Arn" ] }, - "Runtime": "python3.7", "Environment": { "Variables": { "CLUSTER_NAME": { @@ -1174,6 +1172,7 @@ } } }, + "Handler": "index.handler", "Layers": [ { "Fn::GetAtt": [ @@ -1183,6 +1182,7 @@ } ], "MemorySize": 256, + "Runtime": "python3.7", "Timeout": 900 }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-kubectl.lit.expected.json b/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-kubectl.lit.expected.json index fd726b6e62f29..a940f5d6d2f91 100644 --- a/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-kubectl.lit.expected.json +++ b/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-kubectl.lit.expected.json @@ -108,15 +108,15 @@ "vpcPublicSubnet1NATGateway9C16659E": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, "AllocationId": { "Fn::GetAtt": [ "vpcPublicSubnet1EIPDA49DCBE", "AllocationId" ] }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -221,15 +221,15 @@ "vpcPublicSubnet2NATGateway9B8AE11A": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, "AllocationId": { "Fn::GetAtt": [ "vpcPublicSubnet2EIP9B3743B1", "AllocationId" ] }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -570,8 +570,8 @@ { "Action": [ "eks:CreateCluster", - "eks:DescribeCluster", "eks:DeleteCluster", + "eks:DescribeCluster", "eks:UpdateClusterVersion" ], "Effect": "Allow", @@ -639,14 +639,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "cluster22ResourceHandlerServiceRoleC2E4F327", "Arn" ] }, - "Runtime": "python3.7", + "Handler": "index.handler", "Layers": [ { "Fn::GetAtt": [ @@ -656,6 +655,7 @@ } ], "MemorySize": 512, + "Runtime": "python3.7", "Timeout": 900 }, "DependsOn": [ @@ -749,14 +749,12 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "cluster22ResourceHandlerServiceRoleC2E4F327", "Arn" ] }, - "Runtime": "python3.7", "Environment": { "Variables": { "CLUSTER_NAME": { @@ -764,6 +762,7 @@ } } }, + "Handler": "index.handler", "Layers": [ { "Fn::GetAtt": [ @@ -773,6 +772,7 @@ } ], "MemorySize": 256, + "Runtime": "python3.7", "Timeout": 900 }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-spot.expected.json b/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-spot.expected.json index 56f7f71864838..86083856ff4db 100644 --- a/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-spot.expected.json +++ b/packages/@aws-cdk/aws-eks-legacy/test/integ.eks-spot.expected.json @@ -108,15 +108,15 @@ "vpcPublicSubnet1NATGateway9C16659E": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "vpcPublicSubnet1Subnet2E65531E" + }, "AllocationId": { "Fn::GetAtt": [ "vpcPublicSubnet1EIPDA49DCBE", "AllocationId" ] }, - "SubnetId": { - "Ref": "vpcPublicSubnet1Subnet2E65531E" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -221,15 +221,15 @@ "vpcPublicSubnet2NATGateway9B8AE11A": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "vpcPublicSubnet2Subnet009B674F" + }, "AllocationId": { "Fn::GetAtt": [ "vpcPublicSubnet2EIP9B3743B1", "AllocationId" ] }, - "SubnetId": { - "Ref": "vpcPublicSubnet2Subnet009B674F" - }, "Tags": [ { "Key": "kubernetes.io/role/elb", @@ -544,8 +544,8 @@ { "Action": [ "eks:CreateCluster", - "eks:DescribeCluster", "eks:DeleteCluster", + "eks:DescribeCluster", "eks:UpdateClusterVersion" ], "Effect": "Allow", @@ -613,14 +613,13 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "myClusterResourceHandlerServiceRole95F554E2", "Arn" ] }, - "Runtime": "python3.7", + "Handler": "index.handler", "Layers": [ { "Fn::GetAtt": [ @@ -630,6 +629,7 @@ } ], "MemorySize": 512, + "Runtime": "python3.7", "Timeout": 900 }, "DependsOn": [ @@ -723,14 +723,12 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "myClusterResourceHandlerServiceRole95F554E2", "Arn" ] }, - "Runtime": "python3.7", "Environment": { "Variables": { "CLUSTER_NAME": { @@ -738,6 +736,7 @@ } } }, + "Handler": "index.handler", "Layers": [ { "Fn::GetAtt": [ @@ -747,6 +746,7 @@ } ], "MemorySize": 256, + "Runtime": "python3.7", "Timeout": 900 }, "DependsOn": [ diff --git a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json index 9d6734c074f69..b46c3360007da 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.alb-controller.expected.json @@ -629,54 +629,30 @@ }, { "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DeleteFargateProfile", "eks:DescribeCluster", + "eks:DescribeFargateProfile", "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion", + "iam:CreateServiceLinkedRole", "iam:GetRole", "iam:listAttachedRolePolicies" ], "Effect": "Allow", "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1124,7 +1100,7 @@ }, "/", { - "Ref": "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31S3BucketBEA8E31E" + "Ref": "AssetParametersbaac0f9c3fa157fdefb24f5722cf1776b897344d12e3dc620c62499051d29c88S3Bucket6B6D2051" }, "/", { @@ -1134,7 +1110,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31S3VersionKey86EE1B0C" + "Ref": "AssetParametersbaac0f9c3fa157fdefb24f5722cf1776b897344d12e3dc620c62499051d29c88S3VersionKey41E00248" } ] } @@ -1147,7 +1123,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31S3VersionKey86EE1B0C" + "Ref": "AssetParametersbaac0f9c3fa157fdefb24f5722cf1776b897344d12e3dc620c62499051d29c88S3VersionKey41E00248" } ] } @@ -1157,11 +1133,11 @@ ] }, "Parameters": { - "referencetoawscdkeksclusteralbcontrollertestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket4FD6630ARef": { - "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681" + "referencetoawscdkeksclusteralbcontrollertestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket11BD506ARef": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097" }, - "referencetoawscdkeksclusteralbcontrollertestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKey991D5128Ref": { - "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791" + "referencetoawscdkeksclusteralbcontrollertestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKeyCDACFD96Ref": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224" }, "referencetoawscdkeksclusteralbcontrollertestClusterCreationRoleA16C24E9Arn": { "Fn::GetAtt": [ @@ -1169,17 +1145,17 @@ "Arn" ] }, - "referencetoawscdkeksclusteralbcontrollertestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3BucketE25795A8Ref": { - "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F" + "referencetoawscdkeksclusteralbcontrollertestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket09170EE6Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E" }, - "referencetoawscdkeksclusteralbcontrollertestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKeyE4320F93Ref": { - "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56" + "referencetoawscdkeksclusteralbcontrollertestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey1E6A5085Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF" }, - "referencetoawscdkeksclusteralbcontrollertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketED32B211Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksclusteralbcontrollertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketC19FFBF9Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksclusteralbcontrollertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey6FD8F5E5Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksclusteralbcontrollertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKey33198584Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1199,7 +1175,7 @@ }, "/", { - "Ref": "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bS3BucketFAB8EA28" + "Ref": "AssetParameters593e1554d936515ed816bde018bcb82c771146f0ba63531b011d8addb5c3a90aS3BucketDF00C8B8" }, "/", { @@ -1209,7 +1185,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bS3VersionKey33497690" + "Ref": "AssetParameters593e1554d936515ed816bde018bcb82c771146f0ba63531b011d8addb5c3a90aS3VersionKey9504F126" } ] } @@ -1222,7 +1198,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bS3VersionKey33497690" + "Ref": "AssetParameters593e1554d936515ed816bde018bcb82c771146f0ba63531b011d8addb5c3a90aS3VersionKey9504F126" } ] } @@ -1244,11 +1220,11 @@ "Arn" ] }, - "referencetoawscdkeksclusteralbcontrollertestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3Bucket71A947E9Ref": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9" + "referencetoawscdkeksclusteralbcontrollertestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3BucketA8BA1BB9Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3" }, - "referencetoawscdkeksclusteralbcontrollertestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKey515289E4Ref": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421" + "referencetoawscdkeksclusteralbcontrollertestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKey9A9C820BRef": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291" }, "referencetoawscdkeksclusteralbcontrollertestVpcPrivateSubnet1Subnet7C7DBEE5Ref": { "Ref": "VpcPrivateSubnet1Subnet536B997A" @@ -1265,11 +1241,11 @@ "ClusterSecurityGroupId" ] }, - "referencetoawscdkeksclusteralbcontrollertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3Bucket6CB090A8Ref": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" + "referencetoawscdkeksclusteralbcontrollertestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3Bucket1FA2468ERef": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, - "referencetoawscdkeksclusteralbcontrollertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKey980A7F7CRef": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + "referencetoawscdkeksclusteralbcontrollertestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey22C96426Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" }, "referencetoawscdkeksclusteralbcontrollertestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3Bucket65F5BE5ARef": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" @@ -1277,11 +1253,11 @@ "referencetoawscdkeksclusteralbcontrollertestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKey036DDFD3Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565" }, - "referencetoawscdkeksclusteralbcontrollertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketED32B211Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksclusteralbcontrollertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketC19FFBF9Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksclusteralbcontrollertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey6FD8F5E5Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksclusteralbcontrollertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKey33198584Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1389,69 +1365,62 @@ }, { "Action": [ + "acm:DescribeCertificate", + "acm:ListCertificates", + "cognito-idp:DescribeUserPoolClient", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", - "ec2:DescribeInternetGateways", - "ec2:DescribeVpcs", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", + "ec2:DescribeCoipPools", "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", "ec2:DescribeTags", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", "ec2:GetCoipPoolUsage", - "ec2:DescribeCoipPools", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeListeners", + "ec2:RevokeSecurityGroupIngress", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteRule", "elasticloadbalancing:DescribeListenerCertificates", - "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:DescribeTags" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cognito-idp:DescribeUserPoolClient", - "acm:ListCertificates", - "acm:DescribeCertificate", - "iam:ListServerCertificates", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:ModifyRule", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:SetWebAcl", "iam:GetServerCertificate", - "waf-regional:GetWebACL", - "waf-regional:GetWebACLForResource", + "iam:ListServerCertificates", + "shield:CreateProtection", + "shield:DeleteProtection", + "shield:DescribeProtection", + "shield:GetSubscriptionState", "waf-regional:AssociateWebACL", "waf-regional:DisassociateWebACL", - "wafv2:GetWebACL", - "wafv2:GetWebACLForResource", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", "wafv2:AssociateWebACL", "wafv2:DisassociateWebACL", - "shield:GetSubscriptionState", - "shield:DescribeProtection", - "shield:CreateProtection", - "shield:DeleteProtection" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:RevokeSecurityGroupIngress" + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource" ], "Effect": "Allow", "Resource": "*" }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "*" - }, { "Action": "ec2:CreateTags", "Condition": { @@ -1482,8 +1451,16 @@ { "Action": [ "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupIngress", - "ec2:DeleteSecurityGroup" + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets" ], "Condition": { "Null": { @@ -1506,16 +1483,6 @@ "Effect": "Allow", "Resource": "*" }, - { - "Action": [ - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:DeleteRule" - ], - "Effect": "Allow", - "Resource": "*" - }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1529,9 +1496,9 @@ }, "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" ] }, { @@ -1541,49 +1508,19 @@ ], "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*" ] }, { "Action": [ - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:SetIpAddressType", - "elasticloadbalancing:SetSecurityGroups", - "elasticloadbalancing:SetSubnets", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:ModifyTargetGroupAttributes", - "elasticloadbalancing:DeleteTargetGroup" - ], - "Condition": { - "Null": { - "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:DeregisterTargets" + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:RegisterTargets" ], "Effect": "Allow", "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" - }, - { - "Action": [ - "elasticloadbalancing:SetWebAcl", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:RemoveListenerCertificates", - "elasticloadbalancing:ModifyRule" - ], - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1748,7 +1685,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3Bucket211A9156" }, "S3Key": { "Fn::Join": [ @@ -1761,7 +1698,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC" } ] } @@ -1774,7 +1711,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC" } ] } @@ -1826,7 +1763,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3Bucket6F458959" }, "S3Key": { "Fn::Join": [ @@ -1839,7 +1776,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E" } ] } @@ -1852,7 +1789,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E" } ] } @@ -2074,7 +2011,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -2087,7 +2024,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -2100,7 +2037,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -2215,65 +2152,65 @@ } }, "Parameters": { - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097": { "Type": "String", - "Description": "S3 bucket for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "S3 bucket for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224": { "Type": "String", - "Description": "S3 key for asset version \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "S3 key for asset version \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665ArtifactHash9EA5AC29": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeArtifactHash515E16AE": { "Type": "String", - "Description": "Artifact hash for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "Artifact hash for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E": { "Type": "String", - "Description": "S3 bucket for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + "Description": "S3 bucket for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF": { "Type": "String", - "Description": "S3 key for asset version \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + "Description": "S3 key for asset version \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afArtifactHash761F4689": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647ArtifactHashE94F67E3": { "Type": "String", - "Description": "Artifact hash for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + "Description": "Artifact hash for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3": { "Type": "String", - "Description": "S3 bucket for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 bucket for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291": { "Type": "String", - "Description": "S3 key for asset version \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 key for asset version \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10ArtifactHash528547CD": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8ArtifactHashA4AB6609": { "Type": "String", - "Description": "Artifact hash for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "Artifact hash for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { "Type": "String", @@ -2287,29 +2224,29 @@ "Type": "String", "Description": "Artifact hash for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" }, - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3Bucket211A9156": { "Type": "String", - "Description": "S3 bucket for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "S3 bucket for asset \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC": { "Type": "String", - "Description": "S3 key for asset version \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "S3 key for asset version \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4ArtifactHashD6EA1BC7": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2ArtifactHashCA4A1831": { "Type": "String", - "Description": "Artifact hash for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "Artifact hash for asset \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3Bucket6F458959": { "Type": "String", - "Description": "S3 bucket for asset \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + "Description": "S3 bucket for asset \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" }, - "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E": { "Type": "String", - "Description": "S3 key for asset version \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + "Description": "S3 key for asset version \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" }, - "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3ArtifactHash5E61FCA5": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4ArtifactHash4D5DD9E9": { "Type": "String", - "Description": "Artifact hash for asset \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + "Description": "Artifact hash for asset \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" }, "AssetParameters5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636dS3BucketA6642550": { "Type": "String", @@ -2323,29 +2260,29 @@ "Type": "String", "Description": "Artifact hash for asset \"5f49893093e1ad14831626016699156d48da5f0890f19eb930bc3c46cf5f636d\"" }, - "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31S3BucketBEA8E31E": { + "AssetParametersbaac0f9c3fa157fdefb24f5722cf1776b897344d12e3dc620c62499051d29c88S3Bucket6B6D2051": { "Type": "String", - "Description": "S3 bucket for asset \"37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31\"" + "Description": "S3 bucket for asset \"baac0f9c3fa157fdefb24f5722cf1776b897344d12e3dc620c62499051d29c88\"" }, - "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31S3VersionKey86EE1B0C": { + "AssetParametersbaac0f9c3fa157fdefb24f5722cf1776b897344d12e3dc620c62499051d29c88S3VersionKey41E00248": { "Type": "String", - "Description": "S3 key for asset version \"37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31\"" + "Description": "S3 key for asset version \"baac0f9c3fa157fdefb24f5722cf1776b897344d12e3dc620c62499051d29c88\"" }, - "AssetParameters37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31ArtifactHash4201F140": { + "AssetParametersbaac0f9c3fa157fdefb24f5722cf1776b897344d12e3dc620c62499051d29c88ArtifactHash5B7180F8": { "Type": "String", - "Description": "Artifact hash for asset \"37fb4b0217f335596d51df351c0bf073aeaaa768b390fe4945560700f60ecd31\"" + "Description": "Artifact hash for asset \"baac0f9c3fa157fdefb24f5722cf1776b897344d12e3dc620c62499051d29c88\"" }, - "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bS3BucketFAB8EA28": { + "AssetParameters593e1554d936515ed816bde018bcb82c771146f0ba63531b011d8addb5c3a90aS3BucketDF00C8B8": { "Type": "String", - "Description": "S3 bucket for asset \"06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4b\"" + "Description": "S3 bucket for asset \"593e1554d936515ed816bde018bcb82c771146f0ba63531b011d8addb5c3a90a\"" }, - "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bS3VersionKey33497690": { + "AssetParameters593e1554d936515ed816bde018bcb82c771146f0ba63531b011d8addb5c3a90aS3VersionKey9504F126": { "Type": "String", - "Description": "S3 key for asset version \"06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4b\"" + "Description": "S3 key for asset version \"593e1554d936515ed816bde018bcb82c771146f0ba63531b011d8addb5c3a90a\"" }, - "AssetParameters06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4bArtifactHash78FCAA4C": { + "AssetParameters593e1554d936515ed816bde018bcb82c771146f0ba63531b011d8addb5c3a90aArtifactHashF51483B1": { "Type": "String", - "Description": "Artifact hash for asset \"06035c90bda92ff37322a329e214af5f2a1e591c6920e0cea4c6816e0f38ac4b\"" + "Description": "Artifact hash for asset \"593e1554d936515ed816bde018bcb82c771146f0ba63531b011d8addb5c3a90a\"" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-bottlerocket-ng.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-bottlerocket-ng.expected.json index 7755a615e42e5..0eee8a839c230 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-bottlerocket-ng.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-bottlerocket-ng.expected.json @@ -657,54 +657,30 @@ }, { "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DeleteFargateProfile", "eks:DescribeCluster", + "eks:DescribeFargateProfile", "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion", + "iam:CreateServiceLinkedRole", "iam:GetRole", "iam:listAttachedRolePolicies" ], "Effect": "Allow", "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1124,7 +1100,7 @@ }, "/", { - "Ref": "AssetParametersdcdc759e2644fb3c4847d9a160ce99f0f40f137c825ae9cc094323ed4839bab9S3BucketA775E312" + "Ref": "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30S3Bucket9C6DDDD3" }, "/", { @@ -1134,7 +1110,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdcdc759e2644fb3c4847d9a160ce99f0f40f137c825ae9cc094323ed4839bab9S3VersionKeyFDABEE9B" + "Ref": "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30S3VersionKey6C690A2F" } ] } @@ -1147,7 +1123,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdcdc759e2644fb3c4847d9a160ce99f0f40f137c825ae9cc094323ed4839bab9S3VersionKeyFDABEE9B" + "Ref": "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30S3VersionKey6C690A2F" } ] } @@ -1157,11 +1133,11 @@ ] }, "Parameters": { - "referencetoawscdkeksclustertestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1771F046Ref": { - "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681" + "referencetoawscdkeksclustertestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket1BB3BF46Ref": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097" }, - "referencetoawscdkeksclustertestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyDA854AFERef": { - "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791" + "referencetoawscdkeksclustertestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKeyC416ABD8Ref": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224" }, "referencetoawscdkeksclustertestClusterCreationRole95F44854Arn": { "Fn::GetAtt": [ @@ -1169,17 +1145,17 @@ "Arn" ] }, - "referencetoawscdkeksclustertestAssetParameters5afea6e8e6c743a8d1766f21465e28d471e56bcb95c5970054b0514bc62a3720S3BucketDA4E9DCDRef": { - "Ref": "AssetParameters5afea6e8e6c743a8d1766f21465e28d471e56bcb95c5970054b0514bc62a3720S3Bucket3B443230" + "referencetoawscdkeksclustertestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket9814F3B6Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E" }, - "referencetoawscdkeksclustertestAssetParameters5afea6e8e6c743a8d1766f21465e28d471e56bcb95c5970054b0514bc62a3720S3VersionKey6F8004B6Ref": { - "Ref": "AssetParameters5afea6e8e6c743a8d1766f21465e28d471e56bcb95c5970054b0514bc62a3720S3VersionKeyAA4674FB" + "referencetoawscdkeksclustertestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey97942939Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF" }, - "referencetoawscdkeksclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket0815E7B5Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket98314848Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey657736ADRef": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKey4302577BRef": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1199,7 +1175,7 @@ }, "/", { - "Ref": "AssetParameters8a135d8a645edaff330758972da87b3dddc295ce07475e8d9ea8fad8c35dcb22S3Bucket0782C98E" + "Ref": "AssetParameters4dba0dfaed85cee1f7dccbd9e9afe4346fad85c265fe07665d0fd0a7b46318b0S3Bucket9DC31431" }, "/", { @@ -1209,7 +1185,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters8a135d8a645edaff330758972da87b3dddc295ce07475e8d9ea8fad8c35dcb22S3VersionKey5E9D14CC" + "Ref": "AssetParameters4dba0dfaed85cee1f7dccbd9e9afe4346fad85c265fe07665d0fd0a7b46318b0S3VersionKey8E264DE6" } ] } @@ -1222,7 +1198,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters8a135d8a645edaff330758972da87b3dddc295ce07475e8d9ea8fad8c35dcb22S3VersionKey5E9D14CC" + "Ref": "AssetParameters4dba0dfaed85cee1f7dccbd9e9afe4346fad85c265fe07665d0fd0a7b46318b0S3VersionKey8E264DE6" } ] } @@ -1244,11 +1220,11 @@ "Arn" ] }, - "referencetoawscdkeksclustertestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3Bucket3929FA93Ref": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9" + "referencetoawscdkeksclustertestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket1FA24F91Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3" }, - "referencetoawscdkeksclustertestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKey14530D6BRef": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421" + "referencetoawscdkeksclustertestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyA4D2B6C0Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291" }, "referencetoawscdkeksclustertestVpcPrivateSubnet1Subnet32A4EC2ARef": { "Ref": "VpcPrivateSubnet1Subnet536B997A" @@ -1265,11 +1241,11 @@ "ClusterSecurityGroupId" ] }, - "referencetoawscdkeksclustertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketB4E9C142Ref": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" + "referencetoawscdkeksclustertestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3Bucket07BA6433Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, - "referencetoawscdkeksclustertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKey1C7C1F5FRef": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + "referencetoawscdkeksclustertestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKeyD5B2E756Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" }, "referencetoawscdkeksclustertestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3Bucket6ADB5CE5Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" @@ -1277,11 +1253,11 @@ "referencetoawscdkeksclustertestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKey314C5B11Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565" }, - "referencetoawscdkeksclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket0815E7B5Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket98314848Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey657736ADRef": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKey4302577BRef": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1332,65 +1308,65 @@ } }, "Parameters": { - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097": { "Type": "String", - "Description": "S3 bucket for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "S3 bucket for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224": { "Type": "String", - "Description": "S3 key for asset version \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "S3 key for asset version \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665ArtifactHash9EA5AC29": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeArtifactHash515E16AE": { "Type": "String", - "Description": "Artifact hash for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "Artifact hash for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters5afea6e8e6c743a8d1766f21465e28d471e56bcb95c5970054b0514bc62a3720S3Bucket3B443230": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E": { "Type": "String", - "Description": "S3 bucket for asset \"5afea6e8e6c743a8d1766f21465e28d471e56bcb95c5970054b0514bc62a3720\"" + "Description": "S3 bucket for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParameters5afea6e8e6c743a8d1766f21465e28d471e56bcb95c5970054b0514bc62a3720S3VersionKeyAA4674FB": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF": { "Type": "String", - "Description": "S3 key for asset version \"5afea6e8e6c743a8d1766f21465e28d471e56bcb95c5970054b0514bc62a3720\"" + "Description": "S3 key for asset version \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParameters5afea6e8e6c743a8d1766f21465e28d471e56bcb95c5970054b0514bc62a3720ArtifactHash3D7A279D": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647ArtifactHashE94F67E3": { "Type": "String", - "Description": "Artifact hash for asset \"5afea6e8e6c743a8d1766f21465e28d471e56bcb95c5970054b0514bc62a3720\"" + "Description": "Artifact hash for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3": { "Type": "String", - "Description": "S3 bucket for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 bucket for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291": { "Type": "String", - "Description": "S3 key for asset version \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 key for asset version \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10ArtifactHash528547CD": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8ArtifactHashA4AB6609": { "Type": "String", - "Description": "Artifact hash for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "Artifact hash for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { "Type": "String", @@ -1404,29 +1380,29 @@ "Type": "String", "Description": "Artifact hash for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" }, - "AssetParametersdcdc759e2644fb3c4847d9a160ce99f0f40f137c825ae9cc094323ed4839bab9S3BucketA775E312": { + "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30S3Bucket9C6DDDD3": { "Type": "String", - "Description": "S3 bucket for asset \"dcdc759e2644fb3c4847d9a160ce99f0f40f137c825ae9cc094323ed4839bab9\"" + "Description": "S3 bucket for asset \"c24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30\"" }, - "AssetParametersdcdc759e2644fb3c4847d9a160ce99f0f40f137c825ae9cc094323ed4839bab9S3VersionKeyFDABEE9B": { + "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30S3VersionKey6C690A2F": { "Type": "String", - "Description": "S3 key for asset version \"dcdc759e2644fb3c4847d9a160ce99f0f40f137c825ae9cc094323ed4839bab9\"" + "Description": "S3 key for asset version \"c24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30\"" }, - "AssetParametersdcdc759e2644fb3c4847d9a160ce99f0f40f137c825ae9cc094323ed4839bab9ArtifactHashBC5BD0D7": { + "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30ArtifactHash00AF8D30": { "Type": "String", - "Description": "Artifact hash for asset \"dcdc759e2644fb3c4847d9a160ce99f0f40f137c825ae9cc094323ed4839bab9\"" + "Description": "Artifact hash for asset \"c24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30\"" }, - "AssetParameters8a135d8a645edaff330758972da87b3dddc295ce07475e8d9ea8fad8c35dcb22S3Bucket0782C98E": { + "AssetParameters4dba0dfaed85cee1f7dccbd9e9afe4346fad85c265fe07665d0fd0a7b46318b0S3Bucket9DC31431": { "Type": "String", - "Description": "S3 bucket for asset \"8a135d8a645edaff330758972da87b3dddc295ce07475e8d9ea8fad8c35dcb22\"" + "Description": "S3 bucket for asset \"4dba0dfaed85cee1f7dccbd9e9afe4346fad85c265fe07665d0fd0a7b46318b0\"" }, - "AssetParameters8a135d8a645edaff330758972da87b3dddc295ce07475e8d9ea8fad8c35dcb22S3VersionKey5E9D14CC": { + "AssetParameters4dba0dfaed85cee1f7dccbd9e9afe4346fad85c265fe07665d0fd0a7b46318b0S3VersionKey8E264DE6": { "Type": "String", - "Description": "S3 key for asset version \"8a135d8a645edaff330758972da87b3dddc295ce07475e8d9ea8fad8c35dcb22\"" + "Description": "S3 key for asset version \"4dba0dfaed85cee1f7dccbd9e9afe4346fad85c265fe07665d0fd0a7b46318b0\"" }, - "AssetParameters8a135d8a645edaff330758972da87b3dddc295ce07475e8d9ea8fad8c35dcb22ArtifactHash75F0D468": { + "AssetParameters4dba0dfaed85cee1f7dccbd9e9afe4346fad85c265fe07665d0fd0a7b46318b0ArtifactHashF406B4ED": { "Type": "String", - "Description": "Artifact hash for asset \"8a135d8a645edaff330758972da87b3dddc295ce07475e8d9ea8fad8c35dcb22\"" + "Description": "Artifact hash for asset \"4dba0dfaed85cee1f7dccbd9e9afe4346fad85c265fe07665d0fd0a7b46318b0\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-handlers-vpc.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-handlers-vpc.expected.json index bc3c838b43ef3..f3803ec0ac8bf 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-handlers-vpc.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-handlers-vpc.expected.json @@ -713,54 +713,30 @@ }, { "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DeleteFargateProfile", "eks:DescribeCluster", + "eks:DescribeFargateProfile", "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion", + "iam:CreateServiceLinkedRole", "iam:GetRole", "iam:listAttachedRolePolicies" ], "Effect": "Allow", "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1115,7 +1091,7 @@ }, "/", { - "Ref": "AssetParameters30ee592ed790de2e3261605468c9775597d2246a8fe1db5e656f903f536f3742S3BucketA4A228F5" + "Ref": "AssetParameters33ac00c6a6001ad858775fd6a695ae1b0fd3da2b808727d9b9ec63bc0705df91S3Bucket4DF48841" }, "/", { @@ -1125,7 +1101,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters30ee592ed790de2e3261605468c9775597d2246a8fe1db5e656f903f536f3742S3VersionKey6CE1DED5" + "Ref": "AssetParameters33ac00c6a6001ad858775fd6a695ae1b0fd3da2b808727d9b9ec63bc0705df91S3VersionKey6A058A19" } ] } @@ -1138,7 +1114,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters30ee592ed790de2e3261605468c9775597d2246a8fe1db5e656f903f536f3742S3VersionKey6CE1DED5" + "Ref": "AssetParameters33ac00c6a6001ad858775fd6a695ae1b0fd3da2b808727d9b9ec63bc0705df91S3VersionKey6A058A19" } ] } @@ -1148,6 +1124,12 @@ ] }, "Parameters": { + "referencetoawscdkekshandlersinvpctestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket6DC627E9Ref": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097" + }, + "referencetoawscdkekshandlersinvpctestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey9AC6A4FARef": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224" + }, "referencetoawscdkekshandlersinvpctestEksAllHandlersInVpcStackCreationRoleADAAC7FDArn": { "Fn::GetAtt": [ "EksAllHandlersInVpcStackCreationRole0BAA4CDC", @@ -1157,11 +1139,11 @@ "referencetoawscdkekshandlersinvpctestEksAllHandlersInVpcStackDefaultVpcE40EA7ACRef": { "Ref": "EksAllHandlersInVpcStackDefaultVpcBE11D4AE" }, - "referencetoawscdkekshandlersinvpctestAssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3Bucket4A93429DRef": { - "Ref": "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3Bucket5B1EB03C" + "referencetoawscdkekshandlersinvpctestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket63474479Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E" }, - "referencetoawscdkekshandlersinvpctestAssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKey7F5C23CBRef": { - "Ref": "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKey51E064E9" + "referencetoawscdkekshandlersinvpctestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey242EB671Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF" }, "referencetoawscdkekshandlersinvpctestEksAllHandlersInVpcStackDefaultVpcPrivateSubnet1Subnet9479BAA8Ref": { "Ref": "EksAllHandlersInVpcStackDefaultVpcPrivateSubnet1SubnetE2B86978" @@ -1172,17 +1154,11 @@ "referencetoawscdkekshandlersinvpctestEksAllHandlersInVpcStackDefaultVpcPrivateSubnet3Subnet1B127970Ref": { "Ref": "EksAllHandlersInVpcStackDefaultVpcPrivateSubnet3SubnetA75A8BA9" }, - "referencetoawscdkekshandlersinvpctestAssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3BucketE24ADE21Ref": { - "Ref": "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3Bucket40405135" - }, - "referencetoawscdkekshandlersinvpctestAssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKeyEA8B9B47Ref": { - "Ref": "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKey50B477EB" - }, - "referencetoawscdkekshandlersinvpctestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket9D7E9998Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkekshandlersinvpctestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket87D96D8BRef": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkekshandlersinvpctestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyE6908FD8Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkekshandlersinvpctestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyEADC88E8Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1202,7 +1178,7 @@ }, "/", { - "Ref": "AssetParameters21c400ec0eb62a3fa5c541809780b108a89b7772406cc58eb6d989827ce09345S3BucketC59A67EA" + "Ref": "AssetParameters2353e7155f6271d0534137266dd20c095799e2cdb7c8fdc967b92623d409b445S3Bucket4885A6BF" }, "/", { @@ -1212,7 +1188,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters21c400ec0eb62a3fa5c541809780b108a89b7772406cc58eb6d989827ce09345S3VersionKey10DC54D0" + "Ref": "AssetParameters2353e7155f6271d0534137266dd20c095799e2cdb7c8fdc967b92623d409b445S3VersionKey805E5D19" } ] } @@ -1225,7 +1201,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters21c400ec0eb62a3fa5c541809780b108a89b7772406cc58eb6d989827ce09345S3VersionKey10DC54D0" + "Ref": "AssetParameters2353e7155f6271d0534137266dd20c095799e2cdb7c8fdc967b92623d409b445S3VersionKey805E5D19" } ] } @@ -1247,11 +1223,11 @@ "Arn" ] }, - "referencetoawscdkekshandlersinvpctestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3Bucket4673F14ERef": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9" + "referencetoawscdkekshandlersinvpctestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket00F0F0C9Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3" }, - "referencetoawscdkekshandlersinvpctestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKey61C348A6Ref": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421" + "referencetoawscdkekshandlersinvpctestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyD069F335Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291" }, "referencetoawscdkekshandlersinvpctestEksAllHandlersInVpcStackDefaultVpcPrivateSubnet1Subnet9479BAA8Ref": { "Ref": "EksAllHandlersInVpcStackDefaultVpcPrivateSubnet1SubnetE2B86978" @@ -1268,11 +1244,11 @@ "ClusterSecurityGroupId" ] }, - "referencetoawscdkekshandlersinvpctestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3Bucket124CC58FRef": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" + "referencetoawscdkekshandlersinvpctestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3Bucket407B19DCRef": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, - "referencetoawscdkekshandlersinvpctestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyF4C27F59Ref": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + "referencetoawscdkekshandlersinvpctestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKeyE1EC5F2DRef": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" }, "referencetoawscdkekshandlersinvpctestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3Bucket95C9D5A0Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" @@ -1280,11 +1256,11 @@ "referencetoawscdkekshandlersinvpctestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKey2505ECB3Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565" }, - "referencetoawscdkekshandlersinvpctestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket9D7E9998Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkekshandlersinvpctestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket87D96D8BRef": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkekshandlersinvpctestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyE6908FD8Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkekshandlersinvpctestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyEADC88E8Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1335,65 +1311,65 @@ } }, "Parameters": { - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3Bucket5B1EB03C": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097": { "Type": "String", - "Description": "S3 bucket for asset \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "S3 bucket for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKey51E064E9": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224": { "Type": "String", - "Description": "S3 key for asset version \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "S3 key for asset version \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4ArtifactHash26192139": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeArtifactHash515E16AE": { "Type": "String", - "Description": "Artifact hash for asset \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "Artifact hash for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3Bucket40405135": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E": { "Type": "String", - "Description": "S3 bucket for asset \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "S3 bucket for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKey50B477EB": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF": { "Type": "String", - "Description": "S3 key for asset version \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "S3 key for asset version \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccArtifactHashCC7E7A09": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647ArtifactHashE94F67E3": { "Type": "String", - "Description": "Artifact hash for asset \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "Artifact hash for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3": { "Type": "String", - "Description": "S3 bucket for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 bucket for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291": { "Type": "String", - "Description": "S3 key for asset version \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 key for asset version \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10ArtifactHash528547CD": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8ArtifactHashA4AB6609": { "Type": "String", - "Description": "Artifact hash for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "Artifact hash for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { "Type": "String", @@ -1407,29 +1383,29 @@ "Type": "String", "Description": "Artifact hash for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" }, - "AssetParameters30ee592ed790de2e3261605468c9775597d2246a8fe1db5e656f903f536f3742S3BucketA4A228F5": { + "AssetParameters33ac00c6a6001ad858775fd6a695ae1b0fd3da2b808727d9b9ec63bc0705df91S3Bucket4DF48841": { "Type": "String", - "Description": "S3 bucket for asset \"30ee592ed790de2e3261605468c9775597d2246a8fe1db5e656f903f536f3742\"" + "Description": "S3 bucket for asset \"33ac00c6a6001ad858775fd6a695ae1b0fd3da2b808727d9b9ec63bc0705df91\"" }, - "AssetParameters30ee592ed790de2e3261605468c9775597d2246a8fe1db5e656f903f536f3742S3VersionKey6CE1DED5": { + "AssetParameters33ac00c6a6001ad858775fd6a695ae1b0fd3da2b808727d9b9ec63bc0705df91S3VersionKey6A058A19": { "Type": "String", - "Description": "S3 key for asset version \"30ee592ed790de2e3261605468c9775597d2246a8fe1db5e656f903f536f3742\"" + "Description": "S3 key for asset version \"33ac00c6a6001ad858775fd6a695ae1b0fd3da2b808727d9b9ec63bc0705df91\"" }, - "AssetParameters30ee592ed790de2e3261605468c9775597d2246a8fe1db5e656f903f536f3742ArtifactHashBC7D3F16": { + "AssetParameters33ac00c6a6001ad858775fd6a695ae1b0fd3da2b808727d9b9ec63bc0705df91ArtifactHash5FDE9B77": { "Type": "String", - "Description": "Artifact hash for asset \"30ee592ed790de2e3261605468c9775597d2246a8fe1db5e656f903f536f3742\"" + "Description": "Artifact hash for asset \"33ac00c6a6001ad858775fd6a695ae1b0fd3da2b808727d9b9ec63bc0705df91\"" }, - "AssetParameters21c400ec0eb62a3fa5c541809780b108a89b7772406cc58eb6d989827ce09345S3BucketC59A67EA": { + "AssetParameters2353e7155f6271d0534137266dd20c095799e2cdb7c8fdc967b92623d409b445S3Bucket4885A6BF": { "Type": "String", - "Description": "S3 bucket for asset \"21c400ec0eb62a3fa5c541809780b108a89b7772406cc58eb6d989827ce09345\"" + "Description": "S3 bucket for asset \"2353e7155f6271d0534137266dd20c095799e2cdb7c8fdc967b92623d409b445\"" }, - "AssetParameters21c400ec0eb62a3fa5c541809780b108a89b7772406cc58eb6d989827ce09345S3VersionKey10DC54D0": { + "AssetParameters2353e7155f6271d0534137266dd20c095799e2cdb7c8fdc967b92623d409b445S3VersionKey805E5D19": { "Type": "String", - "Description": "S3 key for asset version \"21c400ec0eb62a3fa5c541809780b108a89b7772406cc58eb6d989827ce09345\"" + "Description": "S3 key for asset version \"2353e7155f6271d0534137266dd20c095799e2cdb7c8fdc967b92623d409b445\"" }, - "AssetParameters21c400ec0eb62a3fa5c541809780b108a89b7772406cc58eb6d989827ce09345ArtifactHash9BBC26F6": { + "AssetParameters2353e7155f6271d0534137266dd20c095799e2cdb7c8fdc967b92623d409b445ArtifactHashCB19B544": { "Type": "String", - "Description": "Artifact hash for asset \"21c400ec0eb62a3fa5c541809780b108a89b7772406cc58eb6d989827ce09345\"" + "Description": "Artifact hash for asset \"2353e7155f6271d0534137266dd20c095799e2cdb7c8fdc967b92623d409b445\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-private-endpoint.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-private-endpoint.expected.json index b4da9f1c8825f..c6b58c1af9936 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-private-endpoint.