-
Notifications
You must be signed in to change notification settings - Fork 14
/
template.json
1 lines (1 loc) · 24.7 KB
/
template.json
1
{"Resources": {"DataBucketsdsidtestB2A00F19": {"Type": "AWS::S3::Bucket", "Properties": {"BucketName": "sds-data-sdsid-test", "PublicAccessBlockConfiguration": {"BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true}, "Tags": [{"Key": "aws-cdk:auto-delete-objects", "Value": "true"}], "VersioningConfiguration": {"Status": "Enabled"}}, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete"}, "DataBucketsdsidtestPolicy4D34E6B3": {"Type": "AWS::S3::BucketPolicy", "Properties": {"Bucket": {"Ref": "DataBucketsdsidtestB2A00F19"}, "PolicyDocument": {"Statement": [{"Action": ["s3:GetBucket*", "s3:List*", "s3:DeleteObject*"], "Effect": "Allow", "Principal": {"AWS": {"Fn::GetAtt": ["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn"]}}, "Resource": [{"Fn::GetAtt": ["DataBucketsdsidtestB2A00F19", "Arn"]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["DataBucketsdsidtestB2A00F19", "Arn"]}, "/*"]]}]}], "Version": "2012-10-17"}}}, "DataBucketsdsidtestAutoDeleteObjectsCustomResourceBB9573CF": {"Type": "Custom::S3AutoDeleteObjects", "Properties": {"ServiceToken": {"Fn::GetAtt": ["CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", "Arn"]}, "BucketName": {"Ref": "DataBucketsdsidtestB2A00F19"}}, "DependsOn": ["DataBucketsdsidtestPolicy4D34E6B3"], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete"}, "DataBucketsdsidtestNotificationsF374BE58": {"Type": "Custom::S3BucketNotifications", "Properties": {"ServiceToken": {"Fn::GetAtt": ["BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691", "Arn"]}, "BucketName": {"Ref": "DataBucketsdsidtestB2A00F19"}, "NotificationConfiguration": {"LambdaFunctionConfigurations": [{"Events": ["s3:ObjectCreated:*"], "LambdaFunctionArn": {"Fn::GetAtt": ["IndexerLambdaC328A36D", "Arn"]}}]}, "Managed": true}, "DependsOn": ["DataBucketsdsidtestAllowBucketNotificationsTostacksdsidtestIndexerLambdaFC7E8CA5888A3646"]}, "DataBucketsdsidtestAllowBucketNotificationsTostacksdsidtestIndexerLambdaFC7E8CA5888A3646": {"Type": "AWS::Lambda::Permission", "Properties": {"Action": "lambda:InvokeFunction", "FunctionName": {"Fn::GetAtt": ["IndexerLambdaC328A36D", "Arn"]}, "Principal": "s3.amazonaws.com", "SourceAccount": "1234567890", "SourceArn": {"Fn::GetAtt": ["DataBucketsdsidtestB2A00F19", "Arn"]}}}, "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Version": "2012-10-17", "Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}}]}, "ManagedPolicyArns": [{"Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"}]}}, "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": {"Type": "AWS::Lambda::Function", "Properties": {"Code": {"S3Bucket": "cdk-hnb659fds-assets-1234567890-us-east-1", "S3Key": "a657308e723bb9460b800cb3b47dadb74e28243edfe246bf7755c45ec312eb97.zip"}, "Timeout": 900, "MemorySize": 128, "Handler": "index.handler", "Role": {"Fn::GetAtt": ["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn"]}, "Runtime": "nodejs18.x", "Description": {"Fn::Join": ["", ["Lambda function for auto-deleting objects in ", {"Ref": "DataBucketsdsidtestB2A00F19"}, " S3 bucket."]]}}, "DependsOn": ["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092"]}, "ConfigBucketsdsidtestE97C8392": {"Type": "AWS::S3::Bucket", "Properties": {"BucketName": "sds-config-bucket-sdsid-test", "PublicAccessBlockConfiguration": {"BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true}, "Tags": [{"Key": "aws-cdk:auto-delete-objects", "Value": "true"}, {"Key": "aws-cdk:cr-owned:c8496643", "Value": "true"}], "VersioningConfiguration": {"Status": "Enabled"}}, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete"}, "ConfigBucketsdsidtestPolicyE32B3871": {"Type": "AWS::S3::BucketPolicy", "Properties": {"Bucket": {"Ref