{ "Description": "(SO8025-rda) - Centralized Logging with OpenSearch - RDS Logs pipeline for Light Engine - Version v2.4.10", "Metadata": { "AWS::CloudFormation::Interface": { "ParameterGroups": [ { "Label": { "default": "Pipeline settings" }, "Parameters": [ "pipelineId", "stagingBucketPrefix" ] }, { "Label": { "default": "Destination settings" }, "Parameters": [ "centralizedBucketName", "centralizedBucketPrefix", "centralizedTableName" ] }, { "Label": { "default": "Scheduler settings" }, "Parameters": [ "logProcessorSchedule", "logMergerSchedule", "logArchiveSchedule", "logMergerAge", "logArchiveAge" ] }, { "Label": { "default": "Notification settings" }, "Parameters": [ "notificationService", "recipients" ] }, { "Label": { "default": "Dashboards settings" }, "Parameters": [ "importDashboards", "grafanaUrl", "grafanaToken" ] }, { "Label": { "default": "Parameter Store settings" }, "Parameters": [ "MicroBatchStackName", "CentralizedDatabaseArn", "CMKeyArn", "LambdaUtilsLayerArn", "LambdaEnrichmentLayerArn", "VpcId", "PrivateSubnetIds" ] } ], "ParameterLabels": { "pipelineId": { "default": "Pipeline Id" }, "stagingBucketPrefix": { "default": "Staging Bucket Prefix" }, "centralizedBucketName": { "default": "Centralized Bucket Name" }, "centralizedBucketPrefix": { "default": "Centralized Bucket Prefix" }, "centralizedTableName": { "default": "Centralized Table Name" }, "logProcessorSchedule": { "default": "LogProcessor Schedule Expression" }, "logMergerSchedule": { "default": "LogMerger Schedule Expression" }, "logArchiveSchedule": { "default": "LogArchive Schedule Expression" }, "logMergerAge": { "default": "Age to Merge" }, "logArchiveAge": { "default": "Age to Archive" }, "notificationService": { "default": "Notification Service" }, "recipients": { "default": "Recipients" }, "importDashboards": { "default": "Import Dashboards" }, "grafanaUrl": { "default": "Grafana URL" }, "grafanaToken": { "default": "Grafana Service Account Token" } } } }, "Parameters": { "pipelineId": { "Type": "String", "Default": "2e981437-574e-4995-b27c-c61c11927232", "Description": "A unique identifier for the pipeline.", "MinLength": 1 }, "stagingBucketPrefix": { "Type": "String", "Default": "AWSLogs/RDS", "Description": "You can specify a custom prefix that raw logs delivers to staging Bucket, e.g. AWSLogs/123456789012/WAFLogs/.", "MinLength": 1 }, "centralizedBucketName": { "Type": "String", "Description": "The name of the S3 bucket where the data is stored.", "MinLength": 1 }, "centralizedBucketPrefix": { "Type": "String", "Default": "datalake", "Description": "You can specify an S3 bucket prefix as prefix for database location, e.g. datalake, the database location is datalake/{databae name}.", "MinLength": 1 }, "centralizedTableName": { "Type": "String", "Default": "rds", "AllowedPattern": "^[a-zA-Z0-9_-]+$", "Description": "The name of the table used to store data in centralized database. Only letters (a-z, A-Z), numbers (0-9), hyphens (-), and underscores (_) are allowed.", "MaxLength": 255, "MinLength": 1 }, "logProcessorSchedule": { "Type": "String", "Default": "rate(5 minutes)", "Description": "The expression that defines when the LogProcessor runs, default: rate(5 minutes). For more information and examples, see https://docs.aws.amazon.com/scheduler/latest/UserGuide/schedule-types.html", "MinLength": 6 }, "logMergerSchedule": { "Type": "String", "Default": "cron(0 1 * * ? *)", "Description": "The expression that defines when the LogMerger runs, default: cron(0 1 * * ? *). For more information and examples, see https://docs.aws.amazon.com/scheduler/latest/UserGuide/schedule-types.html", "MinLength": 6 }, "logArchiveSchedule": { "Type": "String", "Default": "cron(0 2 * * ? *)", "Description": "The expression that defines when the logArchive runs, default: cron(0 2 * * ? *). For more information and examples, see https://docs.aws.amazon.com/scheduler/latest/UserGuide/schedule-types.html", "MinLength": 