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster-private-endpoint.expected.json @@ -657,54 +657,30 @@ }, { "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DeleteFargateProfile", "eks:DescribeCluster", + "eks:DescribeFargateProfile", "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion", + "iam:CreateServiceLinkedRole", "iam:GetRole", "iam:listAttachedRolePolicies" ], "Effect": "Allow", "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1048,7 +1024,7 @@ }, "/", { - "Ref": "AssetParametersa56d8928013d02a98785ea769489d44faab804343ca2ee759e7f29a34f05c890S3Bucket02F74E4B" + "Ref": "AssetParameters56d17a0382b97cd4d8cca24e313a8f5563ea366d39ef4d533bfa30ee1fcbe2e9S3BucketC8527CC3" }, "/", { @@ -1058,7 +1034,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersa56d8928013d02a98785ea769489d44faab804343ca2ee759e7f29a34f05c890S3VersionKey0582948B" + "Ref": "AssetParameters56d17a0382b97cd4d8cca24e313a8f5563ea366d39ef4d533bfa30ee1fcbe2e9S3VersionKeyCAEE29F8" } ] } @@ -1071,7 +1047,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersa56d8928013d02a98785ea769489d44faab804343ca2ee759e7f29a34f05c890S3VersionKey0582948B" + "Ref": "AssetParameters56d17a0382b97cd4d8cca24e313a8f5563ea366d39ef4d533bfa30ee1fcbe2e9S3VersionKeyCAEE29F8" } ] } @@ -1081,29 +1057,29 @@ ] }, "Parameters": { + "referencetoawscdkeksclusterprivateendpointtestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket34ED2DA8Ref": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097" + }, + "referencetoawscdkeksclusterprivateendpointtestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKeyCF24561BRef": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224" + }, "referencetoawscdkeksclusterprivateendpointtestClusterCreationRole990BAAEAArn": { "Fn::GetAtt": [ "ClusterCreationRole360249B6", "Arn" ] }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3BucketE84B7538Ref": { - "Ref": "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3Bucket5B1EB03C" - }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKey5FC346A2Ref": { - "Ref": "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKey51E064E9" - }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3BucketF4479BE8Ref": { - "Ref": "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3Bucket40405135" + "referencetoawscdkeksclusterprivateendpointtestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3BucketD5AC0C08Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E" }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKeyBBC4B419Ref": { - "Ref": "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKey50B477EB" + "referencetoawscdkeksclusterprivateendpointtestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey2A8946AARef": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF" }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket7DDAFC04Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksclusterprivateendpointtestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket8625E205Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey69BACD98Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksclusterprivateendpointtestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyE4510C91Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1123,7 +1099,7 @@ }, "/", { - "Ref": "AssetParametersb9c099cddd88daf1512888f8ad4404f0f292ed3432f712d6a0eeddd74499b026S3BucketAF6BC29D" + "Ref": "AssetParametersb89469e6b9fb664c97f084c6d6925bf4ab99d879a91d98d102881002781ac305S3Bucket7D147AE5" }, "/", { @@ -1133,7 +1109,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb9c099cddd88daf1512888f8ad4404f0f292ed3432f712d6a0eeddd74499b026S3VersionKey979EE7C4" + "Ref": "AssetParametersb89469e6b9fb664c97f084c6d6925bf4ab99d879a91d98d102881002781ac305S3VersionKeyFE3961AC" } ] } @@ -1146,7 +1122,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb9c099cddd88daf1512888f8ad4404f0f292ed3432f712d6a0eeddd74499b026S3VersionKey979EE7C4" + "Ref": "AssetParametersb89469e6b9fb664c97f084c6d6925bf4ab99d879a91d98d102881002781ac305S3VersionKeyFE3961AC" } ] } @@ -1168,11 +1144,11 @@ "Arn" ] }, - "referencetoawscdkeksclusterprivateendpointtestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3Bucket5F23B36DRef": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9" + "referencetoawscdkeksclusterprivateendpointtestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket985EEE34Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3" }, - "referencetoawscdkeksclusterprivateendpointtestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKey658F22A4Ref": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421" + "referencetoawscdkeksclusterprivateendpointtestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKey705FAD72Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291" }, "referencetoawscdkeksclusterprivateendpointtestVpcPrivateSubnet1Subnet94DAD769Ref": { "Ref": "VpcPrivateSubnet1Subnet536B997A" @@ -1189,11 +1165,11 @@ "ClusterSecurityGroupId" ] }, - "referencetoawscdkeksclusterprivateendpointtestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketFD6C4D26Ref": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" + "referencetoawscdkeksclusterprivateendpointtestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketD35D6C90Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, - "referencetoawscdkeksclusterprivateendpointtestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKey69E4725CRef": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + "referencetoawscdkeksclusterprivateendpointtestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey0C9D3197Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" }, "referencetoawscdkeksclusterprivateendpointtestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3Bucket99203424Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" @@ -1201,11 +1177,11 @@ "referencetoawscdkeksclusterprivateendpointtestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKey74D35E51Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565" }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket7DDAFC04Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksclusterprivateendpointtestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket8625E205Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksclusterprivateendpointtestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey69BACD98Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksclusterprivateendpointtestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyE4510C91Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1256,65 +1232,65 @@ } }, "Parameters": { - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3Bucket5B1EB03C": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097": { "Type": "String", - "Description": "S3 bucket for asset \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "S3 bucket for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKey51E064E9": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224": { "Type": "String", - "Description": "S3 key for asset version \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "S3 key for asset version \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4ArtifactHash26192139": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeArtifactHash515E16AE": { "Type": "String", - "Description": "Artifact hash for asset \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "Artifact hash for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3Bucket40405135": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E": { "Type": "String", - "Description": "S3 bucket for asset \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "S3 bucket for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKey50B477EB": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF": { "Type": "String", - "Description": "S3 key for asset version \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "S3 key for asset version \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccArtifactHashCC7E7A09": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647ArtifactHashE94F67E3": { "Type": "String", - "Description": "Artifact hash for asset \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "Artifact hash for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3": { "Type": "String", - "Description": "S3 bucket for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 bucket for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291": { "Type": "String", - "Description": "S3 key for asset version \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 key for asset version \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10ArtifactHash528547CD": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8ArtifactHashA4AB6609": { "Type": "String", - "Description": "Artifact hash for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "Artifact hash for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { "Type": "String", @@ -1328,29 +1304,29 @@ "Type": "String", "Description": "Artifact hash for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" }, - "AssetParametersa56d8928013d02a98785ea769489d44faab804343ca2ee759e7f29a34f05c890S3Bucket02F74E4B": { + "AssetParameters56d17a0382b97cd4d8cca24e313a8f5563ea366d39ef4d533bfa30ee1fcbe2e9S3BucketC8527CC3": { "Type": "String", - "Description": "S3 bucket for asset \"a56d8928013d02a98785ea769489d44faab804343ca2ee759e7f29a34f05c890\"" + "Description": "S3 bucket for asset \"56d17a0382b97cd4d8cca24e313a8f5563ea366d39ef4d533bfa30ee1fcbe2e9\"" }, - "AssetParametersa56d8928013d02a98785ea769489d44faab804343ca2ee759e7f29a34f05c890S3VersionKey0582948B": { + "AssetParameters56d17a0382b97cd4d8cca24e313a8f5563ea366d39ef4d533bfa30ee1fcbe2e9S3VersionKeyCAEE29F8": { "Type": "String", - "Description": "S3 key for asset version \"a56d8928013d02a98785ea769489d44faab804343ca2ee759e7f29a34f05c890\"" + "Description": "S3 key for asset version \"56d17a0382b97cd4d8cca24e313a8f5563ea366d39ef4d533bfa30ee1fcbe2e9\"" }, - "AssetParametersa56d8928013d02a98785ea769489d44faab804343ca2ee759e7f29a34f05c890ArtifactHash67434B72": { + "AssetParameters56d17a0382b97cd4d8cca24e313a8f5563ea366d39ef4d533bfa30ee1fcbe2e9ArtifactHash55D2045C": { "Type": "String", - "Description": "Artifact hash for asset \"a56d8928013d02a98785ea769489d44faab804343ca2ee759e7f29a34f05c890\"" + "Description": "Artifact hash for asset \"56d17a0382b97cd4d8cca24e313a8f5563ea366d39ef4d533bfa30ee1fcbe2e9\"" }, - "AssetParametersb9c099cddd88daf1512888f8ad4404f0f292ed3432f712d6a0eeddd74499b026S3BucketAF6BC29D": { + "AssetParametersb89469e6b9fb664c97f084c6d6925bf4ab99d879a91d98d102881002781ac305S3Bucket7D147AE5": { "Type": "String", - "Description": "S3 bucket for asset \"b9c099cddd88daf1512888f8ad4404f0f292ed3432f712d6a0eeddd74499b026\"" + "Description": "S3 bucket for asset \"b89469e6b9fb664c97f084c6d6925bf4ab99d879a91d98d102881002781ac305\"" }, - "AssetParametersb9c099cddd88daf1512888f8ad4404f0f292ed3432f712d6a0eeddd74499b026S3VersionKey979EE7C4": { + "AssetParametersb89469e6b9fb664c97f084c6d6925bf4ab99d879a91d98d102881002781ac305S3VersionKeyFE3961AC": { "Type": "String", - "Description": "S3 key for asset version \"b9c099cddd88daf1512888f8ad4404f0f292ed3432f712d6a0eeddd74499b026\"" + "Description": "S3 key for asset version \"b89469e6b9fb664c97f084c6d6925bf4ab99d879a91d98d102881002781ac305\"" }, - "AssetParametersb9c099cddd88daf1512888f8ad4404f0f292ed3432f712d6a0eeddd74499b026ArtifactHash8B6627D0": { + "AssetParametersb89469e6b9fb664c97f084c6d6925bf4ab99d879a91d98d102881002781ac305ArtifactHashFF9785DA": { "Type": "String", - "Description": "Artifact hash for asset \"b9c099cddd88daf1512888f8ad4404f0f292ed3432f712d6a0eeddd74499b026\"" + "Description": "Artifact hash for asset \"b89469e6b9fb664c97f084c6d6925bf4ab99d879a91d98d102881002781ac305\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json index b38b7937618fc..02dc4f65277ba 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-cluster.expected.json @@ -763,70 +763,54 @@ { "Action": "iam:PassRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "ClusterRoleFA261979", - "Arn" - ] - } - }, - { - "Action": [ - "eks:CreateCluster", - "eks:DescribeCluster", - "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", - "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", "Resource": [ - "*" + { + "Fn::GetAtt": [ + "ClusterRoleFA261979", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "ClusterfargateprofiledefaultPodExecutionRole09952CFF", + "Arn" + ] + } ] }, { "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole", - "iam:listAttachedRolePolicies" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ + "ec2:DescribeDhcpOptions", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" + "ec2:DescribeVpcs", + "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DeleteFargateProfile", + "eks:DescribeCluster", + "eks:DescribeFargateProfile", + "eks:DescribeUpdate", + "eks:TagResource", + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "iam:listAttachedRolePolicies" ], "Effect": "Allow", "Resource": "*" }, { "Action": [ - "kms:Encrypt", + "kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", - "kms:CreateGrant" + "kms:Encrypt" ], "Effect": "Allow", "Resource": { @@ -835,16 +819,6 @@ "Arn" ] } - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "ClusterfargateprofiledefaultPodExecutionRole09952CFF", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -957,10 +931,14 @@ }, "logging": { "clusterLogging": [ - { - "enabled": true, - "types": [ "api", "authenticator", "scheduler" ] - } + { + "enabled": true, + "types": [ + "api", + "authenticator", + "scheduler" + ] + } ] } }, @@ -3444,7 +3422,7 @@ }, "/", { - "Ref": "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eS3Bucket297B6E78" + "Ref": "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30S3Bucket9C6DDDD3" }, "/", { @@ -3454,7 +3432,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eS3VersionKey285AE936" + "Ref": "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30S3VersionKey6C690A2F" } ] } @@ -3467,7 +3445,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eS3VersionKey285AE936" + "Ref": "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30S3VersionKey6C690A2F" } ] } @@ -3477,11 +3455,11 @@ ] }, "Parameters": { - "referencetoawscdkeksclustertestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1771F046Ref": { - "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681" + "referencetoawscdkeksclustertestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket1BB3BF46Ref": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097" }, - "referencetoawscdkeksclustertestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyDA854AFERef": { - "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791" + "referencetoawscdkeksclustertestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKeyC416ABD8Ref": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224" }, "referencetoawscdkeksclustertestClusterCreationRole95F44854Arn": { "Fn::GetAtt": [ @@ -3489,17 +3467,17 @@ "Arn" ] }, - "referencetoawscdkeksclustertestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket958E1227Ref": { - "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F" + "referencetoawscdkeksclustertestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket9814F3B6Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E" }, - "referencetoawscdkeksclustertestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKeyA985D634Ref": { - "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56" + "referencetoawscdkeksclustertestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey97942939Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF" }, - "referencetoawscdkeksclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket0815E7B5Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket98314848Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey657736ADRef": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKey4302577BRef": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -3519,7 +3497,7 @@ }, "/", { - "Ref": "AssetParametersa28799ada83b92b06ae89cb67aaaba59b7c6fd3c23ad407578334ada0d245cebS3BucketCA5A17E3" + "Ref": "AssetParametersfedb0b025bbf74f4daee09934a81c34a6cf5b06a765baa86bf42234971244a09S3BucketB43B25F0" }, "/", { @@ -3529,7 +3507,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersa28799ada83b92b06ae89cb67aaaba59b7c6fd3c23ad407578334ada0d245cebS3VersionKey4AD94792" + "Ref": "AssetParametersfedb0b025bbf74f4daee09934a81c34a6cf5b06a765baa86bf42234971244a09S3VersionKey4D3C22DF" } ] } @@ -3542,7 +3520,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersa28799ada83b92b06ae89cb67aaaba59b7c6fd3c23ad407578334ada0d245cebS3VersionKey4AD94792" + "Ref": "AssetParametersfedb0b025bbf74f4daee09934a81c34a6cf5b06a765baa86bf42234971244a09S3VersionKey4D3C22DF" } ] } @@ -3567,11 +3545,11 @@ "referencetoawscdkeksclustertestAssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketE84D6FBERef": { "Ref": "AssetParametersd65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbfS3BucketBFD29DFB" }, - "referencetoawscdkeksclustertestAssetParameters7405215c9dec361c2c285bc67b8571f1fd93fd2e0ab73eaf1d9deefb26f45d5bS3Bucket04A6A2E9Ref": { - "Ref": "AssetParameters7405215c9dec361c2c285bc67b8571f1fd93fd2e0ab73eaf1d9deefb26f45d5bS3Bucket130CFDEE" + "referencetoawscdkeksclustertestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket1FA24F91Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3" }, - "referencetoawscdkeksclustertestAssetParameters7405215c9dec361c2c285bc67b8571f1fd93fd2e0ab73eaf1d9deefb26f45d5bS3VersionKeyD150E066Ref": { - "Ref": "AssetParameters7405215c9dec361c2c285bc67b8571f1fd93fd2e0ab73eaf1d9deefb26f45d5bS3VersionKeyB48A0274" + "referencetoawscdkeksclustertestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyA4D2B6C0Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291" }, "referencetoawscdkeksclustertestVpcPrivateSubnet1Subnet32A4EC2ARef": { "Ref": "VpcPrivateSubnet1Subnet536B997A" @@ -3588,11 +3566,11 @@ "ClusterSecurityGroupId" ] }, - "referencetoawscdkeksclustertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketB4E9C142Ref": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" + "referencetoawscdkeksclustertestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3Bucket07BA6433Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, - "referencetoawscdkeksclustertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKey1C7C1F5FRef": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + "referencetoawscdkeksclustertestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKeyD5B2E756Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" }, "referencetoawscdkeksclustertestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3Bucket6ADB5CE5Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" @@ -3600,11 +3578,11 @@ "referencetoawscdkeksclustertestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKey314C5B11Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565" }, - "referencetoawscdkeksclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket0815E7B5Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket98314848Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey657736ADRef": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKey4302577BRef": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -3711,7 +3689,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3Bucket211A9156" }, "S3Key": { "Fn::Join": [ @@ -3724,7 +3702,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC" } ] } @@ -3737,7 +3715,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC" } ] } @@ -3789,7 +3767,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3Bucket6F458959" }, "S3Key": { "Fn::Join": [ @@ -3802,7 +3780,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E" } ] } @@ -3815,7 +3793,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E" } ] } @@ -3929,65 +3907,65 @@ } }, "Parameters": { - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097": { "Type": "String", - "Description": "S3 bucket for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "S3 bucket for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224": { "Type": "String", - "Description": "S3 key for asset version \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "S3 key for asset version \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665ArtifactHash9EA5AC29": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeArtifactHash515E16AE": { "Type": "String", - "Description": "Artifact hash for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "Artifact hash for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E": { "Type": "String", - "Description": "S3 bucket for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + "Description": "S3 bucket for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF": { "Type": "String", - "Description": "S3 key for asset version \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + "Description": "S3 key for asset version \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afArtifactHash761F4689": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647ArtifactHashE94F67E3": { "Type": "String", - "Description": "Artifact hash for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + "Description": "Artifact hash for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParameters7405215c9dec361c2c285bc67b8571f1fd93fd2e0ab73eaf1d9deefb26f45d5bS3Bucket130CFDEE": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3": { "Type": "String", - "Description": "S3 bucket for asset \"7405215c9dec361c2c285bc67b8571f1fd93fd2e0ab73eaf1d9deefb26f45d5b\"" + "Description": "S3 bucket for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters7405215c9dec361c2c285bc67b8571f1fd93fd2e0ab73eaf1d9deefb26f45d5bS3VersionKeyB48A0274": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291": { "Type": "String", - "Description": "S3 key for asset version \"7405215c9dec361c2c285bc67b8571f1fd93fd2e0ab73eaf1d9deefb26f45d5b\"" + "Description": "S3 key for asset version \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters7405215c9dec361c2c285bc67b8571f1fd93fd2e0ab73eaf1d9deefb26f45d5bArtifactHash47D5DE75": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8ArtifactHashA4AB6609": { "Type": "String", - "Description": "Artifact hash for asset \"7405215c9dec361c2c285bc67b8571f1fd93fd2e0ab73eaf1d9deefb26f45d5b\"" + "Description": "Artifact hash for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { "Type": "String", @@ -4013,53 +3991,53 @@ "Type": "String", "Description": "Artifact hash for asset \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\"" }, - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3Bucket211A9156": { "Type": "String", - "Description": "S3 bucket for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "S3 bucket for asset \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC": { "Type": "String", - "Description": "S3 key for asset version \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "S3 key for asset version \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4ArtifactHashD6EA1BC7": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2ArtifactHashCA4A1831": { "Type": "String", - "Description": "Artifact hash for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "Artifact hash for asset \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3Bucket6F458959": { "Type": "String", - "Description": "S3 bucket for asset \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + "Description": "S3 bucket for asset \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" }, - "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E": { "Type": "String", - "Description": "S3 key for asset version \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + "Description": "S3 key for asset version \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" }, - "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3ArtifactHash5E61FCA5": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4ArtifactHash4D5DD9E9": { "Type": "String", - "Description": "Artifact hash for asset \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + "Description": "Artifact hash for asset \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" }, - "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eS3Bucket297B6E78": { + "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30S3Bucket9C6DDDD3": { "Type": "String", - "Description": "S3 bucket for asset \"c3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563e\"" + "Description": "S3 bucket for asset \"c24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30\"" }, - "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eS3VersionKey285AE936": { + "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30S3VersionKey6C690A2F": { "Type": "String", - "Description": "S3 key for asset version \"c3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563e\"" + "Description": "S3 key for asset version \"c24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30\"" }, - "AssetParametersc3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563eArtifactHash5FC88E83": { + "AssetParametersc24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30ArtifactHash00AF8D30": { "Type": "String", - "Description": "Artifact hash for asset \"c3133e15f268838efdf38077f27fd489d312e90798517ec62d98dfd0712b563e\"" + "Description": "Artifact hash for asset \"c24eb763169accd26e653fd1884c13dd7e1c54d9c85d1ce647422dc5ad80dc30\"" }, - "AssetParametersa28799ada83b92b06ae89cb67aaaba59b7c6fd3c23ad407578334ada0d245cebS3BucketCA5A17E3": { + "AssetParametersfedb0b025bbf74f4daee09934a81c34a6cf5b06a765baa86bf42234971244a09S3BucketB43B25F0": { "Type": "String", - "Description": "S3 bucket for asset \"a28799ada83b92b06ae89cb67aaaba59b7c6fd3c23ad407578334ada0d245ceb\"" + "Description": "S3 bucket for asset \"fedb0b025bbf74f4daee09934a81c34a6cf5b06a765baa86bf42234971244a09\"" }, - "AssetParametersa28799ada83b92b06ae89cb67aaaba59b7c6fd3c23ad407578334ada0d245cebS3VersionKey4AD94792": { + "AssetParametersfedb0b025bbf74f4daee09934a81c34a6cf5b06a765baa86bf42234971244a09S3VersionKey4D3C22DF": { "Type": "String", - "Description": "S3 key for asset version \"a28799ada83b92b06ae89cb67aaaba59b7c6fd3c23ad407578334ada0d245ceb\"" + "Description": "S3 key for asset version \"fedb0b025bbf74f4daee09934a81c34a6cf5b06a765baa86bf42234971244a09\"" }, - "AssetParametersa28799ada83b92b06ae89cb67aaaba59b7c6fd3c23ad407578334ada0d245cebArtifactHash4AC3D16B": { + "AssetParametersfedb0b025bbf74f4daee09934a81c34a6cf5b06a765baa86bf42234971244a09ArtifactHash841F190C": { "Type": "String", - "Description": "Artifact hash for asset \"a28799ada83b92b06ae89cb67aaaba59b7c6fd3c23ad407578334ada0d245ceb\"" + "Description": "Artifact hash for asset \"fedb0b025bbf74f4daee09934a81c34a6cf5b06a765baa86bf42234971244a09\"" }, "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2recommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { "Type": "AWS::SSM::Parameter::Value", diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.expected.json index 4b96771565701..8134188ef9da4 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-helm-asset.expected.json @@ -657,54 +657,30 @@ }, { "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DeleteFargateProfile", "eks:DescribeCluster", + "eks:DescribeFargateProfile", "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion", + "iam:CreateServiceLinkedRole", "iam:GetRole", "iam:listAttachedRolePolicies" ], "Effect": "Allow", "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1104,7 +1080,7 @@ }, "/", { - "Ref": "AssetParameters1128123ffb1dc85ad3dfc732c68f74860898a0f33e3fced3b87855e52ecff1b6S3Bucket93357965" + "Ref": "AssetParameters4dd1961319ef02ebb87375d051b83d8f755348021a7224d0bd940f6f310fedc0S3BucketE1B1B31D" }, "/", { @@ -1114,7 +1090,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1128123ffb1dc85ad3dfc732c68f74860898a0f33e3fced3b87855e52ecff1b6S3VersionKey5F602037" + "Ref": "AssetParameters4dd1961319ef02ebb87375d051b83d8f755348021a7224d0bd940f6f310fedc0S3VersionKey874F0E87" } ] } @@ -1127,7 +1103,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1128123ffb1dc85ad3dfc732c68f74860898a0f33e3fced3b87855e52ecff1b6S3VersionKey5F602037" + "Ref": "AssetParameters4dd1961319ef02ebb87375d051b83d8f755348021a7224d0bd940f6f310fedc0S3VersionKey874F0E87" } ] } @@ -1155,11 +1131,11 @@ "referencetoawscdkekshelmtestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey73B77719Ref": { "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF" }, - "referencetoawscdkekshelmtestAssetParametersb52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6fS3Bucket6D20CD58Ref": { - "Ref": "AssetParametersb52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6fS3Bucket992EFD1F" + "referencetoawscdkekshelmtestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket0A18730ERef": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkekshelmtestAssetParametersb52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6fS3VersionKey3510C847Ref": { - "Ref": "AssetParametersb52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6fS3VersionKey8252F880" + "referencetoawscdkekshelmtestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKey0E52DE29Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1179,7 +1155,7 @@ }, "/", { - "Ref": "AssetParameters0a074e6b19e042d638d8777cefd9215b3bda798c63cb94adf6a1bfc2e16725f3S3Bucket7637BBAA" + "Ref": "AssetParametersa05e72b493adce669e87efd9e6b3d07cbfa8fc01fc9bc69e0825595d83d3eb62S3Bucket146F5F41" }, "/", { @@ -1189,7 +1165,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters0a074e6b19e042d638d8777cefd9215b3bda798c63cb94adf6a1bfc2e16725f3S3VersionKey0CE04E83" + "Ref": "AssetParametersa05e72b493adce669e87efd9e6b3d07cbfa8fc01fc9bc69e0825595d83d3eb62S3VersionKeyF2F0D7BB" } ] } @@ -1202,7 +1178,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters0a074e6b19e042d638d8777cefd9215b3bda798c63cb94adf6a1bfc2e16725f3S3VersionKey0CE04E83" + "Ref": "AssetParametersa05e72b493adce669e87efd9e6b3d07cbfa8fc01fc9bc69e0825595d83d3eb62S3VersionKeyF2F0D7BB" } ] } @@ -1248,11 +1224,11 @@ "ClusterSecurityGroupId" ] }, - "referencetoawscdkekshelmtestAssetParameters239a256fd14898783bad551f24c0b5914fef63365eed1afd090e27ab9730b063S3Bucket7F65D9C6Ref": { - "Ref": "AssetParameters239a256fd14898783bad551f24c0b5914fef63365eed1afd090e27ab9730b063S3BucketC8A15681" + "referencetoawscdkekshelmtestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketDAA2F4FARef": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, - "referencetoawscdkekshelmtestAssetParameters239a256fd14898783bad551f24c0b5914fef63365eed1afd090e27ab9730b063S3VersionKey4DA2E07ARef": { - "Ref": "AssetParameters239a256fd14898783bad551f24c0b5914fef63365eed1afd090e27ab9730b063S3VersionKey06DEE4C0" + "referencetoawscdkekshelmtestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey9A7BBFDCRef": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" }, "referencetoawscdkekshelmtestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3Bucket355FB348Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" @@ -1260,11 +1236,11 @@ "referencetoawscdkekshelmtestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyA7F169F4Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565" }, - "referencetoawscdkekshelmtestAssetParametersb52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6fS3Bucket6D20CD58Ref": { - "Ref": "AssetParametersb52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6fS3Bucket992EFD1F" + "referencetoawscdkekshelmtestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket0A18730ERef": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkekshelmtestAssetParametersb52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6fS3VersionKey3510C847Ref": { - "Ref": "AssetParametersb52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6fS3VersionKey8252F880" + "referencetoawscdkekshelmtestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKey0E52DE29Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1339,17 +1315,17 @@ "Type": "String", "Description": "Artifact hash for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersb52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6fS3Bucket992EFD1F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"b52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6f\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersb52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6fS3VersionKey8252F880": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"b52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6f\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersb52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6fArtifactHashC69EDCB8": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"b52e342969e05acfb4d852a41c8384d0ce054b2072fc68944e8b07f5012a9a6f\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3": { "Type": "String", @@ -1363,17 +1339,17 @@ "Type": "String", "Description": "Artifact hash for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters239a256fd14898783bad551f24c0b5914fef63365eed1afd090e27ab9730b063S3BucketC8A15681": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"239a256fd14898783bad551f24c0b5914fef63365eed1afd090e27ab9730b063\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters239a256fd14898783bad551f24c0b5914fef63365eed1afd090e27ab9730b063S3VersionKey06DEE4C0": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"239a256fd14898783bad551f24c0b5914fef63365eed1afd090e27ab9730b063\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters239a256fd14898783bad551f24c0b5914fef63365eed1afd090e27ab9730b063ArtifactHash5EDABC65": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"239a256fd14898783bad551f24c0b5914fef63365eed1afd090e27ab9730b063\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { "Type": "String", @@ -1399,29 +1375,29 @@ "Type": "String", "Description": "Artifact hash for asset \"d65fbdc11b108e0386ed8577c454d4544f6d4e7960f84a0d2e211478d6324dbf\"" }, - "AssetParameters1128123ffb1dc85ad3dfc732c68f74860898a0f33e3fced3b87855e52ecff1b6S3Bucket93357965": { + "AssetParameters4dd1961319ef02ebb87375d051b83d8f755348021a7224d0bd940f6f310fedc0S3BucketE1B1B31D": { "Type": "String", - "Description": "S3 bucket for asset \"1128123ffb1dc85ad3dfc732c68f74860898a0f33e3fced3b87855e52ecff1b6\"" + "Description": "S3 bucket for asset \"4dd1961319ef02ebb87375d051b83d8f755348021a7224d0bd940f6f310fedc0\"" }, - "AssetParameters1128123ffb1dc85ad3dfc732c68f74860898a0f33e3fced3b87855e52ecff1b6S3VersionKey5F602037": { + "AssetParameters4dd1961319ef02ebb87375d051b83d8f755348021a7224d0bd940f6f310fedc0S3VersionKey874F0E87": { "Type": "String", - "Description": "S3 key for asset version \"1128123ffb1dc85ad3dfc732c68f74860898a0f33e3fced3b87855e52ecff1b6\"" + "Description": "S3 key for asset version \"4dd1961319ef02ebb87375d051b83d8f755348021a7224d0bd940f6f310fedc0\"" }, - "AssetParameters1128123ffb1dc85ad3dfc732c68f74860898a0f33e3fced3b87855e52ecff1b6ArtifactHash41C5ADC4": { + "AssetParameters4dd1961319ef02ebb87375d051b83d8f755348021a7224d0bd940f6f310fedc0ArtifactHash9ED35B8F": { "Type": "String", - "Description": "Artifact hash for asset \"1128123ffb1dc85ad3dfc732c68f74860898a0f33e3fced3b87855e52ecff1b6\"" + "Description": "Artifact hash for asset \"4dd1961319ef02ebb87375d051b83d8f755348021a7224d0bd940f6f310fedc0\"" }, - "AssetParameters0a074e6b19e042d638d8777cefd9215b3bda798c63cb94adf6a1bfc2e16725f3S3Bucket7637BBAA": { + "AssetParametersa05e72b493adce669e87efd9e6b3d07cbfa8fc01fc9bc69e0825595d83d3eb62S3Bucket146F5F41": { "Type": "String", - "Description": "S3 bucket for asset \"0a074e6b19e042d638d8777cefd9215b3bda798c63cb94adf6a1bfc2e16725f3\"" + "Description": "S3 bucket for asset \"a05e72b493adce669e87efd9e6b3d07cbfa8fc01fc9bc69e0825595d83d3eb62\"" }, - "AssetParameters0a074e6b19e042d638d8777cefd9215b3bda798c63cb94adf6a1bfc2e16725f3S3VersionKey0CE04E83": { + "AssetParametersa05e72b493adce669e87efd9e6b3d07cbfa8fc01fc9bc69e0825595d83d3eb62S3VersionKeyF2F0D7BB": { "Type": "String", - "Description": "S3 key for asset version \"0a074e6b19e042d638d8777cefd9215b3bda798c63cb94adf6a1bfc2e16725f3\"" + "Description": "S3 key for asset version \"a05e72b493adce669e87efd9e6b3d07cbfa8fc01fc9bc69e0825595d83d3eb62\"" }, - "AssetParameters0a074e6b19e042d638d8777cefd9215b3bda798c63cb94adf6a1bfc2e16725f3ArtifactHash84E3ECC5": { + "AssetParametersa05e72b493adce669e87efd9e6b3d07cbfa8fc01fc9bc69e0825595d83d3eb62ArtifactHashC2BFAFC3": { "Type": "String", - "Description": "Artifact hash for asset \"0a074e6b19e042d638d8777cefd9215b3bda798c63cb94adf6a1bfc2e16725f3\"" + "Description": "Artifact hash for asset \"a05e72b493adce669e87efd9e6b3d07cbfa8fc01fc9bc69e0825595d83d3eb62\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json index 5c109d1e3db26..ea0f68dd56ea8 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-inference.expected.json @@ -650,54 +650,30 @@ }, { "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DeleteFargateProfile", "eks:DescribeCluster", + "eks:DescribeFargateProfile", "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion", + "iam:CreateServiceLinkedRole", "iam:GetRole", "iam:listAttachedRolePolicies" ], "Effect": "Allow", "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1449,7 +1425,7 @@ }, "/", { - "Ref": "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3S3BucketB433C27A" + "Ref": "AssetParametersd2c6c18da00a775fab79c667ce3e22b7bb82981bd887f3558a308b7ba4fcd1e1S3Bucket14A467A8" }, "/", { @@ -1459,7 +1435,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3S3VersionKey47D97053" + "Ref": "AssetParametersd2c6c18da00a775fab79c667ce3e22b7bb82981bd887f3558a308b7ba4fcd1e1S3VersionKeyC8758BD5" } ] } @@ -1472,7 +1448,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3S3VersionKey47D97053" + "Ref": "AssetParametersd2c6c18da00a775fab79c667ce3e22b7bb82981bd887f3558a308b7ba4fcd1e1S3VersionKeyC8758BD5" } ] } @@ -1482,11 +1458,11 @@ ] }, "Parameters": { - "referencetoawscdkeksclusterinferencetestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket61E9D480Ref": { - "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681" + "referencetoawscdkeksclusterinferencetestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket59232CCDRef": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097" }, - "referencetoawscdkeksclusterinferencetestAssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyE5228CD2Ref": { - "Ref": "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791" + "referencetoawscdkeksclusterinferencetestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey7F3246C3Ref": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224" }, "referencetoawscdkeksclusterinferencetestClusterCreationRoleE75B6E1BArn": { "Fn::GetAtt": [ @@ -1494,17 +1470,17 @@ "Arn" ] }, - "referencetoawscdkeksclusterinferencetestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket006FF27FRef": { - "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F" + "referencetoawscdkeksclusterinferencetestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket3B9C0B5CRef": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E" }, - "referencetoawscdkeksclusterinferencetestAssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey6EF1226BRef": { - "Ref": "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56" + "referencetoawscdkeksclusterinferencetestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKeyC02F3925Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF" }, - "referencetoawscdkeksclusterinferencetestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketE649D818Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksclusterinferencetestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketFC7DE683Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksclusterinferencetestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey46F53AF7Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksclusterinferencetestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyA3D6C7B6Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1524,7 +1500,7 @@ }, "/", { - "Ref": "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8S3BucketCEB8731F" + "Ref": "AssetParameters569a574833bab6f6544cebaa31935f7371f41aa0a926797d4e65b5cbbcc13d47S3Bucket690AEFE0" }, "/", { @@ -1534,7 +1510,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8S3VersionKey31DCE19E" + "Ref": "AssetParameters569a574833bab6f6544cebaa31935f7371f41aa0a926797d4e65b5cbbcc13d47S3VersionKey2F21E0C1" } ] } @@ -1547,7 +1523,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8S3VersionKey31DCE19E" + "Ref": "AssetParameters569a574833bab6f6544cebaa31935f7371f41aa0a926797d4e65b5cbbcc13d47S3VersionKey2F21E0C1" } ] } @@ -1569,11 +1545,11 @@ "Arn" ] }, - "referencetoawscdkeksclusterinferencetestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketF92D0EC1Ref": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9" + "referencetoawscdkeksclusterinferencetestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket74E76A7FRef": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3" }, - "referencetoawscdkeksclusterinferencetestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKey32B182B9Ref": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421" + "referencetoawscdkeksclusterinferencetestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKey690A3E90Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291" }, "referencetoawscdkeksclusterinferencetestVpcPrivateSubnet1Subnet57B9547BRef": { "Ref": "VpcPrivateSubnet1Subnet536B997A" @@ -1590,11 +1566,11 @@ "ClusterSecurityGroupId" ] }, - "referencetoawscdkeksclusterinferencetestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketA131D9DBRef": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" + "referencetoawscdkeksclusterinferencetestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3Bucket334D9D06Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, - "referencetoawscdkeksclusterinferencetestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKey492BD4E4Ref": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + "referencetoawscdkeksclusterinferencetestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKeyC479FB06Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" }, "referencetoawscdkeksclusterinferencetestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketB71217D7Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" @@ -1602,11 +1578,11 @@ "referencetoawscdkeksclusterinferencetestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyAAC64236Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565" }, - "referencetoawscdkeksclusterinferencetestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketE649D818Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksclusterinferencetestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketFC7DE683Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksclusterinferencetestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey46F53AF7Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksclusterinferencetestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyA3D6C7B6Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1734,69 +1710,62 @@ }, { "Action": [ + "acm:DescribeCertificate", + "acm:ListCertificates", + "cognito-idp:DescribeUserPoolClient", + "ec2:AuthorizeSecurityGroupIngress", + "ec2:CreateSecurityGroup", "ec2:DescribeAccountAttributes", "ec2:DescribeAddresses", "ec2:DescribeAvailabilityZones", - "ec2:DescribeInternetGateways", - "ec2:DescribeVpcs", - "ec2:DescribeVpcPeeringConnections", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", + "ec2:DescribeCoipPools", "ec2:DescribeInstances", + "ec2:DescribeInternetGateways", "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", "ec2:DescribeTags", + "ec2:DescribeVpcPeeringConnections", + "ec2:DescribeVpcs", "ec2:GetCoipPoolUsage", - "ec2:DescribeCoipPools", - "elasticloadbalancing:DescribeLoadBalancers", - "elasticloadbalancing:DescribeLoadBalancerAttributes", - "elasticloadbalancing:DescribeListeners", + "ec2:RevokeSecurityGroupIngress", + "elasticloadbalancing:AddListenerCertificates", + "elasticloadbalancing:CreateListener", + "elasticloadbalancing:CreateRule", + "elasticloadbalancing:DeleteListener", + "elasticloadbalancing:DeleteRule", "elasticloadbalancing:DescribeListenerCertificates", - "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeListeners", + "elasticloadbalancing:DescribeLoadBalancerAttributes", + "elasticloadbalancing:DescribeLoadBalancers", "elasticloadbalancing:DescribeRules", - "elasticloadbalancing:DescribeTargetGroups", + "elasticloadbalancing:DescribeSSLPolicies", + "elasticloadbalancing:DescribeTags", "elasticloadbalancing:DescribeTargetGroupAttributes", + "elasticloadbalancing:DescribeTargetGroups", "elasticloadbalancing:DescribeTargetHealth", - "elasticloadbalancing:DescribeTags" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "cognito-idp:DescribeUserPoolClient", - "acm:ListCertificates", - "acm:DescribeCertificate", - "iam:ListServerCertificates", + "elasticloadbalancing:ModifyListener", + "elasticloadbalancing:ModifyRule", + "elasticloadbalancing:RemoveListenerCertificates", + "elasticloadbalancing:SetWebAcl", "iam:GetServerCertificate", - "waf-regional:GetWebACL", - "waf-regional:GetWebACLForResource", + "iam:ListServerCertificates", + "shield:CreateProtection", + "shield:DeleteProtection", + "shield:DescribeProtection", + "shield:GetSubscriptionState", "waf-regional:AssociateWebACL", "waf-regional:DisassociateWebACL", - "wafv2:GetWebACL", - "wafv2:GetWebACLForResource", + "waf-regional:GetWebACL", + "waf-regional:GetWebACLForResource", "wafv2:AssociateWebACL", "wafv2:DisassociateWebACL", - "shield:GetSubscriptionState", - "shield:DescribeProtection", - "shield:CreateProtection", - "shield:DeleteProtection" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:AuthorizeSecurityGroupIngress", - "ec2:RevokeSecurityGroupIngress" + "wafv2:GetWebACL", + "wafv2:GetWebACLForResource" ], "Effect": "Allow", "Resource": "*" }, - { - "Action": "ec2:CreateSecurityGroup", - "Effect": "Allow", - "Resource": "*" - }, { "Action": "ec2:CreateTags", "Condition": { @@ -1827,8 +1796,16 @@ { "Action": [ "ec2:AuthorizeSecurityGroupIngress", + "ec2:DeleteSecurityGroup", "ec2:RevokeSecurityGroupIngress", - "ec2:DeleteSecurityGroup" + "elasticloadbalancing:DeleteLoadBalancer", + "elasticloadbalancing:DeleteTargetGroup", + "elasticloadbalancing:ModifyLoadBalancerAttributes", + "elasticloadbalancing:ModifyTargetGroup", + "elasticloadbalancing:ModifyTargetGroupAttributes", + "elasticloadbalancing:SetIpAddressType", + "elasticloadbalancing:SetSecurityGroups", + "elasticloadbalancing:SetSubnets" ], "Condition": { "Null": { @@ -1851,16 +1828,6 @@ "Effect": "Allow", "Resource": "*" }, - { - "Action": [ - "elasticloadbalancing:CreateListener", - "elasticloadbalancing:DeleteListener", - "elasticloadbalancing:CreateRule", - "elasticloadbalancing:DeleteRule" - ], - "Effect": "Allow", - "Resource": "*" - }, { "Action": [ "elasticloadbalancing:AddTags", @@ -1874,9 +1841,9 @@ }, "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*", + "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*", "arn:aws:elasticloadbalancing:*:*:loadbalancer/net/*/*", - "arn:aws:elasticloadbalancing:*:*:loadbalancer/app/*/*" + "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" ] }, { @@ -1886,49 +1853,19 @@ ], "Effect": "Allow", "Resource": [ - "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*", "arn:aws:elasticloadbalancing:*:*:listener-rule/net/*/*/*", - "arn:aws:elasticloadbalancing:*:*:listener-rule/app/*/*/*" + "arn:aws:elasticloadbalancing:*:*:listener/app/*/*/*", + "arn:aws:elasticloadbalancing:*:*:listener/net/*/*/*" ] }, { "Action": [ - "elasticloadbalancing:ModifyLoadBalancerAttributes", - "elasticloadbalancing:SetIpAddressType", - "elasticloadbalancing:SetSecurityGroups", - "elasticloadbalancing:SetSubnets", - "elasticloadbalancing:DeleteLoadBalancer", - "elasticloadbalancing:ModifyTargetGroup", - "elasticloadbalancing:ModifyTargetGroupAttributes", - "elasticloadbalancing:DeleteTargetGroup" - ], - "Condition": { - "Null": { - "aws:ResourceTag/elbv2.k8s.aws/cluster": "false" - } - }, - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "elasticloadbalancing:RegisterTargets", - "elasticloadbalancing:DeregisterTargets" + "elasticloadbalancing:DeregisterTargets", + "elasticloadbalancing:RegisterTargets" ], "Effect": "Allow", "Resource": "arn:aws:elasticloadbalancing:*:*:targetgroup/*/*" - }, - { - "Action": [ - "elasticloadbalancing:SetWebAcl", - "elasticloadbalancing:ModifyListener", - "elasticloadbalancing:AddListenerCertificates", - "elasticloadbalancing:RemoveListenerCertificates", - "elasticloadbalancing:ModifyRule" - ], - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -2123,7 +2060,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3Bucket211A9156" }, "S3Key": { "Fn::Join": [ @@ -2136,7 +2073,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC" } ] } @@ -2149,7 +2086,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC" } ] } @@ -2201,7 +2138,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3Bucket6F458959" }, "S3Key": { "Fn::Join": [ @@ -2214,7 +2151,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E" } ] } @@ -2227,7 +2164,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E" } ] } @@ -2296,65 +2233,65 @@ } }, "Parameters": { - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3Bucket1B280681": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097": { "Type": "String", - "Description": "S3 bucket for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "S3 bucket for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665S3VersionKeyB1E02791": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224": { "Type": "String", - "Description": "S3 key for asset version \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "S3 key for asset version \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665ArtifactHash9EA5AC29": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeArtifactHash515E16AE": { "Type": "String", - "Description": "Artifact hash for asset \"26ac61b4195cccf80ff73f332788ad7ffaab36d81ce570340a583a8364901665\"" + "Description": "Artifact hash for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3Bucket9AE1EC0F": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E": { "Type": "String", - "Description": "S3 bucket for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + "Description": "S3 bucket for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afS3VersionKey451EAA56": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF": { "Type": "String", - "Description": "S3 key for asset version \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + "Description": "S3 key for asset version \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParameters00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5afArtifactHash761F4689": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647ArtifactHashE94F67E3": { "Type": "String", - "Description": "Artifact hash for asset \"00d62edb46d4e11942f8a3afeca5526ec56ff1d63eb753bd46ceecff8b01f5af\"" + "Description": "Artifact hash for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3": { "Type": "String", - "Description": "S3 bucket for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 bucket for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291": { "Type": "String", - "Description": "S3 key for asset version \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 key for asset version \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10ArtifactHash528547CD": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8ArtifactHashA4AB6609": { "Type": "String", - "Description": "Artifact hash for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "Artifact hash for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { "Type": "String", @@ -2368,57 +2305,57 @@ "Type": "String", "Description": "Artifact hash for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" }, - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3Bucket211A9156": { "Type": "String", - "Description": "S3 bucket for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "S3 bucket for asset \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC": { "Type": "String", - "Description": "S3 key for asset version \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "S3 key for asset version \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4ArtifactHashD6EA1BC7": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2ArtifactHashCA4A1831": { "Type": "String", - "Description": "Artifact hash for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "Artifact hash for asset \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3BucketB7E1A9C0": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3Bucket6F458959": { "Type": "String", - "Description": "S3 bucket for asset \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + "Description": "S3 bucket for asset \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" }, - "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3S3VersionKey542FDEBD": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E": { "Type": "String", - "Description": "S3 key for asset version \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + "Description": "S3 key for asset version \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" }, - "AssetParameters6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3ArtifactHash5E61FCA5": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4ArtifactHash4D5DD9E9": { "Type": "String", - "Description": "Artifact hash for asset \"6afd8be511f58dbedd46c8a09c07db8b7340d99fd3527b6d3dfb729208060fc3\"" + "Description": "Artifact hash for asset \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" }, - "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3S3BucketB433C27A": { + "AssetParametersd2c6c18da00a775fab79c667ce3e22b7bb82981bd887f3558a308b7ba4fcd1e1S3Bucket14A467A8": { "Type": "String", - "Description": "S3 bucket for asset \"68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3\"" + "Description": "S3 bucket for asset \"d2c6c18da00a775fab79c667ce3e22b7bb82981bd887f3558a308b7ba4fcd1e1\"" }, - "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3S3VersionKey47D97053": { + "AssetParametersd2c6c18da00a775fab79c667ce3e22b7bb82981bd887f3558a308b7ba4fcd1e1S3VersionKeyC8758BD5": { "Type": "String", - "Description": "S3 key for asset version \"68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3\"" + "Description": "S3 key for asset version \"d2c6c18da00a775fab79c667ce3e22b7bb82981bd887f3558a308b7ba4fcd1e1\"" }, - "AssetParameters68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3ArtifactHashDE01134B": { + "AssetParametersd2c6c18da00a775fab79c667ce3e22b7bb82981bd887f3558a308b7ba4fcd1e1ArtifactHashEB557581": { "Type": "String", - "Description": "Artifact hash for asset \"68b9e8362de179062ef4fa2e507bcdde8ad60822541789a054589bdfefd639c3\"" + "Description": "Artifact hash for asset \"d2c6c18da00a775fab79c667ce3e22b7bb82981bd887f3558a308b7ba4fcd1e1\"" }, - "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8S3BucketCEB8731F": { + "AssetParameters569a574833bab6f6544cebaa31935f7371f41aa0a926797d4e65b5cbbcc13d47S3Bucket690AEFE0": { "Type": "String", - "Description": "S3 bucket for asset \"246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8\"" + "Description": "S3 bucket for asset \"569a574833bab6f6544cebaa31935f7371f41aa0a926797d4e65b5cbbcc13d47\"" }, - "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8S3VersionKey31DCE19E": { + "AssetParameters569a574833bab6f6544cebaa31935f7371f41aa0a926797d4e65b5cbbcc13d47S3VersionKey2F21E0C1": { "Type": "String", - "Description": "S3 key for asset version \"246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8\"" + "Description": "S3 key for asset version \"569a574833bab6f6544cebaa31935f7371f41aa0a926797d4e65b5cbbcc13d47\"" }, - "AssetParameters246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8ArtifactHashE4FBA459": { + "AssetParameters569a574833bab6f6544cebaa31935f7371f41aa0a926797d4e65b5cbbcc13d47ArtifactHash2BCCFD09": { "Type": "String", - "Description": "Artifact hash for asset \"246f53c56ca8842b5b10a869d641017e2a78a7b196a5c32600abe420c4013dd8\"" + "Description": "Artifact hash for asset \"569a574833bab6f6544cebaa31935f7371f41aa0a926797d4e65b5cbbcc13d47\"" }, "SsmParameterValueawsserviceeksoptimizedami121amazonlinux2gpurecommendedimageidC96584B6F00A464EAD1953AFF4B05118Parameter": { "Type": "AWS::SSM::Parameter::Value", "Default": "/aws/service/eks/optimized-ami/1.21/amazon-linux-2-gpu/recommended/image_id" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.expected.json b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.expected.json index 0f0a5c61cdf67..8a9b6ea626e05 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.eks-oidc-provider.expected.json @@ -79,7 +79,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3Bucket211A9156" }, "S3Key": { "Fn::Join": [ @@ -92,7 +92,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC" } ] } @@ -105,7 +105,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC" } ] } @@ -132,17 +132,17 @@ } }, "Parameters": { - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3BucketF7BC1777": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3Bucket211A9156": { "Type": "String", - "Description": "S3 bucket for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "S3 bucket for asset \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4S3VersionKey1C340B30": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC": { "Type": "String", - "Description": "S3 key for asset version \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "S3 key for asset version \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParametersb7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4ArtifactHashD6EA1BC7": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2ArtifactHashCA4A1831": { "Type": "String", - "Description": "Artifact hash for asset \"b7d38dc0eeb2c5d024919020e09d2590b68559eab4a5264c3b1aa7a429d1edd4\"" + "Description": "Artifact hash for asset \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-eks/test/integ.fargate-cluster.expected.json b/packages/@aws-cdk/aws-eks/test/integ.fargate-cluster.expected.json index 72efc126137d7..0460488a7875d 100644 --- a/packages/@aws-cdk/aws-eks/test/integ.fargate-cluster.expected.json +++ b/packages/@aws-cdk/aws-eks/test/integ.fargate-cluster.expected.json @@ -704,73 +704,47 @@ { "Action": "iam:PassRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "FargateClusterRole8E36B33A", - "Arn" - ] - } - }, - { - "Action": [ - "eks:CreateCluster", - "eks:DescribeCluster", - "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", - "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", "Resource": [ - "*" + { + "Fn::GetAtt": [ + "FargateClusterRole8E36B33A", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "FargateClusterfargateprofiledefaultPodExecutionRole66F2610E", + "Arn" + ] + } ] }, { "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "iam:GetRole", - "iam:listAttachedRolePolicies" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ + "ec2:DescribeDhcpOptions", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" + "ec2:DescribeVpcs", + "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DeleteFargateProfile", + "eks:DescribeCluster", + "eks:DescribeFargateProfile", + "eks:DescribeUpdate", + "eks:TagResource", + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "iam:listAttachedRolePolicies" ], "Effect": "Allow", "Resource": "*" - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "FargateClusterfargateprofiledefaultPodExecutionRole66F2610E", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -1125,7 +1099,7 @@ }, "/", { - "Ref": "AssetParameters9528c3c9068ee4a23508464ed79290c4fa16c4d17230421015fdc585ec202566S3BucketBE3E205B" + "Ref": "AssetParameters68cf6214335c0f88299431e6c7fac4d9d46a42a5f526d6a109ebe35d48cef8f3S3Bucket4539F9A2" }, "/", { @@ -1135,7 +1109,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters9528c3c9068ee4a23508464ed79290c4fa16c4d17230421015fdc585ec202566S3VersionKeyAEF361AA" + "Ref": "AssetParameters68cf6214335c0f88299431e6c7fac4d9d46a42a5f526d6a109ebe35d48cef8f3S3VersionKey0A53DFAE" } ] } @@ -1148,7 +1122,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters9528c3c9068ee4a23508464ed79290c4fa16c4d17230421015fdc585ec202566S3VersionKeyAEF361AA" + "Ref": "AssetParameters68cf6214335c0f88299431e6c7fac4d9d46a42a5f526d6a109ebe35d48cef8f3S3VersionKey0A53DFAE" } ] } @@ -1158,29 +1132,29 @@ ] }, "Parameters": { + "referencetoawscdkeksfargateclustertestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3BucketDC76B2E5Ref": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097" + }, + "referencetoawscdkeksfargateclustertestAssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKeyA7127FF2Ref": { + "Ref": "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224" + }, "referencetoawscdkeksfargateclustertestFargateClusterCreationRoleFB2229CFArn": { "Fn::GetAtt": [ "FargateClusterCreationRole8C524AD8", "Arn" ] }, - "referencetoawscdkeksfargateclustertestAssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3Bucket5CC464F5Ref": { - "Ref": "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3Bucket5B1EB03C" - }, - "referencetoawscdkeksfargateclustertestAssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKey610B35BCRef": { - "Ref": "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKey51E064E9" - }, - "referencetoawscdkeksfargateclustertestAssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3Bucket3165858DRef": { - "Ref": "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3Bucket40405135" + "referencetoawscdkeksfargateclustertestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket33183031Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E" }, - "referencetoawscdkeksfargateclustertestAssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKey1A1207D1Ref": { - "Ref": "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKey50B477EB" + "referencetoawscdkeksfargateclustertestAssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKeyC9143EC9Ref": { + "Ref": "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF" }, - "referencetoawscdkeksfargateclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket8EEF0922Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksfargateclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket3204D5E8Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksfargateclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey47333356Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksfargateclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKey4ABEA862Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1200,7 +1174,7 @@ }, "/", { - "Ref": "AssetParameters6b899044dd4c0806c8b311f44f756b062c8da54e6ff69ae3ed28d6dab912802dS3Bucket92B50C24" + "Ref": "AssetParameters196dc7aaf7b92bd056c4ca55632f53bbd96a92876291800c581e6e9e95458d2fS3BucketD61A27C7" }, "/", { @@ -1210,7 +1184,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6b899044dd4c0806c8b311f44f756b062c8da54e6ff69ae3ed28d6dab912802dS3VersionKeyB7108D30" + "Ref": "AssetParameters196dc7aaf7b92bd056c4ca55632f53bbd96a92876291800c581e6e9e95458d2fS3VersionKey6F1AD5E5" } ] } @@ -1223,7 +1197,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6b899044dd4c0806c8b311f44f756b062c8da54e6ff69ae3ed28d6dab912802dS3VersionKeyB7108D30" + "Ref": "AssetParameters196dc7aaf7b92bd056c4ca55632f53bbd96a92876291800c581e6e9e95458d2fS3VersionKey6F1AD5E5" } ] } @@ -1245,11 +1219,11 @@ "Arn" ] }, - "referencetoawscdkeksfargateclustertestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC4DF4301Ref": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9" + "referencetoawscdkeksfargateclustertestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3BucketC8170E38Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3" }, - "referencetoawscdkeksfargateclustertestAssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKey013AD4DERef": { - "Ref": "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421" + "referencetoawscdkeksfargateclustertestAssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyFC5034F5Ref": { + "Ref": "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291" }, "referencetoawscdkeksfargateclustertestFargateClusterDefaultVpcPrivateSubnet1Subnet0278E6BCRef": { "Ref": "FargateClusterDefaultVpcPrivateSubnet1Subnet50EA43AA" @@ -1266,11 +1240,11 @@ "ClusterSecurityGroupId" ] }, - "referencetoawscdkeksfargateclustertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3Bucket4F20F642Ref": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7" + "referencetoawscdkeksfargateclustertestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketB010C1C1Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, - "referencetoawscdkeksfargateclustertestAssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyB82BAEF8Ref": { - "Ref": "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F" + "referencetoawscdkeksfargateclustertestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey0118D441Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" }, "referencetoawscdkeksfargateclustertestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3Bucket899EE5ABRef": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" @@ -1278,11 +1252,11 @@ "referencetoawscdkeksfargateclustertestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKey1296E713Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3VersionKeyB00C0565" }, - "referencetoawscdkeksfargateclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3Bucket8EEF0922Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "referencetoawscdkeksfargateclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3Bucket3204D5E8Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, - "referencetoawscdkeksfargateclustertestAssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKey47333356Ref": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "referencetoawscdkeksfargateclustertestAssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKey4ABEA862Ref": { + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } } }, @@ -1333,65 +1307,65 @@ } }, "Parameters": { - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3Bucket5B1EB03C": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3Bucket4E7CD097": { "Type": "String", - "Description": "S3 bucket for asset \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "S3 bucket for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4S3VersionKey51E064E9": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeS3VersionKey93D16224": { "Type": "String", - "Description": "S3 key for asset version \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "S3 key for asset version \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParametersd78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4ArtifactHash26192139": { + "AssetParameters4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06eeArtifactHash515E16AE": { "Type": "String", - "Description": "Artifact hash for asset \"d78765b92df2a80d8f6054e616200f6099a238f29fe81a199c2c217ffe1a12b4\"" + "Description": "Artifact hash for asset \"4288ebb3652acdf2d828b7db7ca44a7162a401ace50ebb4026e84b18a02a06ee\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3Bucket40405135": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3Bucket05488C5E": { "Type": "String", - "Description": "S3 bucket for asset \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "S3 bucket for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccS3VersionKey50B477EB": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647S3VersionKey174B23DF": { "Type": "String", - "Description": "S3 key for asset version \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "S3 key for asset version \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864ccArtifactHashCC7E7A09": { + "AssetParameters8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647ArtifactHashE94F67E3": { "Type": "String", - "Description": "Artifact hash for asset \"ca2c913ffc0cd2016ee8bae9a571d12d6eca2284408cb99dd0ebff5b061864cc\"" + "Description": "Artifact hash for asset \"8b11ea303df4b9db9feef6ed5f901a2d1185023a40c80c9630cf5c36559ae647\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3BucketC6FAEEC9": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3Bucket4CD5FFC3": { "Type": "String", - "Description": "S3 bucket for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 bucket for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10S3VersionKeyA7EE7421": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8S3VersionKeyE06BA291": { "Type": "String", - "Description": "S3 key for asset version \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "S3 key for asset version \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10ArtifactHash528547CD": { + "AssetParametersa70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8ArtifactHashA4AB6609": { "Type": "String", - "Description": "Artifact hash for asset \"4129bbca38164ecb28fee8e5b674f0d05e5957b4b8ed97d9c950527b5cc4ce10\"" + "Description": "Artifact hash for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3BucketAEADE8C7": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68S3VersionKeyE415415F": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameterse9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68ArtifactHashD9A515C3": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { "Type": "String", @@ -1405,29 +1379,29 @@ "Type": "String", "Description": "Artifact hash for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" }, - "AssetParameters9528c3c9068ee4a23508464ed79290c4fa16c4d17230421015fdc585ec202566S3BucketBE3E205B": { + "AssetParameters68cf6214335c0f88299431e6c7fac4d9d46a42a5f526d6a109ebe35d48cef8f3S3Bucket4539F9A2": { "Type": "String", - "Description": "S3 bucket for asset \"9528c3c9068ee4a23508464ed79290c4fa16c4d17230421015fdc585ec202566\"" + "Description": "S3 bucket for asset \"68cf6214335c0f88299431e6c7fac4d9d46a42a5f526d6a109ebe35d48cef8f3\"" }, - "AssetParameters9528c3c9068ee4a23508464ed79290c4fa16c4d17230421015fdc585ec202566S3VersionKeyAEF361AA": { + "AssetParameters68cf6214335c0f88299431e6c7fac4d9d46a42a5f526d6a109ebe35d48cef8f3S3VersionKey0A53DFAE": { "Type": "String", - "Description": "S3 key for asset version \"9528c3c9068ee4a23508464ed79290c4fa16c4d17230421015fdc585ec202566\"" + "Description": "S3 key for asset version \"68cf6214335c0f88299431e6c7fac4d9d46a42a5f526d6a109ebe35d48cef8f3\"" }, - "AssetParameters9528c3c9068ee4a23508464ed79290c4fa16c4d17230421015fdc585ec202566ArtifactHashE4B867B7": { + "AssetParameters68cf6214335c0f88299431e6c7fac4d9d46a42a5f526d6a109ebe35d48cef8f3ArtifactHash391F4841": { "Type": "String", - "Description": "Artifact hash for asset \"9528c3c9068ee4a23508464ed79290c4fa16c4d17230421015fdc585ec202566\"" + "Description": "Artifact hash for asset \"68cf6214335c0f88299431e6c7fac4d9d46a42a5f526d6a109ebe35d48cef8f3\"" }, - "AssetParameters6b899044dd4c0806c8b311f44f756b062c8da54e6ff69ae3ed28d6dab912802dS3Bucket92B50C24": { + "AssetParameters196dc7aaf7b92bd056c4ca55632f53bbd96a92876291800c581e6e9e95458d2fS3BucketD61A27C7": { "Type": "String", - "Description": "S3 bucket for asset \"6b899044dd4c0806c8b311f44f756b062c8da54e6ff69ae3ed28d6dab912802d\"" + "Description": "S3 bucket for asset \"196dc7aaf7b92bd056c4ca55632f53bbd96a92876291800c581e6e9e95458d2f\"" }, - "AssetParameters6b899044dd4c0806c8b311f44f756b062c8da54e6ff69ae3ed28d6dab912802dS3VersionKeyB7108D30": { + "AssetParameters196dc7aaf7b92bd056c4ca55632f53bbd96a92876291800c581e6e9e95458d2fS3VersionKey6F1AD5E5": { "Type": "String", - "Description": "S3 key for asset version \"6b899044dd4c0806c8b311f44f756b062c8da54e6ff69ae3ed28d6dab912802d\"" + "Description": "S3 key for asset version \"196dc7aaf7b92bd056c4ca55632f53bbd96a92876291800c581e6e9e95458d2f\"" }, - "AssetParameters6b899044dd4c0806c8b311f44f756b062c8da54e6ff69ae3ed28d6dab912802dArtifactHashE3B502E1": { + "AssetParameters196dc7aaf7b92bd056c4ca55632f53bbd96a92876291800c581e6e9e95458d2fArtifactHash7F76D826": { "Type": "String", - "Description": "Artifact hash for asset \"6b899044dd4c0806c8b311f44f756b062c8da54e6ff69ae3ed28d6dab912802d\"" + "Description": "Artifact hash for asset \"196dc7aaf7b92bd056c4ca55632f53bbd96a92876291800c581e6e9e95458d2f\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json index de4a51d454b8d..bad6008645b93 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.custom-kms-key.expected.json @@ -57,12 +57,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "logs:PutResourcePolicy", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:DeleteResourcePolicy", + "Action": [ + "logs:DeleteResourcePolicy", + "logs:PutResourcePolicy" + ], "Effect": "Allow", "Resource": "*" } @@ -327,9 +325,9 @@ "Statement": [ { "Action": [ - "kms:List*", + "kms:CreateGrant", "kms:Describe*", - "kms:CreateGrant" + "kms:List*" ], "Effect": "Allow", "Resource": { @@ -355,7 +353,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -368,7 +366,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -381,7 +379,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -408,17 +406,17 @@ } }, "Parameters": { - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2ArtifactHash4BE92B79": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json index 40a3ba4cacb28..7d14d86bb2134 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.expected.json @@ -22,12 +22,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "logs:PutResourcePolicy", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:DeleteResourcePolicy", + "Action": [ + "logs:DeleteResourcePolicy", + "logs:PutResourcePolicy" + ], "Effect": "Allow", "Resource": "*" } @@ -292,7 +290,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -305,7 +303,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -318,7 +316,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -364,12 +362,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "logs:PutResourcePolicy", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:DeleteResourcePolicy", + "Action": [ + "logs:DeleteResourcePolicy", + "logs:PutResourcePolicy" + ], "Effect": "Allow", "Resource": "*" } @@ -600,17 +596,17 @@ } }, "Parameters": { - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2ArtifactHash4BE92B79": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json index 6e0b5573a7b39..86297ef04a7dd 100644 --- a/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json +++ b/packages/@aws-cdk/aws-elasticsearch/test/integ.elasticsearch.unsignedbasicauth.expected.json @@ -189,7 +189,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -202,7 +202,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -215,7 +215,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -241,17 +241,17 @@ } }, "Parameters": { - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2ArtifactHash4BE92B79": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-events-targets/test/aws-api/integ.aws-api.expected.json b/packages/@aws-cdk/aws-events-targets/test/aws-api/integ.aws-api.expected.json index f5ae531bc1a27..966e633dac39f 100644 --- a/packages/@aws-cdk/aws-events-targets/test/aws-api/integ.aws-api.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/aws-api/integ.aws-api.expected.json @@ -104,17 +104,11 @@ "PolicyDocument": { "Statement": [ { - "Action": "ecs:UpdateService", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "rds:StopDBInstance", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "rds:CreateDBSnapshot", + "Action": [ + "ecs:UpdateService", + "rds:CreateDBSnapshot", + "rds:StopDBInstance" + ], "Effect": "Allow", "Resource": "*" } diff --git a/packages/@aws-cdk/aws-events-targets/test/codebuild/integ.project-events.expected.json b/packages/@aws-cdk/aws-events-targets/test/codebuild/integ.project-events.expected.json index e2de1fa26a6a5..e10af31aea26b 100644 --- a/packages/@aws-cdk/aws-events-targets/test/codebuild/integ.project-events.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/codebuild/integ.project-events.expected.json @@ -51,11 +51,11 @@ ] } }, + "Id": "Target0", "RetryPolicy": { "MaximumEventAgeInSeconds": 7200, "MaximumRetryAttempts": 2 }, - "Id": "Target0", "RoleArn": { "Fn::GetAtt": [ "MyProjectEventsRole5B7D93F5", @@ -138,7 +138,8 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - } + }, + ":*" ] ] }, @@ -161,8 +162,7 @@ ":log-group:/aws/codebuild/", { "Ref": "MyProject39F7B0AE" - }, - ":*" + } ] ] } @@ -170,11 +170,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -483,4 +483,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-events-targets/test/codepipeline/integ.pipeline-event-target.expected.json b/packages/@aws-cdk/aws-events-targets/test/codepipeline/integ.pipeline-event-target.expected.json index 912eb616ad2c8..045364b8680cb 100644 --- a/packages/@aws-cdk/aws-events-targets/test/codepipeline/integ.pipeline-event-target.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/codepipeline/integ.pipeline-event-target.expected.json @@ -154,16 +154,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -194,8 +194,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -208,22 +208,20 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "pipelinePipeline22F2A91DSourceCodeCommitCodePipelineActionRoleE54633E5", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "pipelinePipeline22F2A91DBuildHelloCodePipelineActionRoleA9729116", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "pipelinePipeline22F2A91DBuildHelloCodePipelineActionRoleA9729116", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "pipelinePipeline22F2A91DSourceCodeCommitCodePipelineActionRoleE54633E5", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json index a03a81e7255da..444eaab9f6152 100644 --- a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-ec2-task.lit.expected.json @@ -95,15 +95,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "Tags": [ { "Key": "Name", @@ -293,8 +293,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -434,10 +434,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -472,7 +472,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -500,24 +502,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "EcsCluster97242B84", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -595,6 +579,17 @@ } } }, + "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { + "Type": "AWS::SNS::Topic", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup" + } + ] + } + }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookRoleA38EC83B": { "Type": "AWS::IAM::Role", "Properties": { @@ -641,17 +636,6 @@ ] } }, - "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookTopicACD2D4A4": { - "Type": "AWS::SNS::Topic", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "aws-ecs-integ-ecs/EcsCluster/DefaultAutoScalingGroup" - } - ] - } - }, "EcsClusterDefaultAutoScalingGroupLifecycleHookDrainHookFFA63029": { "Type": "AWS::AutoScaling::LifecycleHook", "Properties": { @@ -783,8 +767,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json index 40e42600e5413..9cd668c41aa03 100644 --- a/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/ecs/integ.event-fargate-task.expected.json @@ -95,15 +95,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "Tags": [ { "Key": "Name", @@ -307,8 +307,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -403,22 +403,20 @@ { "Action": "iam:PassRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TaskDefExecutionRoleB4775C97", - "Arn" - ] - } - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TaskDefTaskRole1EDB4A67", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "TaskDefExecutionRoleB4775C97", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "TaskDefTaskRole1EDB4A67", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.expected.json b/packages/@aws-cdk/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.expected.json index 0c7a34c7f4bd5..2721bd7c3c250 100644 --- a/packages/@aws-cdk/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.expected.json @@ -29,16 +29,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -165,4 +165,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-events-targets/test/logs/integ.log-group.expected.json b/packages/@aws-cdk/aws-events-targets/test/logs/integ.log-group.expected.json index 8ef384b7f43a7..c4bb05cf2b33f 100644 --- a/packages/@aws-cdk/aws-events-targets/test/logs/integ.log-group.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/logs/integ.log-group.expected.json @@ -68,12 +68,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "logs:PutResourcePolicy", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:DeleteResourcePolicy", + "Action": [ + "logs:DeleteResourcePolicy", + "logs:PutResourcePolicy" + ], "Effect": "Allow", "Resource": "*" } @@ -172,7 +170,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3BucketD609D0D9" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -185,7 +183,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -198,7 +196,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -269,12 +267,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "logs:PutResourcePolicy", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:DeleteResourcePolicy", + "Action": [ + "logs:DeleteResourcePolicy", + "logs:PutResourcePolicy" + ], "Effect": "Allow", "Resource": "*" } @@ -392,12 +388,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "logs:PutResourcePolicy", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:DeleteResourcePolicy", + "Action": [ + "logs:DeleteResourcePolicy", + "logs:PutResourcePolicy" + ], "Effect": "Allow", "Resource": "*" } @@ -472,17 +466,17 @@ } }, "Parameters": { - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3BucketD609D0D9": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cArtifactHash86CFA15D": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json b/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json index f35a7a93b9e42..9f300d5f03e0f 100644 --- a/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json +++ b/packages/@aws-cdk/aws-events-targets/test/sqs/integ.sqs-event-rule-target.expected.json @@ -32,8 +32,8 @@ "Action": [ "kms:Decrypt", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Principal": { @@ -94,9 +94,9 @@ "Statement": [ { "Action": [ - "sqs:SendMessage", "sqs:GetQueueAttributes", - "sqs:GetQueueUrl" + "sqs:GetQueueUrl", + "sqs:SendMessage" ], "Effect": "Allow", "Principal": { diff --git a/packages/@aws-cdk/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.expected.json b/packages/@aws-cdk/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.expected.json index 9d516680000e1..3888b9ba5d05d 100644 --- a/packages/@aws-cdk/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.expected.json +++ b/packages/@aws-cdk/aws-globalaccelerator-endpoints/test/integ.globalaccelerator.expected.json @@ -95,15 +95,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "Name", @@ -920,7 +920,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3BucketD609D0D9" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -933,7 +933,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -946,7 +946,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -976,17 +976,17 @@ "Type": "AWS::SSM::Parameter::Value", "Default": "/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2" }, - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3BucketD609D0D9": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cArtifactHash86CFA15D": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-glue/test/integ.job.expected.json b/packages/@aws-cdk/aws-glue/test/integ.job.expected.json index d50a9de59a00e..435ffc2516e80 100644 --- a/packages/@aws-cdk/aws-glue/test/integ.job.expected.json +++ b/packages/@aws-cdk/aws-glue/test/integ.job.expected.json @@ -38,16 +38,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -75,8 +75,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -92,7 +92,8 @@ ":s3:::", { "Ref": "AssetParameters432033e3218068a915d2532fa9be7858a12b228a2ae6e5c10faccd9097b1e855S3Bucket4E517469" - } + }, + "/*" ] ] }, @@ -107,8 +108,7 @@ ":s3:::", { "Ref": "AssetParameters432033e3218068a915d2532fa9be7858a12b228a2ae6e5c10faccd9097b1e855S3Bucket4E517469" - }, - "/*" + } ] ] } @@ -293,8 +293,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -310,7 +310,8 @@ ":s3:::", { "Ref": "AssetParameters432033e3218068a915d2532fa9be7858a12b228a2ae6e5c10faccd9097b1e855S3Bucket4E517469" - } + }, + "/*" ] ] }, @@ -325,8 +326,7 @@ ":s3:::", { "Ref": "AssetParameters432033e3218068a915d2532fa9be7858a12b228a2ae6e5c10faccd9097b1e855S3Bucket4E517469" - }, - "/*" + } ] ] } @@ -444,8 +444,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -461,7 +461,8 @@ ":s3:::", { "Ref": "AssetParameters432033e3218068a915d2532fa9be7858a12b228a2ae6e5c10faccd9097b1e855S3Bucket4E517469" - } + }, + "/*" ] ] }, @@ -476,8 +477,7 @@ ":s3:::", { "Ref": "AssetParameters432033e3218068a915d2532fa9be7858a12b228a2ae6e5c10faccd9097b1e855S3Bucket4E517469" - }, - "/*" + } ] ] } diff --git a/packages/@aws-cdk/aws-glue/test/integ.partition-index.expected.json b/packages/@aws-cdk/aws-glue/test/integ.partition-index.expected.json index a4b3cad50cea3..6e8f232e62f03 100644 --- a/packages/@aws-cdk/aws-glue/test/integ.partition-index.expected.json +++ b/packages/@aws-cdk/aws-glue/test/integ.partition-index.expected.json @@ -235,33 +235,6 @@ "Action": "glue:UpdateTable", "Effect": "Allow", "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":glue:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":table/", - { - "Ref": "MyDatabase1E2517DB" - }, - "/", - { - "Ref": "CSVTableE499CABA" - } - ] - ] - }, { "Fn::Join": [ "", @@ -304,13 +277,7 @@ } ] ] - } - ] - }, - { - "Action": "glue:UpdateTable", - "Effect": "Allow", - "Resource": [ + }, { "Fn::Join": [ "", @@ -333,7 +300,7 @@ }, "/", { - "Ref": "JSONTable00348F1D" + "Ref": "CSVTableE499CABA" } ] ] @@ -354,29 +321,13 @@ { "Ref": "AWS::AccountId" }, - ":catalog" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":glue:", - { - "Ref": "AWS::Region" - }, - ":", + ":table/", { - "Ref": "AWS::AccountId" + "Ref": "MyDatabase1E2517DB" }, - ":database/", + "/", { - "Ref": "MyDatabase1E2517DB" + "Ref": "JSONTable00348F1D" } ] ] @@ -399,7 +350,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -412,7 +363,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -425,7 +376,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -571,17 +522,17 @@ } }, "Parameters": { - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2ArtifactHash4BE92B79": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-glue/test/integ.table.expected.json b/packages/@aws-cdk/aws-glue/test/integ.table.expected.json index c76cbb5544660..8d4308ae40dab 100644 --- a/packages/@aws-cdk/aws-glue/test/integ.table.expected.json +++ b/packages/@aws-cdk/aws-glue/test/integ.table.expected.json @@ -433,60 +433,89 @@ "Statement": [ { "Action": [ + "glue:BatchCreatePartition", + "glue:BatchDeletePartition", "glue:BatchGetPartition", + "glue:CreatePartition", + "glue:DeletePartition", "glue:GetPartition", "glue:GetPartitions", "glue:GetTable", - "glue:GetTables", "glue:GetTableVersion", "glue:GetTableVersions", - "glue:BatchCreatePartition", - "glue:BatchDeletePartition", - "glue:CreatePartition", - "glue:DeletePartition", + "glue:GetTables", "glue:UpdatePartition" ], "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":glue:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":table/", - { - "Ref": "MyDatabase1E2517DB" - }, - "/", - { - "Ref": "CSVTableE499CABA" - } + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":glue:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":table/", + { + "Ref": "MyDatabase1E2517DB" + }, + "/", + { + "Ref": "CSVTableE499CABA" + } + ] ] - ] - } + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":glue:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":table/", + { + "Ref": "MyDatabase1E2517DB" + }, + "/", + { + "Ref": "MyEncryptedTable981A88C6" + } + ] + ] + } + ] }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -496,6 +525,12 @@ "Arn" ] }, + { + "Fn::GetAtt": [ + "MyEncryptedTableBucket7B28486D", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -509,73 +544,6 @@ "/*" ] ] - } - ] - }, - { - "Action": [ - "glue:BatchGetPartition", - "glue:GetPartition", - "glue:GetPartitions", - "glue:GetTable", - "glue:GetTables", - "glue:GetTableVersion", - "glue:GetTableVersions", - "glue:BatchCreatePartition", - "glue:BatchDeletePartition", - "glue:CreatePartition", - "glue:DeletePartition", - "glue:UpdatePartition" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":glue:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":table/", - { - "Ref": "MyDatabase1E2517DB" - }, - "/", - { - "Ref": "MyEncryptedTable981A88C6" - } - ] - ] - } - }, - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "MyEncryptedTableBucket7B28486D", - "Arn" - ] }, { "Fn::Join": [ @@ -598,8 +566,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -630,60 +598,116 @@ "Statement": [ { "Action": [ + "glue:BatchCreatePartition", + "glue:BatchDeletePartition", "glue:BatchGetPartition", + "glue:CreatePartition", + "glue:DeletePartition", "glue:GetPartition", "glue:GetPartitions", "glue:GetTable", - "glue:GetTables", "glue:GetTableVersion", "glue:GetTableVersions", - "glue:BatchCreatePartition", - "glue:BatchDeletePartition", - "glue:CreatePartition", - "glue:DeletePartition", + "glue:GetTables", "glue:UpdatePartition" ], "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":glue:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":table/", - { - "Ref": "MyDatabase1E2517DB" - }, - "/", - { - "Ref": "AVROTable58646ABF" - } + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":glue:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":table/", + { + "Ref": "MyDatabase1E2517DB" + }, + "/", + { + "Ref": "AVROTable58646ABF" + } + ] ] - ] - } + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":glue:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":table/", + { + "Ref": "MyDatabase1E2517DB" + }, + "/", + { + "Ref": "JSONTable00348F1D" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":glue:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":table/", + { + "Ref": "MyDatabase1E2517DB" + }, + "/", + { + "Ref": "ParquetTableE84E985F" + } + ] + ] + } + ] }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -708,94 +732,6 @@ ] } ] - }, - { - "Action": [ - "glue:BatchGetPartition", - "glue:GetPartition", - "glue:GetPartitions", - "glue:GetTable", - "glue:GetTables", - "glue:GetTableVersion", - "glue:GetTableVersions", - "glue:BatchCreatePartition", - "glue:BatchDeletePartition", - "glue:CreatePartition", - "glue:DeletePartition", - "glue:UpdatePartition" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":glue:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":table/", - { - "Ref": "MyDatabase1E2517DB" - }, - "/", - { - "Ref": "JSONTable00348F1D" - } - ] - ] - } - }, - { - "Action": [ - "glue:BatchGetPartition", - "glue:GetPartition", - "glue:GetPartitions", - "glue:GetTable", - "glue:GetTables", - "glue:GetTableVersion", - "glue:GetTableVersions", - "glue:BatchCreatePartition", - "glue:BatchDeletePartition", - "glue:CreatePartition", - "glue:DeletePartition", - "glue:UpdatePartition" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":glue:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":table/", - { - "Ref": "MyDatabase1E2517DB" - }, - "/", - { - "Ref": "ParquetTableE84E985F" - } - ] - ] - } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-iam/.npmignore b/packages/@aws-cdk/aws-iam/.npmignore index aaabf1df59065..123165033db70 100644 --- a/packages/@aws-cdk/aws-iam/.npmignore +++ b/packages/@aws-cdk/aws-iam/.npmignore @@ -21,8 +21,10 @@ tsconfig.json .eslintrc.js jest.config.js +docs/ + # exclude cdk artifacts **/cdk.out junit.xml test/ -!*.lit.ts \ No newline at end of file +!