Suppress cfn_nag warning

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.cftaplam-customCloudfrontLoggingBucket.expected.json

@@ -634,7 +634,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "cfapigwlambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLogPolicyC05E1C71": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.cftaplam-no-arguments.expected.json

@@ -634,7 +634,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLogPolicy521355D8": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.cftaplam-override-behavior.expected.json

@@ -595,7 +595,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucketAccessLogPolicy53DB42E0": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.cftapi-customCloudfrontLoggingBucket.expected.json

@@ -679,7 +679,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "cfapigwCloudfrontLoggingBucketAccessLogPolicyDB63EA7B": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.cftapi-no-arguments.expected.json

@@ -679,7 +679,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfrontapigatewayCloudfrontLoggingBucketAccessLogPolicy1110B389": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.cftmed-customCloudFrontLoggingBucket.expected.json

@@ -118,7 +118,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "cloudfrontmediastoreCloudfrontLoggingBucketAccessLogPolicyB512EE2A": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.cftmed-default.expected.json

@@ -118,7 +118,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfrontmediastoreCloudfrontLoggingBucketAccessLogPolicy7B05AE89": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.cftmed-existingContainer.expected.json

@@ -43,7 +43,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfrontmediastoreCloudfrontLoggingBucketAccessLogPolicy7B05AE89": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.cftmed-overrideProperties.expected.json

@@ -82,7 +82,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfrontmediastoreCloudfrontLoggingBucketAccessLogPolicy7B05AE89": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.cftmed-withSecurityHeaderBehavior.expected.json

@@ -112,7 +112,17 @@
  }
  },
  "UpdateReplacePolicy": "Retain",
- "DeletionPolicy": "Retain"
+ "DeletionPolicy": "Retain",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfrontmediastoreCloudfrontLoggingBucketAccessLogPolicy7B05AE89": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.cftmed-withoutHttpSecurityHeaders.expected.json

@@ -118,7 +118,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfrontmediastoreCloudfrontLoggingBucketAccessLogPolicy7B05AE89": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-custom-headers.expected.json

@@ -453,7 +453,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-custom-originPath.expected.json

@@ -421,7 +421,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-customLoggingBuckets.expected.json

@@ -446,7 +446,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-existing-bucket.expected.json

@@ -497,7 +497,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-no-arguments.expected.json

@@ -431,7 +431,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/integ.cfts3-no-security-headers.expected.json

@@ -409,7 +409,17 @@
  }
  },
  "UpdateReplacePolicy": "Delete",
- "DeletionPolicy": "Delete"
+ "DeletionPolicy": "Delete",
+ "Metadata": {
+ "cfn_nag": {
+ "rules_to_suppress": [
+ {
+ "id": "W35",
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]
+ }
+ }
  },
  "testcloudfronts3nosecurityheadersCloudfrontLoggingBucketAccessLogPolicy3DF5F522": {
  "Type": "AWS::S3::BucketPolicy",

source/patterns/@aws-solutions-constructs/core/lib/s3-bucket-helper.ts

@@ -97,6 +97,12 @@ export function createCloudFrontLoggingBucket(scope: Construct,
  const combinedBucketProps = consolidateProps(DefaultS3Props(), loggingBucketProps);
 
  const accessLogBucket: s3.Bucket = new s3.Bucket(scope, `${bucketId}AccessLog`, combinedBucketProps); // NOSONAR
+ addCfnSuppressRules(accessLogBucket, [
+ {
+ id: 'W35',
+ reason: "This S3 bucket is used as the access logging bucket for another bucket"
+ }
+ ]);
 
  // Create the Logging Bucket
  // NOSONAR (typescript:S6281)