{
  "Description": "(SO0284-ComputeStack) innovation-sandbox-on-aws v1.2.9",
  "Metadata": {
    "AWS::CloudFormation::Interface": {
      "ParameterLabels": {
        "Namespace": {
          "default": "Namespace"
        },
        "OrgMgtAccountId": {
          "default": "Org Management Account Id"
        },
        "IdcAccountId": {
          "default": "IDC Account Id"
        },
        "AllowListedIPRanges": {
          "default": "Allow Listed IP Ranges"
        },
        "UseStableTagging": {
          "default": "Use Stable Tagging"
        },
        "AcceptSolutionTermsOfUse": {
          "default": "Accept Solution Terms of Use"
        }
      },
      "ParameterGroups": [
        {
          "Label": {
            "default": "Compute Stack Configuration"
          },
          "Parameters": [
            "Namespace",
            "OrgMgtAccountId",
            "IdcAccountId",
            "AllowListedIPRanges",
            "UseStableTagging",
            "AcceptSolutionTermsOfUse"
          ]
        }
      ]
    }
  },
  "Parameters": {
    "Namespace": {
      "Type": "String",
      "Default": "myisb",
      "AllowedPattern": "^[0-9a-zA-Z]{3,8}$",
      "Description": "The namespace for this deployment of Innovation Sandbox (must be the same for all member stacks). Alphanumeric characters of length between 3 and 8"
    },
    "OrgMgtAccountId": {
      "Type": "String",
      "AllowedPattern": "^[0-9]{12}$",
      "Description": "The AWS Account Id of the org's management account where the account pool stack is deployed"
    },
    "IdcAccountId": {
      "Type": "String",
      "AllowedPattern": "^[0-9]{12}$",
      "Description": "The AWS Account Id where the IAM Identity Center is configured"
    },
    "AllowListedIPRanges": {
      "Type": "CommaDelimitedList",
      "Default": "0.0.0.0/1,128.0.0.0/1",
      "AllowedPattern": "^((\\d{1,3}\\.){3}\\d{1,3}/([0-9]|[1-2][0-9]|3[0-2]))(\\s*,\\s*((\\d{1,3}\\.){3}\\d{1,3}/([0-9]|[1-2][0-9]|3[0-2])))*$",
      "Description": "Comma separated list of CIDR ranges that allow access to the API. To allow all the entire internet, leave the default 0.0.0.0/1,128.0.0.0/1"
    },
    "UseStableTagging": {
      "Type": "String",
      "Default": "Yes",
      "AllowedValues": [
        "Yes",
        "No"
      ],
      "Description": "Automatically use the most up to date and secure account cleaner image up until the next minor release. Selecting 'No' will pull the image as originally released, without any security updates."
    },
    "AcceptSolutionTermsOfUse": {
      "Type": "String",
      "AllowedPattern": "^Accept$",
      "ConstraintDescription": "You must enter \"Accept\" to deploy this template",
      "Description": "The Innovation Sandbox on AWS (\"ISB\") allows you to experiment with AWS resources in non-production accounts. Customers are responsible for making their own independent assessment of the information in this document. This document: (a) is for informational purposes only, (b) represents AWS current product offerings and practices, which are subject to change without notice, and (c) does not create any commitments or assurances from AWS and its affiliates, suppliers or licensors. AWS products or services including ISB are provided \"as is\" and AWS does not make any warranties, representations, or conditions of any kind, whether express or implied about ISB. AWS responsibilities and liabilities to its customers are controlled by AWS agreements, and this document is not part of, nor does it modify, any agreement between AWS and its customers.\n\nYou assume all responsibility for your use of ISB and making your own independent assessments of ISB, as well as any compliance with any additional terms, licenses, laws, rules, regulations, policies, or standards that apply to you, and, your use of ISB is subject to the AWS Shared Responsibility Model.\n\nThese Terms of Use supplement, and do not modify, any other existing agreements between you and AWS.\n\n* Non-Production Environments Only: The ISB solution is for use only for experiments in a non-production environment and may make irreversible changes to your environment, such as terminating AWS resources. It is not for use in production accounts.\n* Limitations of Cost Control Mechanisms: AWS makes no guarantees that usage cost will never exceed the budget limit set in ISB, and ISB may not prevent spend from going over the budget in all cases.\n* May Not Terminate All AWS Resources: In certain limited situations, ISB may not delete all AWS Resources and AWS will attempt to notify you that manual intervention is necessary for these accounts. These accounts could continue to incur costs until manually resolved by you. AWS makes no guarantees regarding the automatic termination of these resources by ISB and you are responsible for all fees in cases where ISB does not automatically terminate resources.\n* No Third-Party Use: ISB allows you to provide your own AWS accounts to internal end-users for learning and experimentation. You may not provide your AWS accounts to third-party users (such as other companies or public users) as this may grant third-party users access to your AWS resources.\n* Manually Adding New Users: If you have manually added additional users to an AWS account which has already been granted to a sandbox user by ISB, it is your responsibility to ensure deletion of the user’s access after their sandbox use.\n* Fraud and Abuse Detection: You are responsible for monitoring your sandbox account to detect any cases of potential fraud, abuse, or misuse.\n\nTo proceed with the deployment, please enter \"Accept\" to confirm your agreement to these terms.\n"
    }
  },
  "Resources": {
    "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionRoleAD0AD111": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbSpokeConfigJsonParamResolver/ParseJsonConfiguration/FunctionRole/Resource"
      }
    },
    "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionRoleDefaultPolicy5140CE0C": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupCustomResources63629E09",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionRoleDefaultPolicy5140CE0C",
        "Roles": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionRoleAD0AD111"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbSpokeConfigJsonParamResolver/ParseJsonConfiguration/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionCE168970": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.0ae1226fcae64f98b960d9869d976d04dadd2a0ac6a492f1c30fb1ab027596a6.zip"
        },
        "Description": "Parses configuration passed in JSON format",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-ParseJsonConfiguration-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupCustomResources63629E09"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionRoleAD0AD111",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionRoleDefaultPolicy5140CE0C",
        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionRoleAD0AD111"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbSpokeConfigJsonParamResolver/ParseJsonConfiguration/Function/Resource",
        "aws:asset:path": "asset.0ae1226fcae64f98b960d9869d976d04dadd2a0ac6a492f1c30fb1ab027596a6",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbProviderframeworkonEventServiceRoleAE0FBDD1": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "ManagedPolicyArns": [
