From ff74b5e713d2da724b4a463adaa97cad3236e8a3 Mon Sep 17 00:00:00 2001 From: yuanhaoz Date: Fri, 1 Nov 2024 12:01:04 -0700 Subject: [PATCH] chore: only validate regex if stack name is not a token --- .../cdk.out | 1 + .../code-pipeline-nested-stack.assets.json | 34 + .../code-pipeline-nested-stack.template.json | 57 + ...ssRegionStack37C990C7.nested.template.json | 383 ++++++ ...s-account-support-stack-region.assets.json | 20 + ...account-support-stack-region.template.json | 96 ++ ...ion-stack-649563674902:service.assets.json | 20 + ...n-stack-649563674902:service.template.json | 182 +++ .../integ.json | 12 + ...efaultTestDeployAssertCC253196.assets.json | 19 + ...aultTestDeployAssertCC253196.template.json | 36 + .../manifest.json | 307 +++++ .../tree.json | 1077 +++++++++++++++++ .../integ.codepipeline-with-nested-stack.ts | 85 ++ packages/aws-cdk-lib/core/lib/nested-stack.ts | 9 +- 15 files changed, 2337 insertions(+), 1 deletion(-) create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cdk.out create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integ.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json create mode 100644 packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cdk.out new file mode 100644 index 0000000000000..c6e612584e352 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"38.0.1"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json new file mode 100644 index 0000000000000..a0e236c992b90 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.assets.json @@ -0,0 +1,34 @@ +{ + "version": "38.0.1", + "files": { + "7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9": { + "source": { + "path": "codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json", + "packaging": "file" + }, + "destinations": { + "649563674902-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-649563674902-us-east-1", + "objectKey": "7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9.json", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-us-east-1" + } + } + }, + "f7300c06910e29a826a23c5d6456298917179224683912c889e2465366cd19d3": { + "source": { + "path": "code-pipeline-nested-stack.template.json", + "packaging": "file" + }, + "destinations": { + "649563674902-us-east-1": { + "bucketName": "cdk-hnb659fds-assets-649563674902-us-east-1", + "objectKey": "f7300c06910e29a826a23c5d6456298917179224683912c889e2465366cd19d3.json", + "region": "us-east-1", + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-us-east-1" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json new file mode 100644 index 0000000000000..22b5d18ff7ff2 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/code-pipeline-nested-stack.template.json @@ -0,0 +1,57 @@ +{ + "Resources": { + "PipelineCrossRegionStackNestedStackPipelineCrossRegionStackNestedStackResourceAABDCA01": { + "Type": "AWS::CloudFormation::Stack", + "Properties": { + "TemplateURL": { + "Fn::Join": [ + "", + [ + "https://s3.us-east-1.", + { + "Ref": "AWS::URLSuffix" + }, + "/cdk-hnb659fds-assets-649563674902-us-east-1/7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9.json" + ] + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json new file mode 100644 index 0000000000000..00033a174d86f --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/codepipelinenestedstackPipelineCrossRegionStack37C990C7.nested.template.json @@ -0,0 +1,383 @@ +{ + "Resources": { + "Role1ABCC5F0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "RoleName": "MyRoleName" + } + }, + "RoleDefaultPolicy5FFB7DAB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": [ + "*", + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + ] + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "RoleDefaultPolicy5FFB7DAB", + "Roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } + }, + "PipelineArtifactsBucketEncryptionKey01D58D69": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::649563674902:root" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": { + "Type": "AWS::KMS::Alias", + "Properties": { + "AliasName": "alias/codepipeline-integ-test-pipeline-nested-stack-cross-region-pipeline-08100cf8", + "TargetKeyId": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PipelineArtifactsBucket22248F97": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + }, + "SSEAlgorithm": "aws:kms" + } + } + ] + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "PipelineArtifactsBucketPolicyD4F9712A": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "PipelineArtifactsBucket22248F97" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "PipelineC660917D": { + "Type": "AWS::CodePipeline::Pipeline", + "Properties": { + "ArtifactStores": [ + { + "ArtifactStore": { + "EncryptionKey": { + "Id": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:service:649563674902:alias/ne-nestetencryptionalias12623f8e5dd3096ed578" + ] + ] + }, + "Type": "KMS" + }, + "Location": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "Type": "S3" + }, + "Region": "service" + }, + { + "ArtifactStore": { + "EncryptionKey": { + "Id": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + }, + "Type": "KMS" + }, + "Location": { + "Ref": "PipelineArtifactsBucket22248F97" + }, + "Type": "S3" + }, + "Region": "us-east-1" + } + ], + "RoleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + }, + "Stages": [ + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Source", + "Owner": "ThirdParty", + "Provider": "GitHub", + "Version": "1" + }, + "Configuration": { + "Owner": "aws", + "Repo": "aws-cdk", + "Branch": "master", + "OAuthToken": "test", + "PollForSourceChanges": false + }, + "Name": "Github", + "OutputArtifacts": [ + { + "Name": "Pipeline" + } + ], + "RunOrder": 1 + } + ], + "Name": "Source" + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Invoke", + "Owner": "AWS", + "Provider": "StepFunctions", + "Version": "1" + }, + "Configuration": { + "StateMachineArn": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion", + "Input": "{}", + "InputType": "Literal" + }, + "Name": "Test", + "Region": "service", + "RoleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + ] + ] + }, + "RunOrder": 1 + } + ], + "Name": "Test" + } + ] + }, + "DependsOn": [ + "RoleDefaultPolicy5FFB7DAB", + "Role1ABCC5F0" + ] + }, + "PipelineSourceGithubWebhookResource9724AEC2": { + "Type": "AWS::CodePipeline::Webhook", + "Properties": { + "Authentication": "GITHUB_HMAC", + "AuthenticationConfiguration": { + "SecretToken": "test" + }, + "Filters": [ + { + "JsonPath": "$.ref", + "MatchEquals": "refs/heads/{Branch}" + } + ], + "RegisterWithThirdParty": true, + "TargetAction": "Github", + "TargetPipeline": { + "Ref": "PipelineC660917D" + }, + "TargetPipelineVersion": 1 + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json new file mode 100644 index 0000000000000..59b740004e272 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.assets.json @@ -0,0 +1,20 @@ +{ + "version": "38.0.1", + "files": { + "62d6b849624747745bf7e5e1541bdbf0710ad24d8723cd92a5cc86ca37a01caf": { + "source": { + "path": "cross-account-support-stack-region.template.json", + "packaging": "file" + }, + "destinations": { + "region-service": { + "bucketName": "cdk-hnb659fds-assets-region-service", + "objectKey": "62d6b849624747745bf7e5e1541bdbf0710ad24d8723cd92a5cc86ca37a01caf.json", + "region": "service", + "assumeRoleArn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-file-publishing-role-region-service" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json new file mode 100644 index 0000000000000..139b8df826ac9 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-account-support-stack-region.template.json @@ -0,0 +1,96 @@ +{ + "Resources": { + "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::649563674902:root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "RoleName": "integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + } + }, + "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeStateMachine", + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion" + }, + { + "Action": "states:DescribeExecution", + "Effect": "Allow", + "Resource": "arn:arn:states:service:region:execution:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion:*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39", + "Roles": [ + { + "Ref": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF" + } + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json new file mode 100644 index 0000000000000..723cccf0bd6da --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.assets.json @@ -0,0 +1,20 @@ +{ + "version": "38.0.1", + "files": { + "cdb04462afdd68f868bea4c51569f5c21c65d4d09a41a0cf1d6884ab7890fa4b": { + "source": { + "path": "cross-region-stack-649563674902:service.template.json", + "packaging": "file" + }, + "destinations": { + "649563674902-service": { + "bucketName": "cdk-hnb659fds-assets-649563674902-service", + "objectKey": "cdb04462afdd68f868bea4c51569f5c21c65d4d09a41a0cf1d6884ab7890fa4b.json", + "region": "service", + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-file-publishing-role-649563674902-service" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.template.json new file mode 100644 index 0000000000000..be78ffb25abf0 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/cross-region-stack-649563674902:service.template.json @@ -0,0 +1,182 @@ +{ + "Resources": { + "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::649563674902:root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::649563674902:role/MyRoleName" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D": { + "Type": "AWS::KMS::Alias", + "Properties": { + "AliasName": "alias/ne-nestetencryptionalias12623f8e5dd3096ed578", + "TargetKeyId": { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490", + "Arn" + ] + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CrossRegionCodePipelineReplicationBucketFC3227F2": { + "Type": "AWS::S3::Bucket", + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:service:649563674902:", + { + "Ref": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" + } + ] + ] + }, + "SSEAlgorithm": "aws:kms" + } + } + ] + }, + "BucketName": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true + } + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "CrossRegionCodePipelineReplicationBucketPolicyB7BA2BCA": { + "Type": "AWS::S3::BucketPolicy", + "Properties": { + "Bucket": { + "Ref": "CrossRegionCodePipelineReplicationBucketFC3227F2" + }, + "PolicyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketFC3227F2", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketFC3227F2", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integ.json new file mode 100644 index 0000000000000..515de066552a4 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integ.json @@ -0,0 +1,12 @@ +{ + "version": "38.0.1", + "testCases": { + "integ-code-pipeline-nested-stack/DefaultTest": { + "stacks": [ + "code-pipeline-nested-stack" + ], + "assertionStack": "integ-code-pipeline-nested-stack/DefaultTest/DeployAssert", + "assertionStackName": "integcodepipelinenestedstackDefaultTestDeployAssertCC253196" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets.json new file mode 100644 index 0000000000000..8f4619513dcb3 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets.json @@ -0,0 +1,19 @@ +{ + "version": "38.0.1", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json new file mode 100644 index 0000000000000..05485bdc5bb23 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/manifest.json @@ -0,0 +1,307 @@ +{ + "version": "38.0.1", + "artifacts": { + "code-pipeline-nested-stack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "code-pipeline-nested-stack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "code-pipeline-nested-stack": { + "type": "aws:cloudformation:stack", + "environment": "aws://649563674902/us-east-1", + "properties": { + "templateFile": "code-pipeline-nested-stack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-deploy-role-649563674902-us-east-1", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-cfn-exec-role-649563674902-us-east-1", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-649563674902-us-east-1/f7300c06910e29a826a23c5d6456298917179224683912c889e2465366cd19d3.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "code-pipeline-nested-stack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-lookup-role-649563674902-us-east-1", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "cross-region-stack-649563674902:service", + "cross-account-support-stack-region", + "code-pipeline-nested-stack.assets" + ], + "metadata": { + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Role1ABCC5F0" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "RoleDefaultPolicy5FFB7DAB" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline": [ + { + "type": "aws:cdk:warning", + "data": "V1 pipeline type is implicitly selected when `pipelineType` is not set. If you want to use V2 type, set `PipelineType.V2`. [ack: @aws-cdk/aws-codepipeline:unspecifiedPipelineType]" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKey/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineArtifactsBucketEncryptionKey01D58D69" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineArtifactsBucket22248F97" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineArtifactsBucketPolicyD4F9712A" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineC660917D" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Source/Github/WebhookResource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineSourceGithubWebhookResource9724AEC2" + } + ], + "/code-pipeline-nested-stack/PipelineCrossRegionStack.NestedStack/PipelineCrossRegionStack.NestedStackResource": [ + { + "type": "aws:cdk:logicalId", + "data": "PipelineCrossRegionStackNestedStackPipelineCrossRegionStackNestedStackResourceAABDCA01" + } + ], + "/code-pipeline-nested-stack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/code-pipeline-nested-stack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "code-pipeline-nested-stack" + }, + "cross-region-stack-649563674902:service.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cross-region-stack-649563674902:service.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cross-region-stack-649563674902:service": { + "type": "aws:cloudformation:stack", + "environment": "aws://649563674902/service", + "properties": { + "templateFile": "cross-region-stack-649563674902:service.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-deploy-role-649563674902-service", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-cfn-exec-role-649563674902-service", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-649563674902-service/cdb04462afdd68f868bea4c51569f5c21c65d4d09a41a0cf1d6884ab7890fa4b.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cross-region-stack-649563674902:service.