{ "Description": "(SO0023) - Dynamic Image Transformation for Amazon CloudFront. Version v8.0.4", "Parameters": { "AdminEmail": { "Type": "String", "AllowedPattern": "^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$", "ConstraintDescription": "Must be a valid email address", "Description": "Email address of the admin user", "MaxLength": 100, "MinLength": 7 }, "DeploymentSize": { "Type": "String", "Default": "small", "AllowedValues": [ "small", "medium", "large", "xlarge" ], "ConstraintDescription": "Must be one of: small, medium, large, xlarge", "Description": "T-shirt sizing for ECS Fargate deployment configuration. **Small**: 1 vCPU, 2GB RAM, 2 desired tasks (1-4 range). **Medium**: 2 vCPU, 4GB RAM, 3 desired tasks (2-8 range). **Large**: 2 vCPU, 4GB RAM, 8 desired tasks (6-20 range). **XLarge**: 2 vCPU, 4GB RAM, 30 desired tasks (24-96 range)" }, "OriginOverrideHeader": { "Type": "String", "Default": "", "AllowedPattern": "^$|^[a-zA-Z0-9-]+$", "ConstraintDescription": "Must be a valid HTTP header name or empty", "Description": "HTTP header used to override the image origin (if present in request, mapping lookup is skipped). This is meant for advanced use-cases only, please refer to implementation guide." }, "CorsOriginParameter": { "Type": "String", "Default": "", "AllowedPattern": "^$|^\\*$|^https://[a-zA-Z0-9.-]+$", "ConstraintDescription": "Must be a valid HTTPS URL, or empty to default to (*)", "Description": "If you would like to specify an origin to use for CORS, please specify an origin value here. We recommend specifying an origin (i.e. https://example.domain) to restrict cross-site access to your API. Leave empty to default to wildcard (*)." } }, "Resources": { "WebDistributionAdminUIDistributionToS3S3LoggingBucket6996968F": { "Type": "AWS::S3::Bucket", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true }, "VersioningConfiguration": { "Status": "Enabled" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "v8-Stack/WebDistribution/AdminUIDistributionToS3/S3LoggingBucket/Resource", "cfn_nag": { "rules_to_suppress": [ { "id": "W35", "reason": "This S3 bucket is used as the access logging bucket for another bucket" } ] } } }, "WebDistributionAdminUIDistributionToS3S3LoggingBucketPolicyF77AA8A6": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "WebDistributionAdminUIDistributionToS3S3LoggingBucket6996968F" }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3S3LoggingBucket6996968F", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3S3LoggingBucket6996968F", "Arn" ] }, "/*" ] ] } ] } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "v8-Stack/WebDistribution/AdminUIDistributionToS3/S3LoggingBucket/Policy/Resource" } }, "WebDistributionAdminUIDistributionToS3S3BucketBEF73512": { "Type": "AWS::S3::Bucket", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "LifecycleConfiguration": { "Rules": [ { "NoncurrentVersionTransitions": [ { "StorageClass": "GLACIER", "TransitionInDays": 90 } ], "Status": "Enabled" } ] }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true }, "Tags": [ { "Key": "aws-cdk:cr-owned:930eb7aa", "Value": "true" } ], "VersioningConfiguration": { "Status": "Enabled" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "v8-Stack/WebDistribution/AdminUIDistributionToS3/S3Bucket/Resource", "guard": { "SuppressedRules": [ "S3_BUCKET_LOGGING_ENABLED" ] } } }, "WebDistributionAdminUIDistributionToS3S3BucketPolicy1B0745FE": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "WebDistributionAdminUIDistributionToS3S3BucketBEF73512" }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3S3BucketBEF73512", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3S3BucketBEF73512", "Arn" ] }, "/*" ] ] } ] }, { "Action": "s3:GetObject", "Condition": { "StringEquals": { "AWS:SourceArn": { "Fn::Join": [ "", [ "arn:aws:cloudfront::", { "Ref": "AWS::AccountId" }, ":distribution/", { "Ref": "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA" } ] ] } } }, "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3S3BucketBEF73512", "Arn" ] }, "/*" ] ] } } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "v8-Stack/WebDistribution/AdminUIDistributionToS3/S3Bucket/Policy/Resource", "cfn_nag": { "rules_to_suppress": [ { "id": "F16", "reason": "Public website bucket policy requires a wildcard principal" } ] } } }, "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucketAccessLog1B2CB542": { "Type": "AWS::S3::Bucket", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "OwnershipControls": { "Rules": [ { "ObjectOwnership": "ObjectWriter" } ] }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true }, "VersioningConfiguration": { "Status": "Enabled" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "v8-Stack/WebDistribution/AdminUIDistributionToS3/CloudfrontLoggingBucketAccessLog/Resource", "cfn_nag": { "rules_to_suppress": [ { "id": "W35", "reason": "This S3 bucket is used as the access logging bucket for another bucket" } ] } } }, "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucketAccessLogPolicyF0EDCBBD": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucketAccessLog1B2CB542" }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucketAccessLog1B2CB542", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucketAccessLog1B2CB542", "Arn" ] }, "/*" ] ] } ] }, { "Action": "s3:PutObject", "Condition": { "ArnLike": { "aws:SourceArn": { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucket1CBD1EBB", "Arn" ] } }, "StringEquals": { "aws:SourceAccount": { "Ref": "AWS::AccountId" } } }, "Effect": "Allow", "Principal": { "Service": "logging.s3.amazonaws.com" }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucketAccessLog1B2CB542", "Arn" ] }, "/*" ] ] } } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "v8-Stack/WebDistribution/AdminUIDistributionToS3/CloudfrontLoggingBucketAccessLog/Policy/Resource" } }, "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucket1CBD1EBB": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "LoggingConfiguration": { "DestinationBucketName": { "Ref": "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucketAccessLog1B2CB542" } }, "OwnershipControls": { "Rules": [ { "ObjectOwnership": "ObjectWriter" } ] }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true }, "VersioningConfiguration": { "Status": "Enabled" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "v8-Stack/WebDistribution/AdminUIDistributionToS3/CloudfrontLoggingBucket/Resource" } }, "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucketPolicyDF3305F5": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucket1CBD1EBB" }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucket1CBD1EBB", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucket1CBD1EBB", "Arn" ] }, "/*" ] ] } ] } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "v8-Stack/WebDistribution/AdminUIDistributionToS3/CloudfrontLoggingBucket/Policy/Resource" } }, "WebDistributionAdminUIDistributionToS3CloudFrontOac6E25E5C5": { "Type": "AWS::CloudFront::OriginAccessControl", "Properties": { "OriginAccessControlConfig": { "Description": "Origin access control provisioned by aws-cloudfront-s3", "Name": { "Fn::Join": [ "", [ "aws-cloudfront-s3-AdminToS3-", { "Fn::Select": [ 2, { "Fn::Split": [ "/", { "Ref": "AWS::StackId" } ] } ] } ] ] }, "OriginAccessControlOriginType": "s3", "SigningBehavior": "always", "SigningProtocol": "sigv4" } }, "Metadata": { "aws:cdk:path": "v8-Stack/WebDistribution/AdminUIDistributionToS3/CloudFrontOac" } }, "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA": { "Type": "AWS::CloudFront::Distribution", "Properties": { "DistributionConfig": { "Comment": "Admin UI Distribution for Dynamic Image Transformation for Amazon CloudFront", "CustomErrorResponses": [ { "ErrorCode": 403, "ResponseCode": 200, "ResponsePagePath": "/index.html" }, { "ErrorCode": 404, "ResponseCode": 200, "ResponsePagePath": "/index.html" } ], "DefaultCacheBehavior": { "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", "Compress": true, "TargetOriginId": "v8StackWebDistributionAdminUIDistributionToS3CloudFrontDistributionOrigin124C4DE9B", "ViewerProtocolPolicy": "redirect-to-https" }, "DefaultRootObject": "index.html", "Enabled": true, "HttpVersion": "http2", "IPV6Enabled": true, "Logging": { "Bucket": { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudfrontLoggingBucket1CBD1EBB", "RegionalDomainName" ] }, "Prefix": "admin-ui-cloudfront/" }, "Origins": [ { "DomainName": { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3S3BucketBEF73512", "RegionalDomainName" ] }, "Id": "v8StackWebDistributionAdminUIDistributionToS3CloudFrontDistributionOrigin124C4DE9B", "OriginAccessControlId": { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontOac6E25E5C5", "Id" ] }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] } }, "Metadata": { "aws:cdk:path": "v8-Stack/WebDistribution/AdminUIDistributionToS3/CloudFrontDistribution/Resource", "cfn_nag": { "rules_to_suppress": [ { "id": "W70", "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion" } ] } } }, "AuthUserPool8115E87F": { "Type": "AWS::Cognito::UserPool", "Properties": { "AccountRecoverySetting": { "RecoveryMechanisms": [ { "Name": "verified_email", "Priority": 1 } ] }, "AdminCreateUserConfig": { "AllowAdminCreateUserOnly": true, "InviteMessageTemplate": { "EmailMessage": { "Fn::Join": [ "", [ "

Dynamic Image Transformation on Amazon CloudFront - Web UI

Here are your temporary login credentials for the WebUI: https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] }, "

\n

\nRegion: ", { "Ref": "AWS::Region" }, "
\nUsername: {username}
\nTemporary Password: {####}\n

" ] ] }, "EmailSubject": "Welcome to DIT" } }, "AutoVerifiedAttributes": [ "email" ], "EmailVerificationMessage": "Your Dynamic Image Transformation console verification code is {####}", "EmailVerificationSubject": "Your Dynamic Image Transformation console verification code", "EnabledMfas": [ "SOFTWARE_TOKEN_MFA" ], "MfaConfiguration": "ON", "Policies": { "PasswordPolicy": { "MinimumLength": 8, "RequireLowercase": true, "RequireNumbers": true, "RequireSymbols": true, "RequireUppercase": true, "TemporaryPasswordValidityDays": 7 } }, "Schema": [ { "Mutable": false, "Name": "email", "Required": true } ], "SmsVerificationMessage": "The verification code to your new account is {####}", "UserPoolAddOns": { "AdvancedSecurityMode": "ENFORCED" }, "UsernameAttributes": [ "email" ], "VerificationMessageTemplate": { "DefaultEmailOption": "CONFIRM_WITH_CODE", "EmailMessage": "Your Dynamic Image Transformation console verification code is {####}", "EmailSubject": "Your Dynamic Image Transformation console verification code", "SmsMessage": "The verification code to your new account is {####}" } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "v8-Stack/Auth/UserPool/Resource" } }, "AuthUserPoolResourceServerADA84D6F": { "Type": "AWS::Cognito::UserPoolResourceServer", "Properties": { "Identifier": "dit-api", "Name": "Resource server representing the API Gateway of the solution", "Scopes": [ { "ScopeDescription": "Access to solution API", "ScopeName": "api" } ], "UserPoolId": { "Ref": "AuthUserPool8115E87F" } }, "Metadata": { "aws:cdk:path": "v8-Stack/Auth/UserPool/ResourceServer/Resource" } }, "AuthUserPoolUserPoolDomain4EEAE7CF": { "Type": "AWS::Cognito::UserPoolDomain", "Properties": { "Domain": { "Fn::Join": [ "", [ "dit-", { "Ref": "AWS::AccountId" }, "-", { "Ref": "AWS::Region" } ] ] }, "ManagedLoginVersion": 2, "UserPoolId": { "Ref": "AuthUserPool8115E87F" } }, "Metadata": { "aws:cdk:path": "v8-Stack/Auth/UserPool/UserPoolDomain/Resource" } }, "AuthUserPoolWebUIClient86DE5DEB": { "Type": "AWS::Cognito::UserPoolClient", "Properties": { "AccessTokenValidity": 