          {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
              ]
            ]
          }
        ],
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbSpokeConfigJsonParamResolver/ParseJsonConfiguration/IsbProvider/framework-onEvent/ServiceRole/Resource"
      }
    },
    "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbProviderframeworkonEventServiceRoleDefaultPolicy550E8662": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "lambda:InvokeFunction",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionCE168970",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionCE168970",
                          "Arn"
                        ]
                      },
                      ":*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": "lambda:GetFunction",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionCE168970",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbProviderframeworkonEventServiceRoleDefaultPolicy550E8662",
        "Roles": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbProviderframeworkonEventServiceRoleAE0FBDD1"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbSpokeConfigJsonParamResolver/ParseJsonConfiguration/IsbProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource"
      }
    },
    "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbProviderframeworkonEventD19E887B": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57.zip"
        },
        "Description": "AWS CDK resource provider framework - onEvent (InnovationSandbox-Compute/IsbSpokeConfigJsonParamResolver/ParseJsonConfiguration/IsbProvider)",
        "Environment": {
          "Variables": {
            "USER_ON_EVENT_FUNCTION_ARN": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionCE168970",
                "Arn"
              ]
            }
          }
        },
        "Handler": "framework.onEvent",
        "LoggingConfig": {
          "ApplicationLogLevel": "FATAL",
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupCustomResources63629E09"
          }
        },
        "Role": {
          "Fn::GetAtt": [
            "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbProviderframeworkonEventServiceRoleAE0FBDD1",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 900
      },
      "DependsOn": [
        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbProviderframeworkonEventServiceRoleDefaultPolicy550E8662",
        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbProviderframeworkonEventServiceRoleAE0FBDD1"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbSpokeConfigJsonParamResolver/ParseJsonConfiguration/IsbProvider/framework-onEvent/Resource",
        "aws:asset:path": "asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57",
        "aws:asset:is-bundled": false,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57": {
      "Type": "Custom::ParseJsonConfiguration",
      "Properties": {
        "ServiceToken": {
          "Fn::GetAtt": [
            "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbProviderframeworkonEventD19E887B",
            "Arn"
          ]
        },
        "idcConfigParamArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":ssm:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "IdcAccountId"
              },
              ":parameter/InnovationSandbox_",
              {
                "Ref": "Namespace"
              },
              "_Idc_Configuration"
            ]
          ]
        },
        "accountPoolConfigParamArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":ssm:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "OrgMgtAccountId"
              },
              ":parameter/InnovationSandbox_",
              {
                "Ref": "Namespace"
              },
              "_AccountPool_Configuration"
            ]
          ]
        },
        "dataConfigParamArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":ssm:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":parameter/InnovationSandbox_",
              {
                "Ref": "Namespace"
              },
              "_Data_Configuration"
            ]
          ]
        },
        "namespace": {
          "Ref": "Namespace"
        },
        "forceUpdate": 1778776941782
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbSpokeConfigJsonParamResolver/ParseJsonConfiguration/IsbCustomResource/Default"
      }
    },
    "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1": {
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
        "CompatibleArchitectures": [
          "arm64"
        ],
        "CompatibleRuntimes": [
          "nodejs22.x"
        ],
        "Content": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.20202146712d3b89f251ede916c1e4754817958a925afe4f440cc17bba831193.zip"
        },
        "Description": "Common lib for Innovation Sandbox on AWS"
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbSpokeConfigJsonParamResolver/ISB-Lambda-Layer-InnovationSandbox-Compute/CommonLayerVersion/Resource",
        "aws:asset:path": "asset.20202146712d3b89f251ede916c1e4754817958a925afe4f440cc17bba831193",
        "aws:asset:is-bundled": false,
        "aws:asset:property": "Content"
      }
    },
    "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A": {
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
        "CompatibleArchitectures": [
          "arm64"
        ],
        "CompatibleRuntimes": [
          "nodejs22.x"
        ],
        "Content": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.551db05928001969d2f0267f8dbd17b3cc136a528008cc94ac1eea9145f5003e.zip"
        },
        "Description": "Third party runtime dependencies for Innovation Sandbox on AWS"
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbSpokeConfigJsonParamResolver/ISB-Lambda-Layer-InnovationSandbox-Compute/DependenciesLayerVersion/Resource",
        "aws:asset:path": "asset.551db05928001969d2f0267f8dbd17b3cc136a528008cc94ac1eea9145f5003e",
        "aws:asset:is-bundled": false,
        "aws:asset:property": "Content"
      }
    },
    "IsbKmsKeyInnovationSandboxComputeB43F03BE": {
      "Type": "AWS::KMS::Key",
      "Properties": {
        "Description": "Encryption Key for Innovation Sandbox: InnovationSandbox-Compute",
        "EnableKeyRotation": true,
        "KeyPolicy": {
          "Statement": [
            {
              "Action": "kms:*",
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":iam::",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":root"
                    ]
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Principal": {
                "Service": "logs.amazonaws.com"
              },
              "Resource": "*"
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Principal": {
                "Service": "events.amazonaws.com"
              },
              "Resource": "*"
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:GenerateDataKey",
                "kms:DescribeKey"
              ],
              "Condition": {
                "StringEquals": {
                  "aws:SourceAccount": {
                    "Ref": "AWS::AccountId"
                  },
                  "aws:SourceArn": {
                    "Fn::Join": [
                      "",
                      [
                        "arn:",
                        {
                          "Ref": "AWS::Partition"
                        },
                        ":events:",
                        {
