VPCを追加

[yutaro-sakamoto]

概要

VPCを追加

変更点

• VPCを追加
• VPC FlowLogsを追加

影響範囲

VPCとそのFlowLogsが作成されて、課金が始まる

テスト

なし

関連Issue

なし

関連Pull Request

なし

その他

なし

[github-actions]

cdk diffの結果

Stack StartCDKStack
Hold on while we create a read-only change set to get a diff with accurate replacement information (use --no-change-set to use a less accurate but faster template-only diff)
IAM Statement Changes
┌───┬──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┬────────┬───────────────────────────────────┬────────────────────────────────────────────────────────────────┬───────────┐
│ │ Resource │ Effect │ Action │ Principal │ Condition │
├───┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${Custom::VpcRestrictDefaultSGCustomResourceProvider/Role.Arn} │ Allow │ sts:AssumeRole │ Service:lambda.amazonaws.com │ │
├───┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${Network/VpcFlowLogGroup.Arn} │ Allow │ logs:CreateLogStream │ AWS:${Network/VpcFlowLogGroupRole} │ │
│ │ │ │ logs:DescribeLogStreams │ │ │
│ │ │ │ logs:PutLogEvents │ │ │
├───┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────────┼───────────┤
│ + │ ${Network/VpcFlowLogGroupRole.Arn} │ Allow │ sts:AssumeRole │ Service:vpc-flow-logs.amazonaws.com │ │
│ + │ ${Network/VpcFlowLogGroupRole.Arn} │ Allow │ iam:PassRole │ AWS:${Network/VpcFlowLogGroupRole} │ │
├───┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┼────────┼───────────────────────────────────┼────────────────────────────────────────────────────────────────┼───────────┤
│ + │ arn:${AWS::Partition}:ec2:${AWS::Region}:${AWS::AccountId}:security-group/${NetworkVpc7FB7348F.DefaultSecurityGroup} │ Allow │ ec2:AuthorizeSecurityGroupEgress │ AWS:${Custom::VpcRestrictDefaultSGCustomResourceProvider/Role} │ │
│ │ │ │ ec2:AuthorizeSecurityGroupIngress │ │ │
│ │ │ │ ec2:RevokeSecurityGroupEgress │ │ │
│ │ │ │ ec2:RevokeSecurityGroupIngress │ │ │
└───┴──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┴────────┴───────────────────────────────────┴────────────────────────────────────────────────────────────────┴───────────┘
IAM Policy Changes
┌───┬────────────────────────────────────────────────────────────┬──────────────────────────────────────────────────────────────────────────────────────────────┐
│ │ Resource │ Managed Policy ARN │
├───┼────────────────────────────────────────────────────────────┼──────────────────────────────────────────────────────────────────────────────────────────────┤
│ + │ ${Custom::VpcRestrictDefaultSGCustomResourceProvider/Role} │ {"Fn::Sub":"arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"} │
└───┴────────────────────────────────────────────────────────────┴──────────────────────────────────────────────────────────────────────────────────────────────┘
(NOTE: There may be security-related changes not in this list. See aws/aws-cdk#1299)

Mappings
[+] Mapping LatestNodeRuntimeMap LatestNodeRuntimeMap: {"af-south-1":{"value":"nodejs20.x"},"ap-east-1":{"value":"nodejs20.x"},"ap-northeast-1":{"value":"nodejs20.x"},"ap-northeast-2":{"value":"nodejs20.x"},"ap-northeast-3":{"value":"nodejs20.x"},"ap-south-1":{"value":"nodejs20.x"},"ap-south-2":{"value":"nodejs20.x"},"ap-southeast-1":{"value":"nodejs20.x"},"ap-southeast-2":{"value":"nodejs20.x"},"ap-southeast-3":{"value":"nodejs20.x"},"ap-southeast-4":{"value":"nodejs20.x"},"ap-southeast-5":{"value":"nodejs20.x"},"ap-southeast-7":{"value":"nodejs20.x"},"ca-central-1":{"value":"nodejs20.x"},"ca-west-1":{"value":"nodejs20.x"},"cn-north-1":{"value":"nodejs18.x"},"cn-northwest-1":{"value":"nodejs18.x"},"eu-central-1":{"value":"nodejs20.x"},"eu-central-2":{"value":"nodejs20.x"},"eu-north-1":{"value":"nodejs20.x"},"eu-south-1":{"value":"nodejs20.x"},"eu-south-2":{"value":"nodejs20.x"},"eu-west-1":{"value":"nodejs20.x"},"eu-west-2":{"value":"nodejs20.x"},"eu-west-3":{"value":"nodejs20.x"},"il-central-1":{"value":"nodejs20.x"},"me-central-1":{"value":"nodejs20.x"},"me-south-1":{"value":"nodejs20.x"},"mx-central-1":{"value":"nodejs20.x"},"sa-east-1":{"value":"nodejs20.x"},"us-east-1":{"value":"nodejs20.x"},"us-east-2":{"value":"nodejs20.x"},"us-west-1":{"value":"nodejs20.x"},"us-west-2":{"value":"nodejs20.x"}}

Resources
[+] AWS::EC2::VPC Network/Vpc NetworkVpc7FB7348F
[+] AWS::EC2::Subnet Network/Vpc/PrivateSubnet1/Subnet NetworkVpcPrivateSubnet1Subnet6DD86AE6
[+] AWS::EC2::RouteTable Network/Vpc/PrivateSubnet1/RouteTable NetworkVpcPrivateSubnet1RouteTable7D7AA3CD
[+] AWS::EC2::SubnetRouteTableAssociation Network/Vpc/PrivateSubnet1/RouteTableAssociation NetworkVpcPrivateSubnet1RouteTableAssociation327CA62F
[+] AWS::EC2::Subnet Network/Vpc/PrivateSubnet2/Subnet NetworkVpcPrivateSubnet2Subnet1BDBE877
[+] AWS::EC2::RouteTable Network/Vpc/PrivateSubnet2/RouteTable NetworkVpcPrivateSubnet2RouteTableC48862D1
[+] AWS::EC2::SubnetRouteTableAssociation Network/Vpc/PrivateSubnet2/RouteTableAssociation NetworkVpcPrivateSubnet2RouteTableAssociation89A2F1E8
[+] Custom::VpcRestrictDefaultSG Network/Vpc/RestrictDefaultSecurityGroupCustomResource NetworkVpcRestrictDefaultSecurityGroupCustomResource491E144D
[+] AWS::Logs::LogGroup Network/VpcFlowLogGroup NetworkVpcFlowLogGroup782DD453
[+] AWS::IAM::Role Network/VpcFlowLogGroupRole NetworkVpcFlowLogGroupRoleF6875B51
[+] AWS::IAM::Policy Network/VpcFlowLogGroupRole/DefaultPolicy NetworkVpcFlowLogGroupRoleDefaultPolicyDA3C2D9D
[+] AWS::EC2::FlowLog Network/FlowLog/FlowLog NetworkFlowLog0C7D188B
[+] AWS::IAM::Role Custom::VpcRestrictDefaultSGCustomResourceProvider/Role CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0
[+] AWS::Lambda::Function Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E

✨ Number of stacks with differences: 1