6 }, "logMergerAge": { "Type": "Number", "Default": "7", "Description": "The number of days to merge objects in centralized bucket, default: 7.", "MinValue": 1 }, "logArchiveAge": { "Type": "Number", "Default": "30", "Description": "The number of days to archive objects in centralized bucket, default: 30.", "MinValue": 1 }, "notificationService": { "Type": "String", "Default": "SNS", "AllowedValues": [ "SNS", "SES" ], "Description": "Choose which service to use for notifications." }, "recipients": { "Type": "String", "Default": "", "Description": "If the notification service is SNS, enter arn of the topic, if the notification service is SES, enter the multiple email addresses using a \",\" separator." }, "importDashboards": { "Type": "String", "Default": "false", "AllowedValues": [ "true", "false" ], "Description": "Whether to create dashboards in grafana, default: false." }, "grafanaUrl": { "Type": "String", "Default": "", "Description": "Grafana's http access address. e.g. https://{host}:{port}." }, "grafanaToken": { "Type": "String", "Default": "", "Description": "Service account token created in Grafana. e.g. glsa_oSS1v9Hs3A3ho67uuLuq4VbzZyy.", "NoEcho": true }, "MicroBatchStackName": { "Type": "AWS::SSM::Parameter::Value", "Default": "/MicroBatch/StackName", "Description": "The Name of Main Stack, automatically retrieved from SSM Parameter Store. [/MicroBatch/StackName]." }, "CentralizedDatabaseArn": { "Type": "AWS::SSM::Parameter::Value", "Default": "/MicroBatch/CentralizedDatabaseArn", "Description": "The database arn of centralized, automatically retrieved from SSM Parameter Store. [/MicroBatch/CentralizedDatabaseArn]." }, "CMKeyArn": { "Type": "AWS::SSM::Parameter::Value", "Default": "/MicroBatch/CMKeyArn", "Description": "The key ARN for a KMS key, automatically retrieved from SSM Parameter Store. [/MicroBatch/CMKeyArn]." }, "LambdaUtilsLayerArn": { "Type": "AWS::SSM::Parameter::Value", "Default": "/MicroBatch/LambdaUtilsLayerArn", "Description": "The ARN of Lambda Layer., automatically retrieved from SSM Parameter Store. [/MicroBatch/LambdaUtilsLayerArn]." }, "LambdaEnrichmentLayerArn": { "Type": "AWS::SSM::Parameter::Value", "Default": "/MicroBatch/LambdaEnrichmentLayerArn", "Description": "The ARN of Lambda Layer., automatically retrieved from SSM Parameter Store. [/MicroBatch/LambdaEnrichmentLayerArn]." }, "VpcId": { "Type": "AWS::SSM::Parameter::Value", "Default": "/MicroBatch/VpcId", "Description": "The id of Virtual Private Cloud, automatically retrieved from SSM Parameter Store. [/MicroBatch/VpcId]." }, "PrivateSubnetIds": { "Type": "AWS::SSM::Parameter::Value", "Default": "/MicroBatch/PrivateSubnetIds", "Description": "The ids of Private Subnet, automatically retrieved from SSM Parameter Store. [/MicroBatch/PrivateSubnetIds]." } }, "Resources": { "LogEventDLQ": { "Type": "AWS::SQS::Queue", "Properties": { "KmsMasterKeyId": { "Ref": "CMKeyArn" }, "MessageRetentionPeriod": 604800, "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ], "VisibilityTimeout": 900 }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/LogEventDLQ/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "SQS: LogEventDLQ is a DLQ.", "id": "AwsSolutions-SQS3" }, { "reason": "SQS: The SQS queue does not require requests to use SSL.", "id": "AwsSolutions-SQS4" }, { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "LogEventDLQPolicy": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "SQS:SendMessage", "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::", { "Ref": "AWS::AccountId" }, ":root" ] ] } }, "Resource": { "Fn::GetAtt": [ "LogEventDLQ", "Arn" ] }, "Sid": "__owner_statement" } ], "Version": "2012-10-17" }, "Queues": [ { "Fn::GetAtt": [ "LogEventDLQ", "QueueName" ] } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/LogEventDLQPolicy", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "LogEventQueue": { "Type": "AWS::SQS::Queue", "Properties": { "KmsMasterKeyId": { "Ref": "CMKeyArn" }, "MessageRetentionPeriod": 604800, "RedrivePolicy": { "deadLetterTargetArn": { "Fn::GetAtt": [ "LogEventDLQ", "Arn" ] }, "maxReceiveCount": 3 }, "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ], "VisibilityTimeout": 900 }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/LogEventQueue/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "SQS: The SQS queue does not require requests to use SSL.", "id": "AwsSolutions-SQS4" }, { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "LogEventQueuePolicy": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "SQS:SendMessage", "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::", { "Ref": "AWS::AccountId" }, ":root" ] ] } }, "Resource": { "Fn::GetAtt": [ "LogEventQueue", "Arn" ] }, "Sid": "__owner_statement" } ], "Version": "2012-10-17" }, "Queues": [ { "Fn::GetAtt": [ "LogEventQueue", "QueueName" ] } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/LogEventQueuePolicy", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "S3ObjectsReplicationPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "dynamodb:GetItem", "dynamodb:Scan" ], "Effect": "Allow", "Resource": { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::MetadataTableArn" ] ] } } }, { "Action": [ "s3:PutObject", "s3:PutObjectTagging" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":s3:::", { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::StagingBucketName" ] ] } } ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":s3:::", { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::StagingBucketName" ] ] } }, "/*" ] ] } ] }, { "Action": [ "sqs:ReceiveMessage", "sqs:DeleteMessage", "sqs:GetQueueAttributes", "sqs:ChangeMessageVisibility", "sqs:GetQueueUrl" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "LogEventQueue", "Arn" ] }, { "Fn::GetAtt": [ "LogEventDLQ", "Arn" ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "S3ObjectsReplicationPolicy", "Roles": [ { "Ref": "S3ObjectReplicationRole" } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/S3ObjectsReplicationPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "S3ObjectReplicationRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" ] ] }, { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::KMSPublicAccessPolicyArn" ] ] } } ], "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/S3ObjectReplicationRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "PipelineResourceS3ObjectReplicationRoleDefaultPolicy9DAD4BEC": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:ReceiveMessage", "sqs:ChangeMessageVisibility", "sqs:GetQueueUrl", "sqs:DeleteMessage", "sqs:GetQueueAttributes" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "LogEventQueue", "Arn" ] } }, { "Action": "kms:Decrypt", "Effect": "Allow", "Resource": { "Ref": "CMKeyArn" } } ], "Version": "2012-10-17" }, "PolicyName": "PipelineResourceS3ObjectReplicationRoleDefaultPolicy9DAD4BEC", "Roles": [ { "Ref": "S3ObjectReplicationRole" } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/S3ObjectReplicationRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "InlinePolicyForPipeline": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "iam:DeleteRolePolicy", "iam:PutRolePolicy", "iam:GetRolePolicy" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "S3ObjectReplicationRole", "Arn" ] } }, { "Action": [ "iam:GetRole", "iam:PassRole", "iam:UpdateAssumeRolePolicy" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "InvokeConnectorRole", "Arn" ] } }, { "Action": [ "iam:DeleteRolePolicy", "iam:PutRolePolicy", "iam:GetRolePolicy" ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "ConnectorRole", "Arn" ] } } ], "Version": "2012-10-17" }, "PolicyName": { "Fn::Join": [ "", [ "InlinePolicyForPipeline-", { "Ref": "AWS::StackName" } ] ] }, "Roles": [ { "Fn::Select": [ 1, { "Fn::Split": [ "/", { "Fn::Select": [ 5, { "Fn::Split": [ ":", { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::PipelineResourcesBuilderRoleArn" ] ] } } ] } ] } ] } ] } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/InlinePolicyForPipeline/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "S3ObjectReplication": { "Type": "AWS::Lambda::Function", "Properties": { "Architectures": [ "x86_64" ], "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "centralized-logging-with-opensearch/v2.4.10/155445225448203aaebf07846f15841dd93670b9713c949b9a5af767382694f4.zip" }, "Description": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, " - Lambda function to copy objects from source bucket to staging bucket." ] ] }, "Environment": { "Variables": { "SOLUTION_VERSION": "v2.4.10", "SOLUTION_ID": "SO8025", "PIPELINE_ID": { "Ref": "pipelineId" }, "STAGING_BUCKET_NAME": { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::StagingBucketName" ] ] } }, "STAGING_BUCKET_PREFIX": { "Ref": "stagingBucketPrefix" }, "ENRICHMENT_PLUGINS": "", "SOURCE_TYPE": "rds", "META_TABLE_NAME": { "Fn::Select": [ 1, { "Fn::Split": [ "/", { "Fn::Select": [ 5, { "Fn::Split": [ ":", { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::MetadataTableArn" ] ] } } ] } ] } ] } ] } } }, "Handler": "lambda_function.lambda_handler", "Layers": [ { "Ref": "LambdaUtilsLayerArn" }, { "Ref": "LambdaEnrichmentLayerArn" } ], "MemorySize": 128, "Role": { "Fn::GetAtt": [ "S3ObjectReplicationRole", "Arn" ] }, "Runtime": "python3.11", "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ], "Timeout": 900, "VpcConfig": { "SecurityGroupIds": [ { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::PrivateSecurityGroupId" ] ] } } ], "SubnetIds": { "Fn::Split": [ ",", { "Ref": "PrivateSubnetIds" } ] } } }, "DependsOn": [ "InlinePolicyForPipeline", "PipelineResourceS3ObjectReplicationRoleDefaultPolicy9DAD4BEC", "S3ObjectReplicationRole", "S3ObjectsReplicationPolicy" ], "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/S3ObjectReplication/Resource", "aws:asset:path": "asset.155445225448203aaebf07846f15841dd93670b9713c949b9a5af767382694f4", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] }, "guard": { "SuppressedRules": [ "LAMBDA_INSIDE_VPC", "LAMBDA_CONCURRENCY_CHECK" ] } } }, "PipelineResourceS3ObjectReplicationSqsEventSourceMicroBatchAwsServicesRDSPipelinePipelineResourceLogEventQueue1559BA0F315EBD47": { "Type": "AWS::Lambda::EventSourceMapping", "Properties": { "BatchSize": 10, "EventSourceArn": { "Fn::GetAtt": [ "LogEventQueue", "Arn" ] }, "FunctionName": { "Ref": "S3ObjectReplication" }, "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ] }, "DependsOn": [ "InlinePolicyForPipeline", "S3ObjectsReplicationPolicy" ], "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/S3ObjectReplication/SqsEventSource:MicroBatchAwsServicesRDSPipelinePipelineResourceLogEventQueue1559BA0F/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "PipelineResourceS3ObjectReplicationEventsResourceBasedPolicy4AB39FB6": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "S3ObjectReplication", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":events:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":rule/S3EventDriver-*" ] ] } }, "DependsOn": [ "InlinePolicyForPipeline", "S3ObjectsReplicationPolicy" ], "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/S3ObjectReplication/EventsResourceBasedPolicy", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "PipelineResourceS3ObjectReplicationLogRetention2CFFC060": { "Type": "Custom::LogRetention", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn" ] }, "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "S3ObjectReplication" } ] ] } }, "DependsOn": [ "InlinePolicyForPipeline", "S3ObjectsReplicationPolicy" ], "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/S3ObjectReplication/LogRetention/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "ConnectorPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "dynamodb:GetItem", "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::MetadataTableArn" ] ] } } }, { "Action": [ "kms:GenerateDataKey*", "kms:Decrypt", "kms:Encrypt" ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":kms:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":key/*" ] ] } }, { "Action": [ "rds:DownloadDBLogFilePortion", "rds:DescribeDBInstances", "rds:DescribeDBLogFiles", "rds:DescribeDBClusters" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":rds:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":cluster:*" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":rds:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":db:*" ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "ConnectorPolicy", "Roles": [ { "Ref": "ConnectorRole" } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/ConnectorPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "ConnectorRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/AmazonS3FullAccess" ] ] }, { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::KMSPublicAccessPolicyArn" ] ] } } ], "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/ConnectorRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "Connector": { "Type": "AWS::Lambda::Function", "Properties": { "Architectures": [ "x86_64" ], "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "centralized-logging-with-opensearch/v2.4.10/a0b688035263c1e9bb9870afbc91c7949647382abbd497e6e2c02815aad670c9.zip" }, "Description": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, " - Lambda function to collect rds logs to logging bucket." ] ] }, "Environment": { "Variables": { "SOLUTION_VERSION": "v2.4.10", "SOLUTION_ID": "SO8025", "META_TABLE_NAME": { "Fn::Select": [ 1, { "Fn::Split": [ "/", { "Fn::Select": [ 5, { "Fn::Split": [ ":", { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::MetadataTableArn" ] ] } } ] } ] } ] } ] } } }, "Handler": "lambda_function.lambda_handler", "Layers": [ { "Ref": "LambdaUtilsLayerArn" }, { "Ref": "LambdaEnrichmentLayerArn" } ], "MemorySize": 128, "Role": { "Fn::GetAtt": [ "ConnectorRole", "Arn" ] }, "Runtime": "python3.11", "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ], "Timeout": 900, "VpcConfig": { "SecurityGroupIds": [ { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::PrivateSecurityGroupId" ] ] } } ], "SubnetIds": { "Fn::Split": [ ",", { "Ref": "PrivateSubnetIds" } ] } } }, "DependsOn": [ "ConnectorRole" ], "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/Connector/Resource", "aws:asset:path": "asset.a0b688035263c1e9bb9870afbc91c7949647382abbd497e6e2c02815aad670c9", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] }, "guard": { "SuppressedRules": [ "LAMBDA_INSIDE_VPC", "LAMBDA_CONCURRENCY_CHECK" ] } } }, "PipelineResourceConnectorEventsResourceBasedPolicy3EAF8164": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "Connector", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":events:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":rule/Connector-*" ] ] } }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/Connector/EventsResourceBasedPolicy", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "InvokeConnectorRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "events.amazonaws.com" } } ], "Version": "2012-10-17" }, "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/InvokeConnectorRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "InvokeConnectorPolicy": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "Connector", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "Connector", "Arn" ] }, ":*" ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "InvokeConnectorPolicy", "Roles": [ { "Ref": "InvokeConnectorRole" } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/InvokeConnectorPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "PipelineResourceProviderframeworkonEventServiceRole226CE060": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ], "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/Provider/framework-onEvent/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "PipelineResourceProviderframeworkonEventServiceRoleDefaultPolicy756B42E9": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":lambda:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":function:", { "Fn::Select": [ 