                          "Ref": "AWS::Region"
                        },
                        ":",
                        {
                          "Ref": "AWS::AccountId"
                        },
                        ":event-bus/InnovationSandboxComputeISBEventBus6697FE33"
                      ]
                    ]
                  },
                  "kms:EncryptionContext:aws:events:event-bus:arn": {
                    "Fn::Join": [
                      "",
                      [
                        "arn:",
                        {
                          "Ref": "AWS::Partition"
                        },
                        ":events:",
                        {
                          "Ref": "AWS::Region"
                        },
                        ":",
                        {
                          "Ref": "AWS::AccountId"
                        },
                        ":event-bus/InnovationSandboxComputeISBEventBus6697FE33"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "Service": "events.amazonaws.com"
              },
              "Resource": "*"
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Principal": {
                "Service": "sqs.amazonaws.com"
              },
              "Resource": "*"
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Condition": {
                "StringEquals": {
                  "kms:ViaService": {
                    "Fn::Join": [
                      "",
                      [
                        "secretsmanager.",
                        {
                          "Ref": "AWS::Region"
                        },
                        ".amazonaws.com"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":iam::",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":root"
                    ]
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": [
                "kms:CreateGrant",
                "kms:DescribeKey"
              ],
              "Condition": {
                "StringEquals": {
                  "kms:ViaService": {
                    "Fn::Join": [
                      "",
                      [
                        "secretsmanager.",
                        {
                          "Ref": "AWS::Region"
                        },
                        ".amazonaws.com"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":iam::",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":root"
                    ]
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Condition": {
                "StringEquals": {
                  "kms:ViaService": {
                    "Fn::Join": [
                      "",
                      [
                        "secretsmanager.",
                        {
                          "Ref": "AWS::Region"
                        },
                        ".amazonaws.com"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::GetAtt": [
                    "JwtSecretRotatorFunctionRole64A92119",
                    "Arn"
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": "kms:Decrypt",
              "Condition": {
                "StringEquals": {
                  "kms:ViaService": {
                    "Fn::Join": [
                      "",
                      [
                        "secretsmanager.",
                        {
                          "Ref": "AWS::Region"
                        },
                        ".amazonaws.com"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::GetAtt": [
                    "AuthorizerLambdaFunctionFunctionRole354E8B0D",
                    "Arn"
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": "kms:Decrypt",
              "Condition": {
                "StringEquals": {
                  "kms:ViaService": {
                    "Fn::Join": [
                      "",
                      [
                        "secretsmanager.",
                        {
                          "Ref": "AWS::Region"
                        },
                        ".amazonaws.com"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::GetAtt": [
                    "SsoHandlerFunctionRoleA9C67752",
                    "Arn"
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": "kms:Decrypt",
              "Condition": {
                "StringEquals": {
                  "kms:ViaService": {
                    "Fn::Join": [
                      "",
                      [
                        "secretsmanager.",
                        {
                          "Ref": "AWS::Region"
                        },
                        ".amazonaws.com"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::GetAtt": [
                    "LeasesLambdaFunctionFunctionRole8C813149",
                    "Arn"
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": "kms:Decrypt",
              "Condition": {
                "StringEquals": {
                  "kms:ViaService": {
                    "Fn::Join": [
                      "",
                      [
                        "secretsmanager.",
                        {
                          "Ref": "AWS::Region"
                        },
                        ".amazonaws.com"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::GetAtt": [
                    "LeaseTemplatesLambdaFunctionFunctionRoleC7543D26",
                    "Arn"
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": "kms:Decrypt",
              "Condition": {
                "StringEquals": {
                  "kms:ViaService": {
                    "Fn::Join": [
                      "",
                      [
                        "secretsmanager.",
                        {
                          "Ref": "AWS::Region"
                        },
                        ".amazonaws.com"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::GetAtt": [
                    "AccountsLambdaFunctionFunctionRole3A22EFEC",
                    "Arn"
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": "kms:Decrypt",
              "Condition": {
                "StringEquals": {
                  "kms:ViaService": {
                    "Fn::Join": [
                      "",
                      [
                        "secretsmanager.",
                        {
                          "Ref": "AWS::Region"
                        },
                        ".amazonaws.com"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::GetAtt": [
                    "BlueprintsLambdaFunctionFunctionRoleE6A626CE",
                    "Arn"
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": "kms:Decrypt",
              "Condition": {
                "StringEquals": {
                  "kms:ViaService": {
                    "Fn::Join": [
                      "",
                      [
                        "secretsmanager.",
                        {
                          "Ref": "AWS::Region"
                        },
                        ".amazonaws.com"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "AWS": {
                  "Fn::GetAtt": [
                    "ConfigurationsLambdaFunctionFunctionRole3EA8ADFC",
                    "Arn"
                  ]
                }
              },
              "Resource": "*"
            },
            {
              "Action": "kms:Decrypt",
              "Condition": {
                "ArnLike": {