*.lit.ts diff --git a/packages/@aws-cdk/aws-iam/docs/policy-merging.als b/packages/@aws-cdk/aws-iam/docs/policy-merging.als new file mode 100644 index 0000000000000..72b4ac0aa01f5 --- /dev/null +++ b/packages/@aws-cdk/aws-iam/docs/policy-merging.als @@ -0,0 +1,201 @@ +/* +Alloy model to confirm the logic behind merging IAM Statements. + +This proves that merging two statements based on the following conditions: + +- Effects are the same +- NotAction, NotResource, NotPrincipal are the same(*) +- Of Action, Resource, Principal sets, 2 out of 3 are the same(*) + +Is sound, as the model doesn't find any examples of where the meaning +of statements is changed by merging. + +Find Alloy at https://alloytools.org/. + +(*) Some of these sets may be empty--that is fine, the logic still works out. +*/ + +//------------------------------------------------------- +// Base Statement definitions +enum Effect { Allow, Deny } +enum Resource { ResourceA, ResourceB } +enum Action { ActionA, ActionB } +enum Principal { PrincipalA, PrincipalB } + +sig Statement { + effect: Effect, + principal: set Principal, + notPrincipal: set Principal, + action: set Action, + notAction: set Action, + resource: set Resource, + notResource: set Resource, +} { + // Exactly one of Xxx and notXxx is non-empty + (some principal) iff not (some notPrincipal) + (some action) iff not (some notAction) + (some resource) iff not (some notResource) +} + +// So that we can compare Statements using =, if two Statements have +// exactly the same properties then they are the same Statement +fact { + all a, b: Statement { + ( + a.effect = b.effect and + a.principal = b.principal and + a.notPrincipal = b.notPrincipal and + a.action = b.action and + a.notAction = b.notAction and + a.resource = b.resource and + a.notResource = b.notResource) implies a = b + } +} + +//------------------------------------------------------- +// Requests and evaluations +sig Request { + principal: Principal, + action: Action, + resource: Resource, +} + +// Whether the statement applies to the given request +pred applies[s: Statement, req: Request] { + some s.principal implies req.principal in s.principal + some s.notPrincipal implies req.principal not in s.notPrincipal + some s.action implies req.action in s.action + some s.notAction implies req.action not in s.notAction + some s.resource implies req.resource in s.resource + some s.notResource implies req.resource not in s.notResource +} + +// Whether or not to allow the given request according to the given statements +// +// A request is allowed if there's at least one statement allowing it and +// no statements denying it. +pred allow[req: Request, ss: some Statement] { + some s: ss | applies[s, req] and s.effect = Allow + no s: ss | applies[s, req] and s.effect = Deny +} + +run show_some_allowed_requests { + some ss: set Statement, r: Request | allow[r, ss] and /* no useless Statements floating around */ (no s" : Statement | s" not in ss) +} for 3 but 1 Request + +//------------------------------------------------------- +// Statement merging + +// Assert that m is the merged version of a and b +// +// This encodes the important logic: the rules of merging. +pred merged[a: Statement, b: Statement, m: Statement] { + // Preconditions + a.effect = b.effect + a.notAction = b.notAction + a.notResource = b.notResource + a.notPrincipal = b.notPrincipal + + // Merging is allowed in one of 2 cases: + // - of the pairs { Resource, Action, Principal } 2 are the same (then the 3rd pair may be merged) + // - if one statement is a full subset of the other one (then it may be subsumed) [not implemented yet] + let R = a.resource = b.resource, A = a.action = b.action, P = a.principal = b.principal { + ((R and A) or (R and P) or (A and P) or + (a.resource in b.resource and a.action in b.action and a.principal in b.principal) or + (b.resource in a.resource and b.action in a.action and b.principal in a.principal)) + } + + // Result of merging + m.effect = a.effect + m.action = a.action + b.action + m.notAction = a.notAction + m.resource = a.resource + b.resource + m.notResource = a.notResource + m.principal = a.principal + b.principal + m.notPrincipal = a.notPrincipal +} + +run show_some_nontrivial_merges { + some disj s0, s1, M: Statement | merged[s0, s1, M] and s0.action != s1.action +} + +// For any pair of statements, there is only one possible merging +check merging_is_unique { + all s0, s1: Statement { + no disj m0, m1 : Statement | merged[s0, s1, m0] and merged[s0, s1, m1] + } +} for 5 + +// For all statements, the evaluation of the individual statements is the same as the evaluation +// of the merged statement. +check merging_does_not_change_evaluation { + all a: Statement, b: Statement, m: Statement, r: Request { + merged[a, b, m] implies (allow[r, a + b] iff allow[r, m]) + } +} for 3 + +// There are no 3 statements such that merged(merged(s0, s1), s2) != merged(s0, merged(s1, s2)) +check merging_is_associative { + no s0, s1, s2, h0, h1, m0, m1: Statement { + merged[s0, s1, h0] and merged[h0, s2, m0] + merged[s1, s2, h1] and merged[h1, s0, m1] + m0 != m1 + } +} for 10 + +// For all statements, merged(s0, s1) = merged(s1, s0) +check merging_is_commutative { + all s0, s1, m: Statement { + merged[s0, s1, m] implies merged[s1, s0, m] + } +} for 5 + +//------------------------------------------------------- +// Repeated application of merging + +// Whether a and b are mergeable +pred mergeable[a: Statement, b: Statement] { + some m: Statement | m != a and m != b and merged[a, b, m] +} + +// Maximally merged items in a set +pred maxMerged(input: set Statement, output: set Statement) { + no disj a, b: output | mergeable[a, b] + + input = output or { + #input > #output + some a, b: input | some m: Statement { + m != a + m != b + merged[a, b, m] + maxMerged[input - a - b + m, output] + } + } +} + +run some_interesting_maxMerged_statements { + some input, output: set Statement { + maxMerged[input, output] + #input = 3 + #output = 1 + all x: output | x not in input + } +} for 5 + +check max_merging_does_not_change_eval { + all input, output: set Statement, r: Request { + maxMerged[input, output] implies (allow[r, input] iff allow[r, output]) + } +} for 5 + +// This used to be written the opposite way. But you know: merging is NOT unique. +// Counterexample found by Alloy: +// {{ A, B, A }, {B, B, A} { A, B, B }} +// Reduces to either: +// {{ AB, B, A }, { A, B, B }} +// or {{ A, B, AB }, { B, B, A }} +run max_merging_is_not_unique { + some input, m0, m1: set Statement { + maxMerged[input, m0] and maxMerged[input, m1] and m0 != m1 + } +} for 5 diff --git a/packages/@aws-cdk/aws-iam/lib/policy-document.ts b/packages/@aws-cdk/aws-iam/lib/policy-document.ts index da43cce541158..9d73acb4693ac 100644 --- a/packages/@aws-cdk/aws-iam/lib/policy-document.ts +++ b/packages/@aws-cdk/aws-iam/lib/policy-document.ts @@ -1,5 +1,7 @@ import * as cdk from '@aws-cdk/core'; +import * as cxapi from '@aws-cdk/cx-api'; import { PolicyStatement } from './policy-statement'; +import { PostProcessPolicyDocument } from './private/postprocess-policy-document'; /** * Properties for a new PolicyDocument @@ -18,6 +20,24 @@ export interface PolicyDocumentProps { * @default - No statements */ readonly statements?: PolicyStatement[]; + + /** + * Try to minimize the policy by merging statements + * + * To avoid overrunning the maximum policy size, combine statements if they produce + * the same result. Merging happens according to the following rules: + * + * - The Effect of both statements is the same + * - Neither of the statements have a 'Sid' + * - Combine Principals if the rest of the statement is exactly the same. + * - Combine Resources if the rest of the statement is exactly the same. + * - Combine Actions if the rest of the statement is exactly the same. + * - We will never combine NotPrincipals, NotResources or NotActions, because doing + * so would change the meaning of the policy document. + * + * @default - false, unless the feature flag `@aws-cdk/aws-iam:minimizePolicies` is set + */ + readonly minimize?: boolean; } /** @@ -43,16 +63,21 @@ export class PolicyDocument implements cdk.IResolvable { public readonly creationStack: string[]; private readonly statements = new Array(); private readonly autoAssignSids: boolean; + private readonly minimize?: boolean; constructor(props: PolicyDocumentProps = {}) { this.creationStack = cdk.captureStackTrace(); this.autoAssignSids = !!props.assignSids; + this.minimize = props.minimize; this.addStatements(...props.statements || []); } public resolve(context: cdk.IResolveContext): any { - context.registerPostProcessor(new RemoveDuplicateStatements(this.autoAssignSids)); + context.registerPostProcessor(new PostProcessPolicyDocument( + this.autoAssignSids, + this.minimize ?? cdk.FeatureFlags.of(context.scope).isEnabled(cxapi.IAM_MINIMIZE_POLICIES) ?? false, + )); return this.render(); } @@ -153,42 +178,3 @@ export class PolicyDocument implements cdk.IResolvable { return doc; } } - -/** - * Removes duplicate statements and assign Sids if necessary - */ -class RemoveDuplicateStatements implements cdk.IPostProcessor { - constructor(private readonly autoAssignSids: boolean) { - } - - public postProcess(input: any, _context: cdk.IResolveContext): any { - if (!input || !input.Statement) { - return input; - } - - const jsonStatements = new Set(); - const uniqueStatements: any[] = []; - - for (const statement of input.Statement) { - const jsonStatement = JSON.stringify(statement); - if (!jsonStatements.has(jsonStatement)) { - uniqueStatements.push(statement); - jsonStatements.add(jsonStatement); - } - } - - // assign unique SIDs (the statement index) if `autoAssignSids` is enabled - const statements = uniqueStatements.map((s, i) => { - if (this.autoAssignSids && !s.Sid) { - s.Sid = i.toString(); - } - - return s; - }); - - return { - ...input, - Statement: statements, - }; - } -} diff --git a/packages/@aws-cdk/aws-iam/lib/policy-statement.ts b/packages/@aws-cdk/aws-iam/lib/policy-statement.ts index 08a8353e84b36..5e3b7eaabfbc7 100644 --- a/packages/@aws-cdk/aws-iam/lib/policy-statement.ts +++ b/packages/@aws-cdk/aws-iam/lib/policy-statement.ts @@ -4,6 +4,7 @@ import { AccountPrincipal, AccountRootPrincipal, AnyPrincipal, ArnPrincipal, CanonicalUserPrincipal, FederatedPrincipal, IPrincipal, PrincipalBase, PrincipalPolicyFragment, ServicePrincipal, ServicePrincipalOpts, } from './principals'; +import { normalizeStatement } from './private/postprocess-policy-document'; import { LITERAL_STRING_KEY, mergePrincipal } from './util'; const ensureArrayOrUndefined = (field: any) => { @@ -324,66 +325,17 @@ export class PolicyStatement { * Used when JSON.stringify() is called */ public toStatementJson(): any { - return noUndef({ - Action: _norm(this.action, { unique: true }), - NotAction: _norm(this.notAction, { unique: true }), - Condition: _norm(this.condition), - Effect: _norm(this.effect), - Principal: _normPrincipal(this.principal), - NotPrincipal: _normPrincipal(this.notPrincipal), - Resource: _norm(this.resource, { unique: true }), - NotResource: _norm(this.notResource, { unique: true }), - Sid: _norm(this.sid), + return normalizeStatement({ + Action: this.action, + NotAction: this.notAction, + Condition: this.condition, + Effect: this.effect, + Principal: this.principal, + NotPrincipal: this.notPrincipal, + Resource: this.resource, + NotResource: this.notResource, + Sid: this.sid, }); - - function _norm(values: any, { unique }: { unique: boolean } = { unique: false }) { - - if (typeof(values) === 'undefined') { - return undefined; - } - - if (cdk.Token.isUnresolved(values)) { - return values; - } - - if (Array.isArray(values)) { - if (!values || values.length === 0) { - return undefined; - } - - if (values.length === 1) { - return values[0]; - } - - return unique ? [...new Set(values)] : values; - } - - if (typeof(values) === 'object') { - if (Object.keys(values).length === 0) { - return undefined; - } - } - - return values; - } - - function _normPrincipal(principal: { [key: string]: any[] }) { - const keys = Object.keys(principal); - if (keys.length === 0) { return undefined; } - - if (LITERAL_STRING_KEY in principal) { - return principal[LITERAL_STRING_KEY][0]; - } - - const result: any = {}; - for (const key of keys) { - const normVal = _norm(principal[key]); - if (normVal) { - result[key] = normVal; - } - } - return result; - } } /** @@ -589,16 +541,6 @@ export interface PolicyStatementProps { readonly effect?: Effect; } -function noUndef(x: any): any { - const ret: any = {}; - for (const [key, value] of Object.entries(x)) { - if (value !== undefined) { - ret[key] = value; - } - } - return ret; -} - class JsonPrincipal extends PrincipalBase { public readonly policyFragment: PrincipalPolicyFragment; diff --git a/packages/@aws-cdk/aws-iam/lib/private/merge-statements.ts b/packages/@aws-cdk/aws-iam/lib/private/merge-statements.ts new file mode 100644 index 0000000000000..f7ef33b1ea026 --- /dev/null +++ b/packages/@aws-cdk/aws-iam/lib/private/merge-statements.ts @@ -0,0 +1,242 @@ +// IAM Statement merging +// +// See docs/policy-merging.als for a formal model of the logic +// implemented here. + + +import { LITERAL_STRING_KEY } from '../util'; +import { StatementSchema, normalizeStatement, IamValue } from './postprocess-policy-document'; + +/** + * Merge as many statements as possible to shrink the total policy doc, modifying the input array in place + * + * We compare and merge all pairs of statements (O(N^2) complexity), opportunistically + * merging them. This is not guaranteed to produce the optimal output, but it's probably + * Good Enough(tm). If it merges anything, it's at least going to produce a smaller output + * than the input. + */ +export function mergeStatements(statements: StatementSchema[]): StatementSchema[] { + const compStatements = statements.map(makeComparable); + + let i = 0; + while (i < compStatements.length) { + let didMerge = false; + + for (let j = i + 1; j < compStatements.length; j++) { + const merged = tryMerge(compStatements[i], compStatements[j]); + if (merged) { + compStatements[i] = merged; + compStatements.splice(j, 1); + didMerge = true; + break; + } + } + + if (!didMerge) { + i++; + } + } + + return compStatements.map(renderComparable); +} + +/** + * Given two statements, return their merging (if possible) + * + * We can merge two statements if: + * + * - Their effects are the same + * - They don't have Sids (not really a hard requirement, but just a simplification and an escape hatch) + * - Their Conditions are the same + * - Their NotAction, NotResource and NotPrincipal sets are the same (empty sets is fine). + * - From their Action, Resource and Principal sets, 2 are subsets of each other + * (empty sets are fine). + */ +function tryMerge(a: ComparableStatement, b: ComparableStatement): ComparableStatement | undefined { + // Effects must be the same + if (a.effect !== b.effect) { return; } + // We don't merge Sids (for now) + if (a.sid || b.sid) { return; } + + if (a.conditionString !== b.conditionString) { return; } + if (!setEqual(a.notAction, b.notAction) || !setEqual(a.notResource, b.notResource) || !setEqual(a.notPrincipal, b.notPrincipal)) { return; } + + // We can merge these statements if 2 out of the 3 sets of Action, Resource, Principal + // are the same. + const setsEqual = (setEqual(a.action, b.action) ? 1 : 0) + + (setEqual(a.resource, b.resource) ? 1 : 0) + + (setEqual(a.principal, b.principal) ? 1 : 0); + + if (setsEqual < 2 || unmergeablePrincipals(a, b)) { return; } + + return { + effect: a.effect, + conditionString: a.conditionString, + conditionValue: b.conditionValue, + notAction: a.notAction, + notPrincipal: a.notPrincipal, + notResource: a.notResource, + + action: setMerge(a.action, b.action), + resource: setMerge(a.resource, b.resource), + principal: setMerge(a.principal, b.principal), + }; +} + +/** + * Calculate and return cached string set representation of the statement elements + * + * This is to be able to do comparisons on these sets quickly. + */ +function makeComparable(s: StatementSchema): ComparableStatement { + return { + effect: s.Effect, + sid: s.Sid, + action: iamSet(s.Action), + notAction: iamSet(s.NotAction), + resource: iamSet(s.Resource), + notResource: iamSet(s.NotResource), + principal: principalIamSet(s.Principal), + notPrincipal: principalIamSet(s.NotPrincipal), + conditionString: JSON.stringify(s.Condition), + conditionValue: s.Condition, + }; + + function forceArray(x: A | Array): Array { + return Array.isArray(x) ? x : [x]; + } + + function iamSet(x: IamValue | undefined): IamValueSet { + if (x == undefined) { return {}; } + return mkdict(forceArray(x).map(e => [JSON.stringify(e), e])); + } + + function principalIamSet(x: IamValue | Record | undefined): IamValueSet { + if (x === undefined) { return {}; } + + if (Array.isArray(x) || typeof x === 'string') { + x = { [LITERAL_STRING_KEY]: x }; + } + + if (typeof x === 'object' && x !== null) { + // Turn { AWS: [a, b], Service: [c] } into [{ AWS: a }, { AWS: b }, { Service: c }] + const individualPrincipals = Object.entries(x).flatMap(([principalType, value]) => forceArray(value).map(v => ({ [principalType]: v }))); + return iamSet(individualPrincipals); + } + return {}; + } +} + +/** + * Return 'true' if the two principals are unmergeable + * + * This only happens if one of them is a literal, untyped principal (typically, + * `Principal: '*'`) and the other one is typed. + * + * `Principal: '*'` behaves subtly different than `Principal: { AWS: '*' }` and must + * therefore be preserved. + */ +function unmergeablePrincipals(a: ComparableStatement, b: ComparableStatement) { + const aHasLiteral = Object.values(a.principal).some(v => LITERAL_STRING_KEY in v); + const bHasLiteral = Object.values(b.principal).some(v => LITERAL_STRING_KEY in v); + return aHasLiteral !== bHasLiteral; +} + +/** + * Turn a ComparableStatement back into a StatementSchema + */ +function renderComparable(s: ComparableStatement): StatementSchema { + return normalizeStatement({ + Effect: s.effect, + Sid: s.sid, + Condition: s.conditionValue, + Action: renderSet(s.action), + NotAction: renderSet(s.notAction), + Resource: renderSet(s.resource), + NotResource: renderSet(s.notResource), + Principal: renderPrincipalSet(s.principal), + NotPrincipal: renderPrincipalSet(s.notPrincipal), + }); + + function renderSet(x: IamValueSet): IamValue | undefined { + // Return as sorted array so that we normalize + const keys = Object.keys(x).sort(); + return keys.length > 0 ? keys.map(key => x[key]) : undefined; + } + + function renderPrincipalSet(x: IamValueSet): Record { + const keys = Object.keys(x).sort(); + // The first level will be an object + const ret: Record = {}; + for (const key of keys) { + const principal = x[key]; + if (principal == null || typeof principal !== 'object') { + throw new Error(`Principal should be an object with a principal type, got: ${principal}`); + } + const principalKeys = Object.keys(principal); + if (principalKeys.length !== 1) { + throw new Error(`Principal should be an object with 1 key, found keys: ${principalKeys}`); + } + const pk = principalKeys[0]; + if (!ret[pk]) { + ret[pk] = []; + } + (ret[pk] as IamValue[]).push(principal[pk]); + } + return ret; + } +} + +/** + * An analyzed version of a statement that makes it easier to do comparisons and merging on + * + * We will stringify parts of the statement: comparisons are done on the strings, the original + * values are retained so we can stitch them back together into a real policy. + */ +interface ComparableStatement { + readonly effect?: string; + readonly sid?: string; + + readonly principal: IamValueSet; + readonly notPrincipal: IamValueSet; + readonly action: IamValueSet; + readonly notAction: IamValueSet; + readonly resource: IamValueSet; + readonly notResource: IamValueSet; + + readonly conditionString: string; + readonly conditionValue: any; +} + +/** + * A collection of comparable IAM values + * + * Each value is indexed by its stringified value, mapping to its original value. + * This allows us to compare values quickly and easily (even if they are complex), + * while also being able to deduplicate the originals. + */ +type IamValueSet = Record; + +/** + * Whether the given sets are equal + */ +function setEqual(a: IamValueSet, b: IamValueSet) { + const keysA = Object.keys(a); + const keysB = Object.keys(b); + return keysA.length === keysB.length && keysA.every(k => k in b); +} + +/** + * Merge two IAM value sets + */ +function setMerge(x: IamValueSet, y: IamValueSet): IamValueSet { + return { ...x, ...y }; +} + +function mkdict(xs: Array<[string, A]>): Record { + const ret: Record = {}; + for (const x of xs) { + ret[x[0]] = x[1]; + } + return ret; +} diff --git a/packages/@aws-cdk/aws-iam/lib/private/postprocess-policy-document.ts b/packages/@aws-cdk/aws-iam/lib/private/postprocess-policy-document.ts new file mode 100644 index 0000000000000..f54873aa7340c --- /dev/null +++ b/packages/@aws-cdk/aws-iam/lib/private/postprocess-policy-document.ts @@ -0,0 +1,149 @@ +import * as cdk from '@aws-cdk/core'; +import { LITERAL_STRING_KEY } from '../util'; +import { mergeStatements } from './merge-statements'; + +/** + * A Token postprocesser for policy documents + * + * Removes duplicate statements, merges statements, and assign Sids if necessary + * + * Because policy documents can contain all kinds of crazy things, + * we do all the necessary work here after the document has been mostly resolved + * into a predictable CloudFormation form. + */ +export class PostProcessPolicyDocument implements cdk.IPostProcessor { + constructor(private readonly autoAssignSids: boolean, private readonly minimize: boolean) { + } + + public postProcess(input: any, _context: cdk.IResolveContext): any { + if (!input || !input.Statement) { + return input; + } + + if (this.minimize) { + input.Statement = mergeStatements(input.Statement); + } + + // Also remove full-on duplicates (this will not be necessary if + // we minimized, but it might still dedupe statements we didn't + // minimize like 'Deny' statements, and definitely is still necessary + // if we didn't minimize) + const jsonStatements = new Set(); + const uniqueStatements: any[] = []; + + for (const statement of input.Statement) { + const jsonStatement = JSON.stringify(statement); + if (!jsonStatements.has(jsonStatement)) { + uniqueStatements.push(statement); + jsonStatements.add(jsonStatement); + } + } + + // assign unique SIDs (the statement index) if `autoAssignSids` is enabled + const statements = uniqueStatements.map((s, i) => { + if (this.autoAssignSids && !s.Sid) { + s.Sid = i.toString(); + } + + return s; + }); + + return { + ...input, + Statement: statements, + }; + } +} + +// An IAM value is a string or a CloudFormation intrinsic +export type IamValue = string | Record | Array>; + +export interface StatementSchema { + readonly Sid?: string; + readonly Effect?: string; + readonly Principal?: Record; + readonly NotPrincipal?: Record; + readonly Resource?: IamValue; + readonly NotResource?: IamValue; + readonly Action?: IamValue; + readonly NotAction?: IamValue; + readonly Condition?: unknown; +} + + +export function normalizeStatement(s: StatementSchema) { + return noUndef({ + Action: _norm(s.Action, { unique: true }), + NotAction: _norm(s.NotAction, { unique: true }), + Condition: _norm(s.Condition), + Effect: _norm(s.Effect), + Principal: _normPrincipal(s.Principal), + NotPrincipal: _normPrincipal(s.NotPrincipal), + Resource: _norm(s.Resource, { unique: true }), + NotResource: _norm(s.NotResource, { unique: true }), + Sid: _norm(s.Sid), + }); + + function _norm(values: any, { unique = false }: { unique: boolean } = { unique: false }) { + + if (values == null) { + return undefined; + } + + if (cdk.Token.isUnresolved(values)) { + return values; + } + + if (Array.isArray(values)) { + if (!values || values.length === 0) { + return undefined; + } + + if (values.length === 1) { + return values[0]; + } + + return unique ? Array.from(new Set(values)) : values; + } + + if (values && typeof(values) === 'object') { + if (Object.keys(values).length === 0) { + return undefined; + } + } + + return values; + } + + function _normPrincipal(principal?: { [key: string]: any }) { + if (!principal) { return undefined; } + + const keys = Object.keys(principal); + if (keys.length === 0) { return undefined; } + + // This is handling a special case for round-tripping a literal + // string principal loaded from JSON. + if (LITERAL_STRING_KEY in principal) { + return principal[LITERAL_STRING_KEY][0]; + } + + const result: any = {}; + for (const key of keys) { + const normVal = _norm(principal[key]); + if (normVal) { + result[key] = normVal; + } + } + return result; + } +} + +function noUndef(x: any): any { + const ret: any = {}; + for (const [key, value] of Object.entries(x)) { + if (value !== undefined) { + ret[key] = value; + } + } + return ret; +} diff --git a/packages/@aws-cdk/aws-iam/package.json b/packages/@aws-cdk/aws-iam/package.json index 2b4990d9979a9..93d43238f4624 100644 --- a/packages/@aws-cdk/aws-iam/package.json +++ b/packages/@aws-cdk/aws-iam/package.json @@ -92,6 +92,7 @@ }, "dependencies": { "@aws-cdk/core": "0.0.0", + "@aws-cdk/cx-api": "0.0.0", "@aws-cdk/region-info": "0.0.0", "constructs": "^3.3.69" }, diff --git a/packages/@aws-cdk/aws-iam/test/integ.composite-principal.expected.json b/packages/@aws-cdk/aws-iam/test/integ.composite-principal.expected.json index 4090b7be4e15e..a715e411d83ae 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.composite-principal.expected.json +++ b/packages/@aws-cdk/aws-iam/test/integ.composite-principal.expected.json @@ -19,13 +19,7 @@ } ] ] - } - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { + }, "AWS": "*" } } diff --git a/packages/@aws-cdk/aws-iam/test/integ.condition-with-ref.expected.json b/packages/@aws-cdk/aws-iam/test/integ.condition-with-ref.expected.json index 66957c3979200..f1f877242877c 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.condition-with-ref.expected.json +++ b/packages/@aws-cdk/aws-iam/test/integ.condition-with-ref.expected.json @@ -4,17 +4,17 @@ "Type": "String", "Default": "developer" }, - "AssetParameters3b28f4ee261986c158a160900e3042a61238f644fe502199d60bcea592128086S3Bucket57C0655B": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3Bucket6F458959": { "Type": "String", - "Description": "S3 bucket for asset \"3b28f4ee261986c158a160900e3042a61238f644fe502199d60bcea592128086\"" + "Description": "S3 bucket for asset \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" }, - "AssetParameters3b28f4ee261986c158a160900e3042a61238f644fe502199d60bcea592128086S3VersionKey4BC65AD6": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E": { "Type": "String", - "Description": "S3 key for asset version \"3b28f4ee261986c158a160900e3042a61238f644fe502199d60bcea592128086\"" + "Description": "S3 key for asset version \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" }, - "AssetParameters3b28f4ee261986c158a160900e3042a61238f644fe502199d60bcea592128086ArtifactHashD8D99435": { + "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4ArtifactHash4D5DD9E9": { "Type": "String", - "Description": "Artifact hash for asset \"3b28f4ee261986c158a160900e3042a61238f644fe502199d60bcea592128086\"" + "Description": "Artifact hash for asset \"f850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4\"" } }, "Resources": { @@ -70,7 +70,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters3b28f4ee261986c158a160900e3042a61238f644fe502199d60bcea592128086S3Bucket57C0655B" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3Bucket6F458959" }, "S3Key": { "Fn::Join": [ @@ -83,7 +83,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters3b28f4ee261986c158a160900e3042a61238f644fe502199d60bcea592128086S3VersionKey4BC65AD6" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E" } ] } @@ -96,7 +96,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters3b28f4ee261986c158a160900e3042a61238f644fe502199d60bcea592128086S3VersionKey4BC65AD6" + "Ref": "AssetParametersf850d967c52a5f64e6436dc84abdde4d86197f2a0871f5ab27c79647a91d0bf4S3VersionKeyBDD0572E" } ] } @@ -162,4 +162,4 @@ } } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-iam/test/integ.oidc-provider.expected.json b/packages/@aws-cdk/aws-iam/test/integ.oidc-provider.expected.json index 4b04dd157155e..923dd4187af0f 100644 --- a/packages/@aws-cdk/aws-iam/test/integ.oidc-provider.expected.json +++ b/packages/@aws-cdk/aws-iam/test/integ.oidc-provider.expected.json @@ -62,7 +62,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersea46702e1c05b2735e48e826d630f7bf6acdf7e55d6fa8d9fa8df858d5542161S3Bucket0C424907" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3Bucket211A9156" }, "S3Key": { "Fn::Join": [ @@ -75,7 +75,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersea46702e1c05b2735e48e826d630f7bf6acdf7e55d6fa8d9fa8df858d5542161S3VersionKey6841F1F8" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC" } ] } @@ -88,7 +88,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersea46702e1c05b2735e48e826d630f7bf6acdf7e55d6fa8d9fa8df858d5542161S3VersionKey6841F1F8" + "Ref": "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC" } ] } @@ -151,17 +151,17 @@ } }, "Parameters": { - "AssetParametersea46702e1c05b2735e48e826d630f7bf6acdf7e55d6fa8d9fa8df858d5542161S3Bucket0C424907": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3Bucket211A9156": { "Type": "String", - "Description": "S3 bucket for asset \"ea46702e1c05b2735e48e826d630f7bf6acdf7e55d6fa8d9fa8df858d5542161\"" + "Description": "S3 bucket for asset \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParametersea46702e1c05b2735e48e826d630f7bf6acdf7e55d6fa8d9fa8df858d5542161S3VersionKey6841F1F8": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2S3VersionKey822D04EC": { "Type": "String", - "Description": "S3 key for asset version \"ea46702e1c05b2735e48e826d630f7bf6acdf7e55d6fa8d9fa8df858d5542161\"" + "Description": "S3 key for asset version \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" }, - "AssetParametersea46702e1c05b2735e48e826d630f7bf6acdf7e55d6fa8d9fa8df858d5542161ArtifactHash67B22EF2": { + "AssetParameters5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2ArtifactHashCA4A1831": { "Type": "String", - "Description": "Artifact hash for asset \"ea46702e1c05b2735e48e826d630f7bf6acdf7e55d6fa8d9fa8df858d5542161\"" + "Description": "Artifact hash for asset \"5507835727e005832a615aef2a6b437860f432c6cd052d07c0244464aedbe2b2\"" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-iam/test/merge-statements.test.ts b/packages/@aws-cdk/aws-iam/test/merge-statements.test.ts new file mode 100644 index 0000000000000..f3114955ecd61 --- /dev/null +++ b/packages/@aws-cdk/aws-iam/test/merge-statements.test.ts @@ -0,0 +1,471 @@ +import { App, Stack } from '@aws-cdk/core'; +import * as iam from '../lib'; +import { PolicyStatement } from '../lib'; + +const PRINCIPAL_ARN1 = 'arn:aws:iam::111111111:user/user-name'; +const principal1 = new iam.ArnPrincipal(PRINCIPAL_ARN1); + +const PRINCIPAL_ARN2 = 'arn:aws:iam::111111111:role/role-name'; +const principal2 = new iam.ArnPrincipal(PRINCIPAL_ARN2); + +// Check that 'resource' statements are merged, and that 'notResource' statements are not, +// if the statements are otherwise the same. +test.each([ + ['resources', true], + ['notResources', false], +] as Array<['resources' | 'notResources', boolean]>) +('merge %p statements: %p', (key, doMerge) => { + assertMergedC(doMerge, [ + new iam.PolicyStatement({ + [key]: ['a'], + actions: ['service:Action'], + principals: [principal1], + }), + new iam.PolicyStatement({ + [key]: ['b'], + actions: ['service:Action'], + principals: [principal1], + }), + ], [ + { + Effect: 'Allow', + Resource: ['a', 'b'], + Action: 'service:Action', + Principal: { AWS: PRINCIPAL_ARN1 }, + }, + ]); +}); + +// Check that 'action' statements are merged, and that 'notAction' statements are not, +// if the statements are otherwise the same. +test.each([ + ['actions', true], + ['notActions', false], +] as Array<['actions' | 'notActions', boolean]>) +('merge %p statements: %p', (key, doMerge) => { + assertMergedC(doMerge, [ + new iam.PolicyStatement({ + resources: ['a'], + [key]: ['service:Action1'], + principals: [principal1], + }), + new iam.PolicyStatement({ + resources: ['a'], + [key]: ['service:Action2'], + principals: [principal1], + }), + ], [ + { + Effect: 'Allow', + Resource: 'a', + Action: ['service:Action1', 'service:Action2'], + Principal: { AWS: PRINCIPAL_ARN1 }, + }, + ]); +}); + +// Check that 'principal' statements are merged, and that 'notPrincipal' statements are not, +// if the statements are otherwise the same. +test.each([ + ['principals', true], + ['notPrincipals', false], +] as Array<['principals' | 'notPrincipals', boolean]>) +('merge %p statements: %p', (key, doMerge) => { + assertMergedC(doMerge, [ + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + [key]: [principal1], + }), + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + [key]: [principal2], + }), + ], [ + { + Effect: 'Allow', + Resource: 'a', + Action: 'service:Action', + Principal: { AWS: [PRINCIPAL_ARN1, PRINCIPAL_ARN2].sort() }, + }, + ]); +}); + +test('merge multiple types of principals', () => { + assertMerged([ + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + principals: [principal1], + }), + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + principals: [new iam.ServicePrincipal('service.amazonaws.com')], + }), + ], [ + { + Effect: 'Allow', + Resource: 'a', + Action: 'service:Action', + Principal: { + AWS: PRINCIPAL_ARN1, + Service: 'service.amazonaws.com', + }, + }, + ]); +}); + +test('multiple mergeable keys are not merged', () => { + assertNoMerge([ + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action1'], + principals: [principal1], + }), + new iam.PolicyStatement({ + resources: ['b'], + actions: ['service:Action2'], + principals: [principal1], + }), + ]); +}); + +test('can merge statements without principals', () => { + assertMerged([ + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + }), + new iam.PolicyStatement({ + resources: ['b'], + actions: ['service:Action'], + }), + ], [ + { + Effect: 'Allow', + Resource: ['a', 'b'], + Action: 'service:Action', + }, + ]); +}); + +test('if conditions are different, statements are not merged', () => { + assertNoMerge([ + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + principals: [principal1], + conditions: { + StringLike: { + something: 'value', + }, + }, + }), + new iam.PolicyStatement({ + resources: ['b'], + actions: ['service:Action'], + principals: [principal1], + }), + ]); +}); + +test('if conditions are the same, statements are merged', () => { + assertMerged([ + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + principals: [principal1], + conditions: { + StringLike: { + something: 'value', + }, + }, + }), + new iam.PolicyStatement({ + resources: ['b'], + actions: ['service:Action'], + principals: [principal1], + conditions: { + StringLike: { + something: 'value', + }, + }, + }), + ], [ + { + Effect: 'Allow', + Resource: ['a', 'b'], + Action: 'service:Action', + Principal: { AWS: PRINCIPAL_ARN1 }, + Condition: { + StringLike: { + something: 'value', + }, + }, + }, + ]); +}); + +test('also merge Deny statements', () => { + assertMerged([ + new iam.PolicyStatement({ + effect: iam.Effect.DENY, + resources: ['a'], + actions: ['service:Action'], + principals: [principal1], + }), + new iam.PolicyStatement({ + effect: iam.Effect.DENY, + resources: ['b'], + actions: ['service:Action'], + principals: [principal1], + }), + ], [ + { + Effect: 'Deny', + Resource: ['a', 'b'], + Action: 'service:Action', + Principal: { AWS: PRINCIPAL_ARN1 }, + }, + ]); +}); + +test('merges 3 statements in multiple steps', () => { + assertMerged([ + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + principals: [principal1], + }), + new iam.PolicyStatement({ + resources: ['b'], + actions: ['service:Action'], + principals: [principal1], + }), + // This can combine with the previous two once they have been merged + new iam.PolicyStatement({ + resources: ['a', 'b'], + actions: ['service:Action2'], + principals: [principal1], + }), + ], [ + { + Effect: 'Allow', + Resource: ['a', 'b'], + Action: ['service:Action', 'service:Action2'], + Principal: { AWS: PRINCIPAL_ARN1 }, + }, + ]); +}); + +test('winnow down literal duplicates', () => { + assertMerged([ + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + principals: [principal1], + }), + new iam.PolicyStatement({ + resources: ['a', 'b'], + actions: ['service:Action'], + principals: [principal1], + }), + ], [ + { + Effect: 'Allow', + Resource: ['a', 'b'], + Action: 'service:Action', + Principal: { AWS: PRINCIPAL_ARN1 }, + }, + ]); +}); + +test('winnow down literal duplicates if they are Refs', () => { + const stack = new Stack(); + const user1 = new iam.User(stack, 'User1'); + const user2 = new iam.User(stack, 'User2'); + + assertMerged([ + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + principals: [user1], + }), + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + principals: [user1, user2], + }), + ], [ + { + Effect: 'Allow', + Resource: 'a', + Action: 'service:Action', + Principal: { + AWS: [ + { 'Fn::GetAtt': ['User1E278A736', 'Arn'] }, + { 'Fn::GetAtt': ['User21F1486D1', 'Arn'] }, + ], + }, + }, + ]); +}); + +test('merges 2 pairs separately', () => { + // Merges pairs (0,2) and (1,3) + assertMerged([ + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + principals: [principal1], + }), + new iam.PolicyStatement({ + resources: ['c'], + actions: ['service:Action1'], + principals: [principal1], + }), + new iam.PolicyStatement({ + resources: ['b'], + actions: ['service:Action'], + principals: [principal1], + }), + new iam.PolicyStatement({ + resources: ['c'], + actions: ['service:Action2'], + principals: [principal1], + }), + ], [ + { + Effect: 'Allow', + Resource: ['a', 'b'], + Action: 'service:Action', + Principal: { AWS: PRINCIPAL_ARN1 }, + }, + { + Effect: 'Allow', + Resource: 'c', + Action: ['service:Action1', 'service:Action2'], + Principal: { AWS: PRINCIPAL_ARN1 }, + }, + ]); +}); + +test('do not deep-merge info Refs and GetAtts', () => { + const stack = new Stack(); + const user1 = new iam.User(stack, 'User1'); + const user2 = new iam.User(stack, 'User2'); + + assertMerged([ + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + principals: [user1], + }), + new iam.PolicyStatement({ + resources: ['a'], + actions: ['service:Action'], + principals: [user2], + }), + ], [ + { + Effect: 'Allow', + Resource: 'a', + Action: 'service:Action', + Principal: { + AWS: [ + { 'Fn::GetAtt': ['User1E278A736', 'Arn'] }, + { 'Fn::GetAtt': ['User21F1486D1', 'Arn'] }, + ], + }, + }, + ]); +}); + +test('properly merge untyped principals (star)', () => { + const statements = [ + PolicyStatement.fromJson({ + Action: ['service:Action1'], + Effect: 'Allow', + Resource: ['Resource'], + Principal: '*', + }), + PolicyStatement.fromJson({ + Action: ['service:Action2'], + Effect: 'Allow', + Resource: ['Resource'], + Principal: '*', + }), + ]; + + assertMerged(statements, [ + { + Action: ['service:Action1', 'service:Action2'], + Effect: 'Allow', + Resource: 'Resource', + Principal: '*', + }, + ]); +}); + +test('fail merging typed and untyped principals', () => { + const statements = [ + PolicyStatement.fromJson({ + Action: ['service:Action'], + Effect: 'Allow', + Resource: ['Resource'], + Principal: '*', + }), + PolicyStatement.fromJson({ + Action: ['service:Action'], + Effect: 'Allow', + Resource: ['Resource'], + Principal: { AWS: PRINCIPAL_ARN1 }, + }), + ]; + + assertMerged(statements, [ + { + Action: 'service:Action', + Effect: 'Allow', + Resource: 'Resource', + Principal: '*', + }, + { + Action: 'service:Action', + Effect: 'Allow', + Resource: 'Resource', + Principal: { AWS: PRINCIPAL_ARN1 }, + }, + ]); +}); + +function assertNoMerge(statements: iam.PolicyStatement[]) { + const app = new App(); + const stack = new Stack(app, 'Stack'); + + const regularResult = stack.resolve(new iam.PolicyDocument({ minimize: false, statements })); + const minResult = stack.resolve(new iam.PolicyDocument({ minimize: true, statements })); + + expect(minResult).toEqual(regularResult); +} + +function assertMerged(statements: iam.PolicyStatement[], expected: any[]) { + const app = new App(); + const stack = new Stack(app, 'Stack'); + + const minResult = stack.resolve(new iam.PolicyDocument({ minimize: true, statements })); + + expect(minResult.Statement).toEqual(expected); +} + +/** + * Assert Merged Conditional + * + * Based on a boolean, either call assertMerged or assertNoMerge. The 'expected' + * argument only applies in the case where `doMerge` is true. + */ +function assertMergedC(doMerge: boolean, statements: iam.PolicyStatement[], expected: any[]) { + return doMerge ? assertMerged(statements, expected) : assertNoMerge(statements); +} diff --git a/packages/@aws-cdk/aws-iot-actions/test/cloudwatch/integ.cloudwatch-logs-action.expected.json b/packages/@aws-cdk/aws-iot-actions/test/cloudwatch/integ.cloudwatch-logs-action.expected.json index 7d1748a084c77..de237bc1ae22f 100644 --- a/packages/@aws-cdk/aws-iot-actions/test/cloudwatch/integ.cloudwatch-logs-action.expected.json +++ b/packages/@aws-cdk/aws-iot-actions/test/cloudwatch/integ.cloudwatch-logs-action.expected.json @@ -49,6 +49,7 @@ { "Action": [ "logs:CreateLogStream", + "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect": "Allow", @@ -58,16 +59,6 @@ "Arn" ] } - }, - { - "Action": "logs:DescribeLogStreams", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MyLogGroup5C0DAD85", - "Arn" - ] - } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-iot-actions/test/kinesis-firehose/integ.firehose-put-record-action.expected.json b/packages/@aws-cdk/aws-iot-actions/test/kinesis-firehose/integ.firehose-put-record-action.expected.json index 5c484ba7f5049..8de54892ebabd 100644 --- a/packages/@aws-cdk/aws-iot-actions/test/kinesis-firehose/integ.firehose-put-record-action.expected.json +++ b/packages/@aws-cdk/aws-iot-actions/test/kinesis-firehose/integ.firehose-put-record-action.expected.json @@ -118,16 +118,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ diff --git a/packages/@aws-cdk/aws-kinesis/test/integ.stream.expected.json b/packages/@aws-cdk/aws-kinesis/test/integ.stream.expected.json index e4e0a7b73bd68..3b1f6afca1bc6 100644 --- a/packages/@aws-cdk/aws-kinesis/test/integ.stream.expected.json +++ b/packages/@aws-cdk/aws-kinesis/test/integ.stream.expected.json @@ -39,15 +39,15 @@ "Statement": [ { "Action": [ + "kinesis:DescribeStream", "kinesis:DescribeStreamSummary", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:ListShards", - "kinesis:SubscribeToShard", - "kinesis:DescribeStream", "kinesis:ListStreams", "kinesis:PutRecord", - "kinesis:PutRecords" + "kinesis:PutRecords", + "kinesis:SubscribeToShard" ], "Effect": "Allow", "Resource": { @@ -71,11 +71,8 @@ "myStream547FAD7F": { "Type": "AWS::Kinesis::Stream", "Properties": { - "ShardCount": 1, - "StreamModeDetails": { - "StreamMode": "PROVISIONED" - }, "RetentionPeriodHours": 24, + "ShardCount": 1, "StreamEncryption": { "Fn::If": [ "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", @@ -87,6 +84,9 @@ "KeyId": "alias/aws/kinesis" } ] + }, + "StreamModeDetails": { + "StreamMode": "PROVISIONED" } } } @@ -113,4 +113,4 @@ ] } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application-code-from-bucket.lit.expected.json b/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application-code-from-bucket.lit.expected.json index 6ab6a5f40bcab..47c34a07a09bd 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application-code-from-bucket.lit.expected.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application-code-from-bucket.lit.expected.json @@ -43,8 +43,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -60,7 +60,8 @@ ":s3:::", { "Ref": "AssetParameters8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577S3BucketEBA17A67" - } + }, + "/*" ] ] }, @@ -75,8 +76,7 @@ ":s3:::", { "Ref": "AssetParameters8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577S3BucketEBA17A67" - }, - "/*" + } ] ] } diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.expected.json b/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.expected.json index 3b4f7ecf64f7e..5ab3c94353f04 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.expected.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink/test/integ.application.lit.expected.json @@ -29,8 +29,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -46,7 +46,8 @@ ":s3:::", { "Ref": "AssetParameters8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577S3BucketEBA17A67" - } + }, + "/*" ] ] }, @@ -61,8 +62,7 @@ ":s3:::", { "Ref": "AssetParameters8be9e0b5f53d41e9a3b1d51c9572c65f24f8170a7188d0ed57fb7d571de4d577S3BucketEBA17A67" - }, - "/*" + } ] ] } diff --git a/packages/@aws-cdk/aws-kinesisfirehose-destinations/test/integ.s3-bucket.lit.expected.json b/packages/@aws-cdk/aws-kinesisfirehose-destinations/test/integ.s3-bucket.lit.expected.json index 913dba1638ec3..85c5efcd3e91c 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-destinations/test/integ.s3-bucket.lit.expected.