": "ConfigBucketsdsidtestE97C8392"}, "PolicyDocument": {"Statement": [{"Action": ["s3:GetBucket*", "s3:List*", "s3:DeleteObject*"], "Effect": "Allow", "Principal": {"AWS": {"Fn::GetAtt": ["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn"]}}, "Resource": [{"Fn::GetAtt": ["ConfigBucketsdsidtestE97C8392", "Arn"]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["ConfigBucketsdsidtestE97C8392", "Arn"]}, "/*"]]}]}], "Version": "2012-10-17"}}}, "ConfigBucketsdsidtestAutoDeleteObjectsCustomResource40C2F9C8": {"Type": "Custom::S3AutoDeleteObjects", "Properties": {"ServiceToken": {"Fn::GetAtt": ["CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", "Arn"]}, "BucketName": {"Ref": "ConfigBucketsdsidtestE97C8392"}}, "DependsOn": ["ConfigBucketsdsidtestPolicyE32B3871"], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete"}, "DeployConfigsdsidtestAwsCliLayer4523DB79": {"Type": "AWS::Lambda::LayerVersion", "Properties": {"Content": {"S3Bucket": "cdk-hnb659fds-assets-1234567890-us-east-1", "S3Key": "e2277687077a2abf9ae1af1cc9565e6715e2ebb62f79ec53aa75a1af9298f642.zip"}, "Description": "/opt/awscli/aws"}}, "DeployConfigsdsidtestCustomResourceE527EED8": {"Type": "Custom::CDKBucketDeployment", "Properties": {"ServiceToken": {"Fn::GetAtt": ["CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536", "Arn"]}, "SourceBucketNames": ["cdk-hnb659fds-assets-1234567890-us-east-1"], "SourceObjectKeys": ["de9c712634bceaedefcc21e96818fecdd47114f5b0a3aa17e646869b83290504.zip"], "DestinationBucketName": {"Ref": "ConfigBucketsdsidtestE97C8392"}, "Prune": true}, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete"}, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265": {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}}], "Version": "2012-10-17"}, "ManagedPolicyArns": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF": {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": ["s3:GetObject*", "s3:GetBucket*", "s3:List*"], "Effect": "Allow", "Resource": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":s3:::cdk-hnb659fds-assets-1234567890-us-east-1"]]}, {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":s3:::cdk-hnb659fds-assets-1234567890-us-east-1/*"]]}]}, {"Action": ["s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:Abort*"], "Effect": "Allow", "Resource": [{"Fn::GetAtt": ["ConfigBucketsdsidtestE97C8392", "Arn"]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["ConfigBucketsdsidtestE97C8392", "Arn"]}, "/*"]]}]}], "Version": "2012-10-17"}, "PolicyName": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", "Roles": [{"Ref": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265"}]}}, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536": {"Type": "AWS::Lambda::Function", "Properties": {"Code": {"S3Bucket": "cdk-hnb659fds-assets-1234567890-us-east-1", "S3Key": "9eb41a5505d37607ac419321497a4f8c21cf0ee1f9b4a6b29aa04301aea5c7fd.zip"}, "Environment": {"Variables": {"AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"}}, "Handler": "index.handler", "Layers": [{"Ref": "DeployConfigsdsidtestAwsCliLayer4523DB79"}], "Role": {"Fn::GetAtt": ["CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265", "Arn"]}, "Runtime": "python3.9", "Timeout": 900}, "DependsOn": ["CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265"]}, "SnapshotBucketsdsidtestD6712097": {"Type": "AWS::S3::Bucket", "Properties": {"BucketName": "sds-os-snapshot-sdsid-test", "PublicAccessBlockConfiguration": {"BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true}, "Tags": [{"Key": "aws-cdk:auto-delete-objects", "Value": "true"}], "VersioningConfiguration": {"Status": "Enabled"}}, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete"}, "SnapshotBucketsdsidtestPolicy171EA35C": {"Type": "AWS::S3::BucketPolicy", "Properties": {"Bucket": {"Ref": "SnapshotBucketsdsidtestD6712097"}, "PolicyDocument": {"Statement": [{"Action": ["s3:GetBucket*", "s3:List*", "s3:DeleteObject*"], "Effect": "Allow", "Principal": {"AWS": {"Fn::GetAtt": ["CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", "Arn"]}}, "Resource": [{"Fn::GetAtt": ["SnapshotBucketsdsidtestD6712097", "Arn"]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["SnapshotBucketsdsidtestD6712097", "Arn"]}, "/*"]]}]}], "Version": "2012-10-17"}}}, "SnapshotBucketsdsidtestAutoDeleteObjectsCustomResource16D351D7": {"Type": "Custom::S3AutoDeleteObjects", "Properties": {"ServiceToken": {"Fn::GetAtt": ["CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", "Arn"]}, "BucketName": {"Ref": "SnapshotBucketsdsidtestD6712097"}}, "DependsOn": ["SnapshotBucketsdsidtestPolicy171EA35C"], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete"}, "SnapshotRole53D7C789": {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "es.amazonaws.com"}}], "Version": "2012-10-17"}}}, "SnapshotRoleDefaultPolicyBDD7C46A": {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": ["s3:ListBucket", "s3:GetObject", "s3:PutObject", "s3:DeleteObject"], "Effect": "Allow", "Resource": [{"Fn::GetAtt": ["SnapshotBucketsdsidtestD6712097", "Arn"]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["SnapshotBucketsdsidtestD6712097", "Arn"]}, "/*"]]}]}], "Version": "2012-10-17"}, "PolicyName": "SnapshotRoleDefaultPolicyBDD7C46A", "Roles": [{"Ref": "SnapshotRole53D7C789"}]}}, "IndexerLambdaServiceRole65EB6F6D": {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}}], "Version": "2012-10-17"}, "ManagedPolicyArns": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}, "IndexerLambdaServiceRoleDefaultPolicy14A23C81": {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": "es:ESHttp*", "Effect": "Allow", "Resource": {"Fn::Join": ["", [{"Fn::ImportValue": "opensearch-sdsid-test:ExportsOutputFnGetAttSDSMetadataDomainsdsidtest99C434CCArn95C863BC"}, "/*"]]}}, {"Action": "s3:GetObject", "Effect": "Allow", "Resource": [{"Fn::Join": ["", [{"Fn::GetAtt": ["DataBucketsdsidtestB2A00F19", "Arn"]}, "/*"]]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["ConfigBucketsdsidtestE97C8392", "Arn"]}, "/*"]]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["SnapshotBucketsdsidtestD6712097", "Arn"]}, "/*"]]}]}, {"Action": "dynamodb:PutItem", "Effect": "Allow", "Resource": "*"}, {"Action": "es:*", "Effect": "Allow", "Resource": {"Fn::Join": ["", [{"Fn::ImportValue": "opensearch-sdsid-test:ExportsOutputFnGetAttSDSMetadataDomainsdsidtest99C434CCArn95C863BC"}, "/*"]]}}, {"Action": "iam:PassRole", "Effect": "Allow", "Resource": {"Fn::GetAtt": ["SnapshotRole53D7C789", "Arn"]}}, {"Action": ["secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret"], "Effect": "Allow", "Resource": {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":secretsmanager:us-east-1:1234567890:secret:sdp-database-creds-sdsid-test-??????"]]}}], "Version": "2012-10-17"}, "PolicyName": "IndexerLambdaServiceRoleDefaultPolicy14A23C81", "Roles": [{"Ref": "IndexerLambdaServiceRole65EB6F6D"}]}}, "IndexerLambdaC328A36D": {"Type": "AWS::Lambda::Function", "Properties": {"Code": {"S3Bucket": "cdk-hnb659fds-assets-1234567890-us-east-1", "S3Key": "0da65ff8b611cbd242828b50b32351a366221c349a77039c012a482f11c4eaaf.zip"}, "Environment": {"Variables": {"OS_ADMIN_USERNAME": "master-user", "OS_DOMAIN": {"Fn::ImportValue": "opensearch-sdsid-test:ExportsOutputFnGetAttSDSMetadataDomainsdsidtest99C434CCDomainEndpointF8B24F34"}, "OS_PORT": "443", "METADATA_INDEX": "metadata", "DATA_TRACKER_INDEX": "data_tracker", "DYNAMODB_TABLE": "imap-data-watcher-sdsid-test", "S3_DATA_BUCKET": {"Fn::Join": ["", ["s3://", {"Ref": "DataBucketsdsidtestB2A00F19"}]]}, "S3_CONFIG_BUCKET_NAME": "sds-config-bucket-sdsid-test", "S3_SNAPSHOT_BUCKET_NAME": "sds-os-snapshot-sdsid-test", "SNAPSHOT_ROLE_ARN": {"Fn::GetAtt": ["SnapshotRole53D7C789", "Arn"]}, "SNAPSHOT_REPO_NAME": "snapshot-repo", "SECRET_ID": "sdp-database-creds-sdsid-test", "REGION": "us-east-1"}}, "FunctionName": "file-indexer-sdsid-test", "Handler": "SDSCode.indexer.lambda_handler", "MemorySize": 