                  "AWS:SourceArn": {
                    "Fn::Join": [
                      "",
                      [
                        "arn:",
                        {
                          "Ref": "AWS::Partition"
                        },
                        ":cloudfront::",
                        {
                          "Ref": "AWS::AccountId"
                        },
                        ":distribution/*"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "Service": "cloudfront.amazonaws.com"
              },
              "Resource": "*"
            },
            {
              "Action": [
                "kms:Encrypt",
                "kms:Decrypt",
                "kms:GenerateDataKey*"
              ],
              "Condition": {
                "StringEquals": {
                  "AWS:SourceAccount": {
                    "Ref": "AWS::AccountId"
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "Service": "delivery.logs.amazonaws.com"
              },
              "Resource": "*"
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbKmsKey-InnovationSandbox-Compute/Resource"
      }
    },
    "IsbKmsKeyInnovationSandboxComputeAliasA03BE0B8": {
      "Type": "AWS::KMS::Alias",
      "Properties": {
        "AliasName": {
          "Fn::Join": [
            "",
            [
              "alias/AwsSolutions/InnovationSandbox/",
              {
                "Ref": "Namespace"
              },
              "/InnovationSandbox-Compute"
            ]
          ]
        },
        "TargetKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbKmsKey-InnovationSandbox-Compute/Alias/Resource"
      }
    },
    "ISBLogGroupCustomResources63629E09": {
      "Type": "AWS::Logs::LogGroup",
      "Properties": {
        "KmsKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "RetentionInDays": {
          "Fn::FindInMap": [
            "Mapping",
            "context",
            "cloudWatchLogRetentionInDays",
            {
              "DefaultValue": ""
            }
          ]
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/ISBLogGroup-CustomResources/Resource",
        "guard": {
          "SuppressedRules": [
            "CW_LOGGROUP_RETENTION_PERIOD_CHECK"
          ]
        }
      }
    },
    "SharedParamReaderSsmReadPolicy435E9A92": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":ssm:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "IdcAccountId"
                      },
                      ":parameter/InnovationSandbox_",
                      {
                        "Ref": "Namespace"
                      },
                      "_Idc_Configuration"
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":ssm:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "OrgMgtAccountId"
                      },
                      ":parameter/InnovationSandbox_",
                      {
                        "Ref": "Namespace"
                      },
                      "_AccountPool_Configuration"
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":ssm:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":parameter/InnovationSandbox_",
                      {
                        "Ref": "Namespace"
                      },
                      "_Data_Configuration"
                    ]
                  ]
                }
              ]
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "SharedParamReaderSsmReadPolicy435E9A92",
        "Roles": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverParseJsonConfigurationFunctionRoleAD0AD111"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/SharedParamReaderSsmReadPolicy/Resource"
      }
    },
    "ISBLogGroupE607F9A7": {
      "Type": "AWS::Logs::LogGroup",
      "Properties": {
        "KmsKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "RetentionInDays": {
          "Fn::FindInMap": [
            "Mapping",
            "context",
            "cloudWatchLogRetentionInDays",
            {
              "DefaultValue": ""
            }
          ]
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/ISBLogGroup/Resource",
        "guard": {
          "SuppressedRules": [
            "CW_LOGGROUP_RETENTION_PERIOD_CHECK"
          ]
        }
      }
    },
    "ISBLogGroupPolicyResourcePolicy395D72DA": {
      "Type": "AWS::Logs::ResourcePolicy",
      "Properties": {
        "PolicyDocument": {
          "Fn::Join": [
            "",
            [
              "{\"Statement\":[{\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"events.amazonaws.com\",\"delivery.logs.amazonaws.com\"]},\"Resource\":\"",
              {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              },
              "\"}],\"Version\":\"2012-10-17\"}"
            ]
          ]
        },
        "PolicyName": "InnovationSandboxComputeISBLogGroupPolicy706DAA17"
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/ISBLogGroup/Policy/ResourcePolicy"
      }
    },
    "ISBLogGroupCleanup485A102F": {
      "Type": "AWS::Logs::LogGroup",
      "Properties": {
        "KmsKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "RetentionInDays": {
          "Fn::FindInMap": [
            "Mapping",
            "context",
            "cloudWatchLogRetentionInDays",
            {
              "DefaultValue": ""
            }
          ]
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/ISBLogGroup-Cleanup/Resource",
        "guard": {
          "SuppressedRules": [
            "CW_LOGGROUP_RETENTION_PERIOD_CHECK"
          ]
        }
      }
    },
    "DeploymentUUIDLambdaFunctionFunctionRoleDB238E11": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/DeploymentUUID/LambdaFunction/FunctionRole/Resource"
      }
    },
    "DeploymentUUIDLambdaFunctionFunctionRoleDefaultPolicy7D6AE82D": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupCustomResources63629E09",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DeploymentUUIDLambdaFunctionFunctionRoleDefaultPolicy7D6AE82D",
        "Roles": [
          {
            "Ref": "DeploymentUUIDLambdaFunctionFunctionRoleDB238E11"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/DeploymentUUID/LambdaFunction/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "DeploymentUUIDLambdaFunction297287F6": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.1cf451e04be86a45d1e74a276bbe4ba68b790146fb1c3ea5b71e6d2014ccc0b2.zip"
        },
        "Description": "Custom resource lambda provider that generates a UUID on stack creation",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-LambdaFunction-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupCustomResources63629E09"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "DeploymentUUIDLambdaFunctionFunctionRoleDB238E11",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "DeploymentUUIDLambdaFunctionFunctionRoleDefaultPolicy7D6AE82D",
        "DeploymentUUIDLambdaFunctionFunctionRoleDB238E11"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/DeploymentUUID/LambdaFunction/Function/Resource",
        "aws:asset:path": "asset.1cf451e04be86a45d1e74a276bbe4ba68b790146fb1c3ea5b71e6d2014ccc0b2",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "DeploymentUUIDLambdaFunctionIsbProviderframeworkonEventServiceRole78CDE25E": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "ManagedPolicyArns": [
          {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
              ]
            ]