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-destinations/test/integ.s3-bucket.lit.expected.json @@ -23,9 +23,9 @@ "Statement": [ { "Action": [ + "s3:DeleteObject*", "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*" + "s3:List*" ], "Effect": "Allow", "Principal": { @@ -110,7 +110,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters3993fb4cd942505a050d08b09d5444e14c265cf9cd0fb8b0c5f621446b6cead9S3Bucket4673BB1A" + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232" }, "S3Key": { "Fn::Join": [ @@ -123,7 +123,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters3993fb4cd942505a050d08b09d5444e14c265cf9cd0fb8b0c5f621446b6cead9S3VersionKey46E40510" + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" } ] } @@ -136,7 +136,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters3993fb4cd942505a050d08b09d5444e14c265cf9cd0fb8b0c5f621446b6cead9S3VersionKey46E40510" + "Ref": "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE" } ] } @@ -196,9 +196,9 @@ "Statement": [ { "Action": [ + "s3:DeleteObject*", "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*" + "s3:List*" ], "Effect": "Allow", "Principal": { @@ -310,7 +310,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters5ee078f2a1957fe672d6cfd84faf49e07b8460758b5cd2669b3df1212a14cd19S3BucketFEDDFB43" + "Ref": "AssetParameters335bb1977cc537dc87b06d6ac0ec54a99badae8502ad34d4c7e149def466543cS3Bucket0316BB8C" }, "S3Key": { "Fn::Join": [ @@ -323,7 +323,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters5ee078f2a1957fe672d6cfd84faf49e07b8460758b5cd2669b3df1212a14cd19S3VersionKey244C2747" + "Ref": "AssetParameters335bb1977cc537dc87b06d6ac0ec54a99badae8502ad34d4c7e149def466543cS3VersionKey8CD7D872" } ] } @@ -336,7 +336,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters5ee078f2a1957fe672d6cfd84faf49e07b8460758b5cd2669b3df1212a14cd19S3VersionKey244C2747" + "Ref": "AssetParameters335bb1977cc537dc87b06d6ac0ec54a99badae8502ad34d4c7e149def466543cS3VersionKey8CD7D872" } ] } @@ -476,19 +476,25 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ + { + "Fn::GetAtt": [ + "BackupBucket26B8E51C", + "Arn" + ] + }, { "Fn::GetAtt": [ "Bucket83908E77", @@ -501,49 +507,13 @@ [ { "Fn::GetAtt": [ - "Bucket83908E77", + "BackupBucket26B8E51C", "Arn" ] }, "/*" ] ] - } - ] - }, - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "LogGroupF5B46931", - "Arn" - ] - } - }, - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "BackupBucket26B8E51C", - "Arn" - ] }, { "Fn::Join": [ @@ -551,7 +521,7 @@ [ { "Fn::GetAtt": [ - "BackupBucket26B8E51C", + "Bucket83908E77", "Arn" ] }, @@ -567,27 +537,43 @@ "logs:PutLogEvents" ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "DeliveryStreamLogGroup9D8FA3BB", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "DeliveryStreamLogGroup9D8FA3BB", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "LogGroupF5B46931", + "Arn" + ] + } + ] }, { "Action": [ "kms:Decrypt", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "BackupKey60B97760", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "BackupKey60B97760", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + } + ] }, { "Action": "lambda:InvokeFunction", @@ -598,21 +584,6 @@ "Arn" ] } - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "Key961B73FD", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -775,29 +746,29 @@ } }, "Parameters": { - "AssetParameters3993fb4cd942505a050d08b09d5444e14c265cf9cd0fb8b0c5f621446b6cead9S3Bucket4673BB1A": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3Bucket09A62232": { "Type": "String", - "Description": "S3 bucket for asset \"3993fb4cd942505a050d08b09d5444e14c265cf9cd0fb8b0c5f621446b6cead9\"" + "Description": "S3 bucket for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" }, - "AssetParameters3993fb4cd942505a050d08b09d5444e14c265cf9cd0fb8b0c5f621446b6cead9S3VersionKey46E40510": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824S3VersionKeyA28118BE": { "Type": "String", - "Description": "S3 key for asset version \"3993fb4cd942505a050d08b09d5444e14c265cf9cd0fb8b0c5f621446b6cead9\"" + "Description": "S3 key for asset version \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" }, - "AssetParameters3993fb4cd942505a050d08b09d5444e14c265cf9cd0fb8b0c5f621446b6cead9ArtifactHashBD621721": { + "AssetParametersbe270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824ArtifactHash76F8FCF2": { "Type": "String", - "Description": "Artifact hash for asset \"3993fb4cd942505a050d08b09d5444e14c265cf9cd0fb8b0c5f621446b6cead9\"" + "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" }, - "AssetParameters5ee078f2a1957fe672d6cfd84faf49e07b8460758b5cd2669b3df1212a14cd19S3BucketFEDDFB43": { + "AssetParameters335bb1977cc537dc87b06d6ac0ec54a99badae8502ad34d4c7e149def466543cS3Bucket0316BB8C": { "Type": "String", - "Description": "S3 bucket for asset \"5ee078f2a1957fe672d6cfd84faf49e07b8460758b5cd2669b3df1212a14cd19\"" + "Description": "S3 bucket for asset \"335bb1977cc537dc87b06d6ac0ec54a99badae8502ad34d4c7e149def466543c\"" }, - "AssetParameters5ee078f2a1957fe672d6cfd84faf49e07b8460758b5cd2669b3df1212a14cd19S3VersionKey244C2747": { + "AssetParameters335bb1977cc537dc87b06d6ac0ec54a99badae8502ad34d4c7e149def466543cS3VersionKey8CD7D872": { "Type": "String", - "Description": "S3 key for asset version \"5ee078f2a1957fe672d6cfd84faf49e07b8460758b5cd2669b3df1212a14cd19\"" + "Description": "S3 key for asset version \"335bb1977cc537dc87b06d6ac0ec54a99badae8502ad34d4c7e149def466543c\"" }, - "AssetParameters5ee078f2a1957fe672d6cfd84faf49e07b8460758b5cd2669b3df1212a14cd19ArtifactHashC1C6FCBC": { + "AssetParameters335bb1977cc537dc87b06d6ac0ec54a99badae8502ad34d4c7e149def466543cArtifactHash0D892CC5": { "Type": "String", - "Description": "Artifact hash for asset \"5ee078f2a1957fe672d6cfd84faf49e07b8460758b5cd2669b3df1212a14cd19\"" + "Description": "Artifact hash for asset \"335bb1977cc537dc87b06d6ac0ec54a99badae8502ad34d4c7e149def466543c\"" } }, "Mappings": { diff --git a/packages/@aws-cdk/aws-kinesisfirehose/test/integ.delivery-stream.expected.json b/packages/@aws-cdk/aws-kinesisfirehose/test/integ.delivery-stream.expected.json index 65ac018add362..f82e1664494f4 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose/test/integ.delivery-stream.expected.json +++ b/packages/@aws-cdk/aws-kinesisfirehose/test/integ.delivery-stream.expected.json @@ -29,16 +29,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -136,8 +136,8 @@ "Action": [ "kms:Decrypt", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-kinesisfirehose/test/integ.delivery-stream.source-stream.expected.json b/packages/@aws-cdk/aws-kinesisfirehose/test/integ.delivery-stream.source-stream.expected.json index ccbca77c32829..815c96c36137d 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose/test/integ.delivery-stream.source-stream.expected.json +++ b/packages/@aws-cdk/aws-kinesisfirehose/test/integ.delivery-stream.source-stream.expected.json @@ -29,16 +29,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -121,13 +121,13 @@ "Statement": [ { "Action": [ + "kinesis:DescribeStream", "kinesis:DescribeStreamSummary", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:ListShards", - "kinesis:SubscribeToShard", - "kinesis:DescribeStream", - "kinesis:ListStreams" + "kinesis:ListStreams", + "kinesis:SubscribeToShard" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json b/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json index 009327c46da7e..d66603d29ea09 100644 --- a/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json +++ b/packages/@aws-cdk/aws-lambda-destinations/test/integ.destinations.expected.json @@ -53,9 +53,9 @@ }, { "Action": [ - "sqs:SendMessage", "sqs:GetQueueAttributes", - "sqs:GetQueueUrl" + "sqs:GetQueueUrl", + "sqs:SendMessage" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json index d14d727e34999..5f104978fe1a5 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesis.expected.json @@ -38,13 +38,13 @@ "Statement": [ { "Action": [ + "kinesis:DescribeStream", "kinesis:DescribeStreamSummary", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:ListShards", - "kinesis:SubscribeToShard", - "kinesis:DescribeStream", - "kinesis:ListStreams" + "kinesis:ListStreams", + "kinesis:SubscribeToShard" ], "Effect": "Allow", "Resource": { @@ -53,16 +53,6 @@ "Arn" ] } - }, - { - "Action": "kinesis:DescribeStream", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "Q63C6E3AB", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -108,18 +98,15 @@ "Arn" ] }, - "TumblingWindowInSeconds": 60, - "StartingPosition": "TRIM_HORIZON" + "StartingPosition": "TRIM_HORIZON", + "TumblingWindowInSeconds": 60 } }, "Q63C6E3AB": { "Type": "AWS::Kinesis::Stream", "Properties": { - "ShardCount": 1, - "StreamModeDetails": { - "StreamMode": "PROVISIONED" - }, "RetentionPeriodHours": 24, + "ShardCount": 1, "StreamEncryption": { "Fn::If": [ "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", @@ -131,6 +118,9 @@ "KeyId": "alias/aws/kinesis" } ] + }, + "StreamModeDetails": { + "StreamMode": "PROVISIONED" } } } @@ -157,4 +147,4 @@ ] } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json index a16660f565e76..88559f3ad9675 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.kinesiswithdlq.expected.json @@ -38,9 +38,9 @@ "Statement": [ { "Action": [ - "sqs:SendMessage", "sqs:GetQueueAttributes", - "sqs:GetQueueUrl" + "sqs:GetQueueUrl", + "sqs:SendMessage" ], "Effect": "Allow", "Resource": { @@ -52,13 +52,13 @@ }, { "Action": [ + "kinesis:DescribeStream", "kinesis:DescribeStreamSummary", "kinesis:GetRecords", "kinesis:GetShardIterator", "kinesis:ListShards", - "kinesis:SubscribeToShard", - "kinesis:DescribeStream", - "kinesis:ListStreams" + "kinesis:ListStreams", + "kinesis:SubscribeToShard" ], "Effect": "Allow", "Resource": { @@ -67,16 +67,6 @@ "Arn" ] } - }, - { - "Action": "kinesis:DescribeStream", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "S509448A1", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -139,11 +129,8 @@ "S509448A1": { "Type": "AWS::Kinesis::Stream", "Properties": { - "ShardCount": 1, - "StreamModeDetails": { - "StreamMode": "PROVISIONED" - }, "RetentionPeriodHours": 24, + "ShardCount": 1, "StreamEncryption": { "Fn::If": [ "AwsCdkKinesisEncryptedStreamsUnsupportedRegions", @@ -155,6 +142,9 @@ "KeyId": "alias/aws/kinesis" } ] + }, + "StreamModeDetails": { + "StreamMode": "PROVISIONED" } } }, @@ -206,4 +196,4 @@ ] } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json index 9f5565aff21d6..7ae40ae9f962c 100644 --- a/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json +++ b/packages/@aws-cdk/aws-lambda-event-sources/test/integ.sqs.expected.json @@ -38,11 +38,11 @@ "Statement": [ { "Action": [ - "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", "sqs:DeleteMessage", - "sqs:GetQueueAttributes" + "sqs:GetQueueAttributes", + "sqs:GetQueueUrl", + "sqs:ReceiveMessage" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-lambda-nodejs/test/integ.dependencies.expected.json b/packages/@aws-cdk/aws-lambda-nodejs/test/integ.dependencies.expected.json index 1800768023419..825ac665c7141 100644 --- a/packages/@aws-cdk/aws-lambda-nodejs/test/integ.dependencies.expected.json +++ b/packages/@aws-cdk/aws-lambda-nodejs/test/integ.dependencies.expected.json @@ -36,7 +36,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters5f9b499dbba1111518df1120b55b863471ac359778441164007b5518a70b9746S3Bucket01854DA0" + "Ref": "AssetParameters4c9f09adeee5f7ebc38c74c200b962852bca53042fb5e9b818e4433ccc31e663S3BucketB985628A" }, "S3Key": { "Fn::Join": [ @@ -49,7 +49,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters5f9b499dbba1111518df1120b55b863471ac359778441164007b5518a70b9746S3VersionKey1CC8C283" + "Ref": "AssetParameters4c9f09adeee5f7ebc38c74c200b962852bca53042fb5e9b818e4433ccc31e663S3VersionKeyBF22F5BF" } ] } @@ -62,7 +62,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters5f9b499dbba1111518df1120b55b863471ac359778441164007b5518a70b9746S3VersionKey1CC8C283" + "Ref": "AssetParameters4c9f09adeee5f7ebc38c74c200b962852bca53042fb5e9b818e4433ccc31e663S3VersionKeyBF22F5BF" } ] } @@ -92,17 +92,17 @@ } }, "Parameters": { - "AssetParameters5f9b499dbba1111518df1120b55b863471ac359778441164007b5518a70b9746S3Bucket01854DA0": { + "AssetParameters4c9f09adeee5f7ebc38c74c200b962852bca53042fb5e9b818e4433ccc31e663S3BucketB985628A": { "Type": "String", - "Description": "S3 bucket for asset \"5f9b499dbba1111518df1120b55b863471ac359778441164007b5518a70b9746\"" + "Description": "S3 bucket for asset \"4c9f09adeee5f7ebc38c74c200b962852bca53042fb5e9b818e4433ccc31e663\"" }, - "AssetParameters5f9b499dbba1111518df1120b55b863471ac359778441164007b5518a70b9746S3VersionKey1CC8C283": { + "AssetParameters4c9f09adeee5f7ebc38c74c200b962852bca53042fb5e9b818e4433ccc31e663S3VersionKeyBF22F5BF": { "Type": "String", - "Description": "S3 key for asset version \"5f9b499dbba1111518df1120b55b863471ac359778441164007b5518a70b9746\"" + "Description": "S3 key for asset version \"4c9f09adeee5f7ebc38c74c200b962852bca53042fb5e9b818e4433ccc31e663\"" }, - "AssetParameters5f9b499dbba1111518df1120b55b863471ac359778441164007b5518a70b9746ArtifactHashAA3B8064": { + "AssetParameters4c9f09adeee5f7ebc38c74c200b962852bca53042fb5e9b818e4433ccc31e663ArtifactHashCE7178E5": { "Type": "String", - "Description": "Artifact hash for asset \"5f9b499dbba1111518df1120b55b863471ac359778441164007b5518a70b9746\"" + "Description": "Artifact hash for asset \"4c9f09adeee5f7ebc38c74c200b962852bca53042fb5e9b818e4433ccc31e663\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-lambda-nodejs/test/integ.esm.expected.json b/packages/@aws-cdk/aws-lambda-nodejs/test/integ.esm.expected.json index 8e6b8cabf01c6..3451647e0e977 100644 --- a/packages/@aws-cdk/aws-lambda-nodejs/test/integ.esm.expected.json +++ b/packages/@aws-cdk/aws-lambda-nodejs/test/integ.esm.expected.json @@ -36,7 +36,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersa111e7aee76f0a755b83f3d35098efc1659ba3915bd52dc401cb3a972573d616S3BucketD8FC0ACA" + "Ref": "AssetParameterse1af356d995917f14ba5cf5e65cb7c4e969e2c28567bea560a8912fbbfa3fa4eS3Bucket72D078A9" }, "S3Key": { "Fn::Join": [ @@ -49,7 +49,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersa111e7aee76f0a755b83f3d35098efc1659ba3915bd52dc401cb3a972573d616S3VersionKeyF7C65CF0" + "Ref": "AssetParameterse1af356d995917f14ba5cf5e65cb7c4e969e2c28567bea560a8912fbbfa3fa4eS3VersionKey93EC2390" } ] } @@ -62,7 +62,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersa111e7aee76f0a755b83f3d35098efc1659ba3915bd52dc401cb3a972573d616S3VersionKeyF7C65CF0" + "Ref": "AssetParameterse1af356d995917f14ba5cf5e65cb7c4e969e2c28567bea560a8912fbbfa3fa4eS3VersionKey93EC2390" } ] } @@ -92,17 +92,17 @@ } }, "Parameters": { - "AssetParametersa111e7aee76f0a755b83f3d35098efc1659ba3915bd52dc401cb3a972573d616S3BucketD8FC0ACA": { + "AssetParameterse1af356d995917f14ba5cf5e65cb7c4e969e2c28567bea560a8912fbbfa3fa4eS3Bucket72D078A9": { "Type": "String", - "Description": "S3 bucket for asset \"a111e7aee76f0a755b83f3d35098efc1659ba3915bd52dc401cb3a972573d616\"" + "Description": "S3 bucket for asset \"e1af356d995917f14ba5cf5e65cb7c4e969e2c28567bea560a8912fbbfa3fa4e\"" }, - "AssetParametersa111e7aee76f0a755b83f3d35098efc1659ba3915bd52dc401cb3a972573d616S3VersionKeyF7C65CF0": { + "AssetParameterse1af356d995917f14ba5cf5e65cb7c4e969e2c28567bea560a8912fbbfa3fa4eS3VersionKey93EC2390": { "Type": "String", - "Description": "S3 key for asset version \"a111e7aee76f0a755b83f3d35098efc1659ba3915bd52dc401cb3a972573d616\"" + "Description": "S3 key for asset version \"e1af356d995917f14ba5cf5e65cb7c4e969e2c28567bea560a8912fbbfa3fa4e\"" }, - "AssetParametersa111e7aee76f0a755b83f3d35098efc1659ba3915bd52dc401cb3a972573d616ArtifactHashDDFE4A88": { + "AssetParameterse1af356d995917f14ba5cf5e65cb7c4e969e2c28567bea560a8912fbbfa3fa4eArtifactHashB5F6BEF5": { "Type": "String", - "Description": "Artifact hash for asset \"a111e7aee76f0a755b83f3d35098efc1659ba3915bd52dc401cb3a972573d616\"" + "Description": "Artifact hash for asset \"e1af356d995917f14ba5cf5e65cb7c4e969e2c28567bea560a8912fbbfa3fa4e\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-lambda-nodejs/test/integ.function.expected.json b/packages/@aws-cdk/aws-lambda-nodejs/test/integ.function.expected.json index f976b83648db4..5236e0df61376 100644 --- a/packages/@aws-cdk/aws-lambda-nodejs/test/integ.function.expected.json +++ b/packages/@aws-cdk/aws-lambda-nodejs/test/integ.function.expected.json @@ -36,7 +36,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters790877879aeb907c349904efa092342fdc774820821fe50f7b6bf9201c2cfdf1S3Bucket1B1D9794" + "Ref": "AssetParameters2117ac17e1ec7017f8ab1b047bddad03a85ea5d448404a33a7fcee4fb5a3d666S3Bucket9DF03081" }, "S3Key": { "Fn::Join": [ @@ -49,7 +49,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters790877879aeb907c349904efa092342fdc774820821fe50f7b6bf9201c2cfdf1S3VersionKey720EECDB" + "Ref": "AssetParameters2117ac17e1ec7017f8ab1b047bddad03a85ea5d448404a33a7fcee4fb5a3d666S3VersionKeyD292AB11" } ] } @@ -62,7 +62,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters790877879aeb907c349904efa092342fdc774820821fe50f7b6bf9201c2cfdf1S3VersionKey720EECDB" + "Ref": "AssetParameters2117ac17e1ec7017f8ab1b047bddad03a85ea5d448404a33a7fcee4fb5a3d666S3VersionKeyD292AB11" } ] } @@ -126,7 +126,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters55ec667368ab6d681cbdada49e45f9f8a8dd2d610a1e6c9d6b4f342adb77f3d6S3Bucket95EC2A4C" + "Ref": "AssetParametersdc17834bed7e16ae407d0a77361d92c9a7609557332dafffb47df61ec1b48b3eS3BucketCEC78A8C" }, "S3Key": { "Fn::Join": [ @@ -139,7 +139,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters55ec667368ab6d681cbdada49e45f9f8a8dd2d610a1e6c9d6b4f342adb77f3d6S3VersionKey0EEB0B14" + "Ref": "AssetParametersdc17834bed7e16ae407d0a77361d92c9a7609557332dafffb47df61ec1b48b3eS3VersionKey73F73F44" } ] } @@ -152,7 +152,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters55ec667368ab6d681cbdada49e45f9f8a8dd2d610a1e6c9d6b4f342adb77f3d6S3VersionKey0EEB0B14" + "Ref": "AssetParametersdc17834bed7e16ae407d0a77361d92c9a7609557332dafffb47df61ec1b48b3eS3VersionKey73F73F44" } ] } @@ -275,15 +275,15 @@ "VpcPublicSubnet1NATGateway4D7517AA": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet1EIPD7E02669", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet1Subnet5C2D37C4" - }, "Tags": [ { "Key": "Name", @@ -372,15 +372,15 @@ "VpcPublicSubnet2NATGateway9182C01D": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet2EIP3C605A87", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet2Subnet691E08A3" - }, "Tags": [ { "Key": "Name", @@ -469,15 +469,15 @@ "VpcPublicSubnet3NATGateway7640CD1D": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VpcPublicSubnet3SubnetBE12F0B6" + }, "AllocationId": { "Fn::GetAtt": [ "VpcPublicSubnet3EIP3A666A23", "AllocationId" ] }, - "SubnetId": { - "Ref": "VpcPublicSubnet3SubnetBE12F0B6" - }, "Tags": [ { "Key": "Name", @@ -758,7 +758,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters39132cdcc42d93606e39f295123475dee67fc9051b50231400eff004dac11dfeS3Bucket6796DF76" + "Ref": "AssetParameters050b3629caed17ac6299cf2228bc7a46c2b039b1386eabf3e5935cffca2a96ddS3Bucket6289DEB0" }, "S3Key": { "Fn::Join": [ @@ -771,7 +771,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters39132cdcc42d93606e39f295123475dee67fc9051b50231400eff004dac11dfeS3VersionKeyE83502D3" + "Ref": "AssetParameters050b3629caed17ac6299cf2228bc7a46c2b039b1386eabf3e5935cffca2a96ddS3VersionKey0271AF4F" } ] } @@ -784,7 +784,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters39132cdcc42d93606e39f295123475dee67fc9051b50231400eff004dac11dfeS3VersionKeyE83502D3" + "Ref": "AssetParameters050b3629caed17ac6299cf2228bc7a46c2b039b1386eabf3e5935cffca2a96ddS3VersionKey0271AF4F" } ] } @@ -835,41 +835,41 @@ } }, "Parameters": { - "AssetParameters790877879aeb907c349904efa092342fdc774820821fe50f7b6bf9201c2cfdf1S3Bucket1B1D9794": { + "AssetParameters2117ac17e1ec7017f8ab1b047bddad03a85ea5d448404a33a7fcee4fb5a3d666S3Bucket9DF03081": { "Type": "String", - "Description": "S3 bucket for asset \"790877879aeb907c349904efa092342fdc774820821fe50f7b6bf9201c2cfdf1\"" + "Description": "S3 bucket for asset \"2117ac17e1ec7017f8ab1b047bddad03a85ea5d448404a33a7fcee4fb5a3d666\"" }, - "AssetParameters790877879aeb907c349904efa092342fdc774820821fe50f7b6bf9201c2cfdf1S3VersionKey720EECDB": { + "AssetParameters2117ac17e1ec7017f8ab1b047bddad03a85ea5d448404a33a7fcee4fb5a3d666S3VersionKeyD292AB11": { "Type": "String", - "Description": "S3 key for asset version \"790877879aeb907c349904efa092342fdc774820821fe50f7b6bf9201c2cfdf1\"" + "Description": "S3 key for asset version \"2117ac17e1ec7017f8ab1b047bddad03a85ea5d448404a33a7fcee4fb5a3d666\"" }, - "AssetParameters790877879aeb907c349904efa092342fdc774820821fe50f7b6bf9201c2cfdf1ArtifactHashA9293830": { + "AssetParameters2117ac17e1ec7017f8ab1b047bddad03a85ea5d448404a33a7fcee4fb5a3d666ArtifactHashD513F670": { "Type": "String", - "Description": "Artifact hash for asset \"790877879aeb907c349904efa092342fdc774820821fe50f7b6bf9201c2cfdf1\"" + "Description": "Artifact hash for asset \"2117ac17e1ec7017f8ab1b047bddad03a85ea5d448404a33a7fcee4fb5a3d666\"" }, - "AssetParameters55ec667368ab6d681cbdada49e45f9f8a8dd2d610a1e6c9d6b4f342adb77f3d6S3Bucket95EC2A4C": { + "AssetParametersdc17834bed7e16ae407d0a77361d92c9a7609557332dafffb47df61ec1b48b3eS3BucketCEC78A8C": { "Type": "String", - "Description": "S3 bucket for asset \"55ec667368ab6d681cbdada49e45f9f8a8dd2d610a1e6c9d6b4f342adb77f3d6\"" + "Description": "S3 bucket for asset \"dc17834bed7e16ae407d0a77361d92c9a7609557332dafffb47df61ec1b48b3e\"" }, - "AssetParameters55ec667368ab6d681cbdada49e45f9f8a8dd2d610a1e6c9d6b4f342adb77f3d6S3VersionKey0EEB0B14": { + "AssetParametersdc17834bed7e16ae407d0a77361d92c9a7609557332dafffb47df61ec1b48b3eS3VersionKey73F73F44": { "Type": "String", - "Description": "S3 key for asset version \"55ec667368ab6d681cbdada49e45f9f8a8dd2d610a1e6c9d6b4f342adb77f3d6\"" + "Description": "S3 key for asset version \"dc17834bed7e16ae407d0a77361d92c9a7609557332dafffb47df61ec1b48b3e\"" }, - "AssetParameters55ec667368ab6d681cbdada49e45f9f8a8dd2d610a1e6c9d6b4f342adb77f3d6ArtifactHashE6098BA4": { + "AssetParametersdc17834bed7e16ae407d0a77361d92c9a7609557332dafffb47df61ec1b48b3eArtifactHash7BBA4237": { "Type": "String", - "Description": "Artifact hash for asset \"55ec667368ab6d681cbdada49e45f9f8a8dd2d610a1e6c9d6b4f342adb77f3d6\"" + "Description": "Artifact hash for asset \"dc17834bed7e16ae407d0a77361d92c9a7609557332dafffb47df61ec1b48b3e\"" }, - "AssetParameters39132cdcc42d93606e39f295123475dee67fc9051b50231400eff004dac11dfeS3Bucket6796DF76": { + "AssetParameters050b3629caed17ac6299cf2228bc7a46c2b039b1386eabf3e5935cffca2a96ddS3Bucket6289DEB0": { "Type": "String", - "Description": "S3 bucket for asset \"39132cdcc42d93606e39f295123475dee67fc9051b50231400eff004dac11dfe\"" + "Description": "S3 bucket for asset \"050b3629caed17ac6299cf2228bc7a46c2b039b1386eabf3e5935cffca2a96dd\"" }, - "AssetParameters39132cdcc42d93606e39f295123475dee67fc9051b50231400eff004dac11dfeS3VersionKeyE83502D3": { + "AssetParameters050b3629caed17ac6299cf2228bc7a46c2b039b1386eabf3e5935cffca2a96ddS3VersionKey0271AF4F": { "Type": "String", - "Description": "S3 key for asset version \"39132cdcc42d93606e39f295123475dee67fc9051b50231400eff004dac11dfe\"" + "Description": "S3 key for asset version \"050b3629caed17ac6299cf2228bc7a46c2b039b1386eabf3e5935cffca2a96dd\"" }, - "AssetParameters39132cdcc42d93606e39f295123475dee67fc9051b50231400eff004dac11dfeArtifactHashB3080084": { + "AssetParameters050b3629caed17ac6299cf2228bc7a46c2b039b1386eabf3e5935cffca2a96ddArtifactHashEC0A46C5": { "Type": "String", - "Description": "Artifact hash for asset \"39132cdcc42d93606e39f295123475dee67fc9051b50231400eff004dac11dfe\"" + "Description": "Artifact hash for asset \"050b3629caed17ac6299cf2228bc7a46c2b039b1386eabf3e5935cffca2a96dd\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-lambda-python/test/integ.function.custom-build.expected.json b/packages/@aws-cdk/aws-lambda-python/test/integ.function.custom-build.expected.json index dd78e2d129e14..003dd758e7c8f 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/integ.function.custom-build.expected.json +++ b/packages/@aws-cdk/aws-lambda-python/test/integ.function.custom-build.expected.json @@ -36,7 +36,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters623127c548bfba764c605bdc57770784dee3a4e8255ae2ad2590a2f5d42e7abfS3BucketE101E6F9" + "Ref": "AssetParameters89ca5c5b2234f7dbbadd142cad0414d3cdf1293dc1edfa1618f4eac392958c82S3BucketC9B359BB" }, "S3Key": { "Fn::Join": [ @@ -49,7 +49,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters623127c548bfba764c605bdc57770784dee3a4e8255ae2ad2590a2f5d42e7abfS3VersionKey08D4E5C6" + "Ref": "AssetParameters89ca5c5b2234f7dbbadd142cad0414d3cdf1293dc1edfa1618f4eac392958c82S3VersionKeyBF16F8DD" } ] } @@ -62,7 +62,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters623127c548bfba764c605bdc57770784dee3a4e8255ae2ad2590a2f5d42e7abfS3VersionKey08D4E5C6" + "Ref": "AssetParameters89ca5c5b2234f7dbbadd142cad0414d3cdf1293dc1edfa1618f4eac392958c82S3VersionKeyBF16F8DD" } ] } @@ -87,17 +87,17 @@ } }, "Parameters": { - "AssetParameters623127c548bfba764c605bdc57770784dee3a4e8255ae2ad2590a2f5d42e7abfS3BucketE101E6F9": { + "AssetParameters89ca5c5b2234f7dbbadd142cad0414d3cdf1293dc1edfa1618f4eac392958c82S3BucketC9B359BB": { "Type": "String", - "Description": "S3 bucket for asset \"623127c548bfba764c605bdc57770784dee3a4e8255ae2ad2590a2f5d42e7abf\"" + "Description": "S3 bucket for asset \"89ca5c5b2234f7dbbadd142cad0414d3cdf1293dc1edfa1618f4eac392958c82\"" }, - "AssetParameters623127c548bfba764c605bdc57770784dee3a4e8255ae2ad2590a2f5d42e7abfS3VersionKey08D4E5C6": { + "AssetParameters89ca5c5b2234f7dbbadd142cad0414d3cdf1293dc1edfa1618f4eac392958c82S3VersionKeyBF16F8DD": { "Type": "String", - "Description": "S3 key for asset version \"623127c548bfba764c605bdc57770784dee3a4e8255ae2ad2590a2f5d42e7abf\"" + "Description": "S3 key for asset version \"89ca5c5b2234f7dbbadd142cad0414d3cdf1293dc1edfa1618f4eac392958c82\"" }, - "AssetParameters623127c548bfba764c605bdc57770784dee3a4e8255ae2ad2590a2f5d42e7abfArtifactHash2D0E1467": { + "AssetParameters89ca5c5b2234f7dbbadd142cad0414d3cdf1293dc1edfa1618f4eac392958c82ArtifactHashFF99ACF4": { "Type": "String", - "Description": "Artifact hash for asset \"623127c548bfba764c605bdc57770784dee3a4e8255ae2ad2590a2f5d42e7abf\"" + "Description": "Artifact hash for asset \"89ca5c5b2234f7dbbadd142cad0414d3cdf1293dc1edfa1618f4eac392958c82\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-lambda-python/test/integ.function.expected.json b/packages/@aws-cdk/aws-lambda-python/test/integ.function.expected.json index bf6248e87c68e..7f671e018e9ed 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/integ.function.expected.json +++ b/packages/@aws-cdk/aws-lambda-python/test/integ.function.expected.json @@ -36,7 +36,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters13be70bc2398416ddd6c8e123f99becf43b8b1c3d00cad2447f9f75cea39d055S3Bucket4083148B" + "Ref": "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573S3Bucket5DFF2A17" }, "S3Key": { "Fn::Join": [ @@ -49,7 +49,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters13be70bc2398416ddd6c8e123f99becf43b8b1c3d00cad2447f9f75cea39d055S3VersionKey32133DD4" + "Ref": "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573S3VersionKey4E2330F4" } ] } @@ -62,7 +62,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters13be70bc2398416ddd6c8e123f99becf43b8b1c3d00cad2447f9f75cea39d055S3VersionKey32133DD4" + "Ref": "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573S3VersionKey4E2330F4" } ] } @@ -87,17 +87,17 @@ } }, "Parameters": { - "AssetParameters13be70bc2398416ddd6c8e123f99becf43b8b1c3d00cad2447f9f75cea39d055S3Bucket4083148B": { + "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573S3Bucket5DFF2A17": { "Type": "String", - "Description": "S3 bucket for asset \"13be70bc2398416ddd6c8e123f99becf43b8b1c3d00cad2447f9f75cea39d055\"" + "Description": "S3 bucket for asset \"94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573\"" }, - "AssetParameters13be70bc2398416ddd6c8e123f99becf43b8b1c3d00cad2447f9f75cea39d055S3VersionKey32133DD4": { + "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573S3VersionKey4E2330F4": { "Type": "String", - "Description": "S3 key for asset version \"13be70bc2398416ddd6c8e123f99becf43b8b1c3d00cad2447f9f75cea39d055\"" + "Description": "S3 key for asset version \"94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573\"" }, - "AssetParameters13be70bc2398416ddd6c8e123f99becf43b8b1c3d00cad2447f9f75cea39d055ArtifactHash83828A10": { + "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573ArtifactHashA5E62729": { "Type": "String", - "Description": "Artifact hash for asset \"13be70bc2398416ddd6c8e123f99becf43b8b1c3d00cad2447f9f75cea39d055\"" + "Description": "Artifact hash for asset \"94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-lambda-python/test/integ.function.nodeps.expected.json b/packages/@aws-cdk/aws-lambda-python/test/integ.function.nodeps.expected.json index a12a5675b097f..6fc079bb0cadb 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/integ.function.nodeps.expected.json +++ b/packages/@aws-cdk/aws-lambda-python/test/integ.function.nodeps.expected.json @@ -36,7 +36,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersadeacc0a6e55ff50a5243310913e886cc41725125e145a916ff3ec01369b2201S3BucketE6A02FFC" + "Ref": "AssetParameters3b772c6d8ae6957e4b380de3d18b02203a1d3eda5f37cb706ebb17cbcceb431aS3BucketAF45FF62" }, "S3Key": { "Fn::Join": [ @@ -49,7 +49,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersadeacc0a6e55ff50a5243310913e886cc41725125e145a916ff3ec01369b2201S3VersionKey78F64422" + "Ref": "AssetParameters3b772c6d8ae6957e4b380de3d18b02203a1d3eda5f37cb706ebb17cbcceb431aS3VersionKey4F7CFB4F" } ] } @@ -62,7 +62,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersadeacc0a6e55ff50a5243310913e886cc41725125e145a916ff3ec01369b2201S3VersionKey78F64422" + "Ref": "AssetParameters3b772c6d8ae6957e4b380de3d18b02203a1d3eda5f37cb706ebb17cbcceb431aS3VersionKey4F7CFB4F" } ] } @@ -87,17 +87,17 @@ } }, "Parameters": { - "AssetParametersadeacc0a6e55ff50a5243310913e886cc41725125e145a916ff3ec01369b2201S3BucketE6A02FFC": { + "AssetParameters3b772c6d8ae6957e4b380de3d18b02203a1d3eda5f37cb706ebb17cbcceb431aS3BucketAF45FF62": { "Type": "String", - "Description": "S3 bucket for asset \"adeacc0a6e55ff50a5243310913e886cc41725125e145a916ff3ec01369b2201\"" + "Description": "S3 bucket for asset \"3b772c6d8ae6957e4b380de3d18b02203a1d3eda5f37cb706ebb17cbcceb431a\"" }, - "AssetParametersadeacc0a6e55ff50a5243310913e886cc41725125e145a916ff3ec01369b2201S3VersionKey78F64422": { + "AssetParameters3b772c6d8ae6957e4b380de3d18b02203a1d3eda5f37cb706ebb17cbcceb431aS3VersionKey4F7CFB4F": { "Type": "String", - "Description": "S3 key for asset version \"adeacc0a6e55ff50a5243310913e886cc41725125e145a916ff3ec01369b2201\"" + "Description": "S3 key for asset version \"3b772c6d8ae6957e4b380de3d18b02203a1d3eda5f37cb706ebb17cbcceb431a\"" }, - "AssetParametersadeacc0a6e55ff50a5243310913e886cc41725125e145a916ff3ec01369b2201ArtifactHash5EE39E2F": { + "AssetParameters3b772c6d8ae6957e4b380de3d18b02203a1d3eda5f37cb706ebb17cbcceb431aArtifactHash904EF538": { "Type": "String", - "Description": "Artifact hash for asset \"adeacc0a6e55ff50a5243310913e886cc41725125e145a916ff3ec01369b2201\"" + "Description": "Artifact hash for asset \"3b772c6d8ae6957e4b380de3d18b02203a1d3eda5f37cb706ebb17cbcceb431a\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-lambda-python/test/integ.function.pipenv.expected.json b/packages/@aws-cdk/aws-lambda-python/test/integ.function.pipenv.expected.json index 80d1579481795..3565c8f0d26c2 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/integ.function.pipenv.expected.json +++ b/packages/@aws-cdk/aws-lambda-python/test/integ.function.pipenv.expected.json @@ -36,7 +36,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersc850e159fa69da9edb39ca17a495c47ca137fb5ea2119efb9b01468b0a4934a2S3BucketC982114B" + "Ref": "AssetParameters684a2f752f67fdc04a3b76308d5a71acb60a190f24b6dc1e5899167f6f32ce9fS3Bucket53FFD3D0" }, "S3Key": { "Fn::Join": [ @@ -49,7 +49,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersc850e159fa69da9edb39ca17a495c47ca137fb5ea2119efb9b01468b0a4934a2S3VersionKey6D9FF4C1" + "Ref": "AssetParameters684a2f752f67fdc04a3b76308d5a71acb60a190f24b6dc1e5899167f6f32ce9fS3VersionKey7A7468A3" } ] } @@ -62,7 +62,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersc850e159fa69da9edb39ca17a495c47ca137fb5ea2119efb9b01468b0a4934a2S3VersionKey6D9FF4C1" + "Ref": "AssetParameters684a2f752f67fdc04a3b76308d5a71acb60a190f24b6dc1e5899167f6f32ce9fS3VersionKey7A7468A3" } ] } @@ -121,7 +121,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersebc380ae5f94c7b58c30d780f064bc980ad95d026b4e753349d00efc56f40427S3Bucket42FB475E" + "Ref": "AssetParameters069324dd6f747a462fc08bc2701fa4e72d5776318b3bf4f27bcdb08b937e77f0S3Bucket714A0D7D" }, "S3Key": { "Fn::Join": [ @@ -134,7 +134,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersebc380ae5f94c7b58c30d780f064bc980ad95d026b4e753349d00efc56f40427S3VersionKeyFFD26447" + "Ref": "AssetParameters069324dd6f747a462fc08bc2701fa4e72d5776318b3bf4f27bcdb08b937e77f0S3VersionKey53ECA362" } ] } @@ -147,7 +147,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersebc380ae5f94c7b58c30d780f064bc980ad95d026b4e753349d00efc56f40427S3VersionKeyFFD26447" + "Ref": "AssetParameters069324dd6f747a462fc08bc2701fa4e72d5776318b3bf4f27bcdb08b937e77f0S3VersionKey53ECA362" } ] } @@ -172,29 +172,29 @@ } }, "Parameters": { - "AssetParametersc850e159fa69da9edb39ca17a495c47ca137fb5ea2119efb9b01468b0a4934a2S3BucketC982114B": { + "AssetParameters684a2f752f67fdc04a3b76308d5a71acb60a190f24b6dc1e5899167f6f32ce9fS3Bucket53FFD3D0": { "Type": "String", - "Description": "S3 bucket for asset \"c850e159fa69da9edb39ca17a495c47ca137fb5ea2119efb9b01468b0a4934a2\"" + "Description": "S3 bucket for asset \"684a2f752f67fdc04a3b76308d5a71acb60a190f24b6dc1e5899167f6f32ce9f\"" }, - "AssetParametersc850e159fa69da9edb39ca17a495c47ca137fb5ea2119efb9b01468b0a4934a2S3VersionKey6D9FF4C1": { + "AssetParameters684a2f752f67fdc04a3b76308d5a71acb60a190f24b6dc1e5899167f6f32ce9fS3VersionKey7A7468A3": { "Type": "String", - "Description": "S3 key for asset version \"c850e159fa69da9edb39ca17a495c47ca137fb5ea2119efb9b01468b0a4934a2\"" + "Description": "S3 key for asset version \"684a2f752f67fdc04a3b76308d5a71acb60a190f24b6dc1e5899167f6f32ce9f\"" }, - "AssetParametersc850e159fa69da9edb39ca17a495c47ca137fb5ea2119efb9b01468b0a4934a2ArtifactHash27EECEC5": { + "AssetParameters684a2f752f67fdc04a3b76308d5a71acb60a190f24b6dc1e5899167f6f32ce9fArtifactHash18F2A416": { "Type": "String", - "Description": "Artifact hash for asset \"c850e159fa69da9edb39ca17a495c47ca137fb5ea2119efb9b01468b0a4934a2\"" + "Description": "Artifact hash for asset \"684a2f752f67fdc04a3b76308d5a71acb60a190f24b6dc1e5899167f6f32ce9f\"" }, - "AssetParametersebc380ae5f94c7b58c30d780f064bc980ad95d026b4e753349d00efc56f40427S3Bucket42FB475E": { + "AssetParameters069324dd6f747a462fc08bc2701fa4e72d5776318b3bf4f27bcdb08b937e77f0S3Bucket714A0D7D": { "Type": "String", - "Description": "S3 bucket for asset \"ebc380ae5f94c7b58c30d780f064bc980ad95d026b4e753349d00efc56f40427\"" + "Description": "S3 bucket for asset \"069324dd6f747a462fc08bc2701fa4e72d5776318b3bf4f27bcdb08b937e77f0\"" }, - "AssetParametersebc380ae5f94c7b58c30d780f064bc980ad95d026b4e753349d00efc56f40427S3VersionKeyFFD26447": { + "AssetParameters069324dd6f747a462fc08bc2701fa4e72d5776318b3bf4f27bcdb08b937e77f0S3VersionKey53ECA362": { "Type": "String", - "Description": "S3 key for asset version \"ebc380ae5f94c7b58c30d780f064bc980ad95d026b4e753349d00efc56f40427\"" + "Description": "S3 key for asset version \"069324dd6f747a462fc08bc2701fa4e72d5776318b3bf4f27bcdb08b937e77f0\"" }, - "AssetParametersebc380ae5f94c7b58c30d780f064bc980ad95d026b4e753349d00efc56f40427ArtifactHashCC6CC552": { + "AssetParameters069324dd6f747a462fc08bc2701fa4e72d5776318b3bf4f27bcdb08b937e77f0ArtifactHashA527F411": { "Type": "String", - "Description": "Artifact hash for asset \"ebc380ae5f94c7b58c30d780f064bc980ad95d026b4e753349d00efc56f40427\"" + "Description": "Artifact hash for asset \"069324dd6f747a462fc08bc2701fa4e72d5776318b3bf4f27bcdb08b937e77f0\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-lambda-python/test/integ.function.poetry.expected.json b/packages/@aws-cdk/aws-lambda-python/test/integ.function.poetry.expected.json index 868afeba6ff43..bbae8112b1807 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/integ.function.poetry.expected.json +++ b/packages/@aws-cdk/aws-lambda-python/test/integ.function.poetry.expected.json @@ -36,7 +36,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersab7f43c80b3b659f320744f583b7bfda3605f7018c253ab2e7615cfb667cb0daS3Bucket142AE375" + "Ref": "AssetParametersb56cede4ec5df8a7b7eac0b708729b7bd41299f732fd0d287c6ac64c12626f91S3Bucket057A8A40" }, "S3Key": { "Fn::Join": [ @@ -49,7 +49,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersab7f43c80b3b659f320744f583b7bfda3605f7018c253ab2e7615cfb667cb0daS3VersionKeyDC1A62D5" + "Ref": "AssetParametersb56cede4ec5df8a7b7eac0b708729b7bd41299f732fd0d287c6ac64c12626f91S3VersionKey0AF7333B" } ] } @@ -62,7 +62,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersab7f43c80b3b659f320744f583b7bfda3605f7018c253ab2e7615cfb667cb0daS3VersionKeyDC1A62D5" + "Ref": "AssetParametersb56cede4ec5df8a7b7eac0b708729b7bd41299f732fd0d287c6ac64c12626f91S3VersionKey0AF7333B" } ] } @@ -121,7 +121,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters67452e07162ae977faecaa7c71cf523f4442341f285bd53f84089624ce7fff1dS3BucketB5B7A82F" + "Ref": "AssetParametersc6ffa1649951c75afc6c302e13c762f94b8f8958c48d7cf0a0712ce381be73b2S3Bucket1B953860" }, "S3Key": { "Fn::Join": [ @@ -134,7 +134,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters67452e07162ae977faecaa7c71cf523f4442341f285bd53f84089624ce7fff1dS3VersionKey06225DD1" + "Ref": "AssetParametersc6ffa1649951c75afc6c302e13c762f94b8f8958c48d7cf0a0712ce381be73b2S3VersionKey21C3F64D" } ] } @@ -147,7 +147,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters67452e07162ae977faecaa7c71cf523f4442341f285bd53f84089624ce7fff1dS3VersionKey06225DD1" + "Ref": "AssetParametersc6ffa1649951c75afc6c302e13c762f94b8f8958c48d7cf0a0712ce381be73b2S3VersionKey21C3F64D" } ] } @@ -172,29 +172,29 @@ } }, "Parameters": { - "AssetParametersab7f43c80b3b659f320744f583b7bfda3605f7018c253ab2e7615cfb667cb0daS3Bucket142AE375": { + "AssetParametersb56cede4ec5df8a7b7eac0b708729b7bd41299f732fd0d287c6ac64c12626f91S3Bucket057A8A40": { "Type": "String", - "Description": "S3 bucket for asset \"ab7f43c80b3b659f320744f583b7bfda3605f7018c253ab2e7615cfb667cb0da\"" + "Description": "S3 bucket for asset \"b56cede4ec5df8a7b7eac0b708729b7bd41299f732fd0d287c6ac64c12626f91\"" }, - "AssetParametersab7f43c80b3b659f320744f583b7bfda3605f7018c253ab2e7615cfb667cb0daS3VersionKeyDC1A62D5": { + "AssetParametersb56cede4ec5df8a7b7eac0b708729b7bd41299f732fd0d287c6ac64c12626f91S3VersionKey0AF7333B": { "Type": "String", - "Description": "S3 key for asset version \"ab7f43c80b3b659f320744f583b7bfda3605f7018c253ab2e7615cfb667cb0da\"" + "Description": "S3 key for asset version \"b56cede4ec5df8a7b7eac0b708729b7bd41299f732fd0d287c6ac64c12626f91\"" }, - "AssetParametersab7f43c80b3b659f320744f583b7bfda3605f7018c253ab2e7615cfb667cb0daArtifactHash0EF1F0C3": { + "AssetParametersb56cede4ec5df8a7b7eac0b708729b7bd41299f732fd0d287c6ac64c12626f91ArtifactHash5E36A98B": { "Type": "String", - "Description": "Artifact hash for asset \"ab7f43c80b3b659f320744f583b7bfda3605f7018c253ab2e7615cfb667cb0da\"" + "Description": "Artifact hash for asset \"b56cede4ec5df8a7b7eac0b708729b7bd41299f732fd0d287c6ac64c12626f91\"" }, - "AssetParameters67452e07162ae977faecaa7c71cf523f4442341f285bd53f84089624ce7fff1dS3BucketB5B7A82F": { + "AssetParametersc6ffa1649951c75afc6c302e13c762f94b8f8958c48d7cf0a0712ce381be73b2S3Bucket1B953860": { "Type": "String", - "Description": "S3 bucket for asset \"67452e07162ae977faecaa7c71cf523f4442341f285bd53f84089624ce7fff1d\"" + "Description": "S3 bucket for asset \"c6ffa1649951c75afc6c302e13c762f94b8f8958c48d7cf0a0712ce381be73b2\"" }, - "AssetParameters67452e07162ae977faecaa7c71cf523f4442341f285bd53f84089624ce7fff1dS3VersionKey06225DD1": { + "AssetParametersc6ffa1649951c75afc6c302e13c762f94b8f8958c48d7cf0a0712ce381be73b2S3VersionKey21C3F64D": { "Type": "String", - "Description": "S3 key for asset version \"67452e07162ae977faecaa7c71cf523f4442341f285bd53f84089624ce7fff1d\"" + "Description": "S3 key for asset version \"c6ffa1649951c75afc6c302e13c762f94b8f8958c48d7cf0a0712ce381be73b2\"" }, - "AssetParameters67452e07162ae977faecaa7c71cf523f4442341f285bd53f84089624ce7fff1dArtifactHash253A552F": { + "AssetParametersc6ffa1649951c75afc6c302e13c762f94b8f8958c48d7cf0a0712ce381be73b2ArtifactHash267CE95E": { "Type": "String", - "Description": "Artifact hash for asset \"67452e07162ae977faecaa7c71cf523f4442341f285bd53f84089624ce7fff1d\"" + "Description": "Artifact hash for asset \"c6ffa1649951c75afc6c302e13c762f94b8f8958c48d7cf0a0712ce381be73b2\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-lambda-python/test/integ.function.project.expected.json b/packages/@aws-cdk/aws-lambda-python/test/integ.function.project.expected.json index 0f96e29246a70..faace5659fe2d 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/integ.function.project.expected.json +++ b/packages/@aws-cdk/aws-lambda-python/test/integ.function.project.expected.json @@ -5,7 +5,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParameters1f7d3c2f23a4820c4d01a0bce4add499802732068e570fb63c9f9ae0c2011949S3BucketE93E5D2C" + "Ref": "AssetParameters51a124c454095f3106d92ba6c988cda953780ef31f562c86bd4ca693a7fdf724S3BucketDA99AAC5" }, "S3Key": { "Fn::Join": [ @@ -18,7 +18,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1f7d3c2f23a4820c4d01a0bce4add499802732068e570fb63c9f9ae0c2011949S3VersionKey13A824E8" + "Ref": "AssetParameters51a124c454095f3106d92ba6c988cda953780ef31f562c86bd4ca693a7fdf724S3VersionKey561281CF" } ] } @@ -31,7 +31,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1f7d3c2f23a4820c4d01a0bce4add499802732068e570fb63c9f9ae0c2011949S3VersionKey13A824E8" + "Ref": "AssetParameters51a124c454095f3106d92ba6c988cda953780ef31f562c86bd4ca693a7fdf724S3VersionKey561281CF" } ] } @@ -82,7 +82,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters3164004f2e76531b3631d1b70c1bee3da1439011bf712a91211b8721868da676S3Bucket9F42D72A" + "Ref": "AssetParametersc5c2604faa927103df13d5a72632c7be09d3fc34b6b31039a6acec9acf0f9116S3BucketD74EF551" }, "S3Key": { "Fn::Join": [ @@ -95,7 +95,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters3164004f2e76531b3631d1b70c1bee3da1439011bf712a91211b8721868da676S3VersionKey37C5ED38" + "Ref": "AssetParametersc5c2604faa927103df13d5a72632c7be09d3fc34b6b31039a6acec9acf0f9116S3VersionKey9612D0E2" } ] } @@ -108,7 +108,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters3164004f2e76531b3631d1b70c1bee3da1439011bf712a91211b8721868da676S3VersionKey37C5ED38" + "Ref": "AssetParametersc5c2604faa927103df13d5a72632c7be09d3fc34b6b31039a6acec9acf0f9116S3VersionKey9612D0E2" } ] } @@ -138,29 +138,29 @@ } }, "Parameters": { - "AssetParameters1f7d3c2f23a4820c4d01a0bce4add499802732068e570fb63c9f9ae0c2011949S3BucketE93E5D2C": { + "AssetParameters51a124c454095f3106d92ba6c988cda953780ef31f562c86bd4ca693a7fdf724S3BucketDA99AAC5": { "Type": "String", - "Description": "S3 bucket for asset \"1f7d3c2f23a4820c4d01a0bce4add499802732068e570fb63c9f9ae0c2011949\"" + "Description": "S3 bucket for asset \"51a124c454095f3106d92ba6c988cda953780ef31f562c86bd4ca693a7fdf724\"" }, - "AssetParameters1f7d3c2f23a4820c4d01a0bce4add499802732068e570fb63c9f9ae0c2011949S3VersionKey13A824E8": { + "AssetParameters51a124c454095f3106d92ba6c988cda953780ef31f562c86bd4ca693a7fdf724S3VersionKey561281CF": { "Type": "String", - "Description": "S3 key for asset version \"1f7d3c2f23a4820c4d01a0bce4add499802732068e570fb63c9f9ae0c2011949\"" + "Description": "S3 key for asset version \"51a124c454095f3106d92ba6c988cda953780ef31f562c86bd4ca693a7fdf724\"" }, - "AssetParameters1f7d3c2f23a4820c4d01a0bce4add499802732068e570fb63c9f9ae0c2011949ArtifactHashD6269488": { + "AssetParameters51a124c454095f3106d92ba6c988cda953780ef31f562c86bd4ca693a7fdf724ArtifactHash2CDEA207": { "Type": "String", - "Description": "Artifact hash for asset \"1f7d3c2f23a4820c4d01a0bce4add499802732068e570fb63c9f9ae0c2011949\"" + "Description": "Artifact hash for asset \"51a124c454095f3106d92ba6c988cda953780ef31f562c86bd4ca693a7fdf724\"" }, - "AssetParameters3164004f2e76531b3631d1b70c1bee3da1439011bf712a91211b8721868da676S3Bucket9F42D72A": { + "AssetParametersc5c2604faa927103df13d5a72632c7be09d3fc34b6b31039a6acec9acf0f9116S3BucketD74EF551": { "Type": "String", - "Description": "S3 bucket for asset \"3164004f2e76531b3631d1b70c1bee3da1439011bf712a91211b8721868da676\"" + "Description": "S3 bucket for asset \"c5c2604faa927103df13d5a72632c7be09d3fc34b6b31039a6acec9acf0f9116\"" }, - "AssetParameters3164004f2e76531b3631d1b70c1bee3da1439011bf712a91211b8721868da676S3VersionKey37C5ED38": { + "AssetParametersc5c2604faa927103df13d5a72632c7be09d3fc34b6b31039a6acec9acf0f9116S3VersionKey9612D0E2": { "Type": "String", - "Description": "S3 key for asset version \"3164004f2e76531b3631d1b70c1bee3da1439011bf712a91211b8721868da676\"" + "Description": "S3 key for asset version \"c5c2604faa927103df13d5a72632c7be09d3fc34b6b31039a6acec9acf0f9116\"" }, - "AssetParameters3164004f2e76531b3631d1b70c1bee3da1439011bf712a91211b8721868da676ArtifactHash74C7DB3B": { + "AssetParametersc5c2604faa927103df13d5a72632c7be09d3fc34b6b31039a6acec9acf0f9116ArtifactHash1E0614B3": { "Type": "String", - "Description": "Artifact hash for asset \"3164004f2e76531b3631d1b70c1bee3da1439011bf712a91211b8721868da676\"" + "Description": "Artifact hash for asset \"c5c2604faa927103df13d5a72632c7be09d3fc34b6b31039a6acec9acf0f9116\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-lambda-python/test/integ.function.py38.expected.json b/packages/@aws-cdk/aws-lambda-python/test/integ.function.py38.expected.json index 8c028fc0afac0..8a264a6ca2058 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/integ.function.py38.expected.json +++ b/packages/@aws-cdk/aws-lambda-python/test/integ.function.py38.expected.json @@ -36,7 +36,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters9004e881069342d6cd7cc95689e1c51eb68f9f5d8c0bdfb0c2c52d9aa301d1d6S3Bucket8DE4578D" + "Ref": "AssetParameters5e6412615f95ab4d20cbc13454e0603afb26be2b12bdd954c21a3bca6cbc6e57S3Bucket5AE0410B" }, "S3Key": { "Fn::Join": [ @@ -49,7 +49,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters9004e881069342d6cd7cc95689e1c51eb68f9f5d8c0bdfb0c2c52d9aa301d1d6S3VersionKey86A8985D" + "Ref": "AssetParameters5e6412615f95ab4d20cbc13454e0603afb26be2b12bdd954c21a3bca6cbc6e57S3VersionKey68880DE9" } ] } @@ -62,7 +62,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters9004e881069342d6cd7cc95689e1c51eb68f9f5d8c0bdfb0c2c52d9aa301d1d6S3VersionKey86A8985D" + "Ref": "AssetParameters5e6412615f95ab4d20cbc13454e0603afb26be2b12bdd954c21a3bca6cbc6e57S3VersionKey68880DE9" } ] } @@ -87,17 +87,17 @@ } }, "Parameters": { - "AssetParameters9004e881069342d6cd7cc95689e1c51eb68f9f5d8c0bdfb0c2c52d9aa301d1d6S3Bucket8DE4578D": { + "AssetParameters5e6412615f95ab4d20cbc13454e0603afb26be2b12bdd954c21a3bca6cbc6e57S3Bucket5AE0410B": { "Type": "String", - "Description": "S3 bucket for asset \"9004e881069342d6cd7cc95689e1c51eb68f9f5d8c0bdfb0c2c52d9aa301d1d6\"" + "Description": "S3 bucket for asset \"5e6412615f95ab4d20cbc13454e0603afb26be2b12bdd954c21a3bca6cbc6e57\"" }, - "AssetParameters9004e881069342d6cd7cc95689e1c51eb68f9f5d8c0bdfb0c2c52d9aa301d1d6S3VersionKey86A8985D": { + "AssetParameters5e6412615f95ab4d20cbc13454e0603afb26be2b12bdd954c21a3bca6cbc6e57S3VersionKey68880DE9": { "Type": "String", - "Description": "S3 key for asset version \"9004e881069342d6cd7cc95689e1c51eb68f9f5d8c0bdfb0c2c52d9aa301d1d6\"" + "Description": "S3 key for asset version \"5e6412615f95ab4d20cbc13454e0603afb26be2b12bdd954c21a3bca6cbc6e57\"" }, - "AssetParameters9004e881069342d6cd7cc95689e1c51eb68f9f5d8c0bdfb0c2c52d9aa301d1d6ArtifactHash4E095FCC": { + "AssetParameters5e6412615f95ab4d20cbc13454e0603afb26be2b12bdd954c21a3bca6cbc6e57ArtifactHashD00E469F": { "Type": "String", - "Description": "Artifact hash for asset \"9004e881069342d6cd7cc95689e1c51eb68f9f5d8c0bdfb0c2c52d9aa301d1d6\"" + "Description": "Artifact hash for asset \"5e6412615f95ab4d20cbc13454e0603afb26be2b12bdd954c21a3bca6cbc6e57\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-lambda-python/test/integ.function.sub.expected.json b/packages/@aws-cdk/aws-lambda-python/test/integ.function.sub.expected.json index fb29f895b492e..e76e7cfb14392 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/integ.function.sub.expected.json +++ b/packages/@aws-cdk/aws-lambda-python/test/integ.function.sub.expected.json @@ -36,7 +36,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersccd39730103b259d263418443f3d426e109312f1f147710e2e5fffc2150b8647S3Bucket11B30F21" + "Ref": "AssetParameters4427066e616276cb27bb4011d3a6a474a4e5ffb67c01234137177c6c5e44b1d0S3Bucket89FCC833" }, "S3Key": { "Fn::Join": [ @@ -49,7 +49,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersccd39730103b259d263418443f3d426e109312f1f147710e2e5fffc2150b8647S3VersionKey1D9AFDF5" + "Ref": "AssetParameters4427066e616276cb27bb4011d3a6a474a4e5ffb67c01234137177c6c5e44b1d0S3VersionKey3090BAB2" } ] } @@ -62,7 +62,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersccd39730103b259d263418443f3d426e109312f1f147710e2e5fffc2150b8647S3VersionKey1D9AFDF5" + "Ref": "AssetParameters4427066e616276cb27bb4011d3a6a474a4e5ffb67c01234137177c6c5e44b1d0S3VersionKey3090BAB2" } ] } @@ -87,17 +87,17 @@ } }, "Parameters": { - "AssetParametersccd39730103b259d263418443f3d426e109312f1f147710e2e5fffc2150b8647S3Bucket11B30F21": { + "AssetParameters4427066e616276cb27bb4011d3a6a474a4e5ffb67c01234137177c6c5e44b1d0S3Bucket89FCC833": { "Type": "String", - "Description": "S3 bucket for asset \"ccd39730103b259d263418443f3d426e109312f1f147710e2e5fffc2150b8647\"" + "Description": "S3 bucket for asset \"4427066e616276cb27bb4011d3a6a474a4e5ffb67c01234137177c6c5e44b1d0\"" }, - "AssetParametersccd39730103b259d263418443f3d426e109312f1f147710e2e5fffc2150b8647S3VersionKey1D9AFDF5": { + "AssetParameters4427066e616276cb27bb4011d3a6a474a4e5ffb67c01234137177c6c5e44b1d0S3VersionKey3090BAB2": { "Type": "String", - "Description": "S3 key for asset version \"ccd39730103b259d263418443f3d426e109312f1f147710e2e5fffc2150b8647\"" + "Description": "S3 key for asset version \"4427066e616276cb27bb4011d3a6a474a4e5ffb67c01234137177c6c5e44b1d0\"" }, - "AssetParametersccd39730103b259d263418443f3d426e109312f1f147710e2e5fffc2150b8647ArtifactHash997AD273": { + "AssetParameters4427066e616276cb27bb4011d3a6a474a4e5ffb67c01234137177c6c5e44b1d0ArtifactHash862641FA": { "Type": "String", - "Description": "Artifact hash for asset \"ccd39730103b259d263418443f3d426e109312f1f147710e2e5fffc2150b8647\"" + "Description": "Artifact hash for asset \"4427066e616276cb27bb4011d3a6a474a4e5ffb67c01234137177c6c5e44b1d0\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-lambda-python/test/integ.function.vpc.expected.json b/packages/@aws-cdk/aws-lambda-python/test/integ.function.vpc.expected.json index fb5aafb8c9c75..23cf7919d5dd1 100644 --- a/packages/@aws-cdk/aws-lambda-python/test/integ.function.vpc.expected.json +++ b/packages/@aws-cdk/aws-lambda-python/test/integ.function.vpc.expected.json @@ -296,7 +296,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters28ffbbca5292e933d802ff7c495367b0d7fddab6f52a3777f67a52f14efc6b38S3BucketF4C94740" + "Ref": "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573S3Bucket5DFF2A17" }, "S3Key": { "Fn::Join": [ @@ -309,7 +309,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters28ffbbca5292e933d802ff7c495367b0d7fddab6f52a3777f67a52f14efc6b38S3VersionKey584C9092" + "Ref": "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573S3VersionKey4E2330F4" } ] } @@ -322,7 +322,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters28ffbbca5292e933d802ff7c495367b0d7fddab6f52a3777f67a52f14efc6b38S3VersionKey584C9092" + "Ref": "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573S3VersionKey4E2330F4" } ] } @@ -368,17 +368,17 @@ } }, "Parameters": { - "AssetParameters28ffbbca5292e933d802ff7c495367b0d7fddab6f52a3777f67a52f14efc6b38S3BucketF4C94740": { + "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573S3Bucket5DFF2A17": { "Type": "String", - "Description": "S3 bucket for asset \"28ffbbca5292e933d802ff7c495367b0d7fddab6f52a3777f67a52f14efc6b38\"" + "Description": "S3 bucket for asset \"94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573\"" }, - "AssetParameters28ffbbca5292e933d802ff7c495367b0d7fddab6f52a3777f67a52f14efc6b38S3VersionKey584C9092": { + "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573S3VersionKey4E2330F4": { "Type": "String", - "Description": "S3 key for asset version \"28ffbbca5292e933d802ff7c495367b0d7fddab6f52a3777f67a52f14efc6b38\"" + "Description": "S3 key for asset version \"94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573\"" }, - "AssetParameters28ffbbca5292e933d802ff7c495367b0d7fddab6f52a3777f67a52f14efc6b38ArtifactHashC0B5BADB": { + "AssetParameters94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573ArtifactHashA5E62729": { "Type": "String", - "Description": "Artifact hash for asset \"28ffbbca5292e933d802ff7c495367b0d7fddab6f52a3777f67a52f14efc6b38\"" + "Description": "Artifact hash for asset \"94754b2f276800442d199c45b0bf611b9ed8b4d1f6d2acdf6bf5cbeed6176573\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-lambda/test/integ.bundling.