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::649563674902:role/cdk-hnb659fds-lookup-role-649563674902-service", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "integ-test-pipeline-nested-stack-cross-region-support-service" + }, + "dependencies": [ + "cross-region-stack-649563674902:service.assets" + ], + "metadata": { + "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490" + } + ], + "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" + } + ], + "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CrossRegionCodePipelineReplicationBucketFC3227F2" + } + ], + "/cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "CrossRegionCodePipelineReplicationBucketPolicyB7BA2BCA" + } + ], + "/cross-region-stack-649563674902:service/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cross-region-stack-649563674902:service/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cross-region-stack-649563674902:service" + }, + "cross-account-support-stack-region.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "cross-account-support-stack-region.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "cross-account-support-stack-region": { + "type": "aws:cloudformation:stack", + "environment": "aws://region/service", + "properties": { + "templateFile": "cross-account-support-stack-region.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-deploy-role-region-service", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-cfn-exec-role-region-service", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-region-service/62d6b849624747745bf7e5e1541bdbf0710ad24d8723cd92a5cc86ca37a01caf.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "cross-account-support-stack-region.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::region:role/cdk-hnb659fds-lookup-role-region-service", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + }, + "stackName": "integ-test-pipeline-nested-stack-cross-region-support-region" + }, + "dependencies": [ + "cross-account-support-stack-region.assets" + ], + "metadata": { + "/cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF" + } + ], + "/cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39" + } + ], + "/cross-account-support-stack-region/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/cross-account-support-stack-region/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "cross-account-support-stack-region" + }, + "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integcodepipelinenestedstackDefaultTestDeployAssertCC253196": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "notificationArns": [], + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integcodepipelinenestedstackDefaultTestDeployAssertCC253196.assets" + ], + "metadata": { + "/integ-code-pipeline-nested-stack/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-code-pipeline-nested-stack/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-code-pipeline-nested-stack/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json new file mode 100644 index 0000000000000..5c8b7e5f91328 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.js.snapshot/tree.json @@ -0,0 +1,1077 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "code-pipeline-nested-stack": { + "id": "code-pipeline-nested-stack", + "path": "code-pipeline-nested-stack", + "children": { + "PipelineCrossRegionStack": { + "id": "PipelineCrossRegionStack", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack", + "children": { + "StateMachine": { + "id": "StateMachine", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/StateMachine", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Role": { + "id": "Role", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Role", + "children": { + "ImportRole": { + "id": "ImportRole", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Role/ImportRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "codebuild.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "roleName": "MyRoleName" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "s3:Abort*", + "s3:DeleteObject*", + "s3:GetBucket*", + "s3:GetObject*", + "s3:List*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":s3:::integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399/*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Resource": [ + "*", + { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + ] + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "RoleDefaultPolicy5FFB7DAB", + "roles": [ + { + "Ref": "Role1ABCC5F0" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "Pipeline": { + "id": "Pipeline", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline", + "children": { + "ArtifactsBucketEncryptionKey": { + "id": "ArtifactsBucketEncryptionKey", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKey", + "children": { + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKey/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::649563674902:root" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "ArtifactsBucketEncryptionKeyAlias": { + "id": "ArtifactsBucketEncryptionKeyAlias", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKeyAlias", + "children": { + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucketEncryptionKeyAlias/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Alias", + "aws:cdk:cloudformation:props": { + "aliasName": "alias/codepipeline-integ-test-pipeline-nested-stack-cross-region-pipeline-08100cf8", + "targetKeyId": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnAlias", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Alias", + "version": "0.0.0" + } + }, + "ArtifactsBucket": { + "id": "ArtifactsBucket", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "aws:kms", + "kmsMasterKeyId": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + } + } + ] + }, + "publicAccessBlockConfiguration": { + "blockPublicAcls": true, + "blockPublicPolicy": true, + "ignorePublicAcls": true, + "restrictPublicBuckets": true + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/ArtifactsBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "PipelineArtifactsBucket22248F97" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PipelineArtifactsBucket22248F97", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodePipeline::Pipeline", + "aws:cdk:cloudformation:props": { + "artifactStores": [ + { + "region": "service", + "artifactStore": { + "type": "S3", + "location": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "encryptionKey": { + "type": "KMS", + "id": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:service:649563674902:alias/ne-nestetencryptionalias12623f8e5dd3096ed578" + ] + ] + } + } + } + }, + { + "region": "us-east-1", + "artifactStore": { + "type": "S3", + "location": { + "Ref": "PipelineArtifactsBucket22248F97" + }, + "encryptionKey": { + "type": "KMS", + "id": { + "Fn::GetAtt": [ + "PipelineArtifactsBucketEncryptionKey01D58D69", + "Arn" + ] + } + } + } + } + ], + "roleArn": { + "Fn::GetAtt": [ + "Role1ABCC5F0", + "Arn" + ] + }, + "stages": [ + { + "name": "Source", + "actions": [ + { + "name": "Github", + "outputArtifacts": [ + { + "name": "Pipeline" + } + ], + "actionTypeId": { + "category": "Source", + "version": "1", + "owner": "ThirdParty", + "provider": "GitHub" + }, + "configuration": { + "Owner": "aws", + "Repo": "aws-cdk", + "Branch": "master", + "OAuthToken": "test", + "PollForSourceChanges": false + }, + "runOrder": 1 + } + ] + }, + { + "name": "Test", + "actions": [ + { + "name": "Test", + "actionTypeId": { + "category": "Invoke", + "version": "1", + "owner": "AWS", + "provider": "StepFunctions" + }, + "configuration": { + "StateMachineArn": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion", + "Input": "{}", + "InputType": "Literal" + }, + "runOrder": 1, + "roleArn": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::region:role/integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + ] + ] + }, + "region": "service" + } + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codepipeline.CfnPipeline", + "version": "0.0.0" + } + }, + "Source": { + "id": "Source", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Source", + "children": { + "Github": { + "id": "Github", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Source/Github", + "children": { + "WebhookResource": { + "id": "WebhookResource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Source/Github/WebhookResource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CodePipeline::Webhook", + "aws:cdk:cloudformation:props": { + "authentication": "GITHUB_HMAC", + "authenticationConfiguration": { + "secretToken": "test" + }, + "filters": [ + { + "jsonPath": "$.ref", + "matchEquals": "refs/heads/{Branch}" + } + ], + "registerWithThirdParty": true, + "targetAction": "Github", + "targetPipeline": { + "Ref": "PipelineC660917D" + }, + "targetPipelineVersion": 1 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codepipeline.CfnWebhook", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "Test": { + "id": "Test", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test", + "children": { + "Test": { + "id": "Test", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack/Pipeline/Test/Test", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_codepipeline.Pipeline", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.NestedStack", + "version": "0.0.0" + } + }, + "PipelineCrossRegionStack.NestedStack": { + "id": "PipelineCrossRegionStack.NestedStack", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack.NestedStack", + "children": { + "PipelineCrossRegionStack.NestedStackResource": { + "id": "PipelineCrossRegionStack.NestedStackResource", + "path": "code-pipeline-nested-stack/PipelineCrossRegionStack.NestedStack/PipelineCrossRegionStack.NestedStackResource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::CloudFormation::Stack", + "aws:cdk:cloudformation:props": { + "templateUrl": { + "Fn::Join": [ + "", + [ + "https://s3.us-east-1.", + { + "Ref": "AWS::URLSuffix" + }, + "/cdk-hnb659fds-assets-649563674902-us-east-1/7d4df7a27509d906d2dfe71d2b319bbea0c0027826c08e92d0cc9f3bbe1558b9.json" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CfnStack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "code-pipeline-nested-stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "code-pipeline-nested-stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "cross-region-stack-649563674902:service": { + "id": "cross-region-stack-649563674902:service", + "path": "cross-region-stack-649563674902:service", + "children": { + "Default": { + "id": "Default", + "path": "cross-region-stack-649563674902:service/Default", + "children": { + "CrossRegionCodePipelineReplicationBucketEncryptionKey": { + "id": "CrossRegionCodePipelineReplicationBucketEncryptionKey", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey", + "children": { + "Resource": { + "id": "Resource", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionKey/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::649563674902:root" + ] + ] + } + }, + "Resource": "*" + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:GenerateDataKey*", + "kms:ReEncrypt*" + ], + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::649563674902:role/MyRoleName" + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "0.0.0" + } + }, + "CrossRegionCodePipelineReplicationBucketEncryptionAlias": { + "id": "CrossRegionCodePipelineReplicationBucketEncryptionAlias", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias", + "children": { + "Resource": { + "id": "Resource", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucketEncryptionAlias/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Alias", + "aws:cdk:cloudformation:props": { + "aliasName": "alias/ne-nestetencryptionalias12623f8e5dd3096ed578", + "targetKeyId": { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketEncryptionKey70216490", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnAlias", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Alias", + "version": "0.0.0" + } + }, + "CrossRegionCodePipelineReplicationBucket": { + "id": "CrossRegionCodePipelineReplicationBucket", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket", + "children": { + "Resource": { + "id": "Resource", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::Bucket", + "aws:cdk:cloudformation:props": { + "bucketEncryption": { + "serverSideEncryptionConfiguration": [ + { + "serverSideEncryptionByDefault": { + "sseAlgorithm": "aws:kms", + "kmsMasterKeyId": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":kms:service:649563674902:", + { + "Ref": "CrossRegionCodePipelineReplicationBucketEncryptionAliasF1A0F37D" + } + ] + ] + } + } + } + ] + }, + "bucketName": "integ-test-pipeline-nesteeplicationbucket5ad15bae8c248ec4e399", + "publicAccessBlockConfiguration": { + "blockPublicAcls": true, + "blockPublicPolicy": true, + "ignorePublicAcls": true, + "restrictPublicBuckets": true + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", + "version": "0.0.0" + } + }, + "Policy": { + "id": "Policy", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Policy", + "children": { + "Resource": { + "id": "Resource", + "path": "cross-region-stack-649563674902:service/Default/CrossRegionCodePipelineReplicationBucket/Policy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", + "aws:cdk:cloudformation:props": { + "bucket": { + "Ref": "CrossRegionCodePipelineReplicationBucketFC3227F2" + }, + "policyDocument": { + "Statement": [ + { + "Action": "s3:*", + "Condition": { + "Bool": { + "aws:SecureTransport": "false" + } + }, + "Effect": "Deny", + "Principal": { + "AWS": "*" + }, + "Resource": [ + { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketFC3227F2", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CrossRegionCodePipelineReplicationBucketFC3227F2", + "Arn" + ] + }, + "/*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.Bucket", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cross-region-stack-649563674902:service/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cross-region-stack-649563674902:service/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "cross-account-support-stack-region": { + "id": "cross-account-support-stack-region", + "path": "cross-account-support-stack-region", + "children": { + "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole": { + "id": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", + "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", + "children": { + "ImportcodepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole": { + "id": "ImportcodepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", + "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/ImportcodepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "0.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::649563674902:root" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + }, + "roleName": "integ-test-pipeline-nestesttestactionrole85e1536225f4ce00510a" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "0.