          }
        ],
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/DeploymentUUID/LambdaFunction/IsbProvider/framework-onEvent/ServiceRole/Resource"
      }
    },
    "DeploymentUUIDLambdaFunctionIsbProviderframeworkonEventServiceRoleDefaultPolicy20766167": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "lambda:InvokeFunction",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "DeploymentUUIDLambdaFunction297287F6",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "DeploymentUUIDLambdaFunction297287F6",
                          "Arn"
                        ]
                      },
                      ":*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": "lambda:GetFunction",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "DeploymentUUIDLambdaFunction297287F6",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DeploymentUUIDLambdaFunctionIsbProviderframeworkonEventServiceRoleDefaultPolicy20766167",
        "Roles": [
          {
            "Ref": "DeploymentUUIDLambdaFunctionIsbProviderframeworkonEventServiceRole78CDE25E"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/DeploymentUUID/LambdaFunction/IsbProvider/framework-onEvent/ServiceRole/DefaultPolicy/Resource"
      }
    },
    "DeploymentUUIDLambdaFunctionIsbProviderframeworkonEvent42333667": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57.zip"
        },
        "Description": "AWS CDK resource provider framework - onEvent (InnovationSandbox-Compute/DeploymentUUID/LambdaFunction/IsbProvider)",
        "Environment": {
          "Variables": {
            "USER_ON_EVENT_FUNCTION_ARN": {
              "Fn::GetAtt": [
                "DeploymentUUIDLambdaFunction297287F6",
                "Arn"
              ]
            }
          }
        },
        "Handler": "framework.onEvent",
        "LoggingConfig": {
          "ApplicationLogLevel": "FATAL",
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupCustomResources63629E09"
          }
        },
        "Role": {
          "Fn::GetAtt": [
            "DeploymentUUIDLambdaFunctionIsbProviderframeworkonEventServiceRole78CDE25E",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 900
      },
      "DependsOn": [
        "DeploymentUUIDLambdaFunctionIsbProviderframeworkonEventServiceRoleDefaultPolicy20766167",
        "DeploymentUUIDLambdaFunctionIsbProviderframeworkonEventServiceRole78CDE25E"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/DeploymentUUID/LambdaFunction/IsbProvider/framework-onEvent/Resource",
        "aws:asset:path": "asset.07a90cc3efdfc34da22208dcd9d211f06f5b0e01b21e778edc7c3966b1f61d57",
        "aws:asset:is-bundled": false,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "DeploymentUUIDLambdaFunctionIsbCustomResourceE707861E": {
      "Type": "Custom::DeploymentUUID",
      "Properties": {
        "ServiceToken": {
          "Fn::GetAtt": [
            "DeploymentUUIDLambdaFunctionIsbProviderframeworkonEvent42333667",
            "Arn"
          ]
        }
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/DeploymentUUID/LambdaFunction/IsbCustomResource/Default"
      }
    },
    "IntermediateRole6D2F2036": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Effect": "Allow",
              "Action": "sts:AssumeRole",
              "Principal": {
                "AWS": {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":iam::",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":root"
                    ]
                  ]
                }
              },
              "Condition": {
                "ForAnyValue:StringEquals": {
                  "aws:PrincipalArn": [
                    {
                      "Fn::GetAtt": [
                        "LeaseMonitoringFunctionRole46C50E2F",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "SandboxAccountLifecycleManagementFunctionRole6469637D",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "AccountDriftMonitoringFunctionRoleEEB1FC86",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "EmailNotificationFunctionRoleB4E00EDD",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "AccountCleanerInitializeCleanupLambdaFunctionRole59E22179",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "AccountCleanerCodeBuildCleanupProjectRole3FF40319",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionRole1ABC0710",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "SsoHandlerFunctionRoleA9C67752",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "LeasesLambdaFunctionFunctionRole8C813149",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "AccountsLambdaFunctionFunctionRole3A22EFEC",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "AnonymizedMetricsReportingFunctionFunctionRole3FADEEB2",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "CostReportingLambdaFunctionRole7410FFF1",
                        "Arn"
                      ]
                    },
                    {
                      "Fn::GetAtt": [
                        "GroupCostReportingLambdaFunctionRole775BD77E",
                        "Arn"
                      ]
                    }
                  ]
                }
              }
            },
            {
              "Effect": "Allow",
              "Action": "sts:AssumeRole",
              "Principal": {
                "Service": "cloudformation.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "RoleName": {
          "Fn::Join": [
            "",
            [
              "InnovationSandbox-",
              {
                "Ref": "Namespace"
              },
              "-IntermediateRole"
            ]
          ]
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IntermediateRole/Resource",
        "guard": {
          "SuppressedRules": [
            "CFN_NO_EXPLICIT_RESOURCE_NAMES"
          ]
        }
      }
    },
    "IntermediateRoleDefaultPolicy7308C44F": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":iam::",
                    {
                      "Ref": "IdcAccountId"
                    },
                    ":role/InnovationSandbox-",
                    {
                      "Ref": "Namespace"
                    },
                    "-IdcRole"
                  ]
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":iam::",
                    {
                      "Ref": "OrgMgtAccountId"
                    },
                    ":role/InnovationSandbox-",
                    {
                      "Ref": "Namespace"
                    },
                    "-OrgMgtRole"
                  ]
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":iam::*:role/InnovationSandbox-",
                    {
                      "Ref": "Namespace"
                    },
                    "-SandboxAccountRole"
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "IntermediateRoleDefaultPolicy7308C44F",
        "Roles": [
          {
            "Ref": "IntermediateRole6D2F2036"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IntermediateRole/DefaultPolicy/Resource"
      }
    },
    "ISBEventBusDLQCBA480AD": {
      "Type": "AWS::SQS::Queue",
      "Properties": {
        "KmsMasterKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "QueueName": {
          "Fn::Join": [
            "",
            [
              "ISB-",
              {
                "Ref": "Namespace"
              },
              "-ISBEventBus-DLQ"
            ]
          ]