1000, "Role": {"Fn::GetAtt": ["IndexerLambdaServiceRole65EB6F6D", "Arn"]}, "Runtime": "python3.9", "Timeout": 900}, "DependsOn": ["IndexerLambdaServiceRoleDefaultPolicy14A23C81", "IndexerLambdaServiceRole65EB6F6D"], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete"}, "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC": {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}}], "Version": "2012-10-17"}, "ManagedPolicyArns": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}, "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36": {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": "s3:PutBucketNotification", "Effect": "Allow", "Resource": "*"}], "Version": "2012-10-17"}, "PolicyName": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", "Roles": [{"Ref": "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC"}]}}, "BucketNotificationsHandler050a0587b7544547bf325f094a3db8347ECC3691": {"Type": "AWS::Lambda::Function", "Properties": {"Description": "AWS CloudFormation handler for \"Custom::S3BucketNotifications\" resources (@aws-cdk/aws-s3)", "Code": {"ZipFile": "import boto3 # type: ignore\nimport json\nimport logging\nimport urllib.request\n\ns3 = boto3.client(\"s3\")\n\nEVENTBRIDGE_CONFIGURATION = 'EventBridgeConfiguration'\n\nCONFIGURATION_TYPES = [\"TopicConfigurations\", \"QueueConfigurations\", \"LambdaFunctionConfigurations\"]\n\ndef handler(event: dict, context):\n response_status = \"SUCCESS\"\n error_message = \"\"\n try:\n props = event[\"ResourceProperties\"]\n bucket = props[\"BucketName\"]\n notification_configuration = props[\"NotificationConfiguration\"]\n request_type = event[\"RequestType\"]\n managed = props.get('Managed', 'true').lower() == 'true'\n stack_id = event['StackId']\n\n if managed:\n config = handle_managed(request_type, notification_configuration)\n else:\n config = handle_unmanaged(bucket, stack_id, request_type, notification_configuration)\n\n put_bucket_notification_configuration(bucket, config)\n except Exception as e:\n logging.exception(\"Failed to put bucket notification configuration\")\n response_status = \"FAILED\"\n error_message = f\"Error: {str(e)}. \"\n finally:\n submit_response(event, context, response_status, error_message)\n\ndef handle_managed(request_type, notification_configuration):\n if request_type == 'Delete':\n return {}\n return notification_configuration\n\ndef handle_unmanaged(bucket, stack_id, request_type, notification_configuration):\n external_notifications = find_external_notifications(bucket, stack_id)\n\n if request_type == 'Delete':\n return external_notifications\n\n def with_id(notification):\n notification['Id'] = f\"{stack_id}-{hash(json.dumps(notification, sort_keys=True))}\"\n return notification\n\n notifications = {}\n for t in CONFIGURATION_TYPES:\n external = external_notifications.get(t, [])\n incoming = [with_id(n) for n in notification_configuration.get(t, [])]\n notifications[t] = external + incoming\n\n if EVENTBRIDGE_CONFIGURATION in notification_configuration:\n notifications[EVENTBRIDGE_CONFIGURATION] = notification_configuration[EVENTBRIDGE_CONFIGURATION]\n elif EVENTBRIDGE_CONFIGURATION in external_notifications:\n notifications[EVENTBRIDGE_CONFIGURATION] = external_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return notifications\n\ndef find_external_notifications(bucket, stack_id):\n existing_notifications = get_bucket_notification_configuration(bucket)\n external_notifications = {}\n for t in CONFIGURATION_TYPES:\n external_notifications[t] = [n