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "cross-account-support-stack-region/codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DE-Test-Test-ActionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeStateMachine", + "states:StartExecution" + ], + "Effect": "Allow", + "Resource": "arn:arn:aws:service:region:account:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion" + }, + { + "Action": "states:DescribeExecution", + "Effect": "Allow", + "Resource": "arn:arn:states:service:region:execution:resource:resourceName:states:eu-west-1:12345678:stateMachine/stateMachineFromAnotherRegion:*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRoleDefaultPolicyB9100D39", + "roles": [ + { + "Ref": "codepipelinenestedstackPipelineCrossRegionStackPipeline6B0D06DETestTestActionRole260DF2CF" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cross-account-support-stack-region/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cross-account-support-stack-region/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integ-code-pipeline-nested-stack": { + "id": "integ-code-pipeline-nested-stack", + "path": "integ-code-pipeline-nested-stack", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-code-pipeline-nested-stack/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-code-pipeline-nested-stack/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-code-pipeline-nested-stack/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-code-pipeline-nested-stack/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-code-pipeline-nested-stack/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.4.2" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts new file mode 100644 index 0000000000000..9c5f9258763d5 --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.codepipeline-with-nested-stack.ts @@ -0,0 +1,85 @@ +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; +import * as cdk from 'aws-cdk-lib'; +import { SecretValue } from 'aws-cdk-lib'; +import { Artifact, Pipeline } from 'aws-cdk-lib/aws-codepipeline'; +import { GitHubSourceAction, StateMachineInput, StepFunctionInvokeAction } from 'aws-cdk-lib/aws-codepipeline-actions'; +import { Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; +import * as sfn from 'aws-cdk-lib/aws-stepfunctions'; +import { Construct } from 'constructs'; + +export class MainStack extends cdk.Stack { + constructor(scope: Construct, id: string, props?: cdk.StackProps) { + super(scope, id, props); + + new PipelineCrossRegionStack(this, 'PipelineCrossRegionStack', { + ...props, + stackName: 'integ-test-pipeline-nested-stack-cross-region', + }); + } +} + +export class PipelineCrossRegionStack extends cdk.NestedStack { + constructor(scope: Construct, id: string, props?: cdk.NestedStackProps) { + super(scope, id, props); + + const machine = cdk.Arn.format({ + service: 'states', + resource: 'stateMachine', + account: cdk.Token.asString(process.env.CDK_INTEG_ACCOUNT || process.env.CDK_DEFAULT_ACCOUNT), + partition: cdk.ArnFormat.COLON_RESOURCE_NAME, + resourceName: 'stateMachineFromAnotherRegion', + region: 'eu-west-1', + }, this); + const stateMachine = sfn.StateMachine.fromStateMachineArn(this, 'StateMachine', machine); + + const role = new Role(this, 'Role', { + roleName: 'MyRoleName', + assumedBy: new ServicePrincipal('codebuild.amazonaws.com'), + }); + new Pipeline(this, 'Pipeline', { + crossAccountKeys: true, + role, + stages: [ + { + stageName: 'Source', + actions: [ + new GitHubSourceAction({ + actionName: 'Github', + owner: 'aws', + repo: 'aws-cdk', + branch: 'master', + oauthToken: SecretValue.unsafePlainText('test'), + output: new Artifact('Pipeline'), + }), + ], + }, + { + stageName: 'Test', + actions: [ + new StepFunctionInvokeAction({ + actionName: 'Test', + stateMachine: stateMachine, + stateMachineInput: StateMachineInput.literal({}), + }), + ], + }, + ], + }); + } +} + +const app = new cdk.App({ + postCliContext: { + '@aws-cdk/aws-codepipeline:defaultPipelineTypeToV2': false, + }, +}); +const testCase = new MainStack(app, 'code-pipeline-nested-stack', { + env: { + account: process.env.CDK_DEFAULT_ACCOUNT, + region: 'us-east-1', + }, +}); + +new IntegTest(app, 'integ-code-pipeline-nested-stack', { + testCases: [testCase], +}); \ No newline at end of file diff --git a/packages/aws-cdk-lib/core/lib/nested-stack.ts b/packages/aws-cdk-lib/core/lib/nested-stack.ts index a542b8d3bfaa4..c9f8ac1297d0c 100644 --- a/packages/aws-cdk-lib/core/lib/nested-stack.ts +++ b/packages/aws-cdk-lib/core/lib/nested-stack.ts @@ -75,6 +75,13 @@ export interface NestedStackProps { * @default - No description. */ readonly description?: string; + + /** + * The name of the stack + * + * @default - Derived from construct path. + */ + readonly stackName?: string; } /** @@ -150,7 +157,7 @@ export class NestedStack extends Stack { // if resolved from the outer stack, use the { Ref } of the AWS::CloudFormation::Stack resource // which resolves the ARN of the stack. We need to extract the stack name, which is the second // component after splitting by "/" - this._contextualStackName = this.contextualAttribute(Aws.STACK_NAME, Fn.select(1, Fn.split('/', this.resource.ref))); + this._contextualStackName = props.stackName ?? this.contextualAttribute(Aws.STACK_NAME, Fn.select(1, Fn.split('/', this.resource.ref))); this._contextualStackId = this.contextualAttribute(Aws.STACK_ID, this.resource.ref); }