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/ISBEventBusDLQ/Resource"
      }
    },
    "ISBEventBusD5514129": {
      "Type": "AWS::Events::EventBus",
      "Properties": {
        "DeadLetterConfig": {
          "Arn": {
            "Fn::GetAtt": [
              "ISBEventBusDLQCBA480AD",
              "Arn"
            ]
          }
        },
        "Description": "core event bus for all ISB activity",
        "KmsKeyIdentifier": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "Name": "InnovationSandboxComputeISBEventBus6697FE33",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/ISBEventBus/Resource"
      }
    },
    "DLQ581697C4": {
      "Type": "AWS::SQS::Queue",
      "Properties": {
        "KmsMasterKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/DLQ/Resource"
      }
    },
    "ISBEventBusLogging37337846": {
      "Type": "AWS::Events::Rule",
      "Properties": {
        "Description": "logs all events that get sent to the ISB event bus",
        "EventBusName": {
          "Ref": "ISBEventBusD5514129"
        },
        "EventPattern": {
          "source": [
            {
              "prefix": ""
            }
          ]
        },
        "State": "ENABLED",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Targets": [
          {
            "Arn": {
              "Fn::GetAtt": [
                "ISBLogGroupE607F9A7",
                "Arn"
              ]
            },
            "DeadLetterConfig": {
              "Arn": {
                "Fn::GetAtt": [
                  "DLQ581697C4",
                  "Arn"
                ]
              }
            },
            "Id": "Target0",
            "InputTransformer": {
              "InputPathsMap": {
                "detail-type": "$.detail-type",
                "time": "$.time"
              },
              "InputTemplate": "{\"message\":\"ISBEventBus received <detail-type> event\",\"timestamp\":<time>}"
            },
            "RetryPolicy": {
              "MaximumRetryAttempts": 20
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/ISBEventBusLogging/Resource"
      }
    },
    "LeaseMonitoringFunctionRole46C50E2F": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeaseMonitoring/LeaseMonitoring/FunctionRole/Resource"
      }
    },
    "LeaseMonitoringFunctionRoleDefaultPolicy81F212C0": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": "events:PutEvents",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBEventBusD5514129",
                  "Arn"
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "LeaseMonitoringFunctionRoleDefaultPolicy81F212C0",
        "Roles": [
          {
            "Ref": "LeaseMonitoringFunctionRole46C50E2F"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeaseMonitoring/LeaseMonitoring/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "LeaseMonitoringFunctionA656342F": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.1a08a7074c90aa051966846686373c98b4872dd987b53d1d205cb4833437fa59.zip"
        },
        "Description": "Scans active leases periodically to trigger events when alerts or actions need to be taken",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "ISB_EVENT_BUS": {
              "Ref": "ISBEventBusD5514129"
            },
            "LEASE_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "leaseTable"
              ]
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "ORG_MGT_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-OrgMgtRole"
                ]
              ]
            }
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-LeaseMonitoring-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "ReservedConcurrentExecutions": 1,
        "Role": {
          "Fn::GetAtt": [
            "LeaseMonitoringFunctionRole46C50E2F",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "LeaseMonitoringFunctionRoleDefaultPolicy81F212C0",
        "LeaseMonitoringFunctionRole46C50E2F"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeaseMonitoring/LeaseMonitoring/Function/Resource",
        "aws:asset:path": "asset.1a08a7074c90aa051966846686373c98b4872dd987b53d1d205cb4833437fa59",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "LambdaInvokeRole0342EAD8": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "scheduler.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Description": "allows EventBridgeScheduler to invoke Innovation Sandbox's LeaseMonitoring lambda",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LambdaInvokeRole/Resource"
      }
    },
    "LambdaInvokeRoleDefaultPolicyDE53A8A0": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "lambda:InvokeFunction",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "LeaseMonitoringFunctionA656342F",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "LeaseMonitoringFunctionA656342F",
                          "Arn"
                        ]
                      },
                      ":*"
                    ]
                  ]
                }
              ]
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "LambdaInvokeRoleDefaultPolicyDE53A8A0",
        "Roles": [
          {
            "Ref": "LambdaInvokeRole0342EAD8"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LambdaInvokeRole/DefaultPolicy/Resource"
      }
    },
    "LeaseMonitoringIsbDbTableReadWriteD3C69FFE": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadWriteAccess",
        "Roles": [
          {
            "Ref": "LeaseMonitoringFunctionRole46C50E2F"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeaseMonitoring-IsbDbTableReadWrite/Resource"
      }
    },
    "LeaseMonitoringScheduledEvent": {
      "Type": "AWS::Scheduler::Schedule",
      "Properties": {
        "Description": "triggers LeaseMonitoring every hour",
        "FlexibleTimeWindow": {
          "MaximumWindowInMinutes": 5,
          "Mode": "FLEXIBLE"
        },
        "ScheduleExpression": "rate(1 hour)",
        "Target": {
          "Arn": {
            "Fn::GetAtt": [
              "LeaseMonitoringFunctionA656342F",
              "Arn"
            ]
          },
          "RetryPolicy": {
            "MaximumRetryAttempts": 20
          },
          "RoleArn": {
            "Fn::GetAtt": [
              "LambdaInvokeRole0342EAD8",
              "Arn"
            ]
          }
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeaseMonitoringScheduledEvent"
      }
    },
    "SandboxAccountLifecycleManagementFunctionRole6469637D": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/SandboxAccountLifecycleManagement/SandboxAccountLifecycleManagement/FunctionRole/Resource"
      }
    },
    "SandboxAccountLifecycleManagementFunctionRoleDefaultPolicyF3EBEB9E": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "IdcAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_Idc_Configuration"
                  ]
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "OrgMgtAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_AccountPool_Configuration"
                  ]
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "globalConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": "events:PutEvents",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBEventBusD5514129",
                  "Arn"
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "cloudformation:DescribeStackSet",
                "cloudformation:ListStackInstances"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":cloudformation:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":stackset/*:*"