for n in existing_notifications.get(t, []) if not n['Id'].startswith(f\"{stack_id}-\")]\n\n if EVENTBRIDGE_CONFIGURATION in existing_notifications:\n external_notifications[EVENTBRIDGE_CONFIGURATION] = existing_notifications[EVENTBRIDGE_CONFIGURATION]\n\n return external_notifications\n\ndef get_bucket_notification_configuration(bucket):\n return s3.get_bucket_notification_configuration(Bucket=bucket)\n\ndef put_bucket_notification_configuration(bucket, notification_configuration):\n s3.put_bucket_notification_configuration(Bucket=bucket, NotificationConfiguration=notification_configuration)\n\ndef submit_response(event: dict, context, response_status: str, error_message: str):\n response_body = json.dumps(\n {\n \"Status\": response_status,\n \"Reason\": f\"{error_message}See the details in CloudWatch Log Stream: {context.log_stream_name}\",\n \"PhysicalResourceId\": event.get(\"PhysicalResourceId\") or event[\"LogicalResourceId\"],\n \"StackId\": event[\"StackId\"],\n \"RequestId\": event[\"RequestId\"],\n \"LogicalResourceId\": event[\"LogicalResourceId\"],\n \"NoEcho\": False,\n }\n ).encode(\"utf-8\")\n headers = {\"content-type\": \"\", \"content-length\": str(len(response_body))}\n try:\n req = urllib.request.Request(url=event[\"ResponseURL\"], headers=headers, data=response_body, method=\"PUT\")\n with urllib.request.urlopen(req) as response:\n print(response.read().decode(\"utf-8\"))\n print(\"Status code: \" + response.reason)\n except Exception as e:\n print(\"send(..) failed executing request.urlopen(..): \" + str(e))\n"}, "Handler": "index.handler", "Role": {"Fn::GetAtt": ["BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC", "Arn"]}, "Runtime": "python3.9", "Timeout": 300}, "DependsOn": ["BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleDefaultPolicy2CF63D36", "BucketNotificationsHandler050a0587b7544547bf325f094a3db834RoleB6FB88EC"]}, "UploadAPILambdaServiceRole1C977A6A": {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}}], "Version": "2012-10-17"}, "ManagedPolicyArns": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}, "UploadAPILambdaServiceRoleDefaultPolicyECCA3278": {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": "s3:PutObject", "Effect": "Allow", "Resource": [{"Fn::Join": ["", [{"Fn::GetAtt": ["DataBucketsdsidtestB2A00F19", "Arn"]}, "/*"]]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["SnapshotBucketsdsidtestD6712097", "Arn"]}, "/*"]]}]}, {"Action": "s3:GetObject", "Effect": "Allow", "Resource": [{"Fn::Join": ["", [{"Fn::GetAtt": ["DataBucketsdsidtestB2A00F19", "Arn"]}, "/*"]]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["ConfigBucketsdsidtestE97C8392", "Arn"]}, "/*"]]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["SnapshotBucketsdsidtestD6712097", "Arn"]}, "/*"]]}]}], "Version": "2012-10-17"}, "PolicyName": "UploadAPILambdaServiceRoleDefaultPolicyECCA3278", "Roles": [{"Ref": "UploadAPILambdaServiceRole1C977A6A"}]}}, "UploadAPILambdaE9E74ACC": {"Type": "AWS::Lambda::Function", "Properties": {"Code": {"S3Bucket": "cdk-hnb659fds-assets-1234567890-us-east-1", "S3Key": "0da65ff8b611cbd242828b50b32351a366221c349a77039c012a482f11c4eaaf.zip"}, "Environment": {"Variables": {"S3_BUCKET": {"Fn::Join": ["", ["s3://", {"Ref": "DataBucketsdsidtestB2A00F19"}]]}, "S3_CONFIG_BUCKET_NAME": "sds-config-bucket-sdsid-test"}}, "FunctionName": "upload-api-handler-sdsid-test", "Handler": "SDSCode.upload_api.lambda_handler", "MemorySize": 1000, "Role": {"Fn::GetAtt": ["UploadAPILambdaServiceRole1C977A6A", "Arn"]}, "Runtime": "python3.9", "Timeout": 