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.bundling.expected.json index 75863fbac5fab..ce5b2fbe98384 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.bundling.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.bundling.expected.json @@ -36,7 +36,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters4096fd7ad39dc95026cb4c6254d2421d276c3170018ff7abdb41197d50ebd47bS3Bucket48F36117" + "Ref": "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3BucketBF50F97C" }, "S3Key": { "Fn::Join": [ @@ -49,7 +49,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4096fd7ad39dc95026cb4c6254d2421d276c3170018ff7abdb41197d50ebd47bS3VersionKey5B24FA75" + "Ref": "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3VersionKeyF21AC8C1" } ] } @@ -62,7 +62,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4096fd7ad39dc95026cb4c6254d2421d276c3170018ff7abdb41197d50ebd47bS3VersionKey5B24FA75" + "Ref": "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3VersionKeyF21AC8C1" } ] } @@ -87,17 +87,17 @@ } }, "Parameters": { - "AssetParameters4096fd7ad39dc95026cb4c6254d2421d276c3170018ff7abdb41197d50ebd47bS3Bucket48F36117": { + "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3BucketBF50F97C": { "Type": "String", - "Description": "S3 bucket for asset \"4096fd7ad39dc95026cb4c6254d2421d276c3170018ff7abdb41197d50ebd47b\"" + "Description": "S3 bucket for asset \"fec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" }, - "AssetParameters4096fd7ad39dc95026cb4c6254d2421d276c3170018ff7abdb41197d50ebd47bS3VersionKey5B24FA75": { + "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509S3VersionKeyF21AC8C1": { "Type": "String", - "Description": "S3 key for asset version \"4096fd7ad39dc95026cb4c6254d2421d276c3170018ff7abdb41197d50ebd47b\"" + "Description": "S3 key for asset version \"fec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" }, - "AssetParameters4096fd7ad39dc95026cb4c6254d2421d276c3170018ff7abdb41197d50ebd47bArtifactHashFE4A3131": { + "AssetParametersfec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509ArtifactHash5D8C129B": { "Type": "String", - "Description": "Artifact hash for asset \"4096fd7ad39dc95026cb4c6254d2421d276c3170018ff7abdb41197d50ebd47b\"" + "Description": "Artifact hash for asset \"fec1c56a3f23d9d27f58815e0c34c810cc02f431ac63a078f9b5d2aa44cc3509\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json b/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json index ec86574496747..1765faee07465 100644 --- a/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json +++ b/packages/@aws-cdk/aws-lambda/test/integ.log-retention.expected.json @@ -37,13 +37,13 @@ "Code": { "ZipFile": "exports.handler = (event) => console.log(JSON.stringify(event));" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "OneWeekServiceRole05A6F9F8", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -111,8 +111,8 @@ "Statement": [ { "Action": [ - "logs:PutRetentionPolicy", - "logs:DeleteRetentionPolicy" + "logs:DeleteRetentionPolicy", + "logs:PutRetentionPolicy" ], "Effect": "Allow", "Resource": "*" @@ -131,9 +131,11 @@ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { "Type": "AWS::Lambda::Function", "Properties": { + "Handler": "index.handler", + "Runtime": "nodejs14.x", "Code": { "S3Bucket": { - "Ref": "AssetParameters11aa2ce8971716ca7c8d28d472ab5e937131e78e136d0de8f4997fb11c4de847S3Bucket46EF559D" + "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3Bucket0D8A173B" }, "S3Key": { "Fn::Join": [ @@ -146,7 +148,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters11aa2ce8971716ca7c8d28d472ab5e937131e78e136d0de8f4997fb11c4de847S3VersionKey68B7BF84" + "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332" } ] } @@ -159,7 +161,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters11aa2ce8971716ca7c8d28d472ab5e937131e78e136d0de8f4997fb11c4de847S3VersionKey68B7BF84" + "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332" } ] } @@ -169,14 +171,12 @@ ] } }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", "Arn" ] - }, - "Runtime": "nodejs14.x" + } }, "DependsOn": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", @@ -220,13 +220,13 @@ "Code": { "ZipFile": "exports.handler = (event) => console.log(JSON.stringify(event));" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "OneMonthServiceRoleFBD1064F", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -293,13 +293,13 @@ "Code": { "ZipFile": "exports.handler = (event) => console.log(JSON.stringify(event));" }, - "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "OneYearServiceRole24D47762", "Arn" ] }, + "Handler": "index.handler", "Runtime": "nodejs10.x" }, "DependsOn": [ @@ -331,17 +331,17 @@ } }, "Parameters": { - "AssetParameters11aa2ce8971716ca7c8d28d472ab5e937131e78e136d0de8f4997fb11c4de847S3Bucket46EF559D": { + "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3Bucket0D8A173B": { "Type": "String", - "Description": "S3 bucket for asset \"11aa2ce8971716ca7c8d28d472ab5e937131e78e136d0de8f4997fb11c4de847\"" + "Description": "S3 bucket for asset \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\"" }, - "AssetParameters11aa2ce8971716ca7c8d28d472ab5e937131e78e136d0de8f4997fb11c4de847S3VersionKey68B7BF84": { + "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332": { "Type": "String", - "Description": "S3 key for asset version \"11aa2ce8971716ca7c8d28d472ab5e937131e78e136d0de8f4997fb11c4de847\"" + "Description": "S3 key for asset version \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\"" }, - "AssetParameters11aa2ce8971716ca7c8d28d472ab5e937131e78e136d0de8f4997fb11c4de847ArtifactHash27BA7171": { + "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665ArtifactHashF4A1E70E": { "Type": "String", - "Description": "Artifact hash for asset \"11aa2ce8971716ca7c8d28d472ab5e937131e78e136d0de8f4997fb11c4de847\"" + "Description": "Artifact hash for asset \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\"" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-msk/test/integ.cluster.expected.json b/packages/@aws-cdk/aws-msk/test/integ.cluster.expected.json index 2b523706bd3e2..d7ef1ebc8825f 100644 --- a/packages/@aws-cdk/aws-msk/test/integ.cluster.expected.json +++ b/packages/@aws-cdk/aws-msk/test/integ.cluster.expected.json @@ -524,7 +524,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters1c4eb88f5a8270f387281dcff6e3493840634113c4d57044f4aff74e3ef94c2dS3Bucket4C71F166" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -537,7 +537,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1c4eb88f5a8270f387281dcff6e3493840634113c4d57044f4aff74e3ef94c2dS3VersionKey0124EFC4" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -550,7 +550,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters1c4eb88f5a8270f387281dcff6e3493840634113c4d57044f4aff74e3ef94c2dS3VersionKey0124EFC4" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -576,17 +576,17 @@ } }, "Parameters": { - "AssetParameters1c4eb88f5a8270f387281dcff6e3493840634113c4d57044f4aff74e3ef94c2dS3Bucket4C71F166": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"1c4eb88f5a8270f387281dcff6e3493840634113c4d57044f4aff74e3ef94c2d\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters1c4eb88f5a8270f387281dcff6e3493840634113c4d57044f4aff74e3ef94c2dS3VersionKey0124EFC4": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"1c4eb88f5a8270f387281dcff6e3493840634113c4d57044f4aff74e3ef94c2d\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters1c4eb88f5a8270f387281dcff6e3493840634113c4d57044f4aff74e3ef94c2dArtifactHash6350D824": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"1c4eb88f5a8270f387281dcff6e3493840634113c4d57044f4aff74e3ef94c2d\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.custom-kms-key.expected.json b/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.custom-kms-key.expected.json index e232a90c60ae8..085298946af5d 100644 --- a/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.custom-kms-key.expected.json +++ b/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.custom-kms-key.expected.json @@ -39,8 +39,8 @@ "Type": "AWS::OpenSearchService::Domain", "Properties": { "ClusterConfig": { - "InstanceCount": 1, "DedicatedMasterEnabled": false, + "InstanceCount": 1, "InstanceType": "r5.large.search", "ZoneAwarenessEnabled": false }, @@ -53,14 +53,14 @@ }, "EBSOptions": { "EBSEnabled": true, - "VolumeType": "gp2", - "VolumeSize": 10 + "VolumeSize": 10, + "VolumeType": "gp2" }, "EncryptionAtRestOptions": { + "Enabled": true, "KmsKeyId": { "Ref": "Key961B73FD" - }, - "Enabled": true + } }, "EngineVersion": "Elasticsearch_7.1", "LogPublishingOptions": {}, @@ -200,9 +200,9 @@ "Statement": [ { "Action": [ - "kms:List*", + "kms:CreateGrant", "kms:Describe*", - "kms:CreateGrant" + "kms:List*" ], "Effect": "Allow", "Resource": { @@ -228,7 +228,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -241,7 +241,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -254,7 +254,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -281,17 +281,17 @@ } }, "Parameters": { - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2ArtifactHash4BE92B79": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.expected.json b/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.expected.json index 4bc5879ad543f..50228805f44ea 100644 --- a/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.expected.json +++ b/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.expected.json @@ -22,12 +22,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "logs:PutResourcePolicy", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:DeleteResourcePolicy", + "Action": [ + "logs:DeleteResourcePolicy", + "logs:PutResourcePolicy" + ], "Effect": "Allow", "Resource": "*" } @@ -113,8 +111,8 @@ "indices.query.bool.max_clause_count": "2048" }, "ClusterConfig": { - "InstanceCount": 1, "DedicatedMasterEnabled": false, + "InstanceCount": 1, "InstanceType": "r5.large.search", "ZoneAwarenessEnabled": false }, @@ -127,8 +125,8 @@ }, "EBSOptions": { "EBSEnabled": true, - "VolumeType": "gp2", - "VolumeSize": 10 + "VolumeSize": 10, + "VolumeType": "gp2" }, "EncryptionAtRestOptions": { "Enabled": true @@ -292,7 +290,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -305,7 +303,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -318,7 +316,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -364,12 +362,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "logs:PutResourcePolicy", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "logs:DeleteResourcePolicy", + "Action": [ + "logs:DeleteResourcePolicy", + "logs:PutResourcePolicy" + ], "Effect": "Allow", "Resource": "*" } @@ -455,8 +451,8 @@ "indices.query.bool.max_clause_count": "2048" }, "ClusterConfig": { - "InstanceCount": 1, "DedicatedMasterEnabled": false, + "InstanceCount": 1, "InstanceType": "r5.large.search", "ZoneAwarenessEnabled": false }, @@ -469,8 +465,8 @@ }, "EBSOptions": { "EBSEnabled": true, - "VolumeType": "gp2", - "VolumeSize": 10 + "VolumeSize": 10, + "VolumeType": "gp2" }, "EncryptionAtRestOptions": { "Enabled": true @@ -600,17 +596,17 @@ } }, "Parameters": { - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2ArtifactHash4BE92B79": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.unsignedbasicauth.expected.json b/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.unsignedbasicauth.expected.json index 3e5f7e92c5ced..e5b8703ab4b90 100644 --- a/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.unsignedbasicauth.expected.json +++ b/packages/@aws-cdk/aws-opensearchservice/test/integ.opensearch.unsignedbasicauth.expected.json @@ -17,7 +17,9 @@ "Properties": { "AdvancedSecurityOptions": { "Enabled": true, + "InternalUserDatabaseEnabled": true, "MasterUserOptions": { + "MasterUserName": "admin", "MasterUserPassword": { "Fn::Join": [ "", @@ -29,14 +31,12 @@ ":SecretString:password::}}" ] ] - }, - "MasterUserName": "admin" - }, - "InternalUserDatabaseEnabled": true + } + } }, "ClusterConfig": { - "InstanceCount": 1, "DedicatedMasterEnabled": false, + "InstanceCount": 1, "InstanceType": "r5.large.search", "ZoneAwarenessEnabled": false }, @@ -49,8 +49,8 @@ }, "EBSOptions": { "EBSEnabled": true, - "VolumeType": "gp2", - "VolumeSize": 10 + "VolumeSize": 10, + "VolumeType": "gp2" }, "EncryptionAtRestOptions": { "Enabled": true @@ -189,7 +189,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -202,7 +202,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -215,7 +215,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -241,17 +241,17 @@ } }, "Parameters": { - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3BucketF482197E": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2S3VersionKey38B69632": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2ArtifactHash4BE92B79": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"6ee0a36dd10d630708c265bcf7616c64030040c1bbc383b34150db74b744cad2\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.cluster-s3.expected.json b/packages/@aws-cdk/aws-rds/test/integ.cluster-s3.expected.json index d3127f0b8fdd9..3f138a90f511b 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.cluster-s3.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.cluster-s3.expected.json @@ -95,15 +95,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "Tags": [ { "Key": "Name", @@ -480,8 +480,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -543,16 +543,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -614,7 +614,6 @@ "Type": "AWS::RDS::DBCluster", "Properties": { "Engine": "aurora", - "CopyTagsToSnapshot": true, "AssociatedRoles": [ { "RoleArn": { @@ -633,6 +632,7 @@ } } ], + "CopyTagsToSnapshot": true, "DBClusterParameterGroupName": { "Ref": "DatabaseClusterParameterGroupF2A52087" }, diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance-s3-postgres.expected.json b/packages/@aws-cdk/aws-rds/test/integ.instance-s3-postgres.expected.json index f811978275863..b625e5f5de352 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance-s3-postgres.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance-s3-postgres.expected.json @@ -387,8 +387,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -450,16 +450,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json b/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json index f379bde6663f7..2a725ac4b7a54 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance-s3.expected.json @@ -419,8 +419,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -449,16 +449,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ diff --git a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json index e5a193d0d68c4..c1d2992fc2b50 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.instance.lit.expected.json @@ -984,8 +984,8 @@ "Statement": [ { "Action": [ - "logs:PutRetentionPolicy", - "logs:DeleteRetentionPolicy" + "logs:DeleteRetentionPolicy", + "logs:PutRetentionPolicy" ], "Effect": "Allow", "Resource": "*" @@ -1008,7 +1008,7 @@ "Runtime": "nodejs14.x", "Code": { "S3Bucket": { - "Ref": "AssetParametersdd4b26cf376ea5894e31041be239fc518713becdafb8f2894b069a53984fafe9S3BucketE7DA8D4B" + "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3Bucket0D8A173B" }, "S3Key": { "Fn::Join": [ @@ -1021,7 +1021,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdd4b26cf376ea5894e31041be239fc518713becdafb8f2894b069a53984fafe9S3VersionKey534293E7" + "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332" } ] } @@ -1034,7 +1034,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdd4b26cf376ea5894e31041be239fc518713becdafb8f2894b069a53984fafe9S3VersionKey534293E7" + "Ref": "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332" } ] } @@ -1144,17 +1144,17 @@ } }, "Parameters": { - "AssetParametersdd4b26cf376ea5894e31041be239fc518713becdafb8f2894b069a53984fafe9S3BucketE7DA8D4B": { + "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3Bucket0D8A173B": { "Type": "String", - "Description": "S3 bucket for asset \"dd4b26cf376ea5894e31041be239fc518713becdafb8f2894b069a53984fafe9\"" + "Description": "S3 bucket for asset \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\"" }, - "AssetParametersdd4b26cf376ea5894e31041be239fc518713becdafb8f2894b069a53984fafe9S3VersionKey534293E7": { + "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665S3VersionKeyE95BF332": { "Type": "String", - "Description": "S3 key for asset version \"dd4b26cf376ea5894e31041be239fc518713becdafb8f2894b069a53984fafe9\"" + "Description": "S3 key for asset version \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\"" }, - "AssetParametersdd4b26cf376ea5894e31041be239fc518713becdafb8f2894b069a53984fafe9ArtifactHash3CB520C3": { + "AssetParameters22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665ArtifactHashF4A1E70E": { "Type": "String", - "Description": "Artifact hash for asset \"dd4b26cf376ea5894e31041be239fc518713becdafb8f2894b069a53984fafe9\"" + "Description": "Artifact hash for asset \"22bb41d703c8e7a9a1712308f455fcf58cc012b0a386c9df563a6244a61e6665\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json b/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json index 8ec23ce0fe7db..a8eff4138bc50 100644 --- a/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json +++ b/packages/@aws-cdk/aws-rds/test/integ.proxy.expected.json @@ -524,8 +524,8 @@ "Statement": [ { "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret" + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-redshift/test/integ.database.expected.json b/packages/@aws-cdk/aws-redshift/test/integ.database.expected.json index 6e909192a7f3d..696de88a365bf 100644 --- a/packages/@aws-cdk/aws-redshift/test/integ.database.expected.json +++ b/packages/@aws-cdk/aws-redshift/test/integ.database.expected.json @@ -825,7 +825,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -838,7 +838,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -851,7 +851,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -980,7 +980,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -993,7 +993,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -1006,7 +1006,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -1131,23 +1131,18 @@ }, { "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret" + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" ], "Effect": "Allow", - "Resource": { - "Ref": "ClusterSecretAttachment769E6258" - } - }, - { - "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret" - ], - "Effect": "Allow", - "Resource": { - "Ref": "UserSecretAttachment02022609" - } + "Resource": [ + { + "Ref": "ClusterSecretAttachment769E6258" + }, + { + "Ref": "UserSecretAttachment02022609" + } + ] } ], "Version": "2012-10-17" @@ -1167,7 +1162,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters85597bcd6a07abd4673fe02c7e92e21df5859eee0d831e9db67f4d2e74d4d066S3Bucket0B347C2E" + "Ref": "AssetParameters104629e772240371441c4f76a71184cb01d6d09afe126b3ddc9243d03f78fb3bS3Bucket2B744261" }, "S3Key": { "Fn::Join": [ @@ -1180,7 +1175,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters85597bcd6a07abd4673fe02c7e92e21df5859eee0d831e9db67f4d2e74d4d066S3VersionKey932D0479" + "Ref": "AssetParameters104629e772240371441c4f76a71184cb01d6d09afe126b3ddc9243d03f78fb3bS3VersionKey26C2ED2C" } ] } @@ -1193,7 +1188,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters85597bcd6a07abd4673fe02c7e92e21df5859eee0d831e9db67f4d2e74d4d066S3VersionKey932D0479" + "Ref": "AssetParameters104629e772240371441c4f76a71184cb01d6d09afe126b3ddc9243d03f78fb3bS3VersionKey26C2ED2C" } ] } @@ -1286,7 +1281,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -1299,7 +1294,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -1312,7 +1307,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -1396,29 +1391,29 @@ } }, "Parameters": { - "AssetParameters85597bcd6a07abd4673fe02c7e92e21df5859eee0d831e9db67f4d2e74d4d066S3Bucket0B347C2E": { + "AssetParameters104629e772240371441c4f76a71184cb01d6d09afe126b3ddc9243d03f78fb3bS3Bucket2B744261": { "Type": "String", - "Description": "S3 bucket for asset \"85597bcd6a07abd4673fe02c7e92e21df5859eee0d831e9db67f4d2e74d4d066\"" + "Description": "S3 bucket for asset \"104629e772240371441c4f76a71184cb01d6d09afe126b3ddc9243d03f78fb3b\"" }, - "AssetParameters85597bcd6a07abd4673fe02c7e92e21df5859eee0d831e9db67f4d2e74d4d066S3VersionKey932D0479": { + "AssetParameters104629e772240371441c4f76a71184cb01d6d09afe126b3ddc9243d03f78fb3bS3VersionKey26C2ED2C": { "Type": "String", - "Description": "S3 key for asset version \"85597bcd6a07abd4673fe02c7e92e21df5859eee0d831e9db67f4d2e74d4d066\"" + "Description": "S3 key for asset version \"104629e772240371441c4f76a71184cb01d6d09afe126b3ddc9243d03f78fb3b\"" }, - "AssetParameters85597bcd6a07abd4673fe02c7e92e21df5859eee0d831e9db67f4d2e74d4d066ArtifactHash78689978": { + "AssetParameters104629e772240371441c4f76a71184cb01d6d09afe126b3ddc9243d03f78fb3bArtifactHash00C57864": { "Type": "String", - "Description": "Artifact hash for asset \"85597bcd6a07abd4673fe02c7e92e21df5859eee0d831e9db67f4d2e74d4d066\"" + "Description": "Artifact hash for asset \"104629e772240371441c4f76a71184cb01d6d09afe126b3ddc9243d03f78fb3b\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-route53/test/integ.vpc-endpoint-service-domain-name.expected.json b/packages/@aws-cdk/aws-route53/test/integ.vpc-endpoint-service-domain-name.expected.json index 030333512f860..88f5a2f51362c 100644 --- a/packages/@aws-cdk/aws-route53/test/integ.vpc-endpoint-service-domain-name.expected.json +++ b/packages/@aws-cdk/aws-route53/test/integ.vpc-endpoint-service-domain-name.expected.json @@ -95,15 +95,15 @@ "VPCPublicSubnet1NATGatewayE0556630": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet1EIP6AD938E8", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, "Tags": [ { "Key": "Name", @@ -192,15 +192,15 @@ "VPCPublicSubnet2NATGateway3C070193": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet2EIP4947BC00", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - }, "Tags": [ { "Key": "Name", @@ -289,15 +289,15 @@ "VPCPublicSubnet3NATGatewayD3048F5C": { "Type": "AWS::EC2::NatGateway", "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet3Subnet631C5E25" + }, "AllocationId": { "Fn::GetAtt": [ "VPCPublicSubnet3EIPAD4BC883", "AllocationId" ] }, - "SubnetId": { - "Ref": "VPCPublicSubnet3Subnet631C5E25" - }, "Tags": [ { "Key": "Name", @@ -936,7 +936,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3BucketD609D0D9" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -949,7 +949,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -962,7 +962,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -988,17 +988,17 @@ } }, "Parameters": { - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3BucketD609D0D9": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cS3VersionKey77CF589B": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParameters4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02cArtifactHash86CFA15D": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"4600faecd25ab407ff0a9d16f935c93062aaea5d415e97046bb8befe6c8ec02c\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-s3-assets/test/integ.assets.bundling.lit.expected.json b/packages/@aws-cdk/aws-s3-assets/test/integ.assets.bundling.lit.expected.json index 3f1cef1b0c4f4..fe8410cd1f63b 100644 --- a/packages/@aws-cdk/aws-s3-assets/test/integ.assets.bundling.lit.expected.json +++ b/packages/@aws-cdk/aws-s3-assets/test/integ.assets.bundling.lit.expected.json @@ -24,8 +24,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -41,7 +41,8 @@ ":s3:::", { "Ref": "AssetParameters8995e9405bdcae88dc6fc76b4fc224fecfd00ef93663cb759b491c6a13cc59c2S3Bucket32756583" - } + }, + "/*" ] ] }, @@ -56,8 +57,7 @@ ":s3:::", { "Ref": "AssetParameters8995e9405bdcae88dc6fc76b4fc224fecfd00ef93663cb759b491c6a13cc59c2S3Bucket32756583" - }, - "/*" + } ] ] } diff --git a/packages/@aws-cdk/aws-s3-assets/test/integ.assets.directory.lit.expected.json b/packages/@aws-cdk/aws-s3-assets/test/integ.assets.directory.lit.expected.json index 867d0a2430be4..d034243acc5b6 100644 --- a/packages/@aws-cdk/aws-s3-assets/test/integ.assets.directory.lit.expected.json +++ b/packages/@aws-cdk/aws-s3-assets/test/integ.assets.directory.lit.expected.json @@ -24,8 +24,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -41,7 +41,8 @@ ":s3:::", { "Ref": "AssetParameters6b84b87243a4a01c592d78e1fd3855c4bfef39328cd0a450cc97e81717fea2a2S3Bucket50B5A10B" - } + }, + "/*" ] ] }, @@ -56,8 +57,7 @@ ":s3:::", { "Ref": "AssetParameters6b84b87243a4a01c592d78e1fd3855c4bfef39328cd0a450cc97e81717fea2a2S3Bucket50B5A10B" - }, - "/*" + } ] ] } diff --git a/packages/@aws-cdk/aws-s3-assets/test/integ.assets.file.lit.expected.json b/packages/@aws-cdk/aws-s3-assets/test/integ.assets.file.lit.expected.json index 4548468d9a80a..2c3894cefd893 100644 --- a/packages/@aws-cdk/aws-s3-assets/test/integ.assets.file.lit.expected.json +++ b/packages/@aws-cdk/aws-s3-assets/test/integ.assets.file.lit.expected.json @@ -24,8 +24,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -41,7 +41,8 @@ ":s3:::", { "Ref": "AssetParameters78add9eaf468dfa2191da44a7da92a21baba4c686cf6053d772556768ef21197S3Bucket2C60F94A" - } + }, + "/*" ] ] }, @@ -56,8 +57,7 @@ ":s3:::", { "Ref": "AssetParameters78add9eaf468dfa2191da44a7da92a21baba4c686cf6053d772556768ef21197S3Bucket2C60F94A" - }, - "/*" + } ] ] } diff --git a/packages/@aws-cdk/aws-s3-assets/test/integ.assets.permissions.lit.expected.json b/packages/@aws-cdk/aws-s3-assets/test/integ.assets.permissions.lit.expected.json index df2a4a5f73e9b..cf48b76027050 100644 --- a/packages/@aws-cdk/aws-s3-assets/test/integ.assets.permissions.lit.expected.json +++ b/packages/@aws-cdk/aws-s3-assets/test/integ.assets.permissions.lit.expected.json @@ -24,8 +24,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -41,7 +41,8 @@ ":s3:::", { "Ref": "AssetParameters78add9eaf468dfa2191da44a7da92a21baba4c686cf6053d772556768ef21197S3Bucket2C60F94A" - } + }, + "/*" ] ] }, @@ -56,8 +57,7 @@ ":s3:::", { "Ref": "AssetParameters78add9eaf468dfa2191da44a7da92a21baba4c686cf6053d772556768ef21197S3Bucket2C60F94A" - }, - "/*" + } ] ] } diff --git a/packages/@aws-cdk/aws-s3-assets/test/integ.assets.refs.lit.expected.json b/packages/@aws-cdk/aws-s3-assets/test/integ.assets.refs.lit.expected.json index 76aecf1148218..49c2b9550834b 100644 --- a/packages/@aws-cdk/aws-s3-assets/test/integ.assets.refs.lit.expected.json +++ b/packages/@aws-cdk/aws-s3-assets/test/integ.assets.refs.lit.expected.json @@ -154,8 +154,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -171,7 +171,8 @@ ":s3:::", { "Ref": "AssetParameters6b84b87243a4a01c592d78e1fd3855c4bfef39328cd0a450cc97e81717fea2a2S3Bucket50B5A10B" - } + }, + "/*" ] ] }, @@ -186,8 +187,7 @@ ":s3:::", { "Ref": "AssetParameters6b84b87243a4a01c592d78e1fd3855c4bfef39328cd0a450cc97e81717fea2a2S3Bucket50B5A10B" - }, - "/*" + } ] ] } diff --git a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json index 54fa70b01ed7f..f0447996bff9d 100644 --- a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json +++ b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.expected.json @@ -27,9 +27,9 @@ "Statement": [ { "Action": [ + "s3:DeleteObject*", "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*" + "s3:List*" ], "Effect": "Allow", "Principal": { @@ -230,7 +230,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3Bucket59E5CFEF" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, "S3Key": { "Fn::Join": [ @@ -243,7 +243,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -256,7 +256,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -371,8 +371,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -388,7 +388,8 @@ ":s3:::", { "Ref": "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A" - } + }, + "/*" ] ] }, @@ -403,8 +404,7 @@ ":s3:::", { "Ref": "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A" - }, - "/*" + } ] ] } @@ -412,16 +412,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -449,8 +449,8 @@ }, { "Action": [ - "cloudfront:GetInvalidation", - "cloudfront:CreateInvalidation" + "cloudfront:CreateInvalidation", + "cloudfront:GetInvalidation" ], "Effect": "Allow", "Resource": "*" @@ -471,7 +471,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3BucketC3F9EAA2" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3BucketF23C0DE7" }, "S3Key": { "Fn::Join": [ @@ -484,7 +484,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3VersionKey030ACBFF" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D" } ] } @@ -497,7 +497,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3VersionKey030ACBFF" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D" } ] } @@ -541,29 +541,29 @@ "Type": "String", "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" }, - "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3Bucket59E5CFEF": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0ArtifactHash8F73A2B0": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3BucketC3F9EAA2": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3BucketF23C0DE7": { "Type": "String", - "Description": "S3 bucket for asset \"4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282e\"" + "Description": "S3 bucket for asset \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, - "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3VersionKey030ACBFF": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D": { "Type": "String", - "Description": "S3 key for asset version \"4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282e\"" + "Description": "S3 key for asset version \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, - "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eArtifactHashE8052809": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daArtifactHashD85D28D8": { "Type": "String", - "Description": "Artifact hash for asset \"4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282e\"" + "Description": "Artifact hash for asset \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A": { "Type": "String", diff --git a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-data.expected.json b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-data.expected.json index 51b9a179e65c5..f8b42aa2fbd9b 100644 --- a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-data.expected.json +++ b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment-data.expected.json @@ -18,7 +18,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3Bucket59E5CFEF" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, "S3Key": { "Fn::Join": [ @@ -31,7 +31,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -44,7 +44,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -241,8 +241,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -257,8 +257,9 @@ }, ":s3:::", { - "Ref": "AssetParametersd09271be89b6cb0398f793b40c1531fd9b076aa92ba80b5e436914b1808fe18dS3BucketBC52CF96" - } + "Ref": "AssetParameters0d7be86c2a7d62be64fcbe2cbaa36c912a72d445022cc17c37af4f99f1b97a5aS3Bucket485B8F98" + }, + "/*" ] ] }, @@ -272,22 +273,11 @@ }, ":s3:::", { - "Ref": "AssetParametersd09271be89b6cb0398f793b40c1531fd9b076aa92ba80b5e436914b1808fe18dS3BucketBC52CF96" - }, - "/*" + "Ref": "AssetParameters0d7be86c2a7d62be64fcbe2cbaa36c912a72d445022cc17c37af4f99f1b97a5aS3Bucket485B8F98" + } ] ] - } - ] - }, - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ + }, { "Fn::Join": [ "", @@ -299,7 +289,8 @@ ":s3:::", { "Ref": "AssetParameters0f14dedeaf4386031c978375cbda0f65d7b52b29452cabb8873eb8f0d0fa936bS3BucketE46D7C76" - } + }, + "/*" ] ] }, @@ -314,21 +305,10 @@ ":s3:::", { "Ref": "AssetParameters0f14dedeaf4386031c978375cbda0f65d7b52b29452cabb8873eb8f0d0fa936bS3BucketE46D7C76" - }, - "/*" + } ] ] - } - ] - }, - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*" - ], - "Effect": "Allow", - "Resource": [ + }, { "Fn::Join": [ "", @@ -339,8 +319,9 @@ }, ":s3:::", { - "Ref": "AssetParameters0d7be86c2a7d62be64fcbe2cbaa36c912a72d445022cc17c37af4f99f1b97a5aS3Bucket485B8F98" - } + "Ref": "AssetParametersd09271be89b6cb0398f793b40c1531fd9b076aa92ba80b5e436914b1808fe18dS3BucketBC52CF96" + }, + "/*" ] ] }, @@ -354,9 +335,8 @@ }, ":s3:::", { - "Ref": "AssetParameters0d7be86c2a7d62be64fcbe2cbaa36c912a72d445022cc17c37af4f99f1b97a5aS3Bucket485B8F98" - }, - "/*" + "Ref": "AssetParametersd09271be89b6cb0398f793b40c1531fd9b076aa92ba80b5e436914b1808fe18dS3BucketBC52CF96" + } ] ] } @@ -364,16 +344,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -415,7 +395,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3BucketC3F9EAA2" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3BucketF23C0DE7" }, "S3Key": { "Fn::Join": [ @@ -428,7 +408,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3VersionKey030ACBFF" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D" } ] } @@ -441,7 +421,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3VersionKey030ACBFF" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D" } ] } @@ -473,29 +453,29 @@ } }, "Parameters": { - "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3Bucket59E5CFEF": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0ArtifactHash8F73A2B0": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3BucketC3F9EAA2": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3BucketF23C0DE7": { "Type": "String", - "Description": "S3 bucket for asset \"4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282e\"" + "Description": "S3 bucket for asset \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, - "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3VersionKey030ACBFF": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D": { "Type": "String", - "Description": "S3 key for asset version \"4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282e\"" + "Description": "S3 key for asset version \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, - "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eArtifactHashE8052809": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daArtifactHashD85D28D8": { "Type": "String", - "Description": "Artifact hash for asset \"4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282e\"" + "Description": "Artifact hash for asset \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, "AssetParametersd09271be89b6cb0398f793b40c1531fd9b076aa92ba80b5e436914b1808fe18dS3BucketBC52CF96": { "Type": "String", diff --git a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json index bf4c180c9b559..d1d5576423ee4 100644 --- a/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json +++ b/packages/@aws-cdk/aws-s3-deployment/test/integ.bucket-deployment.expected.json @@ -42,9 +42,9 @@ "Statement": [ { "Action": [ + "s3:DeleteObject*", "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*" + "s3:List*" ], "Effect": "Allow", "Principal": { @@ -197,7 +197,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3Bucket59E5CFEF" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, "S3Key": { "Fn::Join": [ @@ -210,7 +210,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -223,7 +223,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -332,8 +332,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -349,7 +349,8 @@ ":s3:::", { "Ref": "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A" - } + }, + "/*" ] ] }, @@ -364,8 +365,7 @@ ":s3:::", { "Ref": "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A" - }, - "/*" + } ] ] } @@ -373,19 +373,31 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ + { + "Fn::GetAtt": [ + "Destination281A09BDF", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "Destination3E3DC043D", + "Arn" + ] + }, { "Fn::GetAtt": [ "Destination920A3C57", @@ -398,36 +410,13 @@ [ { "Fn::GetAtt": [ - "Destination920A3C57", + "Destination281A09BDF", "Arn" ] }, "/*" ] ] - } - ] - }, - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "Destination281A09BDF", - "Arn" - ] }, { "Fn::Join": [ @@ -435,36 +424,13 @@ [ { "Fn::GetAtt": [ - "Destination281A09BDF", + "Destination3E3DC043D", "Arn" ] }, "/*" ] ] - } - ] - }, - { - "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "Destination3E3DC043D", - "Arn" - ] }, { "Fn::Join": [ @@ -472,7 +438,7 @@ [ { "Fn::GetAtt": [ - "Destination3E3DC043D", + "Destination920A3C57", "Arn" ] }, @@ -498,7 +464,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3BucketC3F9EAA2" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3BucketF23C0DE7" }, "S3Key": { "Fn::Join": [ @@ -511,7 +477,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3VersionKey030ACBFF" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D" } ] } @@ -524,7 +490,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3VersionKey030ACBFF" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D" } ] } @@ -1073,7 +1039,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3Bucket59E5CFEF" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, "S3Key": { "Fn::Join": [ @@ -1086,7 +1052,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -1099,7 +1065,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -1494,8 +1460,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1511,7 +1477,8 @@ ":s3:::", { "Ref": "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A" - } + }, + "/*" ] ] }, @@ -1526,8 +1493,7 @@ ":s3:::", { "Ref": "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A" - }, - "/*" + } ] ] } @@ -1535,16 +1501,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -1612,7 +1578,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3BucketC3F9EAA2" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3BucketF23C0DE7" }, "S3Key": { "Fn::Join": [ @@ -1625,7 +1591,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3VersionKey030ACBFF" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D" } ] } @@ -1638,7 +1604,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3VersionKey030ACBFF" + "Ref": "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D" } ] } @@ -1753,9 +1719,9 @@ "Statement": [ { "Action": [ + "s3:DeleteObject*", "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*" + "s3:List*" ], "Effect": "Allow", "Principal": { @@ -1818,7 +1784,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3Bucket59E5CFEF" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, "S3Key": { "Fn::Join": [ @@ -1831,7 +1797,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -1844,7 +1810,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -1943,9 +1909,9 @@ "Statement": [ { "Action": [ + "s3:DeleteObject*", "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*" + "s3:List*" ], "Effect": "Allow", "Principal": { @@ -2008,7 +1974,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3Bucket59E5CFEF" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, "S3Key": { "Fn::Join": [ @@ -2021,7 +1987,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -2034,7 +2000,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -2119,7 +2085,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3Bucket59E5CFEF" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, "S3Key": { "Fn::Join": [ @@ -2132,7 +2098,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -2145,7 +2111,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -2221,7 +2187,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3Bucket59E5CFEF" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, "S3Key": { "Fn::Join": [ @@ -2234,7 +2200,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -2247,7 +2213,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -2335,29 +2301,29 @@ "Type": "String", "Description": "Artifact hash for asset \"be270bbdebe0851c887569796e3997437cca54ce86893ed94788500448e92824\"" }, - "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3Bucket59E5CFEF": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0S3VersionKey7EE70F5C": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0ArtifactHash8F73A2B0": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"187e7a21dd5d55d36f1f45007ff6bbc5713cb0866ca86224c0f1f86b3d1e76a0\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3BucketC3F9EAA2": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3BucketF23C0DE7": { "Type": "String", - "Description": "S3 bucket for asset \"4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282e\"" + "Description": "S3 bucket for asset \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, - "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eS3VersionKey030ACBFF": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daS3VersionKey5E97B17D": { "Type": "String", - "Description": "S3 key for asset version \"4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282e\"" + "Description": "S3 key for asset version \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, - "AssetParameters4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282eArtifactHashE8052809": { + "AssetParametersf98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711daArtifactHashD85D28D8": { "Type": "String", - "Description": "Artifact hash for asset \"4e09e63403b235ffda9db09367996f2d4c9fe1f7aa19b402908d8221614a282e\"" + "Description": "Artifact hash for asset \"f98b78092dcdd31f5e6d47489beb5f804d4835ef86a8085d0a2053cb9ae711da\"" }, "AssetParametersfc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222eS3Bucket9CD8B20A": { "Type": "String", diff --git a/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json index 9026931306ab4..472b3b55a72b7 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/integ.notifications.expected.json @@ -1,5 +1,10 @@ { "Resources": { + "Bucket83908E77": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "BucketNotifications8F2E257D": { "Type": "Custom::S3BucketNotifications", "Properties": { @@ -51,11 +56,6 @@ "Topic3DEAE47A7" ] }, - "Bucket83908E77": { - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, "TopicBFC7AF6E": { "Type": "AWS::SNS::Topic" }, @@ -222,12 +222,10 @@ "PolicyDocument": { "Statement": [ { - "Action": "s3:PutBucketNotification", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:GetBucketNotification", + "Action": [ + "s3:GetBucketNotification", + "s3:PutBucketNotification" + ], "Effect": "Allow", "Resource": "*" } @@ -264,6 +262,11 @@ "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC" ] }, + "Bucket25524B414": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "Bucket2NotificationsD9BA2A77": { "Type": "Custom::S3BucketNotifications", "Properties": { @@ -309,11 +312,6 @@ "Topic3DEAE47A7" ] }, - "Bucket25524B414": { - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, "Bucket3NotificationsAFEFF359": { "Type": "Custom::S3BucketNotifications", "Properties": { diff --git a/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json b/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json index 229b916beac4b..de109b272d9bb 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json +++ b/packages/@aws-cdk/aws-s3-notifications/test/sqs/integ.bucket-notifications.expected.json @@ -1,5 +1,10 @@ { "Resources": { + "Bucket12520700A": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "Bucket1NotificationsBC5D9A45": { "Type": "Custom::S3BucketNotifications", "Properties": { @@ -48,11 +53,6 @@ "MyQueueE6CA6235" ] }, - "Bucket12520700A": { - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, "MyQueueE6CA6235": { "Type": "AWS::SQS::Queue", "UpdateReplacePolicy": "Delete", @@ -65,9 +65,9 @@ "Statement": [ { "Action": [ - "sqs:SendMessage", "sqs:GetQueueAttributes", - "sqs:GetQueueUrl" + "sqs:GetQueueUrl", + "sqs:SendMessage" ], "Condition": { "ArnLike": { @@ -92,9 +92,9 @@ }, { "Action": [ - "sqs:SendMessage", "sqs:GetQueueAttributes", - "sqs:GetQueueUrl" + "sqs:GetQueueUrl", + "sqs:SendMessage" ], "Condition": { "ArnLike": { @@ -201,6 +201,11 @@ "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC" ] }, + "Bucket25524B414": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, "Bucket2NotificationsD9BA2A77": { "Type": "Custom::S3BucketNotifications", "Properties": { @@ -245,11 +250,6 @@ "MyQueueE6CA6235" ] }, - "Bucket25524B414": { - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, "EncryptedQueueKey6F4FD304": { "Type": "AWS::KMS::Key", "Properties": { @@ -282,8 +282,8 @@ "Action": [ "kms:Decrypt", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Condition": { "ArnLike": { @@ -303,8 +303,8 @@ }, { "Action": [ - "kms:GenerateDataKey*", - "kms:Decrypt" + "kms:Decrypt", + "kms:GenerateDataKey*" ], "Effect": "Allow", "Principal": { @@ -340,9 +340,9 @@ "Statement": [ { "Action": [ - "sqs:SendMessage", "sqs:GetQueueAttributes", - "sqs:GetQueueUrl" + "sqs:GetQueueUrl", + "sqs:SendMessage" ], "Condition": { "ArnLike": { diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket-auto-delete-objects.expected.json b/packages/@aws-cdk/aws-s3/test/integ.bucket-auto-delete-objects.expected.json index da2c8cf503fe6..c50af59d25b5c 100644 --- a/packages/@aws-cdk/aws-s3/test/integ.bucket-auto-delete-objects.expected.json +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket-auto-delete-objects.expected.json @@ -23,9 +23,9 @@ "Statement": [ { "Action": [ + "s3:DeleteObject*", "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*" + "s3:List*" ], "Effect": "Allow", "Principal": { diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket-sharing.lit.expected.json b/packages/@aws-cdk/aws-s3/test/integ.bucket-sharing.lit.expected.json index d3f68abaf02b5..50df7b97b9f05 100644 --- a/packages/@aws-cdk/aws-s3/test/integ.bucket-sharing.lit.expected.json +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket-sharing.lit.expected.json @@ -33,16 +33,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket.expected.json b/packages/@aws-cdk/aws-s3/test/integ.bucket.expected.json index 4352395e831c2..fbe9cea592664 100644 --- a/packages/@aws-cdk/aws-s3/test/integ.bucket.expected.json +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket.expected.json @@ -84,16 +84,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -124,8 +124,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -137,8 +137,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-secretsmanager/test/integ.lambda-rotation.expected.json b/packages/@aws-cdk/aws-secretsmanager/test/integ.lambda-rotation.expected.json index f1d540cbd42a7..7e903c33b48af 100644 --- a/packages/@aws-cdk/aws-secretsmanager/test/integ.lambda-rotation.expected.json +++ b/packages/@aws-cdk/aws-secretsmanager/test/integ.lambda-rotation.expected.json @@ -30,52 +30,12 @@ }, { "Action": [ + "kms:CreateGrant", "kms:Decrypt", + "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - "Condition": { - "StringEquals": { - "kms:ViaService": { - "Fn::Join": [ - "", - [ - "secretsmanager.