                  ]
                ]
              }
            },
            {
              "Action": "cloudformation:DeleteStackInstances",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":stackset/*:*"
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":stackset-target/*"
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":type/resource/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "sqs:ReceiveMessage",
                "sqs:ChangeMessageVisibility",
                "sqs:GetQueueUrl",
                "sqs:DeleteMessage",
                "sqs:GetQueueAttributes"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "AccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsQueue2EC48316",
                  "Arn"
                ]
              }
            },
            {
              "Action": "kms:Decrypt",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "SandboxAccountLifecycleManagementFunctionRoleDefaultPolicyF3EBEB9E",
        "Roles": [
          {
            "Ref": "SandboxAccountLifecycleManagementFunctionRole6469637D"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/SandboxAccountLifecycleManagement/SandboxAccountLifecycleManagement/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "SandboxAccountLifecycleManagementFunction475E871B": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.6da7fc86dd53b7685b2dac8570416d0edfaec1fab330432b3c87b4a24cdab7e7.zip"
        },
        "Description": "responds to lease events and determines what further actions should be taken",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "APP_CONFIG_APPLICATION_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configApplicationId"
              ]
            },
            "APP_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "globalConfigConfigurationProfileId"
              ]
            },
            "APP_CONFIG_ENVIRONMENT_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configEnvironmentId"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_PREFETCH_LIST": {
              "Fn::Join": [
                "",
                [
                  "/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "globalConfigConfigurationProfileId"
                    ]
                  }
                ]
              ]
            },
            "ISB_EVENT_BUS": {
              "Ref": "ISBEventBusD5514129"
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "ACCOUNT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "accountTable"
              ]
            },
            "LEASE_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "leaseTable"
              ]
            },
            "BLUEPRINT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "blueprintTable"
              ]
            },
            "SANDBOX_ACCOUNT_ROLE_NAME": {
              "Fn::Join": [
                "",
                [
                  "InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-SandboxAccountRole"
                ]
              ]
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "ORG_MGT_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-OrgMgtRole"
                ]
              ]
            },
            "IDC_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "IdcAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-IdcRole"
                ]
              ]
            },
            "ACCOUNT_POOL_CONFIG_PARAM_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":ssm:",
                  {
                    "Ref": "AWS::Region"
                  },
                  ":",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":parameter/InnovationSandbox_",
                  {
                    "Ref": "Namespace"
                  },
                  "_AccountPool_Configuration"
                ]
              ]
            },
            "IDC_CONFIG_PARAM_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":ssm:",
                  {
                    "Ref": "AWS::Region"
                  },
                  ":",
                  {
                    "Ref": "IdcAccountId"
                  },
                  ":parameter/InnovationSandbox_",
                  {
                    "Ref": "Namespace"
                  },
                  "_Idc_Configuration"
                ]
              ]
            },
            "ORG_MGT_ACCOUNT_ID": {
              "Ref": "OrgMgtAccountId"
            },
            "HUB_ACCOUNT_ID": {
              "Ref": "AWS::AccountId"
            },
            "AWS_APPCONFIG_EXTENSION_POLL_INTERVAL_SECONDS": "10m",
            "AWS_APPCONFIG_EXTENSION_HTTP_PORT": "2772"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-SandboxAccountLifecycleManagement-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          },
          {
            "Fn::FindInMap": [
              "AppConfigExtensionArnMap",
              {
                "Ref": "AWS::Region"
              },
              "arn"
            ]
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "ReservedConcurrentExecutions": 1,
        "Role": {
          "Fn::GetAtt": [
            "SandboxAccountLifecycleManagementFunctionRole6469637D",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "SandboxAccountLifecycleManagementFunctionRoleDefaultPolicyF3EBEB9E",
        "SandboxAccountLifecycleManagementFunctionRole6469637D"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/SandboxAccountLifecycleManagement/SandboxAccountLifecycleManagement/Function/Resource",
        "aws:asset:path": "asset.6da7fc86dd53b7685b2dac8570416d0edfaec1fab330432b3c87b4a24cdab7e7",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "SandboxAccountLifecycleManagementFunctionSqsEventSourceInnovationSandboxComputeAccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsQueue7C6450D30C7832E4": {
      "Type": "AWS::Lambda::EventSourceMapping",
      "Properties": {
        "BatchSize": 1,
        "EventSourceArn": {
          "Fn::GetAtt": [
            "AccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsQueue2EC48316",
            "Arn"
          ]
        },
        "FunctionName": {
          "Ref": "SandboxAccountLifecycleManagementFunction475E871B"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/SandboxAccountLifecycleManagement/SandboxAccountLifecycleManagement/Function/SqsEventSource:InnovationSandboxComputeAccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsQueue7C6450D3/Resource"
      }
    },
    "SandboxAccountLifecycleManagementIsbDbTableReadWrite7C76B3D4": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadWriteAccess",
        "Roles": [
          {
            "Ref": "SandboxAccountLifecycleManagementFunctionRole6469637D"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/SandboxAccountLifecycleManagement-IsbDbTableReadWrite/Resource"
      }
    },
    "AccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsDLQC8AC58DA": {
      "Type": "AWS::SQS::Queue",
      "Properties": {
        "ContentBasedDeduplication": true,
        "FifoQueue": true,
        "KmsMasterKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "QueueName": {
          "Fn::Join": [
            "",
            [
              "Isb-",
              {
                "Ref": "Namespace"
              },
              "-AccountLifeCycleEventsDLQ.fifo"
            ]
          ]
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountLifeCycleEventsToSqsToLambda/AccountLifeCycleEventsDLQ/Resource"