60, "AllowedOAuthFlows": [ "code" ], "AllowedOAuthFlowsUserPoolClient": true, "AllowedOAuthScopes": [ "openid", "profile", "email", "aws.cognito.signin.user.admin", "dit-api/api" ], "CallbackURLs": [ { "Fn::Join": [ "", [ "https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] }, "/" ] ] } ], "ExplicitAuthFlows": [ "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH" ], "IdTokenValidity": 60, "LogoutURLs": [ { "Fn::Join": [ "", [ "https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] }, "/" ] ] }, { "Fn::Join": [ "", [ "https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] }, "/auth/logout-complete" ] ] } ], "RefreshTokenValidity": 60, "SupportedIdentityProviders": [ "COGNITO" ], "TokenValidityUnits": { "AccessToken": "minutes", "IdToken": "minutes", "RefreshToken": "minutes" }, "UserPoolId": { "Ref": "AuthUserPool8115E87F" } }, "DependsOn": [ "AuthUserPoolResourceServerADA84D6F" ], "Metadata": { "aws:cdk:path": "v8-Stack/Auth/UserPool/WebUIClient/Resource" } }, "AuthManagedLoginBranding4DD8E3C1": { "Type": "AWS::Cognito::ManagedLoginBranding", "Properties": { "ClientId": { "Ref": "AuthUserPoolWebUIClient86DE5DEB" }, "UseCognitoProvidedValues": true, "UserPoolId": { "Ref": "AuthUserPool8115E87F" } }, "Metadata": { "aws:cdk:path": "v8-Stack/Auth/ManagedLoginBranding" } }, "AuthInitialFullAccessUser3C7C83CA": { "Type": "AWS::Cognito::UserPoolUser", "Properties": { "UserAttributes": [ { "Name": "email_verified", "Value": "true" }, { "Name": "email", "Value": { "Ref": "AdminEmail" } } ], "UserPoolId": { "Ref": "AuthUserPool8115E87F" }, "Username": { "Ref": "AdminEmail" } }, "Metadata": { "aws:cdk:path": "v8-Stack/Auth/InitialFullAccessUser" } }, "DataAccessLayerConfigTableFC483DD7": { "Type": "AWS::DynamoDB::GlobalTable", "Properties": { "AttributeDefinitions": [ { "AttributeName": "PK", "AttributeType": "S" }, { "AttributeName": "GSI1PK", "AttributeType": "S" }, { "AttributeName": "GSI1SK", "AttributeType": "S" }, { "AttributeName": "GSI2PK", "AttributeType": "S" }, { "AttributeName": "GSI3PK", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "GlobalSecondaryIndexes": [ { "IndexName": "GSI1", "KeySchema": [ { "AttributeName": "GSI1PK", "KeyType": "HASH" }, { "AttributeName": "GSI1SK", "KeyType": "RANGE" } ], "Projection": { "ProjectionType": "ALL" } }, { "IndexName": "GSI2", "KeySchema": [ { "AttributeName": "GSI2PK", "KeyType": "HASH" } ], "Projection": { "ProjectionType": "ALL" } }, { "IndexName": "GSI3", "KeySchema": [ { "AttributeName": "GSI3PK", "KeyType": "HASH" } ], "Projection": { "ProjectionType": "ALL" } } ], "KeySchema": [ { "AttributeName": "PK", "KeyType": "HASH" } ], "Replicas": [ { "GlobalSecondaryIndexes": [ { "IndexName": "GSI1" }, { "IndexName": "GSI2" }, { "IndexName": "GSI3" } ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "Region": { "Ref": "AWS::Region" } } ], "SSESpecification": { "SSEEnabled": true, "SSEType": "KMS" }, "StreamSpecification": { "StreamViewType": "NEW_AND_OLD_IMAGES" } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/ConfigTable/Table/Resource", "guard": { "SuppressedRules": [ "DYNAMODB_TABLE_ENCRYPTED_KMS" ] } } }, "DataAccessLayerApiLambdaLogGroup8B3CE8F8": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 3653 }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/ApiLambdaLogGroup/Resource", "guard": { "SuppressedRules": [ "CLOUDWATCH_LOG_GROUP_ENCRYPTED" ] } } }, "DataAccessLayerApiLambdaServiceRole24F83C52": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/ApiLambda/ServiceRole/Resource" } }, "DataAccessLayerApiLambdaServiceRoleDefaultPolicyEDE8072B": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "dynamodb:BatchGetItem", "dynamodb:Query", "dynamodb:GetItem", "dynamodb:Scan", "dynamodb:ConditionCheckItem", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem", "dynamodb:DescribeTable" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "DataAccessLayerConfigTableFC483DD7", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "DataAccessLayerConfigTableFC483DD7", "Arn" ] }, "/index/*" ] ] } ] }, { "Action": [ "dynamodb:GetRecords", "dynamodb:GetShardIterator" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "DataAccessLayerConfigTableFC483DD7", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "DataAccessLayerConfigTableFC483DD7", "Arn" ] }, "/index/*" ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "DataAccessLayerApiLambdaServiceRoleDefaultPolicyEDE8072B", "Roles": [ { "Ref": "DataAccessLayerApiLambdaServiceRole24F83C52" } ] }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/ApiLambda/ServiceRole/DefaultPolicy/Resource" } }, "DataAccessLayerApiLambda53F93106": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "dynamic-image-transformation-for-amazon-cloudfront/v8.0.4/27635cbc09092dabbb892c679fe39e1dc94c1f3ccb42b4d4afe6d306e21012ba.zip" }, "Environment": { "Variables": { "SOLUTION_ID": "SO0023", "SOLUTION_VERSION": "v8.0.4", "CONFIG_TABLE_NAME": { "Ref": "DataAccessLayerConfigTableFC483DD7" }, "CORS_ORIGIN": { "Fn::Join": [ "", [ "https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] } ] ] }, "POWERTOOLS_LOGGER_LOG_LEVEL": "INFO", "POWERTOOLS_LOGGER_LOG_EVENT": "false" } }, "Handler": "index.handler", "LoggingConfig": { "LogGroup": { "Ref": "DataAccessLayerApiLambdaLogGroup8B3CE8F8" } }, "MemorySize": 512, "Role": { "Fn::GetAtt": [ "DataAccessLayerApiLambdaServiceRole24F83C52", "Arn" ] }, "Runtime": "nodejs22.x", "Timeout": 30 }, "DependsOn": [ "DataAccessLayerApiLambdaServiceRoleDefaultPolicyEDE8072B", "DataAccessLayerApiLambdaServiceRole24F83C52" ], "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/ApiLambda/Resource", "guard": { "SuppressedRules": [ "LAMBDA_INSIDE_VPC", "LAMBDA_CONCURRENCY_CHECK" ] } } }, "DataAccessLayerProdLogs1C739F5D": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 3653 }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/ProdLogs/Resource", "guard": { "SuppressedRules": [ "CLOUDWATCH_LOG_GROUP_ENCRYPTED" ] } } }, "DataAccessLayerFullAccessAuthorizer9954F0E5": { "Type": "AWS::ApiGateway::Authorizer", "Properties": { "IdentitySource": "method.request.header.Authorization", "Name": "FullAccessAuthorizer", "ProviderARNs": [ { "Fn::GetAtt": [ "AuthUserPool8115E87F", "Arn" ] } ], "RestApiId": { "Ref": "DataAccessLayerDITApi51636B57" }, "Type": "COGNITO_USER_POOLS" }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/FullAccessAuthorizer/Resource" } }, "DataAccessLayerDITApi51636B57": { "Type": "AWS::ApiGateway::RestApi", "Properties": { "Name": "DITApi" }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Resource" } }, "DataAccessLayerDITApiCloudWatchRole5597E17C": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "apigateway.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" ] ] } ] }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/CloudWatchRole/Resource" } }, "DataAccessLayerDITApiAccount13F50FA2": { "Type": "AWS::ApiGateway::Account", "Properties": { "CloudWatchRoleArn": { "Fn::GetAtt": [ "DataAccessLayerDITApiCloudWatchRole5597E17C", "Arn" ] } }, "DependsOn": [ "DataAccessLayerDITApi51636B57" ], "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Account" } }, "DataAccessLayerDITApiDeploymentF2E2DE9Fc8510d64da1fdf47ec4ed7553f3da5a7": { "Type": "AWS::ApiGateway::Deployment", "Properties": { "Description": "Automatically created by the RestApi construct", "RestApiId": { "Ref": "DataAccessLayerDITApi51636B57" } }, "DependsOn": [ "DataAccessLayerCORSResponse4xx88C1D1E3", "DataAccessLayerCORSResponse5xx07AEF476", "DataAccessLayerDITApiproxyANY751BCCB6", "DataAccessLayerDITApiproxyOPTIONSCB41EFA8", "DataAccessLayerDITApiproxyF57F8464", "DataAccessLayerDITApiANY6E92AB3D", "DataAccessLayerDITApiOPTIONSAEFE0783" ], "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Deployment/Resource", "aws:cdk:do-not-refactor": true } }, "DataAccessLayerDITApiDeploymentStageprod1B577AB5": { "Type": "AWS::ApiGateway::Stage", "Properties": { "AccessLogSetting": { "DestinationArn": { "Fn::GetAtt": [ "DataAccessLayerProdLogs1C739F5D", "Arn" ] }, "Format": "{\"requestId\":\"$context.requestId\",\"extendedRequestId\":\"$context.extendedRequestId\",\"sourceIp\":\"$context.identity.sourceIp\",\"caller\":\"$context.identity.caller\",\"user\":\"$context.identity.user\",\"method\":\"$context.httpMethod\",\"resourcePath\":\"$context.resourcePath\",\"protocol\":\"$context.protocol\",\"status\":\"$context.status\",\"requestTime\":\"$context.requestTime\",\"responseLength\":\"$context.responseLength\"}" }, "DeploymentId": { "Ref": "DataAccessLayerDITApiDeploymentF2E2DE9Fc8510d64da1fdf47ec4ed7553f3da5a7" }, "MethodSettings": [ { "DataTraceEnabled": false, "HttpMethod": "*", "ResourcePath": "/*", "ThrottlingBurstLimit": 200, "ThrottlingRateLimit": 100 } ], "RestApiId": { "Ref": "DataAccessLayerDITApi51636B57" }, "StageName": "prod", "TracingEnabled": true }, "DependsOn": [ "DataAccessLayerDITApiAccount13F50FA2" ], "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/DeploymentStage.prod/Resource", "guard": { "SuppressedRules": [ "API_GW_CACHE_ENABLED_AND_ENCRYPTED" ] } } }, "DataAccessLayerDITApiOPTIONSAEFE0783": { "Type": "AWS::ApiGateway::Method", "Properties": { "ApiKeyRequired": false, "AuthorizationType": "NONE", "HttpMethod": "OPTIONS", "Integration": { "IntegrationResponses": [ { "ResponseParameters": { "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", "method.response.header.Access-Control-Allow-Origin": { "Fn::Join": [ "", [ "'https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] }, "'" ] ] }, "method.response.header.Vary": "'Origin'", "method.response.header.Access-Control-Allow-Methods": "'*'", "method.response.header.Access-Control-Allow-Credentials": "'true'" }, "StatusCode": "204" } ], "RequestTemplates": { "application/json": "{ statusCode: 200 }" }, "Type": "MOCK" }, "MethodResponses": [ { "ResponseParameters": { "method.response.header.Access-Control-Allow-Headers": true, "method.response.header.Access-Control-Allow-Origin": true, "method.response.header.Vary": true, "method.response.header.Access-Control-Allow-Methods": true, "method.response.header.Access-Control-Allow-Credentials": true }, "StatusCode": "204" } ], "ResourceId": { "Fn::GetAtt": [ "DataAccessLayerDITApi51636B57", "RootResourceId" ] }, "RestApiId": { "Ref": "DataAccessLayerDITApi51636B57" } }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Default/OPTIONS/Resource" } }, "DataAccessLayerDITApiproxyF57F8464": { "Type": "AWS::ApiGateway::Resource", "Properties": { "ParentId": { "Fn::GetAtt": [ "DataAccessLayerDITApi51636B57", "RootResourceId" ] }, "PathPart": "{proxy+}", "RestApiId": { "Ref": "DataAccessLayerDITApi51636B57" } }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Default/{proxy+}/Resource" } }, "DataAccessLayerDITApiproxyOPTIONSCB41EFA8": { "Type": "AWS::ApiGateway::Method", "Properties": { "ApiKeyRequired": false, "AuthorizationType": "NONE", "HttpMethod": "OPTIONS", "Integration": { "IntegrationResponses": [ { "ResponseParameters": { "method.response.