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - }, - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - }, - { - "Action": [ - "kms:CreateGrant", - "kms:DescribeKey" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Condition": { "StringEquals": { @@ -118,8 +78,8 @@ "Action": [ "kms:Decrypt", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Condition": { "StringEquals": { diff --git a/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.expected.json b/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.expected.json index 01e9e10d4eed9..b4a3687322701 100644 --- a/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.expected.json +++ b/packages/@aws-cdk/aws-secretsmanager/test/integ.secret-name-parsed.expected.json @@ -91,7 +91,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters2a2da33f11dc6085a4843d85898c13b2798393e7650fbb994d866555e23f79e9S3BucketED542E1C" + "Ref": "AssetParameters7452e934e8e327a54ba0c8e462065f22bf095d0722d22cc4c29d2ed4c2f2ff33S3Bucket499DB3A2" }, "S3Key": { "Fn::Join": [ @@ -104,7 +104,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters2a2da33f11dc6085a4843d85898c13b2798393e7650fbb994d866555e23f79e9S3VersionKey10487FD6" + "Ref": "AssetParameters7452e934e8e327a54ba0c8e462065f22bf095d0722d22cc4c29d2ed4c2f2ff33S3VersionKey8F35128C" } ] } @@ -117,7 +117,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters2a2da33f11dc6085a4843d85898c13b2798393e7650fbb994d866555e23f79e9S3VersionKey10487FD6" + "Ref": "AssetParameters7452e934e8e327a54ba0c8e462065f22bf095d0722d22cc4c29d2ed4c2f2ff33S3VersionKey8F35128C" } ] } @@ -384,17 +384,17 @@ } }, "Parameters": { - "AssetParameters2a2da33f11dc6085a4843d85898c13b2798393e7650fbb994d866555e23f79e9S3BucketED542E1C": { + "AssetParameters7452e934e8e327a54ba0c8e462065f22bf095d0722d22cc4c29d2ed4c2f2ff33S3Bucket499DB3A2": { "Type": "String", - "Description": "S3 bucket for asset \"2a2da33f11dc6085a4843d85898c13b2798393e7650fbb994d866555e23f79e9\"" + "Description": "S3 bucket for asset \"7452e934e8e327a54ba0c8e462065f22bf095d0722d22cc4c29d2ed4c2f2ff33\"" }, - "AssetParameters2a2da33f11dc6085a4843d85898c13b2798393e7650fbb994d866555e23f79e9S3VersionKey10487FD6": { + "AssetParameters7452e934e8e327a54ba0c8e462065f22bf095d0722d22cc4c29d2ed4c2f2ff33S3VersionKey8F35128C": { "Type": "String", - "Description": "S3 key for asset version \"2a2da33f11dc6085a4843d85898c13b2798393e7650fbb994d866555e23f79e9\"" + "Description": "S3 key for asset version \"7452e934e8e327a54ba0c8e462065f22bf095d0722d22cc4c29d2ed4c2f2ff33\"" }, - "AssetParameters2a2da33f11dc6085a4843d85898c13b2798393e7650fbb994d866555e23f79e9ArtifactHashB26239A1": { + "AssetParameters7452e934e8e327a54ba0c8e462065f22bf095d0722d22cc4c29d2ed4c2f2ff33ArtifactHashD7AC58BE": { "Type": "String", - "Description": "Artifact hash for asset \"2a2da33f11dc6085a4843d85898c13b2798393e7650fbb994d866555e23f79e9\"" + "Description": "Artifact hash for asset \"7452e934e8e327a54ba0c8e462065f22bf095d0722d22cc4c29d2ed4c2f2ff33\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-secretsmanager/test/integ.secret.lit.expected.json b/packages/@aws-cdk/aws-secretsmanager/test/integ.secret.lit.expected.json index e72f363ac687f..62a4980a4548a 100644 --- a/packages/@aws-cdk/aws-secretsmanager/test/integ.secret.lit.expected.json +++ b/packages/@aws-cdk/aws-secretsmanager/test/integ.secret.lit.expected.json @@ -39,8 +39,8 @@ "Statement": [ { "Action": [ - "secretsmanager:GetSecretValue", - "secretsmanager:DescribeSecret" + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json b/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json index 6dc7b035309d7..a25e39dc58a03 100644 --- a/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json +++ b/packages/@aws-cdk/aws-sqs/test/integ.sqs.expected.json @@ -120,51 +120,39 @@ "Statement": [ { "Action": [ - "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", "sqs:DeleteMessage", - "sqs:GetQueueAttributes" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "DeadLetterQueue9F481546", - "Arn" - ] - } - }, - { - "Action": [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", + "sqs:GetQueueAttributes", "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes" + "sqs:ReceiveMessage" ], "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "Queue4A7E3555", - "Arn" - ] - } - }, - { - "Action": [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "FifoQueueE5FF7273", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "DeadLetterQueue9F481546", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "FifoQueueE5FF7273", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "HighThroughputFifoQueue40A0EEE4", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "Queue4A7E3555", + "Arn" + ] + } + ] }, { "Action": "kms:Decrypt", @@ -175,22 +163,6 @@ "Arn" ] } - }, - { - "Action": [ - "sqs:ReceiveMessage", - "sqs:ChangeMessageVisibility", - "sqs:GetQueueUrl", - "sqs:DeleteMessage", - "sqs:GetQueueAttributes" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "HighThroughputFifoQueue40A0EEE4", - "Arn" - ] - } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-ssm/test/integ.parameter.lit.expected.json b/packages/@aws-cdk/aws-ssm/test/integ.parameter.lit.expected.json index 2068dd41957f6..475071ea04823 100644 --- a/packages/@aws-cdk/aws-ssm/test/integ.parameter.lit.expected.json +++ b/packages/@aws-cdk/aws-ssm/test/integ.parameter.lit.expected.json @@ -40,9 +40,9 @@ { "Action": [ "ssm:DescribeParameters", - "ssm:GetParameters", "ssm:GetParameter", - "ssm:GetParameterHistory" + "ssm:GetParameterHistory", + "ssm:GetParameters" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.get-query-execution.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.get-query-execution.expected.json index 2e06603d20af1..edd7f6559e4d0 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.get-query-execution.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.get-query-execution.expected.json @@ -36,8 +36,8 @@ { "Action": [ "athena:getDataCatalog", - "athena:startQueryExecution", - "athena:getQueryExecution" + "athena:getQueryExecution", + "athena:startQueryExecution" ], "Effect": "Allow", "Resource": [ @@ -85,17 +85,13 @@ }, { "Action": [ + "athena:getQueryExecution", + "lakeformation:GetDataAccess", + "s3:AbortMultipartUpload", "s3:CreateBucket", - "s3:ListBucket", "s3:GetBucketLocation", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:AbortMultipartUpload", + "s3:GetObject", + "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:PutObject" @@ -103,11 +99,6 @@ "Effect": "Allow", "Resource": "*" }, - { - "Action": "lakeformation:GetDataAccess", - "Effect": "Allow", - "Resource": "*" - }, { "Action": [ "glue:BatchCreatePartition", @@ -213,11 +204,6 @@ ] } ] - }, - { - "Action": "athena:getQueryExecution", - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.get-query-results.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.get-query-results.expected.json index 444c2edcf72de..cb59d216df916 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.get-query-results.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.get-query-results.expected.json @@ -36,8 +36,8 @@ { "Action": [ "athena:getDataCatalog", - "athena:startQueryExecution", - "athena:getQueryExecution" + "athena:getQueryExecution", + "athena:startQueryExecution" ], "Effect": "Allow", "Resource": [ @@ -85,17 +85,13 @@ }, { "Action": [ + "athena:getQueryResults", + "lakeformation:GetDataAccess", + "s3:AbortMultipartUpload", "s3:CreateBucket", - "s3:ListBucket", "s3:GetBucketLocation", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:AbortMultipartUpload", + "s3:GetObject", + "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:PutObject" @@ -103,11 +99,6 @@ "Effect": "Allow", "Resource": "*" }, - { - "Action": "lakeformation:GetDataAccess", - "Effect": "Allow", - "Resource": "*" - }, { "Action": [ "glue:BatchCreatePartition", @@ -213,16 +204,6 @@ ] } ] - }, - { - "Action": "athena:getQueryResults", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:GetObject", - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.start-query-execution.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.start-query-execution.expected.json index fb4d0e0169f51..e424f520cd722 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.start-query-execution.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.start-query-execution.expected.json @@ -36,8 +36,8 @@ { "Action": [ "athena:getDataCatalog", - "athena:startQueryExecution", - "athena:getQueryExecution" + "athena:getQueryExecution", + "athena:startQueryExecution" ], "Effect": "Allow", "Resource": [ @@ -85,17 +85,12 @@ }, { "Action": [ + "lakeformation:GetDataAccess", + "s3:AbortMultipartUpload", "s3:CreateBucket", - "s3:ListBucket", "s3:GetBucketLocation", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:AbortMultipartUpload", + "s3:GetObject", + "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:PutObject" @@ -103,11 +98,6 @@ "Effect": "Allow", "Resource": "*" }, - { - "Action": "lakeformation:GetDataAccess", - "Effect": "Allow", - "Resource": "*" - }, { "Action": [ "glue:BatchCreatePartition", diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.stop-query-execution.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.stop-query-execution.expected.json index aa90bd274d85f..21d7d19a3251e 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.stop-query-execution.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/athena/integ.stop-query-execution.expected.json @@ -36,8 +36,8 @@ { "Action": [ "athena:getDataCatalog", - "athena:startQueryExecution", - "athena:getQueryExecution" + "athena:getQueryExecution", + "athena:startQueryExecution" ], "Effect": "Allow", "Resource": [ @@ -85,17 +85,13 @@ }, { "Action": [ + "athena:stopQueryExecution", + "lakeformation:GetDataAccess", + "s3:AbortMultipartUpload", "s3:CreateBucket", - "s3:ListBucket", "s3:GetBucketLocation", - "s3:GetObject" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "s3:AbortMultipartUpload", + "s3:GetObject", + "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:PutObject" @@ -103,11 +99,6 @@ "Effect": "Allow", "Resource": "*" }, - { - "Action": "lakeformation:GetDataAccess", - "Effect": "Allow", - "Resource": "*" - }, { "Action": [ "glue:BatchCreatePartition", @@ -213,11 +204,6 @@ ] } ] - }, - { - "Action": "athena:stopQueryExecution", - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/aws-sdk/integ.call-aws-service.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/aws-sdk/integ.call-aws-service.expected.json index 38f975ca5ec03..fb1387f0f9980 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/aws-sdk/integ.call-aws-service.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/aws-sdk/integ.call-aws-service.expected.json @@ -39,43 +39,11 @@ "PolicyDocument": { "Statement": [ { - "Action": "s3:putObject", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "Bucket83908E77", - "Arn" - ] - }, - "/*" - ] - ] - } - }, - { - "Action": "s3:getObject", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "Bucket83908E77", - "Arn" - ] - }, - "/*" - ] - ] - } - }, - { - "Action": "s3:deleteObject", + "Action": [ + "s3:deleteObject", + "s3:getObject", + "s3:putObject" + ], "Effect": "Allow", "Resource": { "Fn::Join": [ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json index 390f48f376065..94145f863083d 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.run-batch-job.expected.json @@ -959,9 +959,9 @@ }, { "Action": [ - "events:PutTargets", + "events:DescribeRule", "events:PutRule", - "events:DescribeRule" + "events:PutTargets" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json index fd26fb23e25f6..7f48977f12e6c 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/batch/integ.submit-job.expected.json @@ -959,9 +959,9 @@ }, { "Action": [ - "events:PutTargets", + "events:DescribeRule", "events:PutRule", - "events:DescribeRule" + "events:PutTargets" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/codebuild/integ.start-build.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/codebuild/integ.start-build.expected.json index 58f98f8505b8e..7b9ec9d7b7ac5 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/codebuild/integ.start-build.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/codebuild/integ.start-build.expected.json @@ -49,7 +49,8 @@ ":log-group:/aws/codebuild/", { "Ref": "ProjectC78D97AD" - } + }, + ":*" ] ] }, @@ -72,8 +73,7 @@ ":log-group:/aws/codebuild/", { "Ref": "ProjectC78D97AD" - }, - ":*" + } ] ] } @@ -81,11 +81,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -196,10 +196,10 @@ "Statement": [ { "Action": [ - "codebuild:StartBuild", - "codebuild:StopBuild", "codebuild:BatchGetBuilds", - "codebuild:BatchGetReports" + "codebuild:BatchGetReports", + "codebuild:StartBuild", + "codebuild:StopBuild" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/databrew/integ.start-job-run.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/databrew/integ.start-job-run.expected.json index 4b0dedef27b9b..6f177f7a4f522 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/databrew/integ.start-job-run.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/databrew/integ.start-job-run.expected.json @@ -30,15 +30,21 @@ "Statement": [ { "Action": [ - "s3:GetObject", - "s3:PutObject", "s3:DeleteObject", - "s3:ListBucket" + "s3:GetObject", + "s3:ListBucket", + "s3:PutObject" ], "Effect": "Allow", "Resource": [ - "arn:aws:s3:::databrew-public-datasets-test-region/*", "arn:aws:s3:::databrew-public-datasets-test-region", + "arn:aws:s3:::databrew-public-datasets-test-region/*", + { + "Fn::GetAtt": [ + "JobOutputBucketACE3BC7B", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -52,12 +58,6 @@ "/*" ] ] - }, - { - "Fn::GetAtt": [ - "JobOutputBucketACE3BC7B", - "Arn" - ] } ] } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/dynamodb/integ.call-dynamodb.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/dynamodb/integ.call-dynamodb.expected.json index a8b7510287767..53a09ed1a9974 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/dynamodb/integ.call-dynamodb.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/dynamodb/integ.call-dynamodb.expected.json @@ -58,88 +58,12 @@ "PolicyDocument": { "Statement": [ { - "Action": "dynamodb:PutItem", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":dynamodb:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":table/", - { - "Ref": "Messages804FA4EB" - } - ] - ] - } - }, - { - "Action": "dynamodb:GetItem", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":dynamodb:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":table/", - { - "Ref": "Messages804FA4EB" - } - ] - ] - } - }, - { - "Action": "dynamodb:UpdateItem", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":dynamodb:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":table/", - { - "Ref": "Messages804FA4EB" - } - ] - ] - } - }, - { - "Action": "dynamodb:DeleteItem", + "Action": [ + "dynamodb:DeleteItem", + "dynamodb:GetItem", + "dynamodb:PutItem", + "dynamodb:UpdateItem" + ], "Effect": "Allow", "Resource": { "Fn::Join": [ diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json index 99fdbfe12f0ae..4dcc2e6776cca 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-run-task.expected.json @@ -95,8 +95,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -236,10 +236,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -266,7 +266,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -294,24 +296,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "Ec2ClusterEE43E89D", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -568,8 +552,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -753,8 +737,8 @@ }, { "Action": [ - "ecs:StopTask", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:StopTask" ], "Effect": "Allow", "Resource": "*" @@ -765,13 +749,13 @@ "Resource": [ { "Fn::GetAtt": [ - "TaskDefTaskRole1EDB4A67", + "TaskDefExecutionRoleB4775C97", "Arn" ] }, { "Fn::GetAtt": [ - "TaskDefExecutionRoleB4775C97", + "TaskDefTaskRole1EDB4A67", "Arn" ] } @@ -779,9 +763,9 @@ }, { "Action": [ - "events:PutTargets", + "events:DescribeRule", "events:PutRule", - "events:DescribeRule" + "events:PutTargets" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json index 8d433e5998df2..558b81faa2897 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.ec2-task.expected.json @@ -95,8 +95,8 @@ }, { "Action": [ - "ecs:DiscoverPollEndpoint", "ecr:GetAuthorizationToken", + "ecs:DiscoverPollEndpoint", "logs:CreateLogStream", "logs:PutLogEvents" ], @@ -236,10 +236,10 @@ "Statement": [ { "Action": [ - "ec2:DescribeInstances", + "ec2:DescribeHosts", "ec2:DescribeInstanceAttribute", "ec2:DescribeInstanceStatus", - "ec2:DescribeHosts" + "ec2:DescribeInstances" ], "Effect": "Allow", "Resource": "*" @@ -266,7 +266,9 @@ { "Action": [ "ecs:DescribeContainerInstances", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:ListTasks", + "ecs:UpdateContainerInstancesState" ], "Condition": { "ArnEquals": { @@ -294,24 +296,6 @@ "Arn" ] } - }, - { - "Action": [ - "ecs:UpdateContainerInstancesState", - "ecs:ListTasks" - ], - "Condition": { - "ArnEquals": { - "ecs:cluster": { - "Fn::GetAtt": [ - "FargateCluster7CCD5F93", - "Arn" - ] - } - } - }, - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -568,8 +552,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -645,8 +629,8 @@ }, { "Action": [ - "ecs:StopTask", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:StopTask" ], "Effect": "Allow", "Resource": "*" @@ -657,13 +641,13 @@ "Resource": [ { "Fn::GetAtt": [ - "TaskDefTaskRole1EDB4A67", + "TaskDefExecutionRoleB4775C97", "Arn" ] }, { "Fn::GetAtt": [ - "TaskDefExecutionRoleB4775C97", + "TaskDefTaskRole1EDB4A67", "Arn" ] } @@ -671,9 +655,9 @@ }, { "Action": [ - "events:PutTargets", + "events:DescribeRule", "events:PutRule", - "events:DescribeRule" + "events:PutTargets" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json index ab2cb02fd8d0c..ca30cca5b1beb 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-run-task.expected.json @@ -103,8 +103,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -302,8 +302,8 @@ }, { "Action": [ - "ecs:StopTask", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:StopTask" ], "Effect": "Allow", "Resource": "*" @@ -314,13 +314,13 @@ "Resource": [ { "Fn::GetAtt": [ - "TaskDefTaskRole1EDB4A67", + "TaskDefExecutionRoleB4775C97", "Arn" ] }, { "Fn::GetAtt": [ - "TaskDefExecutionRoleB4775C97", + "TaskDefTaskRole1EDB4A67", "Arn" ] } @@ -328,9 +328,9 @@ }, { "Action": [ - "events:PutTargets", + "events:DescribeRule", "events:PutRule", - "events:DescribeRule" + "events:PutTargets" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json index 84c678d4c2806..d6e61df69d806 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/ecs/integ.fargate-task.expected.json @@ -103,8 +103,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", - "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" ], "Effect": "Allow", "Resource": { @@ -194,8 +194,8 @@ }, { "Action": [ - "ecs:StopTask", - "ecs:DescribeTasks" + "ecs:DescribeTasks", + "ecs:StopTask" ], "Effect": "Allow", "Resource": "*" @@ -206,13 +206,13 @@ "Resource": [ { "Fn::GetAtt": [ - "TaskDefTaskRole1EDB4A67", + "TaskDefExecutionRoleB4775C97", "Arn" ] }, { "Fn::GetAtt": [ - "TaskDefExecutionRoleB4775C97", + "TaskDefTaskRole1EDB4A67", "Arn" ] } @@ -220,9 +220,9 @@ }, { "Action": [ - "events:PutTargets", + "events:DescribeRule", "events:PutRule", - "events:DescribeRule" + "events:PutTargets" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json index 979440cca4556..fd29689fa4b2e 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eks/integ.call.expected.json @@ -718,14 +718,14 @@ { "Action": [ "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", "eks:DescribeCluster", "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", "eks:TagResource", - "eks:UntagResource" + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion" ], "Effect": "Allow", "Resource": [ @@ -773,8 +773,8 @@ }, { "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" + "eks:DeleteFargateProfile", + "eks:DescribeFargateProfile" ], "Effect": "Allow", "Resource": { @@ -800,26 +800,16 @@ }, { "Action": [ - "iam:GetRole", - "iam:listAttachedRolePolicies" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ + "ec2:DescribeDhcpOptions", "ec2:DescribeInstances", "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", "ec2:DescribeSecurityGroups", "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" + "ec2:DescribeVpcs", + "iam:CreateServiceLinkedRole", + "iam:GetRole", + "iam:listAttachedRolePolicies" ], "Effect": "Allow", "Resource": "*" @@ -1200,7 +1190,7 @@ }, "/", { - "Ref": "AssetParametersf46c21e30fb9578bef5b2e51ad54ab6eff5259cf30850f2f923fba7ed116418dS3Bucket5399C491" + "Ref": "AssetParametersccf7ba5dd6e4a143970849e29cd4f0b5e83779a4229ae89c9a281dfb8129b695S3Bucket28E1275C" }, "/", { @@ -1210,7 +1200,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersf46c21e30fb9578bef5b2e51ad54ab6eff5259cf30850f2f923fba7ed116418dS3VersionKeyDC65456C" + "Ref": "AssetParametersccf7ba5dd6e4a143970849e29cd4f0b5e83779a4229ae89c9a281dfb8129b695S3VersionKeyF39C35C5" } ] } @@ -1223,7 +1213,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersf46c21e30fb9578bef5b2e51ad54ab6eff5259cf30850f2f923fba7ed116418dS3VersionKeyDC65456C" + "Ref": "AssetParametersccf7ba5dd6e4a143970849e29cd4f0b5e83779a4229ae89c9a281dfb8129b695S3VersionKeyF39C35C5" } ] } @@ -1279,7 +1269,7 @@ }, "/", { - "Ref": "AssetParametersbaae8c7e34d26d473ad69f02c9bcd0581320d2c4baf2efe0fc13163d25530657S3BucketBE3456A9" + "Ref": "AssetParametersd2e7fbc583da5b26abfdeeddf4a017fe8ea21cc7708079de0f67dc762bd14b45S3Bucket9880C2B9" }, "/", { @@ -1289,7 +1279,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersbaae8c7e34d26d473ad69f02c9bcd0581320d2c4baf2efe0fc13163d25530657S3VersionKey07945351" + "Ref": "AssetParametersd2e7fbc583da5b26abfdeeddf4a017fe8ea21cc7708079de0f67dc762bd14b45S3VersionKey02679A48" } ] } @@ -1302,7 +1292,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersbaae8c7e34d26d473ad69f02c9bcd0581320d2c4baf2efe0fc13163d25530657S3VersionKey07945351" + "Ref": "AssetParametersd2e7fbc583da5b26abfdeeddf4a017fe8ea21cc7708079de0f67dc762bd14b45S3VersionKey02679A48" } ] } @@ -1345,11 +1335,11 @@ "ClusterSecurityGroupId" ] }, - "referencetoawsstepfunctionstasksekscallintegAssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3Bucket757830C6Ref": { - "Ref": "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3BucketBFAD928B" + "referencetoawsstepfunctionstasksekscallintegAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketF5A5D7D1Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, - "referencetoawsstepfunctionstasksekscallintegAssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3VersionKey076C17CBRef": { - "Ref": "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3VersionKeyC5061A22" + "referencetoawsstepfunctionstasksekscallintegAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKeyB1080616Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" }, "referencetoawsstepfunctionstasksekscallintegAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3Bucket91831D54Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" @@ -1546,17 +1536,17 @@ "Type": "String", "Description": "Artifact hash for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3BucketBFAD928B": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3VersionKeyC5061A22": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17ArtifactHashBCF7AEEE": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { "Type": "String", @@ -1570,29 +1560,29 @@ "Type": "String", "Description": "Artifact hash for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" }, - "AssetParametersf46c21e30fb9578bef5b2e51ad54ab6eff5259cf30850f2f923fba7ed116418dS3Bucket5399C491": { + "AssetParametersccf7ba5dd6e4a143970849e29cd4f0b5e83779a4229ae89c9a281dfb8129b695S3Bucket28E1275C": { "Type": "String", - "Description": "S3 bucket for asset \"f46c21e30fb9578bef5b2e51ad54ab6eff5259cf30850f2f923fba7ed116418d\"" + "Description": "S3 bucket for asset \"ccf7ba5dd6e4a143970849e29cd4f0b5e83779a4229ae89c9a281dfb8129b695\"" }, - "AssetParametersf46c21e30fb9578bef5b2e51ad54ab6eff5259cf30850f2f923fba7ed116418dS3VersionKeyDC65456C": { + "AssetParametersccf7ba5dd6e4a143970849e29cd4f0b5e83779a4229ae89c9a281dfb8129b695S3VersionKeyF39C35C5": { "Type": "String", - "Description": "S3 key for asset version \"f46c21e30fb9578bef5b2e51ad54ab6eff5259cf30850f2f923fba7ed116418d\"" + "Description": "S3 key for asset version \"ccf7ba5dd6e4a143970849e29cd4f0b5e83779a4229ae89c9a281dfb8129b695\"" }, - "AssetParametersf46c21e30fb9578bef5b2e51ad54ab6eff5259cf30850f2f923fba7ed116418dArtifactHashBEAEFFCB": { + "AssetParametersccf7ba5dd6e4a143970849e29cd4f0b5e83779a4229ae89c9a281dfb8129b695ArtifactHashB1AF64BD": { "Type": "String", - "Description": "Artifact hash for asset \"f46c21e30fb9578bef5b2e51ad54ab6eff5259cf30850f2f923fba7ed116418d\"" + "Description": "Artifact hash for asset \"ccf7ba5dd6e4a143970849e29cd4f0b5e83779a4229ae89c9a281dfb8129b695\"" }, - "AssetParametersbaae8c7e34d26d473ad69f02c9bcd0581320d2c4baf2efe0fc13163d25530657S3BucketBE3456A9": { + "AssetParametersd2e7fbc583da5b26abfdeeddf4a017fe8ea21cc7708079de0f67dc762bd14b45S3Bucket9880C2B9": { "Type": "String", - "Description": "S3 bucket for asset \"baae8c7e34d26d473ad69f02c9bcd0581320d2c4baf2efe0fc13163d25530657\"" + "Description": "S3 bucket for asset \"d2e7fbc583da5b26abfdeeddf4a017fe8ea21cc7708079de0f67dc762bd14b45\"" }, - "AssetParametersbaae8c7e34d26d473ad69f02c9bcd0581320d2c4baf2efe0fc13163d25530657S3VersionKey07945351": { + "AssetParametersd2e7fbc583da5b26abfdeeddf4a017fe8ea21cc7708079de0f67dc762bd14b45S3VersionKey02679A48": { "Type": "String", - "Description": "S3 key for asset version \"baae8c7e34d26d473ad69f02c9bcd0581320d2c4baf2efe0fc13163d25530657\"" + "Description": "S3 key for asset version \"d2e7fbc583da5b26abfdeeddf4a017fe8ea21cc7708079de0f67dc762bd14b45\"" }, - "AssetParametersbaae8c7e34d26d473ad69f02c9bcd0581320d2c4baf2efe0fc13163d25530657ArtifactHash2996481A": { + "AssetParametersd2e7fbc583da5b26abfdeeddf4a017fe8ea21cc7708079de0f67dc762bd14b45ArtifactHash172B8CCD": { "Type": "String", - "Description": "Artifact hash for asset \"baae8c7e34d26d473ad69f02c9bcd0581320d2c4baf2efe0fc13163d25530657\"" + "Description": "Artifact hash for asset \"d2e7fbc583da5b26abfdeeddf4a017fe8ea21cc7708079de0f67dc762bd14b45\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.expected.json index c524911b768e0..632be9f6d5ea6 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.expected.json @@ -717,54 +717,30 @@ }, { "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DeleteFargateProfile", "eks:DescribeCluster", + "eks:DescribeFargateProfile", "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion", + "iam:CreateServiceLinkedRole", "iam:GetRole", "iam:listAttachedRolePolicies" ], "Effect": "Allow", "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1127,7 +1103,7 @@ }, "/", { - "Ref": "AssetParameters2e9ad2b3adb314d6b508568cdae591116d77384b7051f5ce38f19a5b91139c81S3Bucket0B35DAB4" + "Ref": "AssetParameters2a5ab35f4420d68f96a6e36cc4fc8d320de3bcf01199547acb57af0530db174aS3Bucket2F5D4D08" }, "/", { @@ -1137,7 +1113,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters2e9ad2b3adb314d6b508568cdae591116d77384b7051f5ce38f19a5b91139c81S3VersionKey19757333" + "Ref": "AssetParameters2a5ab35f4420d68f96a6e36cc4fc8d320de3bcf01199547acb57af0530db174aS3VersionKeyA75A8D2B" } ] } @@ -1150,7 +1126,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters2e9ad2b3adb314d6b508568cdae591116d77384b7051f5ce38f19a5b91139c81S3VersionKey19757333" + "Ref": "AssetParameters2a5ab35f4420d68f96a6e36cc4fc8d320de3bcf01199547acb57af0530db174aS3VersionKeyA75A8D2B" } ] } @@ -1206,7 +1182,7 @@ }, "/", { - "Ref": "AssetParameters344666fd712ae1b70f53ddd16f3ab3bdf6091f1e5330b5c68eae89ef1e531315S3BucketE7B156F0" + "Ref": "AssetParameters55ab944087ff7fca11470005814dff76a703d8bf01b6f1569046163522029e67S3Bucket7A7690F3" }, "/", { @@ -1216,7 +1192,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters344666fd712ae1b70f53ddd16f3ab3bdf6091f1e5330b5c68eae89ef1e531315S3VersionKey73885988" + "Ref": "AssetParameters55ab944087ff7fca11470005814dff76a703d8bf01b6f1569046163522029e67S3VersionKeyC21848A0" } ] } @@ -1229,7 +1205,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters344666fd712ae1b70f53ddd16f3ab3bdf6091f1e5330b5c68eae89ef1e531315S3VersionKey73885988" + "Ref": "AssetParameters55ab944087ff7fca11470005814dff76a703d8bf01b6f1569046163522029e67S3VersionKeyC21848A0" } ] } @@ -1272,11 +1248,11 @@ "ClusterSecurityGroupId" ] }, - "referencetoawsstepfunctionstasksemrcontainersallservicesintegAssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3Bucket51A41CBBRef": { - "Ref": "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3BucketBFAD928B" + "referencetoawsstepfunctionstasksemrcontainersallservicesintegAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketC3A07F1BRef": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, - "referencetoawsstepfunctionstasksemrcontainersallservicesintegAssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3VersionKey32523FFDRef": { - "Ref": "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3VersionKeyC5061A22" + "referencetoawsstepfunctionstasksemrcontainersallservicesintegAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey9350B036Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" }, "referencetoawsstepfunctionstasksemrcontainersallservicesintegAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3Bucket8CD29A22Ref": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" @@ -1304,25 +1280,21 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "emr-containers.amazonaws.com" - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "states.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" + "Service": [ + "emr-containers.amazonaws.com", + { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] ] - ] - } + } + ] } } ], @@ -1337,16 +1309,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -1375,6 +1347,7 @@ { "Action": [ "logs:CreateLogStream", + "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Effect": "Allow", @@ -1385,16 +1358,6 @@ ] } }, - { - "Action": "logs:DescribeLogStreams", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "StartaJobRunMonitoringLogGroupD033B7AF", - "Arn" - ] - } - }, { "Action": "logs:DescribeLogGroups", "Effect": "Allow", @@ -1546,8 +1509,9 @@ }, { "Action": [ - "emr-containers:DescribeJobRun", - "emr-containers:CancelJobRun" + "emr-containers:CancelJobRun", + "emr-containers:DeleteVirtualCluster", + "emr-containers:DescribeJobRun" ], "Effect": "Allow", "Resource": { @@ -1570,30 +1534,6 @@ ] ] } - }, - { - "Action": "emr-containers:DeleteVirtualCluster", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":emr-containers:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":/virtualclusters/*" - ] - ] - } } ], "Version": "2012-10-17" @@ -1765,17 +1705,17 @@ "Type": "String", "Description": "Artifact hash for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3BucketBFAD928B": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3VersionKeyC5061A22": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17ArtifactHashBCF7AEEE": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { "Type": "String", @@ -1789,29 +1729,29 @@ "Type": "String", "Description": "Artifact hash for asset \"ea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03e\"" }, - "AssetParameters2e9ad2b3adb314d6b508568cdae591116d77384b7051f5ce38f19a5b91139c81S3Bucket0B35DAB4": { + "AssetParameters2a5ab35f4420d68f96a6e36cc4fc8d320de3bcf01199547acb57af0530db174aS3Bucket2F5D4D08": { "Type": "String", - "Description": "S3 bucket for asset \"2e9ad2b3adb314d6b508568cdae591116d77384b7051f5ce38f19a5b91139c81\"" + "Description": "S3 bucket for asset \"2a5ab35f4420d68f96a6e36cc4fc8d320de3bcf01199547acb57af0530db174a\"" }, - "AssetParameters2e9ad2b3adb314d6b508568cdae591116d77384b7051f5ce38f19a5b91139c81S3VersionKey19757333": { + "AssetParameters2a5ab35f4420d68f96a6e36cc4fc8d320de3bcf01199547acb57af0530db174aS3VersionKeyA75A8D2B": { "Type": "String", - "Description": "S3 key for asset version \"2e9ad2b3adb314d6b508568cdae591116d77384b7051f5ce38f19a5b91139c81\"" + "Description": "S3 key for asset version \"2a5ab35f4420d68f96a6e36cc4fc8d320de3bcf01199547acb57af0530db174a\"" }, - "AssetParameters2e9ad2b3adb314d6b508568cdae591116d77384b7051f5ce38f19a5b91139c81ArtifactHash5AEE8D1D": { + "AssetParameters2a5ab35f4420d68f96a6e36cc4fc8d320de3bcf01199547acb57af0530db174aArtifactHash7B798644": { "Type": "String", - "Description": "Artifact hash for asset \"2e9ad2b3adb314d6b508568cdae591116d77384b7051f5ce38f19a5b91139c81\"" + "Description": "Artifact hash for asset \"2a5ab35f4420d68f96a6e36cc4fc8d320de3bcf01199547acb57af0530db174a\"" }, - "AssetParameters344666fd712ae1b70f53ddd16f3ab3bdf6091f1e5330b5c68eae89ef1e531315S3BucketE7B156F0": { + "AssetParameters55ab944087ff7fca11470005814dff76a703d8bf01b6f1569046163522029e67S3Bucket7A7690F3": { "Type": "String", - "Description": "S3 bucket for asset \"344666fd712ae1b70f53ddd16f3ab3bdf6091f1e5330b5c68eae89ef1e531315\"" + "Description": "S3 bucket for asset \"55ab944087ff7fca11470005814dff76a703d8bf01b6f1569046163522029e67\"" }, - "AssetParameters344666fd712ae1b70f53ddd16f3ab3bdf6091f1e5330b5c68eae89ef1e531315S3VersionKey73885988": { + "AssetParameters55ab944087ff7fca11470005814dff76a703d8bf01b6f1569046163522029e67S3VersionKeyC21848A0": { "Type": "String", - "Description": "S3 key for asset version \"344666fd712ae1b70f53ddd16f3ab3bdf6091f1e5330b5c68eae89ef1e531315\"" + "Description": "S3 key for asset version \"55ab944087ff7fca11470005814dff76a703d8bf01b6f1569046163522029e67\"" }, - "AssetParameters344666fd712ae1b70f53ddd16f3ab3bdf6091f1e5330b5c68eae89ef1e531315ArtifactHash3C1CA18D": { + "AssetParameters55ab944087ff7fca11470005814dff76a703d8bf01b6f1569046163522029e67ArtifactHash7C23762C": { "Type": "String", - "Description": "Artifact hash for asset \"344666fd712ae1b70f53ddd16f3ab3bdf6091f1e5330b5c68eae89ef1e531315\"" + "Description": "Artifact hash for asset \"55ab944087ff7fca11470005814dff76a703d8bf01b6f1569046163522029e67\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/integ.start-job-run.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/integ.start-job-run.expected.json index 4ac16e5878958..ed1d507956dc8 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/integ.start-job-run.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/emrcontainers/integ.start-job-run.expected.json @@ -717,54 +717,30 @@ }, { "Action": [ + "ec2:DescribeDhcpOptions", + "ec2:DescribeInstances", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeRouteTables", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", + "ec2:DescribeVpcs", "eks:CreateCluster", + "eks:CreateFargateProfile", + "eks:DeleteCluster", + "eks:DeleteFargateProfile", "eks:DescribeCluster", + "eks:DescribeFargateProfile", "eks:DescribeUpdate", - "eks:DeleteCluster", - "eks:UpdateClusterVersion", - "eks:UpdateClusterConfig", - "eks:CreateFargateProfile", "eks:TagResource", - "eks:UntagResource" - ], - "Effect": "Allow", - "Resource": [ - "*" - ] - }, - { - "Action": [ - "eks:DescribeFargateProfile", - "eks:DeleteFargateProfile" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ + "eks:UntagResource", + "eks:UpdateClusterConfig", + "eks:UpdateClusterVersion", + "iam:CreateServiceLinkedRole", "iam:GetRole", "iam:listAttachedRolePolicies" ], "Effect": "Allow", "Resource": "*" - }, - { - "Action": "iam:CreateServiceLinkedRole", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ - "ec2:DescribeInstances", - "ec2:DescribeNetworkInterfaces", - "ec2:DescribeSecurityGroups", - "ec2:DescribeSubnets", - "ec2:DescribeRouteTables", - "ec2:DescribeDhcpOptions", - "ec2:DescribeVpcs" - ], - "Effect": "Allow", - "Resource": "*" } ], "Version": "2012-10-17" @@ -1186,7 +1162,7 @@ }, "/", { - "Ref": "AssetParameters201ad9a60e50909985c2d508d7121e0e4cbf26315ff82c4f8dd96a6a3de2c596S3Bucket6E3AB1B2" + "Ref": "AssetParameters1debb21f2bff2f2f663c53666a77906d007535fc526cfc690ca6a1033015be7fS3BucketE126985C" }, "/", { @@ -1196,7 +1172,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters201ad9a60e50909985c2d508d7121e0e4cbf26315ff82c4f8dd96a6a3de2c596S3VersionKey2EE68C7B" + "Ref": "AssetParameters1debb21f2bff2f2f663c53666a77906d007535fc526cfc690ca6a1033015be7fS3VersionKey74D769A9" } ] } @@ -1209,7 +1185,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters201ad9a60e50909985c2d508d7121e0e4cbf26315ff82c4f8dd96a6a3de2c596S3VersionKey2EE68C7B" + "Ref": "AssetParameters1debb21f2bff2f2f663c53666a77906d007535fc526cfc690ca6a1033015be7fS3VersionKey74D769A9" } ] } @@ -1265,7 +1241,7 @@ }, "/", { - "Ref": "AssetParameterscc0e48d18eebe336b4d099f5925859ed0ec4356be738b01aa061ce9322c6f369S3Bucket82C7B951" + "Ref": "AssetParameters7917c5d56b6c0688fd999c8aaa4bf0bb95abd89208df9ab2f075ddbf1cdf54e8S3BucketFA655285" }, "/", { @@ -1275,7 +1251,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameterscc0e48d18eebe336b4d099f5925859ed0ec4356be738b01aa061ce9322c6f369S3VersionKeyEBEEAE53" + "Ref": "AssetParameters7917c5d56b6c0688fd999c8aaa4bf0bb95abd89208df9ab2f075ddbf1cdf54e8S3VersionKeyAF468AE1" } ] } @@ -1288,7 +1264,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameterscc0e48d18eebe336b4d099f5925859ed0ec4356be738b01aa061ce9322c6f369S3VersionKeyEBEEAE53" + "Ref": "AssetParameters7917c5d56b6c0688fd999c8aaa4bf0bb95abd89208df9ab2f075ddbf1cdf54e8S3VersionKeyAF468AE1" } ] } @@ -1331,11 +1307,11 @@ "ClusterSecurityGroupId" ] }, - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestAssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3BucketBD9F1BB4Ref": { - "Ref": "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3BucketBFAD928B" + "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3Bucket51F4CFE7Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, - "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestAssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3VersionKey9FCC1B70Ref": { - "Ref": "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3VersionKeyC5061A22" + "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestAssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey30F71929Ref": { + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" }, "referencetoawsstepfunctionstasksemrcontainersstartjobrunintegtestAssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketF38DB26BRef": { "Ref": "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998" @@ -1384,25 +1360,21 @@ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "emr-containers.amazonaws.com" - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "states.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" + "Service": [ + "emr-containers.amazonaws.com", + { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] ] - ] - } + } + ] } } ], @@ -1489,7 +1461,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3BucketBFAD928B" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, "S3Key": { "Fn::Join": [ @@ -1502,7 +1474,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3VersionKeyC5061A22" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -1515,7 +1487,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3VersionKeyC5061A22" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -1993,8 +1965,8 @@ }, { "Action": [ - "emr-containers:DescribeJobRun", - "emr-containers:CancelJobRun" + "emr-containers:CancelJobRun", + "emr-containers:DescribeJobRun" ], "Effect": "Allow", "Resource": { @@ -2182,17 +2154,17 @@ "Type": "String", "Description": "Artifact hash for asset \"a70c48e7047fb793b2378668accb1dc2d92f2d7b1fff80c9c718f4964dc69cb8\"" }, - "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3BucketBFAD928B": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17S3VersionKeyC5061A22": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParameters61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17ArtifactHashBCF7AEEE": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"61f3b82f5fe3b135f58644b9bb25da9af6d46345bbe50c3d935682beae71ef17\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParametersea17febe6d04c66048f3e8e060c71685c0cb53122abceff44842d27bc0d4a03eS3BucketD3288998": { "Type": "String", @@ -2230,29 +2202,29 @@ "Type": "String", "Description": "Artifact hash for asset \"b866fb0fd5a9b4215d1e23188632d74c01f3195f6f9d706134b197b400afb680\"" }, - "AssetParameters201ad9a60e50909985c2d508d7121e0e4cbf26315ff82c4f8dd96a6a3de2c596S3Bucket6E3AB1B2": { + "AssetParameters1debb21f2bff2f2f663c53666a77906d007535fc526cfc690ca6a1033015be7fS3BucketE126985C": { "Type": "String", - "Description": "S3 bucket for asset \"201ad9a60e50909985c2d508d7121e0e4cbf26315ff82c4f8dd96a6a3de2c596\"" + "Description": "S3 bucket for asset \"1debb21f2bff2f2f663c53666a77906d007535fc526cfc690ca6a1033015be7f\"" }, - "AssetParameters201ad9a60e50909985c2d508d7121e0e4cbf26315ff82c4f8dd96a6a3de2c596S3VersionKey2EE68C7B": { + "AssetParameters1debb21f2bff2f2f663c53666a77906d007535fc526cfc690ca6a1033015be7fS3VersionKey74D769A9": { "Type": "String", - "Description": "S3 key for asset version \"201ad9a60e50909985c2d508d7121e0e4cbf26315ff82c4f8dd96a6a3de2c596\"" + "Description": "S3 key for asset version \"1debb21f2bff2f2f663c53666a77906d007535fc526cfc690ca6a1033015be7f\"" }, - "AssetParameters201ad9a60e50909985c2d508d7121e0e4cbf26315ff82c4f8dd96a6a3de2c596ArtifactHashD8CE6BA4": { + "AssetParameters1debb21f2bff2f2f663c53666a77906d007535fc526cfc690ca6a1033015be7fArtifactHash886B1296": { "Type": "String", - "Description": "Artifact hash for asset \"201ad9a60e50909985c2d508d7121e0e4cbf26315ff82c4f8dd96a6a3de2c596\"" + "Description": "Artifact hash for asset \"1debb21f2bff2f2f663c53666a77906d007535fc526cfc690ca6a1033015be7f\"" }, - "AssetParameterscc0e48d18eebe336b4d099f5925859ed0ec4356be738b01aa061ce9322c6f369S3Bucket82C7B951": { + "AssetParameters7917c5d56b6c0688fd999c8aaa4bf0bb95abd89208df9ab2f075ddbf1cdf54e8S3BucketFA655285": { "Type": "String", - "Description": "S3 bucket for asset \"cc0e48d18eebe336b4d099f5925859ed0ec4356be738b01aa061ce9322c6f369\"" + "Description": "S3 bucket for asset \"7917c5d56b6c0688fd999c8aaa4bf0bb95abd89208df9ab2f075ddbf1cdf54e8\"" }, - "AssetParameterscc0e48d18eebe336b4d099f5925859ed0ec4356be738b01aa061ce9322c6f369S3VersionKeyEBEEAE53": { + "AssetParameters7917c5d56b6c0688fd999c8aaa4bf0bb95abd89208df9ab2f075ddbf1cdf54e8S3VersionKeyAF468AE1": { "Type": "String", - "Description": "S3 key for asset version \"cc0e48d18eebe336b4d099f5925859ed0ec4356be738b01aa061ce9322c6f369\"" + "Description": "S3 key for asset version \"7917c5d56b6c0688fd999c8aaa4bf0bb95abd89208df9ab2f075ddbf1cdf54e8\"" }, - "AssetParameterscc0e48d18eebe336b4d099f5925859ed0ec4356be738b01aa061ce9322c6f369ArtifactHash6AE310E2": { + "AssetParameters7917c5d56b6c0688fd999c8aaa4bf0bb95abd89208df9ab2f075ddbf1cdf54e8ArtifactHashC46EC4DB": { "Type": "String", - "Description": "Artifact hash for asset \"cc0e48d18eebe336b4d099f5925859ed0ec4356be738b01aa061ce9322c6f369\"" + "Description": "Artifact hash for asset \"7917c5d56b6c0688fd999c8aaa4bf0bb95abd89208df9ab2f075ddbf1cdf54e8\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eventbridge/integ.put-events.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eventbridge/integ.put-events.expected.json index 9e4fe6ff2ae21..c02d4d5afa789 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/eventbridge/integ.put-events.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/eventbridge/integ.put-events.expected.json @@ -43,6 +43,12 @@ "Action": "events:PutEvents", "Effect": "Allow", "Resource": [ + { + "Fn::GetAtt": [ + "EventBus7B8748AA", + "Arn" + ] + }, { "Fn::Join": [ "", @@ -62,12 +68,6 @@ ":event-bus/default" ] ] - }, - { - "Fn::GetAtt": [ - "EventBus7B8748AA", - "Arn" - ] } ] } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/glue/integ.glue-task.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/glue/integ.glue-task.expected.json index 150ecb4c32161..7214c2b028f1b 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/glue/integ.glue-task.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/glue/integ.glue-task.expected.json @@ -52,8 +52,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -69,7 +69,8 @@ ":s3:::", { "Ref": "AssetParametersd030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0dS3BucketB8F6851B" - } + }, + "/*" ] ] }, @@ -84,8 +85,7 @@ ":s3:::", { "Ref": "AssetParametersd030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0dS3BucketB8F6851B" - }, - "/*" + } ] ] } @@ -192,10 +192,10 @@ "Statement": [ { "Action": [ - "glue:StartJobRun", + "glue:BatchStopJobRun", "glue:GetJobRun", "glue:GetJobRuns", - "glue:BatchStopJobRun" + "glue:StartJobRun" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/glue/integ.start-job-run.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/glue/integ.start-job-run.expected.json index 217b47176d936..a35e42ab649d9 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/glue/integ.start-job-run.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/glue/integ.start-job-run.expected.json @@ -52,8 +52,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -69,7 +69,8 @@ ":s3:::", { "Ref": "AssetParametersd030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0dS3BucketB8F6851B" - } + }, + "/*" ] ] }, @@ -84,8 +85,7 @@ ":s3:::", { "Ref": "AssetParametersd030bb7913ca422df69f29b2ea678ab4e5085bb3cbb17029e4b101d2dc4e3e0dS3BucketB8F6851B" - }, - "/*" + } ] ] } @@ -192,10 +192,10 @@ "Statement": [ { "Action": [ - "glue:StartJobRun", + "glue:BatchStopJobRun", "glue:GetJobRun", "glue:GetJobRuns", - "glue:BatchStopJobRun" + "glue:StartJobRun" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.start-execution.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.start-execution.expected.json index 7916ba084ade1..f7bf0fa42dc2e 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.start-execution.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/integ.start-execution.expected.json @@ -126,9 +126,9 @@ }, { "Action": [ - "events:PutTargets", + "events:DescribeRule", "events:PutRule", - "events:DescribeRule" + "events:PutTargets" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke-function.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke-function.expected.json index dec16cb9e6ba8..913ae3d5cd0c3 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke-function.