6, { "Fn::Split": [ ":", { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::PipelineResourcesBuilderArn" ] ] } } ] } ] } ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":lambda:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":function:", { "Fn::Select": [ 6, { "Fn::Split": [ ":", { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::PipelineResourcesBuilderArn" ] ] } } ] } ] }, ":*" ] ] } ] }, { "Action": "lambda:GetFunction", "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":lambda:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":function:", { "Fn::Select": [ 6, { "Fn::Split": [ ":", { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::PipelineResourcesBuilderArn" ] ] } } ] } ] } ] ] } } ], "Version": "2012-10-17" }, "PolicyName": "PipelineResourceProviderframeworkonEventServiceRoleDefaultPolicy756B42E9", "Roles": [ { "Ref": "PipelineResourceProviderframeworkonEventServiceRole226CE060" } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "PipelineResourceProviderframeworkonEvent9AC8A4BF": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "centralized-logging-with-opensearch/v2.4.10/07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57.zip" }, "Description": "AWS CDK resource provider framework - onEvent (MicroBatchAwsServicesRDSPipeline/PipelineResource/Provider)", "Environment": { "Variables": { "USER_ON_EVENT_FUNCTION_ARN": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":lambda:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":function:", { "Fn::Select": [ 6, { "Fn::Split": [ ":", { "Fn::ImportValue": { "Fn::Join": [ "", [ { "Ref": "MicroBatchStackName" }, "::PipelineResourcesBuilderArn" ] ] } } ] } ] } ] ] } } }, "FunctionName": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, "-Provider" ] ] }, "Handler": "framework.onEvent", "LoggingConfig": { "Fn::If": [ "AWSCNCondition", { "Ref": "AWS::NoValue" }, { "LogFormat": "JSON", "ApplicationLogLevel": "FATAL" } ] }, "Role": { "Fn::GetAtt": [ "PipelineResourceProviderframeworkonEventServiceRole226CE060", "Arn" ] }, "Runtime": "nodejs22.x", "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ], "Timeout": 900 }, "DependsOn": [ "PipelineResourceProviderframeworkonEventServiceRoleDefaultPolicy756B42E9", "PipelineResourceProviderframeworkonEventServiceRole226CE060" ], "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/Provider/framework-onEvent/Resource", "aws:asset:path": "asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] }, "guard": { "SuppressedRules": [ "LAMBDA_INSIDE_VPC", "LAMBDA_CONCURRENCY_CHECK" ] } } }, "CustomResource": { "Type": "AWS::CloudFormation::CustomResource", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "PipelineResourceProviderframeworkonEvent9AC8A4BF", "Arn" ] }, "Id": { "Ref": "pipelineId" }, "Resource": "pipeline", "Item": { "metaName": { "Ref": "pipelineId" }, "type": "Pipeline", "data": { "source": { "type": "rds", "table": { "schema": "{}", "dataFormat": "json", "tableProperties": "{}", "serializationProperties": "{}" } }, "staging": { "prefix": { "Ref": "stagingBucketPrefix" } }, "destination": { "location": { "bucket": { "Ref": "centralizedBucketName" }, "prefix": { "Ref": "centralizedBucketPrefix" } }, "database": { "name": { "Fn::Select": [ 1, { "Fn::Split": [ "/", { "Fn::Select": [ 5, { "Fn::Split": [ ":", { "Ref": "CentralizedDatabaseArn" } ] } ] } ] } ] } }, "table": { "name": { "Ref": "centralizedTableName" }, "schema": "{}" }, "metrics": { "name": "", "schema": "{}" }, "enrichmentPlugins": "" }, "scheduler": { "service": "scheduler", "LogProcessor": { "schedule": { "Ref": "logProcessorSchedule" } }, "LogMerger": { "schedule": { "Ref": "logMergerSchedule" }, "age": { "Ref": "logMergerAge" } }, "LogArchive": { "schedule": { "Ref": "logArchiveSchedule" }, "age": { "Ref": "logArchiveAge" } } }, "notification": { "service": { "Ref": "notificationService" }, "recipients": { "Ref": "recipients" } }, "grafana": { "importDashboards": { "Ref": "importDashboards" }, "url": { "Ref": "grafanaUrl" }, "token": { "Ref": "grafanaToken" } } }, "stack": { "role": { "replicate": { "Fn::GetAtt": [ "S3ObjectReplicationRole", "Arn" ] }, "connector": { "Fn::GetAtt": [ "ConnectorRole", "Arn" ] }, "invokeConnector": { "Fn::GetAtt": [ "InvokeConnectorRole", "Arn" ] } }, "queue": { "logEventDLQ": { "Fn::GetAtt": [ "LogEventDLQ", "Arn" ] }, "logEventQueue": { "Fn::GetAtt": [ "LogEventQueue", "Arn" ] } }, "lambda": { "replicate": { "Fn::GetAtt": [ "S3ObjectReplication", "Arn" ] }, "connector": { "Fn::GetAtt": [ "Connector", "Arn" ] } }, "stackId": { "Ref": "AWS::StackId" } } } }, "DependsOn": [ "LogEventDLQ", "LogEventDLQPolicy", "LogEventQueue", "LogEventQueuePolicy", "S3ObjectReplication" ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/PipelineResource/CustomResource/Default", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ], "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", "Roles": [ { "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" } ] }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] } } }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { "Type": "AWS::Lambda::Function", "Properties": { "Handler": "index.handler", "Runtime": "nodejs22.x", "Timeout": 900, "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "centralized-logging-with-opensearch/v2.4.10/2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d.zip" }, "Role": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", "Arn" ] }, "Tags": [ { "Key": "Application", "Value": "CentralizedLoggingWithOpenSearch" } ] }, "DependsOn": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" ], "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource", "aws:asset:path": "asset.2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "reason": "some policies need to get dynamic resources", "id": "AwsSolutions-IAM5" }, { "reason": "these policies is used by CDK Customer Resource lambda", "id": "AwsSolutions-IAM4" }, { "reason": "not applicable to use the latest lambda runtime version", "id": "AwsSolutions-L1" } ] }, "guard": { "SuppressedRules": [ "LAMBDA_INSIDE_VPC", "LAMBDA_CONCURRENCY_CHECK" ] } } }, "CDKMetadata": { "Type": "AWS::CDK::Metadata", "Properties": { "Analytics": "v2:deflate64:H4sIAAAAAAAA/22Q0WrDMAxFv2XvrlZS9gFr2J42lqV7L4qtBrex3FlySwn99xGnKwz2dO+VLkfGFVRPS1g+4FkW1h0Wg+9g3Cjag6l33GDCQErJtCQxJ0sGz7IdZQXrbA+kaxQyA4bOIYyvma36yGX4GybM3b+ciHVTQO94PHrup/X/04ZS8CI+8tW4C2OIroMv7AYqfPkWGD8zZZrKf00TB28vV+MxwDiHQpxdG4dSnfRqZLVFEVKB50nMEHuBt9i3pMRartc7/sh6zGpKZaPY3954/xWbRWPYplsWaFI8eUfJ1GVzL9Y7riM7P5M5OoK9PJ6qCqoKlg978X6RMqsPBO2sP116nGOjAQAA" }, "Metadata": { "aws:cdk:path": "MicroBatchAwsServicesRDSPipeline/CDKMetadata/Default" }, "Condition": "CDKMetadataAvailable" } }, "Outputs": { "LogEventQueueName": { "Value": { "Fn::GetAtt": [ "LogEventQueue", "QueueName" ] } }, "ProcessorLogGroupName": { "Value": { "Fn::GetAtt": [ "PipelineResourceS3ObjectReplicationLogRetention2CFFC060", "LogGroupName" ] } } }, "Conditions": { "AWSCNCondition": { "Fn::Equals": [ "aws-cn", { "Ref": "AWS::Partition" } ] }, "CDKMetadataAvailable": { "Fn::Or": [ { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "af-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-3" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-4" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-northwest-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-2" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "il-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "sa-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-1" ] } ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-2" ] } ] } }, "Rules": {} }