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", "method.response.header.Access-Control-Allow-Origin": { "Fn::Join": [ "", [ "'https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] }, "'" ] ] }, "method.response.header.Vary": "'Origin'", "method.response.header.Access-Control-Allow-Methods": "'*'", "method.response.header.Access-Control-Allow-Credentials": "'true'" }, "StatusCode": "204" } ], "RequestTemplates": { "application/json": "{ statusCode: 200 }" }, "Type": "MOCK" }, "MethodResponses": [ { "ResponseParameters": { "method.response.header.Access-Control-Allow-Headers": true, "method.response.header.Access-Control-Allow-Origin": true, "method.response.header.Vary": true, "method.response.header.Access-Control-Allow-Methods": true, "method.response.header.Access-Control-Allow-Credentials": true }, "StatusCode": "204" } ], "ResourceId": { "Ref": "DataAccessLayerDITApiproxyF57F8464" }, "RestApiId": { "Ref": "DataAccessLayerDITApi51636B57" } }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Default/{proxy+}/OPTIONS/Resource" } }, "DataAccessLayerDITApiproxyANYApiPermissionv8StackDataAccessLayerDITApiFA7735E2ANYproxyE4F16FCD": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "DataAccessLayerApiLambda53F93106", "Arn" ] }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "DataAccessLayerDITApi51636B57" }, "/", { "Ref": "DataAccessLayerDITApiDeploymentStageprod1B577AB5" }, "/*/*" ] ] } }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Default/{proxy+}/ANY/ApiPermission.v8StackDataAccessLayerDITApiFA7735E2.ANY..{proxy+}" } }, "DataAccessLayerDITApiproxyANYApiPermissionTestv8StackDataAccessLayerDITApiFA7735E2ANYproxyD548B1D6": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "DataAccessLayerApiLambda53F93106", "Arn" ] }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "DataAccessLayerDITApi51636B57" }, "/test-invoke-stage/*/*" ] ] } }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Default/{proxy+}/ANY/ApiPermission.Test.v8StackDataAccessLayerDITApiFA7735E2.ANY..{proxy+}" } }, "DataAccessLayerDITApiproxyANY751BCCB6": { "Type": "AWS::ApiGateway::Method", "Properties": { "AuthorizationScopes": [ "dit-api/api" ], "AuthorizationType": "COGNITO_USER_POOLS", "AuthorizerId": { "Ref": "DataAccessLayerFullAccessAuthorizer9954F0E5" }, "HttpMethod": "ANY", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":apigateway:", { "Ref": "AWS::Region" }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "DataAccessLayerApiLambda53F93106", "Arn" ] }, "/invocations" ] ] } }, "ResourceId": { "Ref": "DataAccessLayerDITApiproxyF57F8464" }, "RestApiId": { "Ref": "DataAccessLayerDITApi51636B57" } }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Default/{proxy+}/ANY/Resource" } }, "DataAccessLayerDITApiANYApiPermissionv8StackDataAccessLayerDITApiFA7735E2ANY073A6A6D": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "DataAccessLayerApiLambda53F93106", "Arn" ] }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "DataAccessLayerDITApi51636B57" }, "/", { "Ref": "DataAccessLayerDITApiDeploymentStageprod1B577AB5" }, "/*/" ] ] } }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Default/ANY/ApiPermission.v8StackDataAccessLayerDITApiFA7735E2.ANY.." } }, "DataAccessLayerDITApiANYApiPermissionTestv8StackDataAccessLayerDITApiFA7735E2ANY661B4C82": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "DataAccessLayerApiLambda53F93106", "Arn" ] }, "Principal": "apigateway.amazonaws.com", "SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":", { "Ref": "DataAccessLayerDITApi51636B57" }, "/test-invoke-stage/*/" ] ] } }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Default/ANY/ApiPermission.Test.v8StackDataAccessLayerDITApiFA7735E2.ANY.." } }, "DataAccessLayerDITApiANY6E92AB3D": { "Type": "AWS::ApiGateway::Method", "Properties": { "AuthorizationScopes": [ "dit-api/api" ], "AuthorizationType": "COGNITO_USER_POOLS", "AuthorizerId": { "Ref": "DataAccessLayerFullAccessAuthorizer9954F0E5" }, "HttpMethod": "ANY", "Integration": { "IntegrationHttpMethod": "POST", "Type": "AWS_PROXY", "Uri": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":apigateway:", { "Ref": "AWS::Region" }, ":lambda:path/2015-03-31/functions/", { "Fn::GetAtt": [ "DataAccessLayerApiLambda53F93106", "Arn" ] }, "/invocations" ] ] } }, "ResourceId": { "Fn::GetAtt": [ "DataAccessLayerDITApi51636B57", "RootResourceId" ] }, "RestApiId": { "Ref": "DataAccessLayerDITApi51636B57" } }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/DITApi/Default/ANY/Resource" } }, "DataAccessLayerCORSResponse4xx88C1D1E3": { "Type": "AWS::ApiGateway::GatewayResponse", "Properties": { "ResponseParameters": { "gatewayresponse.header.gatewayresponse.header.Access-Control-Allow-Origin": { "Fn::Join": [ "", [ "'https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] }, "'" ] ] }, "gatewayresponse.header.gatewayresponse.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", "gatewayresponse.header.gatewayresponse.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST,PUT,DELETE'" }, "ResponseType": "DEFAULT_4XX", "RestApiId": { "Ref": "DataAccessLayerDITApi51636B57" } }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/CORSResponse4xx/Resource" } }, "DataAccessLayerCORSResponse5xx07AEF476": { "Type": "AWS::ApiGateway::GatewayResponse", "Properties": { "ResponseParameters": { "gatewayresponse.header.gatewayresponse.header.Access-Control-Allow-Origin": { "Fn::Join": [ "", [ "'https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] }, "'" ] ] }, "gatewayresponse.header.gatewayresponse.header.Access-Control-Allow-Headers": "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'", "gatewayresponse.header.gatewayresponse.header.Access-Control-Allow-Methods": "'GET,OPTIONS,POST,PUT,DELETE'" }, "ResponseType": "DEFAULT_5XX", "RestApiId": { "Ref": "DataAccessLayerDITApi51636B57" } }, "Metadata": { "aws:cdk:path": "v8-Stack/DataAccessLayer/CORSResponse5xx/Resource" } }, "CSPUpdaterEnhancedCSPPolicy29E9C1BA": { "Type": "AWS::CloudFront::ResponseHeadersPolicy", "Properties": { "ResponseHeadersPolicyConfig": { "Comment": "Enhanced security headers for CSP with external services", "CustomHeadersConfig": { "Items": [ { "Header": "Cache-Control", "Override": true, "Value": "no-store, no-cache" } ] }, "Name": { "Fn::Join": [ "", [ "CSP-for-DIT-Admin-UI-Enhanced-", { "Ref": "AWS::Region" } ] ] }, "SecurityHeadersConfig": { "ContentSecurityPolicy": { "ContentSecurityPolicy": { "Fn::Join": [ "", [ "upgrade-insecure-requests; object-src 'none'; frame-ancestors 'none'; base-uri 'none'; script-src 'self'; style-src 'self'; font-src 'self' data:; img-src 'self' data: https:; connect-src 'self' https://cognito-identity.", { "Ref": "AWS::Region" }, ".amazonaws.com https://cognito-idp.", { "Ref": "AWS::Region" }, ".amazonaws.com dit-", { "Ref": "AWS::AccountId" }, "-", { "Ref": "AWS::Region" }, ".auth.", { "Ref": "AWS::Region" }, ".amazoncognito.com https://", { "Ref": "DataAccessLayerDITApi51636B57" }, ".execute-api.", { "Ref": "AWS::Region" }, ".", { "Ref": "AWS::URLSuffix" }, "/", { "Ref": "DataAccessLayerDITApiDeploymentStageprod1B577AB5" }, "/; default-src 'self';" ] ] }, "Override": false }, "ContentTypeOptions": { "Override": true }, "FrameOptions": { "FrameOption": "DENY", "Override": true }, "ReferrerPolicy": { "Override": true, "ReferrerPolicy": "strict-origin-when-cross-origin" }, "StrictTransportSecurity": { "AccessControlMaxAgeSec": 47304000, "IncludeSubdomains": true, "Override": true } } } }, "Metadata": { "aws:cdk:path": "v8-Stack/CSPUpdater/EnhancedCSPPolicy/Resource" } }, "CSPUpdaterCSPUpdaterFunctionLogGroup3255BE06": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 3653 }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "v8-Stack/CSPUpdater/CSPUpdaterFunctionLogGroup/Resource", "guard": { "SuppressedRules": [ "CLOUDWATCH_LOG_GROUP_ENCRYPTED" ] } } }, "CSPUpdaterCSPUpdaterFunctionServiceRoleDCA79242": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "v8-Stack/CSPUpdater/CSPUpdaterFunction/ServiceRole/Resource" } }, "CSPUpdaterCSPUpdaterFunctionServiceRoleDefaultPolicyE164CCBB": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "cloudfront:GetDistributionConfig", "cloudfront:UpdateDistribution" ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:aws:cloudfront::", { "Ref": "AWS::AccountId" }, ":distribution/", { "Ref": "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA" } ] ] } } ], "Version": "2012-10-17" }, "PolicyName": "CSPUpdaterCSPUpdaterFunctionServiceRoleDefaultPolicyE164CCBB", "Roles": [ { "Ref": "CSPUpdaterCSPUpdaterFunctionServiceRoleDCA79242" } ] }, "Metadata": { "aws:cdk:path": "v8-Stack/CSPUpdater/CSPUpdaterFunction/ServiceRole/DefaultPolicy/Resource" } }, "CSPUpdaterCSPUpdaterFunction1ED2BD33": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "dynamic-image-transformation-for-amazon-cloudfront/v8.0.4/0ccece87a04e15c167d283097e639e96461ef28f9c8da8a9a3d53dbba20243aa.zip" }, "Environment": { "Variables": { "SOLUTION_ID": "SO0023", "SOLUTION_VERSION": "v8.0.4" } }, "Handler": "index.handler", "LoggingConfig": { "LogGroup": { "Ref": "CSPUpdaterCSPUpdaterFunctionLogGroup3255BE06" } }, "MemorySize": 512, "Role": { "Fn::GetAtt": [ "CSPUpdaterCSPUpdaterFunctionServiceRoleDCA79242", "Arn" ] }, "Runtime": "nodejs22.x", "Timeout": 30 }, "DependsOn": [ "CSPUpdaterCSPUpdaterFunctionServiceRoleDefaultPolicyE164CCBB", "CSPUpdaterCSPUpdaterFunctionServiceRoleDCA79242" ], "Metadata": { "aws:cdk:path": "v8-Stack/CSPUpdater/CSPUpdaterFunction/Resource", "guard": { "SuppressedRules": [ "LAMBDA_INSIDE_VPC", "LAMBDA_CONCURRENCY_CHECK" ] } } }, "CSPUpdaterCSPUpdaterProviderframeworkonEventServiceRole9DF2EE66": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "v8-Stack/CSPUpdater/CSPUpdaterProvider/framework-onEvent/ServiceRole/Resource" } }, "CSPUpdaterCSPUpdaterProviderframeworkonEventServiceRoleDefaultPolicy0AFAE5F5": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "lambda:InvokeFunction", "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "CSPUpdaterCSPUpdaterFunction1ED2BD33", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "CSPUpdaterCSPUpdaterFunction1ED2BD33", "Arn" ] }, ":*" ] ] } ] }, { "Action": "lambda:GetFunction", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "CSPUpdaterCSPUpdaterFunction1ED2BD33", "Arn" ] } } ], "Version": "2012-10-17" }, "PolicyName": "CSPUpdaterCSPUpdaterProviderframeworkonEventServiceRoleDefaultPolicy0AFAE5F5", "Roles": [ { "Ref": "CSPUpdaterCSPUpdaterProviderframeworkonEventServiceRole9DF2EE66" } ] }, "Metadata": { "aws:cdk:path": "v8-Stack/CSPUpdater/CSPUpdaterProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource" } }, "CSPUpdaterCSPUpdaterProviderframeworkonEventE7D5E323": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "dynamic-image-transformation-for-amazon-cloudfront/v8.0.4/07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57.zip" }, "Description": "AWS CDK resource provider framework - onEvent (v8-Stack/CSPUpdater/CSPUpdaterProvider)", "Environment": { "Variables": { "USER_ON_EVENT_FUNCTION_ARN": { "Fn::GetAtt": [ "CSPUpdaterCSPUpdaterFunction1ED2BD33", "Arn" ] } } }, "Handler": "framework.onEvent", "LoggingConfig": { "ApplicationLogLevel": "FATAL", "LogFormat": "JSON", "LogGroup": { "Ref": "CSPUpdaterCSPUpdaterFunctionLogGroup3255BE06" } }, "Role": { "Fn::GetAtt": [ "CSPUpdaterCSPUpdaterProviderframeworkonEventServiceRole9DF2EE66", "Arn" ] }, "Runtime": "nodejs22.x", "Timeout": 900 }, "DependsOn": [ "CSPUpdaterCSPUpdaterProviderframeworkonEventServiceRoleDefaultPolicy0AFAE5F5", "CSPUpdaterCSPUpdaterProviderframeworkonEventServiceRole9DF2EE66" ], "Metadata": { "aws:cdk:path": "v8-Stack/CSPUpdater/CSPUpdaterProvider/framework-onEvent/Resource", "guard": { "SuppressedRules": [ "LAMBDA_INSIDE_VPC", "LAMBDA_CONCURRENCY_CHECK" ] } } }, "CSPUpdaterCSPUpdaterCustomResource91C60D66": { "Type": "AWS::CloudFormation::CustomResource", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "CSPUpdaterCSPUpdaterProviderframeworkonEventE7D5E323", "Arn" ] }, "DistributionId": { "Ref": "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA" }, "ResponseHeadersPolicyId": { "Ref": "CSPUpdaterEnhancedCSPPolicy29E9C1BA" } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "v8-Stack/CSPUpdater/CSPUpdaterCustomResource/Default" } }, "AdminUIDeploymentAwsCliLayer7F18FF6D": { "Type": "AWS::Lambda::LayerVersion", "Properties": { "Content": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "dynamic-image-transformation-for-amazon-cloudfront/v8.0.4/e2659170a0721541efa761a8d5d04d5e36cbbf691c4b15a9053002b7c825055d.zip" }, "Description": "/opt/awscli/aws" }, "Metadata": { "aws:cdk:path": "v8-Stack/AdminUIDeployment/AwsCliLayer/Resource" } }, "AdminUIDeploymentCustomResource4138A2A5": { "Type": "Custom::CDKBucketDeployment", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536", "Arn" ] }, "SourceBucketNames": [ { "Fn::Sub": "solutions-${AWS::Region}" }, { "Fn::Sub": "solutions-${AWS::Region}" } ], "SourceObjectKeys": [ "dynamic-image-transformation-for-amazon-cloudfront/v8.0.4/abd667df0d7ea3b654e81990083167c8ad5f1c4499fc31ad73bd608f6b38786f.zip", "dynamic-image-transformation-for-amazon-cloudfront/v8.0.4/9bc8db7aa93dcd61ba0bb13a3642db3687417a8f4a9662ad1ff4aa11c9264801.zip" ], "SourceMarkers": [ {}, { "<>": { "Fn::Join": [ "", [ "\"", { "Ref": "AuthUserPool8115E87F" }, "\"" ] ] }, "<>": { "Fn::Join": [ "", [ "\"", { "Ref": "AuthUserPoolWebUIClient86DE5DEB" }, "\"" ] ] }, "<>": { "Fn::Join": [ "", [ "\"dit-", { "Ref": "AWS::AccountId" }, "-", { "Ref": "AWS::Region" }, ".auth.", { "Ref": "AWS::Region" }, ".amazoncognito.com\"" ] ] }, "<>": { "Fn::Join": [ "", [ "\"https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] }, "/\"" ] ] }, "<>": { "Fn::Join": [ "", [ "\"https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] }, "/auth/logout-complete\"" ] ] }, "<>": { "Fn::Join": [ "", [ "\"https://", { "Ref": "DataAccessLayerDITApi51636B57" }, ".execute-api.", { "Ref": "AWS::Region" }, ".", { "Ref": "AWS::URLSuffix" }, "/", { "Ref": "DataAccessLayerDITApiDeploymentStageprod1B577AB5" }, "/\"" ] ] } } ], "SourceMarkersConfig": [ {}, {} ], "DestinationBucketName": { "Ref": "WebDistributionAdminUIDistributionToS3S3BucketBEF73512" }, "WaitForDistributionInvalidation": true, "Prune": true, "OutputObjectKeys": true }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "v8-Stack/AdminUIDeployment/CustomResource/Default" } }, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "v8-Stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/Resource" } }, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":s3:::", { "Fn::Sub": "solutions-${AWS::Region}" } ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":s3:::", { "Fn::Sub": "solutions-${AWS::Region}" }, "/*" ] ] } ] }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:Abort*" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3S3BucketBEF73512", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3S3BucketBEF73512", "Arn" ] }, "/*" ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", "Roles": [ { "Ref": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" } ] }, "Metadata": { "aws:cdk:path": "v8-Stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/DefaultPolicy/Resource" } }, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "dynamic-image-transformation-for-amazon-cloudfront/v8.0.4/3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9.zip" }, "Environment": { "Variables": { "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem" } }, "Handler": "index.handler", "Layers": [ { "Ref": "AdminUIDeploymentAwsCliLayer7F18FF6D" } ], "Role": { "Fn::GetAtt": [ "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265", "Arn" ] }, "Runtime": "python3.13", "Timeout": 900 }, "DependsOn": [ "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF", "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265" ], "Metadata": { "aws:cdk:path": "v8-Stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Resource", "guard": { "SuppressedRules": [ "LAMBDA_INSIDE_VPC", "LAMBDA_CONCURRENCY_CHECK" ] } } }, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CLogRetention1948627D": { "Type": "Custom::LogRetention", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn" ] }, "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536" } ] ] }, "RetentionInDays": 3653 }, "Metadata": { "aws:cdk:path": "v8-Stack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/LogRetention/Resource" } }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "v8-Stack/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource" } }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "logs:PutRetentionPolicy", "logs:DeleteRetentionPolicy" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", "Roles": [ { "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" } ] }, "Metadata": { "aws:cdk:path": "v8-Stack/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource" } }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { "Type": "AWS::Lambda::Function", "Properties": { "Handler": "index.handler", "Runtime": "nodejs22.x", "Timeout": 900, "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "dynamic-image-transformation-for-amazon-cloudfront/v8.0.4/2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d.zip" }, "Role": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", "Arn" ] } }, "DependsOn": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" ], "Metadata": { "aws:cdk:path": "v8-Stack/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource", "guard": { "SuppressedRules": [ "LAMBDA_INSIDE_VPC", "LAMBDA_CONCURRENCY_CHECK" ] } } }, "MetricsCustomResourceLambdaLogGroup041E9E89": { "Type": "AWS::Logs::LogGroup", "Properties": { "RetentionInDays": 3653 }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "v8-Stack/Metrics/CustomResourceLambdaLogGroup/Resource", "guard": { "SuppressedRules": [ "CLOUDWATCH_LOG_GROUP_ENCRYPTED" ] } } }, "MetricsCustomResourceLambdaServiceRole493FC361": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ] }, "Metadata": { "aws:cdk:path": "v8-Stack/Metrics/CustomResourceLambda/ServiceRole/Resource" } }, "MetricsCustomResourceLambda8AAD16EB": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "dynamic-image-transformation-for-amazon-cloudfront/v8.0.4/96d4372cdf46e2b137b90095813ce8f797e73a53e1702a45148fa40ad4094745.zip" }, "Environment": { "Variables": { "SOLUTION_ID": "SO0023", "SOLUTION_VERSION": "v8.0.4" } }, "Handler": "index.handler", "LoggingConfig": { "LogGroup": { "Ref": "MetricsCustomResourceLambdaLogGroup041E9E89" } }, "MemorySize": 512, "Role": { "Fn::GetAtt": [ "MetricsCustomResourceLambdaServiceRole493FC361", "Arn" ] }, "Runtime": "nodejs22.x", "Timeout": 30 }, "DependsOn": [ "MetricsCustomResourceLambdaServiceRole493FC361" ], "Metadata": { "aws:cdk:path": "v8-Stack/Metrics/CustomResourceLambda/Resource", "guard": { "SuppressedRules": [ "LAMBDA_INSIDE_VPC", "LAMBDA_CONCURRENCY_CHECK" ] } } }, "MetricsUUIDABD69ADD": { "Type": "AWS::CloudFormation::CustomResource", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "MetricsCustomResourceLambda8AAD16EB", "Arn" ] }, "CustomAction": "createUuid" }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "v8-Stack/Metrics/UUID/Default" } }, "MetricsA5C7F5DB": { "Type": "AWS::CloudFormation::CustomResource", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "MetricsCustomResourceLambda8AAD16EB", "Arn" ] }, "CustomAction": "sendMetric", "Region": { "Ref": "AWS::Region" }, "UUID": { "Fn::GetAtt": [ "MetricsUUIDABD69ADD", "UUID" ] }, "AnonymousData": "Yes", "UseExistingCloudFrontDistribution": "n/a", "DeploymentSize": { "Ref": "DeploymentSize" } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "v8-Stack/Metrics/Metrics/Default" } }, "ImageProcessingNestedStackImageProcessingNestedStackResource96AF94AE": { "Type": "AWS::CloudFormation::Stack", "Properties": { "Parameters": { "referencetov8StackDataAccessLayerConfigTable3815FFBEArn": { "Fn::GetAtt": [ "DataAccessLayerConfigTableFC483DD7", "Arn" ] }, "referencetov8StackOriginOverrideHeaderBCE4A531Ref": { "Ref": "OriginOverrideHeader" }, "referencetov8StackDeploymentSize1C90EBE2Ref": { "Ref": "DeploymentSize" }, "referencetov8StackCorsOriginParameterB8A65EEERef": { "Ref": "CorsOriginParameter" }, "referencetov8StackDataAccessLayerConfigTable3815FFBEStreamArn": { "Fn::GetAtt": [ "DataAccessLayerConfigTableFC483DD7", "StreamArn" ] }, "referencetov8StackMetricsUUID1DB62987UUID": { "Fn::GetAtt": [ "MetricsUUIDABD69ADD", "UUID" ] } }, "TemplateURL": { "Fn::Join": [ "", [ "https://s3.", { "Ref": "AWS::Region" }, ".", { "Ref": "AWS::URLSuffix" }, "/", { "Fn::Sub": "solutions-${AWS::Region}" }, "/dynamic-image-transformation-for-amazon-cloudfront/v8.0.4/dynamic-image-transformation-for-amazon-cloudfront-ecs.nested.template" ] ] } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "v8-Stack/ImageProcessing.NestedStack/ImageProcessing.NestedStackResource" } }, "CDKMetadata": { "Type": "AWS::CDK::Metadata", "Properties": { "Analytics": "v2:deflate64:H4sIAAAAAAAA/21UwZLaMAz9Fu7GS0M702PZMEsPbJeB7V4Z44iswbEYS4bSTP69YyeBbGdP0nuSLedJSibr7Ot3ORmpC411cRxbs5P1hpU+inzvVsqrChi8UBfa1jSV9WPQR+AY7LzWrNAafb3THW7BoyJohLYYir1Hx7LO9+7Fm9K4mdZAlKNjj1bMDbE3u8AGXbzrA14DndAR/ARVgKd7xU8DjdBYOsMo698EfoVoY+7N7501EAavYQP+DH6Y8l+kp+dYKeOGiR3Tw9wacDxMuDPPyqkSiiWWxj165QrjymFmtI0ork5VWOxk/ap2Ft6ymLKwuFM2EY2wWJKsl1guPIZTDN/8JZZrYHBRs0ZYVe0KtXVYwIHkr2SegtNJUaMqWa/RQlIx2ruovYo03daKCJjkLBpRwMnitQLHsu3u/Eb05VJ/b1XiZeArQxTRkF6qK/g38CmwMa60wHg72Ah1MqViuKirrPO2m71QNAv8jt78bXs2QMv0hDUQz06mG4/enWmNwbG4PzlN2R1tWJVJjdbpRyAOsHgGfscidbH1Vh7/XPuUrlLrL9pX94OZ2veRappIvgQ+BRZJ2FgxToMOxFhtfXcXyZXHsynid6bIpwW7Ntso6FZdSFsjZxfKrUkai+GhtN2N+PZFTkY/4t4T2rRhNNboiH3QTA/ph3Db2DFNZR7RU0SvuJk2Is6UPNDDOctklsnJ6EDGjH1wbCqQ69b+AyWXJ9RhBAAA" }, "Metadata": { "aws:cdk:path": "v8-Stack/CDKMetadata/Default" }, "Condition": "CDKMetadataAvailable" } }, "Outputs": { "AuthCognitoDomainPrefixA6F6E8D2": { "Description": "Cognito Domain Prefix", "Value": { "Fn::Join": [ "", [ "dit-", { "Ref": "AWS::AccountId" }, "-", { "Ref": "AWS::Region" } ] ] } }, "AuthUserPoolIdC0605E59": { "Value": { "Ref": "AuthUserPool8115E87F" } }, "DataAccessLayerDITApiEndpoint6B901B2A": { "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "DataAccessLayerDITApi51636B57" }, ".execute-api.", { "Ref": "AWS::Region" }, ".", { "Ref": "AWS::URLSuffix" }, "/", { "Ref": "DataAccessLayerDITApiDeploymentStageprod1B577AB5" }, "/" ] ] } }, "DataAccessLayerConfigTableName418C3F73": { "Description": "DynamoDB table for storing all DIT configurations", "Value": { "Ref": "DataAccessLayerConfigTableFC483DD7" } }, "WebPortalUrl": { "Description": "URL for the DIT Admin Web Portal", "Value": { "Fn::Join": [ "", [ "https://", { "Fn::GetAtt": [ "WebDistributionAdminUIDistributionToS3CloudFrontDistribution6FD651BA", "DomainName" ] } ] ] } }, "APIEndpoint": { "Description": "URL for the DIT Admin API", "Value": { "Fn::Join": [ "", [ "https://", { "Ref": "DataAccessLayerDITApi51636B57" }, ".execute-api.", { "Ref": "AWS::Region" }, ".", { "Ref": "AWS::URLSuffix" }, "/", { "Ref": "DataAccessLayerDITApiDeploymentStageprod1B577AB5" }, "/" ] ] } } }, "Conditions": { "CDKMetadataAvailable": { "Fn::Or": [ { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "af-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-3" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-4" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-northwest-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-2" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "il-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "sa-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-1" ] } ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-2" ] } ] } } }