900}, "DependsOn": ["UploadAPILambdaServiceRoleDefaultPolicyECCA3278", "UploadAPILambdaServiceRole1C977A6A"], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete"}, "QueryAPILambdaServiceRole50358AB7": {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}}], "Version": "2012-10-17"}, "ManagedPolicyArns": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}, "QueryAPILambdaServiceRoleDefaultPolicy3F83DF5F": {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": "es:ESHttpGet", "Effect": "Allow", "Resource": {"Fn::Join": ["", [{"Fn::ImportValue": "opensearch-sdsid-test:ExportsOutputFnGetAttSDSMetadataDomainsdsidtest99C434CCArn95C863BC"}, "/*"]]}}, {"Action": ["secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret"], "Effect": "Allow", "Resource": {"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":secretsmanager:us-east-1:1234567890:secret:sdp-database-creds-sdsid-test-??????"]]}}], "Version": "2012-10-17"}, "PolicyName": "QueryAPILambdaServiceRoleDefaultPolicy3F83DF5F", "Roles": [{"Ref": "QueryAPILambdaServiceRole50358AB7"}]}}, "QueryAPILambda1ED01B61": {"Type": "AWS::Lambda::Function", "Properties": {"Code": {"S3Bucket": "cdk-hnb659fds-assets-1234567890-us-east-1", "S3Key": "0da65ff8b611cbd242828b50b32351a366221c349a77039c012a482f11c4eaaf.zip"}, "Environment": {"Variables": {"OS_ADMIN_USERNAME": "master-user", "OS_DOMAIN": {"Fn::ImportValue": "opensearch-sdsid-test:ExportsOutputFnGetAttSDSMetadataDomainsdsidtest99C434CCDomainEndpointF8B24F34"}, "OS_PORT": "443", "OS_INDEX": "metadata", "SECRET_ID": "sdp-database-creds-sdsid-test", "REGION": "us-east-1"}}, "FunctionName": "query-api-handler-sdsid-test", "Handler": "SDSCode.queries.lambda_handler", "MemorySize": 1000, "Role": {"Fn::GetAtt": ["QueryAPILambdaServiceRole50358AB7", "Arn"]}, "Runtime": "python3.9", "Timeout": 60}, "DependsOn": ["QueryAPILambdaServiceRoleDefaultPolicy3F83DF5F", "QueryAPILambdaServiceRole50358AB7"]}, "DownloadQueryAPILambdaServiceRole082F4736": {"Type": "AWS::IAM::Role", "Properties": {"AssumeRolePolicyDocument": {"Statement": [{"Action": "sts:AssumeRole", "Effect": "Allow", "Principal": {"Service": "lambda.amazonaws.com"}}], "Version": "2012-10-17"}, "ManagedPolicyArns": [{"Fn::Join": ["", ["arn:", {"Ref": "AWS::Partition"}, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"]]}]}}, "DownloadQueryAPILambdaServiceRoleDefaultPolicy3490E4E4": {"Type": "AWS::IAM::Policy", "Properties": {"PolicyDocument": {"Statement": [{"Action": "es:ESHttp*", "Effect": "Allow", "Resource": {"Fn::Join": ["", [{"Fn::ImportValue": "opensearch-sdsid-test:ExportsOutputFnGetAttSDSMetadataDomainsdsidtest99C434CCArn95C863BC"}, "/*"]]}}, {"Action": "s3:GetObject", "Effect": "Allow", "Resource": [{"Fn::Join": ["", [{"Fn::GetAtt": ["DataBucketsdsidtestB2A00F19", "Arn"]}, "/*"]]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["ConfigBucketsdsidtestE97C8392", "Arn"]}, "/*"]]}, {"Fn::Join": ["", [{"Fn::GetAtt": ["SnapshotBucketsdsidtestD6712097", "Arn"]}, "/*"]]}]}], "Version": "2012-10-17"}, "PolicyName": "DownloadQueryAPILambdaServiceRoleDefaultPolicy3490E4E4", "Roles": [{"Ref": "DownloadQueryAPILambdaServiceRole082F4736"}]}}, "DownloadQueryAPILambdaE3D6D46B": {"Type": "AWS::Lambda::Function", "Properties": {"Code": {"S3Bucket": "cdk-hnb659fds-assets-1234567890-us-east-1", "S3Key": "0da65ff8b611cbd242828b50b32351a366221c349a77039c012a482f11c4eaaf.zip"}, "FunctionName": "download-query-api-sdsid-test", "Handler": "SDSCode.download_query_api.lambda_handler", "Role": {"Fn::GetAtt": ["DownloadQueryAPILambdaServiceRole082F4736", "Arn"]}, "Runtime": "python3.9", "Timeout": 60}, "DependsOn": ["DownloadQueryAPILambdaServiceRoleDefaultPolicy3490E4E4", "DownloadQueryAPILambdaServiceRole082F4736"]}}, "Parameters": {"BootstrapVersion": {"Type": "AWS::SSM::Parameter::Value<String>", "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"}}, "Rules": {"CheckBootstrapVersion": {"Assertions": [{"Assert": {"Fn::Not": [{"Fn::Contains": [["1", "2", "3", "4", "5"], {"Ref": "BootstrapVersion"}]}]}, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."}]}}}