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke-function.expected.json @@ -206,22 +206,20 @@ { "Action": "lambda:InvokeFunction", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "Handler886CB40B", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "CallbackHandler4434C38D", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "CallbackHandler4434C38D", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "Handler886CB40B", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json index fe1262610ffd2..b899d5f9701ff 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.expected.json @@ -136,22 +136,20 @@ { "Action": "lambda:InvokeFunction", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "submitJobLambdaEFB00F3C", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "checkJobStateLambda4618B7B7", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "checkJobStateLambda4618B7B7", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "submitJobLambdaEFB00F3C", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json index d0a6cdda262dc..cdf0eaadec424 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.invoke.payload.only.expected.json @@ -136,22 +136,20 @@ { "Action": "lambda:InvokeFunction", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "submitJobLambdaEFB00F3C", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "checkJobStateLambda4618B7B7", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "checkJobStateLambda4618B7B7", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "submitJobLambdaEFB00F3C", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json index 6c483349d059b..365683e89340a 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/lambda/integ.run-lambda.expected.json @@ -136,22 +136,20 @@ { "Action": "lambda:InvokeFunction", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "submitJobLambdaEFB00F3C", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "checkJobStateLambda4618B7B7", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "checkJobStateLambda4618B7B7", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "submitJobLambdaEFB00F3C", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.expected.json index 942f72ba3d41b..d8d68cf762861 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.expected.json @@ -79,11 +79,11 @@ { "Action": [ "cloudwatch:PutMetricData", - "logs:CreateLogStream", - "logs:PutLogEvents", + "ecr:GetAuthorizationToken", "logs:CreateLogGroup", + "logs:CreateLogStream", "logs:DescribeLogStreams", - "ecr:GetAuthorizationToken" + "logs:PutLogEvents" ], "Effect": "Allow", "Resource": "*" @@ -103,8 +103,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -134,7 +134,10 @@ { "Action": [ "kms:Decrypt", - "kms:DescribeKey" + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -146,13 +149,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -177,21 +180,6 @@ ] } ] - }, - { - "Action": [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Decrypt" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "EncryptionKey1B843E66", - "Arn" - ] - } } ], "Version": "2012-10-17" @@ -226,11 +214,11 @@ { "Action": [ "cloudwatch:PutMetricData", - "logs:CreateLogStream", + "ecr:GetAuthorizationToken", "logs:CreateLogGroup", - "logs:PutLogEvents", + "logs:CreateLogStream", "logs:DescribeLogStreams", - "ecr:GetAuthorizationToken" + "logs:PutLogEvents" ], "Effect": "Allow", "Resource": "*" @@ -251,14 +239,8 @@ { "Action": [ "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer", - "ecr:BatchGetImage" - ], - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": [ "s3:GetObject", "s3:ListBucket" ], @@ -350,12 +332,20 @@ } }, "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TrainTaskSagemakerRoleD5A6F967", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "CreateModelSagemakerRoleC2E07FC0", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "TrainTaskSagemakerRoleD5A6F967", + "Arn" + ] + } + ] }, { "Action": "sagemaker:CreateModel", @@ -381,21 +371,6 @@ ] } }, - { - "Action": "iam:PassRole", - "Condition": { - "StringEquals": { - "iam:PassedToService": "sagemaker.amazonaws.com" - } - }, - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "CreateModelSagemakerRoleC2E07FC0", - "Arn" - ] - } - }, { "Action": "sagemaker:CreateEndpointConfig", "Effect": "Allow", @@ -421,29 +396,12 @@ } }, { - "Action": "sagemaker:createEndpoint", + "Action": [ + "sagemaker:createEndpoint", + "sagemaker:updateEndpoint" + ], "Effect": "Allow", "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":sagemaker:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":endpoint/*" - ] - ] - }, { "Fn::Join": [ "", @@ -463,32 +421,6 @@ ":endpoint-config/*" ] ] - } - ] - }, - { - "Action": "sagemaker:updateEndpoint", - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":sagemaker:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":endpoint/*" - ] - ] }, { "Fn::Join": [ @@ -506,7 +438,7 @@ { "Ref": "AWS::AccountId" }, - ":endpoint-config/*" + ":endpoint/*" ] ] } diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job.expected.json index 3e069a953f03a..72d830f466baa 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job.expected.json @@ -79,11 +79,11 @@ { "Action": [ "cloudwatch:PutMetricData", - "logs:CreateLogStream", - "logs:PutLogEvents", + "ecr:GetAuthorizationToken", "logs:CreateLogGroup", + "logs:CreateLogStream", "logs:DescribeLogStreams", - "ecr:GetAuthorizationToken" + "logs:PutLogEvents" ], "Effect": "Allow", "Resource": "*" @@ -103,8 +103,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -134,7 +134,10 @@ { "Action": [ "kms:Decrypt", - "kms:DescribeKey" + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -146,13 +149,13 @@ }, { "Action": [ + "s3:Abort*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -177,21 +180,6 @@ ] } ] - }, - { - "Action": [ - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Decrypt" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "EncryptionKey1B843E66", - "Arn" - ] - } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-stepfunctions-tasks/test/stepfunctions/integ.start-execution.expected.json b/packages/@aws-cdk/aws-stepfunctions-tasks/test/stepfunctions/integ.start-execution.expected.json index cd4621ee4c7f1..966eb60ddfe35 100644 --- a/packages/@aws-cdk/aws-stepfunctions-tasks/test/stepfunctions/integ.start-execution.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions-tasks/test/stepfunctions/integ.start-execution.expected.json @@ -126,9 +126,9 @@ }, { "Action": [ - "events:PutTargets", + "events:DescribeRule", "events:PutRule", - "events:DescribeRule" + "events:PutTargets" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/aws-stepfunctions/test/integ.state-machine.expected.json b/packages/@aws-cdk/aws-stepfunctions/test/integ.state-machine.expected.json index 3899a0ed71b99..971b1de2ed585 100644 --- a/packages/@aws-cdk/aws-stepfunctions/test/integ.state-machine.expected.json +++ b/packages/@aws-cdk/aws-stepfunctions/test/integ.state-machine.expected.json @@ -25,7 +25,8 @@ { "Action": [ "states:ListExecutions", - "states:ListStateMachines" + "states:ListStateMachines", + "states:SendTaskSuccess" ], "Effect": "Allow", "Resource": { @@ -76,19 +77,12 @@ }, { "Action": [ - "states:ListActivities", + "states:DescribeActivity", "states:DescribeStateMachine", - "states:DescribeActivity" + "states:ListActivities" ], "Effect": "Allow", "Resource": "*" - }, - { - "Action": "states:SendTaskSuccess", - "Effect": "Allow", - "Resource": { - "Ref": "StateMachine2E01A3A5" - } } ], "Version": "2012-10-17" diff --git a/packages/@aws-cdk/aws-synthetics/test/integ.canary.expected.json b/packages/@aws-cdk/aws-synthetics/test/integ.canary.expected.json index aa88a65ad353a..9667f7720b948 100644 --- a/packages/@aws-cdk/aws-synthetics/test/integ.canary.expected.json +++ b/packages/@aws-cdk/aws-synthetics/test/integ.canary.expected.json @@ -69,8 +69,8 @@ }, { "Action": [ - "logs:CreateLogStream", "logs:CreateLogGroup", + "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", @@ -264,8 +264,8 @@ }, { "Action": [ - "logs:CreateLogStream", "logs:CreateLogGroup", + "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", @@ -493,8 +493,8 @@ }, { "Action": [ - "logs:CreateLogStream", "logs:CreateLogGroup", + "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", @@ -722,8 +722,8 @@ }, { "Action": [ - "logs:CreateLogStream", "logs:CreateLogGroup", + "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", @@ -951,8 +951,8 @@ }, { "Action": [ - "logs:CreateLogStream", "logs:CreateLogGroup", + "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-synthetics/test/integ.vpc.expected.json b/packages/@aws-cdk/aws-synthetics/test/integ.vpc.expected.json index 612d33ebcd3ca..ca373b57bae03 100644 --- a/packages/@aws-cdk/aws-synthetics/test/integ.vpc.expected.json +++ b/packages/@aws-cdk/aws-synthetics/test/integ.vpc.expected.json @@ -496,8 +496,8 @@ }, { "Action": [ - "logs:CreateLogStream", "logs:CreateLogGroup", + "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/core/lib/feature-flags.ts b/packages/@aws-cdk/core/lib/feature-flags.ts index 926a60168732f..44fd5e138bdc7 100644 --- a/packages/@aws-cdk/core/lib/feature-flags.ts +++ b/packages/@aws-cdk/core/lib/feature-flags.ts @@ -1,5 +1,5 @@ import * as cxapi from '@aws-cdk/cx-api'; -import { Construct } from '../lib/construct-compat'; +import { IConstruct } from '../lib/construct-compat'; /** * Features that are implemented behind a flag in order to preserve backwards @@ -12,11 +12,11 @@ export class FeatureFlags { /** * Inspect feature flags on the construct node's context. */ - public static of(scope: Construct) { + public static of(scope: IConstruct) { return new FeatureFlags(scope); } - private constructor(private readonly construct: Construct) {} + private constructor(private readonly construct: IConstruct) {} /** * Check whether a feature flag is enabled. If configured, the flag is present in diff --git a/packages/@aws-cdk/custom-resources/test/aws-custom-resource/integ.aws-custom-resource.expected.json b/packages/@aws-cdk/custom-resources/test/aws-custom-resource/integ.aws-custom-resource.expected.json index 2cad60974266d..38a11e5519402 100644 --- a/packages/@aws-cdk/custom-resources/test/aws-custom-resource/integ.aws-custom-resource.expected.json +++ b/packages/@aws-cdk/custom-resources/test/aws-custom-resource/integ.aws-custom-resource.expected.json @@ -109,7 +109,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersbd060cb930079c194320bc9a045d159066215c3a4858c45bdb12a79ef9a1edbaS3BucketACF45CC2" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16" }, "S3Key": { "Fn::Join": [ @@ -122,7 +122,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersbd060cb930079c194320bc9a045d159066215c3a4858c45bdb12a79ef9a1edbaS3VersionKeyBCA0A3F3" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -135,7 +135,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersbd060cb930079c194320bc9a045d159066215c3a4858c45bdb12a79ef9a1edbaS3VersionKeyBCA0A3F3" + "Ref": "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B" } ] } @@ -274,17 +274,17 @@ } }, "Parameters": { - "AssetParametersbd060cb930079c194320bc9a045d159066215c3a4858c45bdb12a79ef9a1edbaS3BucketACF45CC2": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3Bucket36F31A16": { "Type": "String", - "Description": "S3 bucket for asset \"bd060cb930079c194320bc9a045d159066215c3a4858c45bdb12a79ef9a1edba\"" + "Description": "S3 bucket for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParametersbd060cb930079c194320bc9a045d159066215c3a4858c45bdb12a79ef9a1edbaS3VersionKeyBCA0A3F3": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87S3VersionKeyF80D542B": { "Type": "String", - "Description": "S3 key for asset version \"bd060cb930079c194320bc9a045d159066215c3a4858c45bdb12a79ef9a1edba\"" + "Description": "S3 key for asset version \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" }, - "AssetParametersbd060cb930079c194320bc9a045d159066215c3a4858c45bdb12a79ef9a1edbaArtifactHashF3AE56EF": { + "AssetParameters3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87ArtifactHash40DDF5EE": { "Type": "String", - "Description": "Artifact hash for asset \"bd060cb930079c194320bc9a045d159066215c3a4858c45bdb12a79ef9a1edba\"" + "Description": "Artifact hash for asset \"3744fa896361f81b76b1efde632ac07b1920ce09a4ca1ff15ab486f262a19b87\"" } }, "Outputs": { diff --git a/packages/@aws-cdk/custom-resources/test/provider-framework/integ.provider.expected.json b/packages/@aws-cdk/custom-resources/test/provider-framework/integ.provider.expected.json index aa0407ca5b164..41f5b0d8d5884 100644 --- a/packages/@aws-cdk/custom-resources/test/provider-framework/integ.provider.expected.json +++ b/packages/@aws-cdk/custom-resources/test/provider-framework/integ.provider.expected.json @@ -62,12 +62,12 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", - "s3:PutObject*", - "s3:Abort*" + "s3:PutObject*" ], "Effect": "Allow", "Resource": "*" @@ -200,7 +200,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -213,7 +213,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -226,7 +226,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -428,8 +428,8 @@ "Statement": [ { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -540,22 +540,20 @@ { "Action": "lambda:InvokeFunction", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "comamazonawscdkcustomresourcess3assertproviders3assertoneventF1EEF783", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "comamazonawscdkcustomresourcess3assertproviders3assertiscomplete6AC08EF9", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "comamazonawscdkcustomresourcess3assertproviders3assertiscomplete6AC08EF9", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "comamazonawscdkcustomresourcess3assertproviders3assertoneventF1EEF783", + "Arn" + ] + } + ] }, { "Action": "states:StartExecution", @@ -580,7 +578,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -593,7 +591,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -606,7 +604,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -690,22 +688,20 @@ { "Action": "lambda:InvokeFunction", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "comamazonawscdkcustomresourcess3assertproviders3assertoneventF1EEF783", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "comamazonawscdkcustomresourcess3assertproviders3assertiscomplete6AC08EF9", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "comamazonawscdkcustomresourcess3assertproviders3assertiscomplete6AC08EF9", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "comamazonawscdkcustomresourcess3assertproviders3assertoneventF1EEF783", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -723,7 +719,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -736,7 +732,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -749,7 +745,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -830,22 +826,20 @@ { "Action": "lambda:InvokeFunction", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "comamazonawscdkcustomresourcess3assertproviders3assertoneventF1EEF783", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "comamazonawscdkcustomresourcess3assertproviders3assertiscomplete6AC08EF9", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "comamazonawscdkcustomresourcess3assertproviders3assertiscomplete6AC08EF9", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "comamazonawscdkcustomresourcess3assertproviders3assertoneventF1EEF783", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -863,7 +857,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -876,7 +870,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -889,7 +883,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -967,22 +961,20 @@ { "Action": "lambda:InvokeFunction", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "comamazonawscdkcustomresourcess3assertproviderframeworkisComplete63829575", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "comamazonawscdkcustomresourcess3assertproviderframeworkonTimeoutA1E1E5DC", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "comamazonawscdkcustomresourcess3assertproviderframeworkisComplete63829575", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "comamazonawscdkcustomresourcess3assertproviderframeworkonTimeoutA1E1E5DC", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -1046,17 +1038,17 @@ "Type": "String", "Description": "Artifact hash for asset \"192597c3e09c72bcb5fca6899fca0b42745cb003a702e275a7f96123a9baf590\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3BucketDC4B98B1": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1S3VersionKeyA495226F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParametersdaeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1ArtifactHashA521A16F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"daeb79e3cee39c9b902dc0d5c780223e227ed573ea60976252947adab5fb2be1\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, "AssetParameters4bafad8d010ba693e235b77d2c6decfc2ac79a8208d4477cbb36d31caf7189e8S3Bucket0DB889DF": { "Type": "String", diff --git a/packages/@aws-cdk/cx-api/lib/features.ts b/packages/@aws-cdk/cx-api/lib/features.ts index 9278717ef1c15..9b5dc4e872892 100644 --- a/packages/@aws-cdk/cx-api/lib/features.ts +++ b/packages/@aws-cdk/cx-api/lib/features.ts @@ -215,6 +215,15 @@ export const ECS_SERVICE_EXTENSIONS_ENABLE_DEFAULT_LOG_DRIVER = '@aws-cdk-contai */ export const EC2_UNIQUE_IMDSV2_LAUNCH_TEMPLATE_NAME = '@aws-cdk/aws-ec2:uniqueImdsv2TemplateName'; +/** + * Minimize IAM policies by combining Principals, Actions and Resources of two + * Statements in the policies, as long as it doesn't change the meaning of the + * policy. + * + * [PERMANENT] + */ +export const IAM_MINIMIZE_POLICIES = '@aws-cdk/aws-iam:minimizePolicies'; + /** * Flag values that should apply for new projects * @@ -240,6 +249,7 @@ export const FUTURE_FLAGS: { [key: string]: boolean } = { [CLOUDFRONT_DEFAULT_SECURITY_POLICY_TLS_V1_2_2021]: true, [ECS_SERVICE_EXTENSIONS_ENABLE_DEFAULT_LOG_DRIVER]: true, [EC2_UNIQUE_IMDSV2_LAUNCH_TEMPLATE_NAME]: true, + [IAM_MINIMIZE_POLICIES]: true, }; /** diff --git a/packages/@aws-cdk/lambda-layer-awscli/test/integ.awscli-layer.expected.json b/packages/@aws-cdk/lambda-layer-awscli/test/integ.awscli-layer.expected.json index d37e67106e0cf..8be04c1e89ab7 100644 --- a/packages/@aws-cdk/lambda-layer-awscli/test/integ.awscli-layer.expected.json +++ b/packages/@aws-cdk/lambda-layer-awscli/test/integ.awscli-layer.expected.json @@ -5,7 +5,7 @@ "Properties": { "Content": { "S3Bucket": { - "Ref": "AssetParametersba23ea22aa357b771a4ebc95be163f8848dafee07daf2333380d3b890472d1f3S3BucketD774C319" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488" }, "S3Key": { "Fn::Join": [ @@ -18,7 +18,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersba23ea22aa357b771a4ebc95be163f8848dafee07daf2333380d3b890472d1f3S3VersionKey9C5C53B3" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -31,7 +31,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParametersba23ea22aa357b771a4ebc95be163f8848dafee07daf2333380d3b890472d1f3S3VersionKey9C5C53B3" + "Ref": "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2" } ] } @@ -198,7 +198,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cS3BucketBA45D90E" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -211,7 +211,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cS3VersionKey1021C50F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -224,7 +224,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cS3VersionKey1021C50F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -427,7 +427,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cS3BucketBA45D90E" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -440,7 +440,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cS3VersionKey1021C50F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -453,7 +453,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cS3VersionKey1021C50F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -656,7 +656,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cS3BucketBA45D90E" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A" }, "S3Key": { "Fn::Join": [ @@ -669,7 +669,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cS3VersionKey1021C50F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -682,7 +682,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cS3VersionKey1021C50F" + "Ref": "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6" } ] } @@ -733,17 +733,17 @@ } }, "Parameters": { - "AssetParametersba23ea22aa357b771a4ebc95be163f8848dafee07daf2333380d3b890472d1f3S3BucketD774C319": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3BucketE02B5488": { "Type": "String", - "Description": "S3 bucket for asset \"ba23ea22aa357b771a4ebc95be163f8848dafee07daf2333380d3b890472d1f3\"" + "Description": "S3 bucket for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParametersba23ea22aa357b771a4ebc95be163f8848dafee07daf2333380d3b890472d1f3S3VersionKey9C5C53B3": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95S3VersionKey4D8E71F2": { "Type": "String", - "Description": "S3 key for asset version \"ba23ea22aa357b771a4ebc95be163f8848dafee07daf2333380d3b890472d1f3\"" + "Description": "S3 key for asset version \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, - "AssetParametersba23ea22aa357b771a4ebc95be163f8848dafee07daf2333380d3b890472d1f3ArtifactHash4F540915": { + "AssetParametersf331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95ArtifactHash16B60F6C": { "Type": "String", - "Description": "Artifact hash for asset \"ba23ea22aa357b771a4ebc95be163f8848dafee07daf2333380d3b890472d1f3\"" + "Description": "Artifact hash for asset \"f331b32a8ad8983464106a58e420e7bc7e6341ba2ffb8ac9ad350d7e32845d95\"" }, "AssetParameters5dff6208ccd5fb196bb0354fd6e47faa8431a789e6125d20386586fef761ed48S3Bucket1DD21439": { "Type": "String", @@ -757,17 +757,17 @@ "Type": "String", "Description": "Artifact hash for asset \"5dff6208ccd5fb196bb0354fd6e47faa8431a789e6125d20386586fef761ed48\"" }, - "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cS3BucketBA45D90E": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3BucketB4102E9A": { "Type": "String", - "Description": "S3 bucket for asset \"733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8c\"" + "Description": "S3 bucket for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cS3VersionKey1021C50F": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391S3VersionKeyC1EC3ED6": { "Type": "String", - "Description": "S3 key for asset version \"733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8c\"" + "Description": "S3 key for asset version \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" }, - "AssetParameters733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8cArtifactHash371618FE": { + "AssetParameters5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391ArtifactHashA391D940": { "Type": "String", - "Description": "Artifact hash for asset \"733a1180c316ce99003dfcfd7bd70d8039134b3fbac69643f144aceea90d6b8c\"" + "Description": "Artifact hash for asset \"5b47c8e4cbbce7e4a8085f1aa83ed9c4691b7f65927ba092d6620bbba925f391\"" } } } \ No newline at end of file diff --git a/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json b/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json index 8aa6f3c8893ca..1f0deaf6dc981 100644 --- a/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.newpipeline-with-vpc.expected.json @@ -580,8 +580,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -662,16 +662,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -700,69 +700,55 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineAssetsFileAsset1CodePipelineActionRoleC0EC649A", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineAssetsFileAsset2CodePipelineActionRole06965A59", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineAssetsFileAsset1CodePipelineActionRoleC0EC649A", + "Arn" ] - ] - } + }, + { + "Fn::GetAtt": [ + "PipelineAssetsFileAsset2CodePipelineActionRole06965A59", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineBuildSynthCodePipelineActionRole4E7A6C97", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + ] } ], "Version": "2012-10-17" @@ -1225,7 +1211,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } + }, + ":*" ] ] }, @@ -1240,8 +1227,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" + } ] ] } @@ -1249,11 +1235,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1275,16 +1261,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -1402,11 +1388,11 @@ { "Action": [ "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow", @@ -1796,7 +1782,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } + }, + ":*" ] ] }, @@ -1811,8 +1798,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" + } ] ] } @@ -1820,11 +1806,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1859,19 +1845,17 @@ "Resource": "arn:*:iam::12345678:role/*" }, { - "Action": "cloudformation:DescribeStacks", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:ListBucket", + "Action": [ + "cloudformation:DescribeStacks", + "s3:ListBucket" + ], "Effect": "Allow", "Resource": "*" }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1990,11 +1974,11 @@ { "Action": [ "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow", @@ -2016,13 +2000,6 @@ "Properties": { "AssumeRolePolicyDocument": { "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - }, { "Action": "sts:AssumeRole", "Effect": "Allow", @@ -2038,7 +2015,8 @@ ":iam::12345678:root" ] ] - } + }, + "Service": "codebuild.amazonaws.com" } } ], @@ -2073,11 +2051,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -2105,11 +2083,9 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" - } - ] + "Resource": { + "Fn::Sub": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } }, { "Action": "ec2:CreateNetworkInterfacePermission", @@ -2213,8 +2189,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -2333,11 +2309,11 @@ { "Action": [ "ec2:CreateNetworkInterface", - "ec2:DescribeNetworkInterfaces", "ec2:DeleteNetworkInterface", - "ec2:DescribeSubnets", - "ec2:DescribeSecurityGroups", "ec2:DescribeDhcpOptions", + "ec2:DescribeNetworkInterfaces", + "ec2:DescribeSecurityGroups", + "ec2:DescribeSubnets", "ec2:DescribeVpcs" ], "Effect": "Allow", @@ -2462,4 +2438,4 @@ ] } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json b/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json index 414a43cc3fd0e..7914350f39b6f 100644 --- a/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.newpipeline.expected.json @@ -66,8 +66,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -148,16 +148,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -186,49 +186,43 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":role/cdk-hnb659fds-deploy-role-", - { - "Ref": "AWS::AccountId" - }, - "-", - { - "Ref": "AWS::Region" - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineBuildSynthCodePipelineActionRole4E7A6C97", + "Arn" ] - ] - } + }, + { + "Fn::GetAtt": [ + "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":role/cdk-hnb659fds-deploy-role-", + { + "Ref": "AWS::AccountId" + }, + "-", + { + "Ref": "AWS::Region" + } + ] + ] + } + ] } ], "Version": "2012-10-17" @@ -1922,7 +1916,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } + }, + ":*" ] ] }, @@ -1937,8 +1932,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" + } ] ] } @@ -1946,11 +1940,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1972,16 +1966,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -2205,7 +2199,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } + }, + ":*" ] ] }, @@ -2220,8 +2215,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" + } ] ] } @@ -2229,11 +2223,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -2268,19 +2262,17 @@ "Resource": "arn:*:iam::12345678:role/*" }, { - "Action": "cloudformation:DescribeStacks", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:ListBucket", + "Action": [ + "cloudformation:DescribeStacks", + "s3:ListBucket" + ], "Effect": "Allow", "Resource": "*" }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -2383,4 +2375,4 @@ ] } } -} +} \ No newline at end of file diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json index f9f2ec14d2199..84aaaf68dabde 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-security.expected.json @@ -139,8 +139,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -210,16 +210,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -250,8 +250,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -264,108 +264,74 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleFF6E43E2", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineUnattachedStageSingleStageManualApprovalCodePipelineActionRoleF7A614C8", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRole4E54C194", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelinePreProductionPreProductionManualApprovalCodePipelineActionRole81B9C4F9", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRole399C68A6", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelinePreProductionSafeProductionManualApprovalCodePipelineActionRole4F30C0D9", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRole8D10AA6D", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineNoSecurityCheckEnableSecurityCheckManualApprovalCodePipelineActionRole27FC4015", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + "Resource": [ + { + "Fn::GetAtt": [ + "TestPipelineBuildSynthCodePipelineActionRoleF7BF5926", + "Arn" ] - ] - } + }, + { + "Fn::GetAtt": [ + "TestPipelineNoSecurityCheckEnableSecurityCheckManualApprovalCodePipelineActionRole27FC4015", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "TestPipelineNoSecurityCheckEnableSecurityCheckSecurityCheckCodePipelineActionRole8D10AA6D", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "TestPipelinePreProductionPreProductionManualApprovalCodePipelineActionRole81B9C4F9", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "TestPipelinePreProductionPreProductionSecurityCheckCodePipelineActionRole4E54C194", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "TestPipelinePreProductionSafeProductionManualApprovalCodePipelineActionRole4F30C0D9", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "TestPipelinePreProductionSafeProductionSecurityCheckCodePipelineActionRole399C68A6", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "TestPipelineUnattachedStageSingleStageManualApprovalCodePipelineActionRoleF7A614C8", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "TestPipelineUnattachedStageSingleStageSecurityCheckCodePipelineActionRoleFF6E43E2", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ] + ] + } + ] } ], "Version": "2012-10-17" @@ -1259,7 +1225,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" - } + }, + ":*" ] ] }, @@ -1274,8 +1241,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "TestPipelineBuildSynthCdkBuildProject755D4B01" - }, - ":*" + } ] ] } @@ -1283,11 +1249,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1309,16 +1275,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -1349,23 +1315,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -1894,7 +1845,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - } + }, + ":*" ] ] }, @@ -1909,8 +1861,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "TestPipelinePipelineApplicationSecurityCheckCDKSecurityCheckBEE4547C" - }, - ":*" + } ] ] } @@ -1918,11 +1869,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1973,8 +1924,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -2004,22 +1955,10 @@ { "Action": [ "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", + "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -2208,7 +2147,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" - } + }, + ":*" ] ] }, @@ -2223,8 +2163,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "UnattachedStageStageApplicationSecurityCheckCDKSecurityCheckADCE795B" - }, - ":*" + } ] ] } @@ -2232,11 +2171,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -2287,8 +2226,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -2318,22 +2257,10 @@ { "Action": [ "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "TestPipelineArtifactsBucketEncryptionKey13258842", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", + "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json index 26cecb377ee68..cd761893998ed 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets-single-upload.expected.json @@ -139,8 +139,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -210,16 +210,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -250,8 +250,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -264,58 +264,44 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineAssetsFileRole59943A77", + "Arn" ] - ] - } + }, + { + "Fn::GetAtt": [ + "PipelineBuildSynthCodePipelineActionRole4E7A6C97", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ] + ] + } + ] } ], "Version": "2012-10-17" @@ -695,7 +681,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } + }, + ":*" ] ] }, @@ -710,8 +697,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" + } ] ] } @@ -719,11 +705,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -745,16 +731,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -785,23 +771,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -1021,7 +992,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } + }, + ":*" ] ] }, @@ -1036,8 +1008,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - ":*" + } ] ] } @@ -1045,11 +1016,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1071,8 +1042,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1102,22 +1073,10 @@ { "Action": [ "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", + "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -1213,7 +1172,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } + }, + ":*" ] ] }, @@ -1228,8 +1188,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" + } ] ] } @@ -1237,11 +1196,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1276,19 +1235,17 @@ "Resource": "arn:*:iam::12345678:role/*" }, { - "Action": "cloudformation:DescribeStacks", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:ListBucket", + "Action": [ + "cloudformation:DescribeStacks", + "s3:ListBucket" + ], "Effect": "Allow", "Resource": "*" }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1318,22 +1275,10 @@ { "Action": [ "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", + "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -1393,13 +1338,6 @@ "Properties": { "AssumeRolePolicyDocument": { "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - }, { "Action": "sts:AssumeRole", "Effect": "Allow", @@ -1415,7 +1353,8 @@ ":iam::12345678:root" ] ] - } + }, + "Service": "codebuild.amazonaws.com" } } ], @@ -1450,11 +1389,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1482,16 +1421,14 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" - } - ] + "Resource": { + "Fn::Sub": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" + } }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json index c757e3097d633..89fe06e7c3e32 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-assets.expected.json @@ -139,8 +139,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -210,16 +210,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -250,8 +250,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -264,58 +264,44 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineAssetsFileRole59943A77", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineAssetsFileRole59943A77", + "Arn" ] - ] - } + }, + { + "Fn::GetAtt": [ + "PipelineBuildSynthCodePipelineActionRole4E7A6C97", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ] + ] + } + ] } ], "Version": "2012-10-17" @@ -722,7 +708,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } + }, + ":*" ] ] }, @@ -737,8 +724,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" + } ] ] } @@ -746,11 +732,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -772,16 +758,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -812,23 +798,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -1048,7 +1019,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } + }, + ":*" ] ] }, @@ -1063,8 +1035,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - ":*" + } ] ] } @@ -1072,11 +1043,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1098,8 +1069,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1129,22 +1100,10 @@ { "Action": [ "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", + "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -1240,7 +1199,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } + }, + ":*" ] ] }, @@ -1255,8 +1215,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" + } ] ] } @@ -1264,11 +1223,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1303,19 +1262,17 @@ "Resource": "arn:*:iam::12345678:role/*" }, { - "Action": "cloudformation:DescribeStacks", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:ListBucket", + "Action": [ + "cloudformation:DescribeStacks", + "s3:ListBucket" + ], "Effect": "Allow", "Resource": "*" }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1345,22 +1302,10 @@ { "Action": [ "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", + "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -1420,13 +1365,6 @@ "Properties": { "AssumeRolePolicyDocument": { "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "codebuild.amazonaws.com" - } - }, { "Action": "sts:AssumeRole", "Effect": "Allow", @@ -1442,7 +1380,8 @@ ":iam::12345678:root" ] ] - } + }, + "Service": "codebuild.amazonaws.com" } } ], @@ -1477,11 +1416,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1509,16 +1448,14 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": [ - { - "Fn::Sub": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" - } - ] + "Resource": { + "Fn::Sub": "arn:${AWS::Partition}:iam::12345678:role/cdk-hnb659fds-file-publishing-role-12345678-test-region" + } }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json index ccc779347f32f..49ac746217192 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline-with-variables.expected.json @@ -93,16 +93,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -131,32 +131,26 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineMyWaveProduceCodePipelineActionRoleE0DCE9D3", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineMyWaveConsumeCodePipelineActionRole7FAA4EFA", - "Arn" - ] - } + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineBuildSynthCodePipelineActionRole4E7A6C97", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineMyWaveConsumeCodePipelineActionRole7FAA4EFA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineMyWaveProduceCodePipelineActionRoleE0DCE9D3", + "Arn" + ] + } + ] } ], "Version": "2012-10-17" @@ -356,7 +350,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } + }, + ":*" ] ] }, @@ -371,8 +366,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" + } ] ] } @@ -380,11 +374,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -406,16 +400,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -581,7 +575,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveProduce884410D6" - } + }, + ":*" ] ] }, @@ -596,8 +591,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveProduce884410D6" - }, - ":*" + } ] ] } @@ -605,11 +599,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -631,8 +625,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -799,7 +793,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveConsumeC5D5CCD7" - } + }, + ":*" ] ] }, @@ -814,8 +809,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineMyWaveConsumeC5D5CCD7" - }, - ":*" + } ] ] } @@ -823,11 +817,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -849,8 +843,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json b/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json index ab3e7cbede27a..4674a0e8891fa 100644 --- a/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json +++ b/packages/@aws-cdk/pipelines/test/integ.pipeline.expected.json @@ -139,8 +139,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -210,16 +210,16 @@ "Statement": [ { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -250,8 +250,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -264,48 +264,38 @@ { "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineBuildSynthCodePipelineActionRole4E7A6C97", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", - "Arn" - ] - } - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineBuildSynthCodePipelineActionRole4E7A6C97", + "Arn" ] - ] - } + }, + { + "Fn::GetAtt": [ + "PipelinePreProdUseSourceCodePipelineActionRoleA2043BDA", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PipelineUpdatePipelineSelfMutateCodePipelineActionRoleD6D4E5CF", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::12345678:role/cdk-hnb659fds-deploy-role-12345678-test-region" + ] + ] + } + ] } ], "Version": "2012-10-17" @@ -653,7 +643,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - } + }, + ":*" ] ] }, @@ -668,8 +659,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineBuildSynthCdkBuildProject6BEFA8E6" - }, - ":*" + } ] ] } @@ -677,11 +667,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -703,16 +693,16 @@ }, { "Action": [ - "s3:GetObject*", + "s3:Abort*", + "s3:DeleteObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*", - "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*" + "s3:PutObjectVersionTagging" ], "Effect": "Allow", "Resource": [ @@ -743,23 +733,8 @@ "kms:Decrypt", "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -979,7 +954,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" - } + }, + ":*" ] ] }, @@ -994,8 +970,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelinePreProdUseSourceProject2E711EB4" - }, - ":*" + } ] ] } @@ -1003,11 +978,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1029,8 +1004,8 @@ }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1060,22 +1035,10 @@ { "Action": [ "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", + "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { @@ -1171,7 +1134,8 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - } + }, + ":*" ] ] }, @@ -1186,8 +1150,7 @@ ":logs:test-region:12345678:log-group:/aws/codebuild/", { "Ref": "PipelineUpdatePipelineSelfMutationDAA41400" - }, - ":*" + } ] ] } @@ -1195,11 +1158,11 @@ }, { "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", + "codebuild:BatchPutCodeCoverages", "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages" + "codebuild:CreateReport", + "codebuild:CreateReportGroup", + "codebuild:UpdateReport" ], "Effect": "Allow", "Resource": { @@ -1234,19 +1197,17 @@ "Resource": "arn:*:iam::12345678:role/*" }, { - "Action": "cloudformation:DescribeStacks", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "s3:ListBucket", + "Action": [ + "cloudformation:DescribeStacks", + "s3:ListBucket" + ], "Effect": "Allow", "Resource": "*" }, { "Action": [ - "s3:GetObject*", "s3:GetBucket*", + "s3:GetObject*", "s3:List*" ], "Effect": "Allow", @@ -1276,22 +1237,10 @@ { "Action": [ "kms:Decrypt", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PipelineArtifactsBucketEncryptionKeyF5BF0670", - "Arn" - ] - } - }, - { - "Action": [ - "kms:Decrypt", + "kms:DescribeKey", "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*" + "kms:GenerateDataKey*", + "kms:ReEncrypt*" ], "Effect": "Allow", "Resource": { diff --git a/packages/@aws-cdk/triggers/test/integ.triggers.expected.json b/packages/@aws-cdk/triggers/test/integ.triggers.expected.json index 94a0cf390bc50..2cc1fbdf44f0f 100644 --- a/packages/@aws-cdk/triggers/test/integ.triggers.expected.json +++ b/packages/@aws-cdk/triggers/test/integ.triggers.expected.json @@ -59,14 +59,6 @@ "MyFunctionServiceRole3C357FF2" ] }, - "MyFunctionCurrentVersion197490AF776ea8de2edf446759649703b18110a4": { - "Type": "AWS::Lambda::Version", - "Properties": { - "FunctionName": { - "Ref": "MyFunction3BAA72D1" - } - } - }, "MyFunctionTriggerDB129D7B": { "Type": "Custom::Trigger", "Properties": { @@ -86,6 +78,14 @@ "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete" }, + "MyFunctionCurrentVersion197490AF776ea8de2edf446759649703b18110a4": { + "Type": "AWS::Lambda::Version", + "Properties": { + "FunctionName": { + "Ref": "MyFunction3BAA72D1" + } + } + }, "AWSCDKTriggerCustomResourceProviderCustomResourceProviderRoleE18FAF0A": { "Type": "AWS::IAM::Role", "Properties": { @@ -134,7 +134,7 @@ "Properties": { "Code": { "S3Bucket": { - "Ref": "AssetParameters9a94767d68ec7d462ebafb65903f259f527cae0775d02a4eb2db7ac720bc61ffS3Bucket8B4BAF9C" + "Ref": "AssetParameters2c42061ddceb234b56276636e22d41e1651d112e8086384492e236481b34021aS3BucketD06FCCA6" }, "S3Key": { "Fn::Join": [ @@ -147,7 +147,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters9a94767d68ec7d462ebafb65903f259f527cae0775d02a4eb2db7ac720bc61ffS3VersionKey2B3BD417" + "Ref": "AssetParameters2c42061ddceb234b56276636e22d41e1651d112e8086384492e236481b34021aS3VersionKey096A7311" } ] } @@ -160,7 +160,7 @@ "Fn::Split": [ "||", { - "Ref": "AssetParameters9a94767d68ec7d462ebafb65903f259f527cae0775d02a4eb2db7ac720bc61ffS3VersionKey2B3BD417" + "Ref": "AssetParameters2c42061ddceb234b56276636e22d41e1651d112e8086384492e236481b34021aS3VersionKey096A7311" } ] } @@ -187,17 +187,17 @@ } }, "Parameters": { - "AssetParameters9a94767d68ec7d462ebafb65903f259f527cae0775d02a4eb2db7ac720bc61ffS3Bucket8B4BAF9C": { + "AssetParameters2c42061ddceb234b56276636e22d41e1651d112e8086384492e236481b34021aS3BucketD06FCCA6": { "Type": "String", - "Description": "S3 bucket for asset \"9a94767d68ec7d462ebafb65903f259f527cae0775d02a4eb2db7ac720bc61ff\"" + "Description": "S3 bucket for asset \"2c42061ddceb234b56276636e22d41e1651d112e8086384492e236481b34021a\"" }, - "AssetParameters9a94767d68ec7d462ebafb65903f259f527cae0775d02a4eb2db7ac720bc61ffS3VersionKey2B3BD417": { + "AssetParameters2c42061ddceb234b56276636e22d41e1651d112e8086384492e236481b34021aS3VersionKey096A7311": { "Type": "String", - "Description": "S3 key for asset version \"9a94767d68ec7d462ebafb65903f259f527cae0775d02a4eb2db7ac720bc61ff\"" + "Description": "S3 key for asset version \"2c42061ddceb234b56276636e22d41e1651d112e8086384492e236481b34021a\"" }, - "AssetParameters9a94767d68ec7d462ebafb65903f259f527cae0775d02a4eb2db7ac720bc61ffArtifactHash4518D68D": { + "AssetParameters2c42061ddceb234b56276636e22d41e1651d112e8086384492e236481b34021aArtifactHash5F581B6B": { "Type": "String", - "Description": "Artifact hash for asset \"9a94767d68ec7d462ebafb65903f259f527cae0775d02a4eb2db7ac720bc61ff\"" + "Description": "Artifact hash for asset \"2c42061ddceb234b56276636e22d41e1651d112e8086384492e236481b34021a\"" } } } \ No newline at end of file diff --git a/tools/@aws-cdk/cdk-integ-tools/lib/integ-helpers.ts b/tools/@aws-cdk/cdk-integ-tools/lib/integ-helpers.ts index 775ed5202d405..8c40f6a55dd22 100644 --- a/tools/@aws-cdk/cdk-integ-tools/lib/integ-helpers.ts +++ b/tools/@aws-cdk/cdk-integ-tools/lib/integ-helpers.ts @@ -1,4 +1,5 @@ // Helper functions for integration tests +import * as assert from 'assert'; import { spawnSync } from 'child_process'; import * as path from 'path'; import { AVAILABILITY_ZONE_FALLBACK_CONTEXT_KEY, FUTURE_FLAGS, TARGET_PARTITIONS } from '@aws-cdk/cx-api'; @@ -245,7 +246,21 @@ export class IntegrationTest { return JSON.parse(await fs.readFile(this.expectedFilePath, { encoding: 'utf-8' })); } + /** + * Write the expected JSON to the given file + * + * Only write the file if the evaluated contents of the JSON are actually + * different. This prevents silly diffs where different JSON stringifications + * lead to different spacings or ordering, even if nothing actually changed in + * the file. + */ public async writeExpected(actual: any) { + if (await fs.pathExists(this.expectedFilePath)) { + const original = await fs.readJson(this.expectedFilePath); + if (deepEqual(original, actual)) { + return; // Nothing to do + } + } await fs.writeFile(this.expectedFilePath, JSON.stringify(actual, undefined, 2), { encoding: 'utf-8' }); } @@ -403,3 +418,12 @@ function exec(commandLine: string[], options: { cwd?: string, json?: boolean, ve throw new Error('Command output is not JSON'); } } + +function deepEqual(a: any, b: any) { + try { + assert.deepEqual(a, b); + return true; + } catch (e) { + return false; + } +} \ No newline at end of file