      }
    },
    "AccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsQueue2EC48316": {
      "Type": "AWS::SQS::Queue",
      "Properties": {
        "ContentBasedDeduplication": true,
        "FifoQueue": true,
        "KmsMasterKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "MessageRetentionPeriod": 14400,
        "QueueName": {
          "Fn::Join": [
            "",
            [
              "Isb-",
              {
                "Ref": "Namespace"
              },
              "-AccountLifeCycleEventsQueue.fifo"
            ]
          ]
        },
        "RedrivePolicy": {
          "deadLetterTargetArn": {
            "Fn::GetAtt": [
              "AccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsDLQC8AC58DA",
              "Arn"
            ]
          },
          "maxReceiveCount": 3
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "VisibilityTimeout": 120
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountLifeCycleEventsToSqsToLambda/AccountLifeCycleEventsQueue/Resource"
      }
    },
    "AccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsQueuePolicy7E294DCC": {
      "Type": "AWS::SQS::QueuePolicy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "sqs:SendMessage",
                "sqs:GetQueueAttributes",
                "sqs:GetQueueUrl"
              ],
              "Effect": "Allow",
              "Principal": {
                "Service": "events.amazonaws.com"
              },
              "Resource": {
                "Fn::GetAtt": [
                  "AccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsQueue2EC48316",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Queues": [
          {
            "Ref": "AccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsQueue2EC48316"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountLifeCycleEventsToSqsToLambda/AccountLifeCycleEventsQueue/Policy/Resource"
      }
    },
    "AccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsRule94BBF383": {
      "Type": "AWS::Events::Rule",
      "Properties": {
        "Description": "Triggers account life cycle manager lambda via SQS",
        "EventBusName": {
          "Ref": "ISBEventBusD5514129"
        },
        "EventPattern": {
          "detail-type": [
            "LeaseBudgetExceeded",
            "LeaseExpired",
            "AccountCleanupSucceeded",
            "AccountCleanupFailed",
            "AccountDriftDetected",
            "LeaseFreezingThresholdAlert",
            "BlueprintDeploymentSucceeded",
            "BlueprintDeploymentFailed"
          ]
        },
        "State": "ENABLED",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Targets": [
          {
            "Arn": {
              "Fn::GetAtt": [
                "AccountLifeCycleEventsToSqsToLambdaAccountLifeCycleEventsQueue2EC48316",
                "Arn"
              ]
            },
            "Id": "Target0",
            "RetryPolicy": {
              "MaximumEventAgeInSeconds": 14400,
              "MaximumRetryAttempts": 3
            },
            "SqsParameters": {
              "MessageGroupId": "AccountLifeCycleEvents"
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountLifeCycleEventsToSqsToLambda/AccountLifeCycleEventsRule/Resource"
      }
    },
    "AccountDriftMonitoringFunctionRoleEEB1FC86": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountDriftMonitoring/AccountDriftMonitoring/FunctionRole/Resource"
      }
    },
    "AccountDriftMonitoringFunctionRoleDefaultPolicyC79E7191": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": "events:PutEvents",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBEventBusD5514129",
                  "Arn"
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "OrgMgtAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_AccountPool_Configuration"
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AccountDriftMonitoringFunctionRoleDefaultPolicyC79E7191",
        "Roles": [
          {
            "Ref": "AccountDriftMonitoringFunctionRoleEEB1FC86"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountDriftMonitoring/AccountDriftMonitoring/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "AccountDriftMonitoringFunction9E5A5246": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.2c184240c02d9830d1161fa29c002c110e76492c0583feca76885961d933631d.zip"
        },
        "Description": "Scans the sandbox ous and accounts and checks if there is any drift with what is in the database",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "ISB_EVENT_BUS": {
              "Ref": "ISBEventBusD5514129"
            },
            "ACCOUNT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "accountTable"
              ]
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "ORG_MGT_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-OrgMgtRole"
                ]
              ]
            },
            "ACCOUNT_POOL_CONFIG_PARAM_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":ssm:",
                  {
                    "Ref": "AWS::Region"
                  },
                  ":",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":parameter/InnovationSandbox_",
                  {
                    "Ref": "Namespace"
                  },
                  "_AccountPool_Configuration"
                ]
              ]
            }
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-AccountDriftMonitoring-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "ReservedConcurrentExecutions": 1,
        "Role": {
          "Fn::GetAtt": [
            "AccountDriftMonitoringFunctionRoleEEB1FC86",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "AccountDriftMonitoringFunctionRoleDefaultPolicyC79E7191",
        "AccountDriftMonitoringFunctionRoleEEB1FC86"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountDriftMonitoring/AccountDriftMonitoring/Function/Resource",
        "aws:asset:path": "asset.2c184240c02d9830d1161fa29c002c110e76492c0583feca76885961d933631d",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "AccountDriftMonitoringLambdaInvokeRoleB92EB6A7": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "scheduler.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Description": "allows EventBridgeScheduler to invoke Innovation Sandbox's AccountDriftMonitoring lambda",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountDriftMonitoringLambdaInvokeRole/Resource"
      }
    },
    "AccountDriftMonitoringLambdaInvokeRoleDefaultPolicy3A3B0917": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "lambda:InvokeFunction",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "AccountDriftMonitoringFunction9E5A5246",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "AccountDriftMonitoringFunction9E5A5246",
                          "Arn"
                        ]
                      },
                      ":*"
                    ]
                  ]
                }
              ]
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AccountDriftMonitoringLambdaInvokeRoleDefaultPolicy3A3B0917",
        "Roles": [
          {
            "Ref": "AccountDriftMonitoringLambdaInvokeRoleB92EB6A7"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountDriftMonitoringLambdaInvokeRole/DefaultPolicy/Resource"
      }
    },
    "AccountDriftMonitoringIsbDbTableReadWrite266A9DFD": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadWriteAccess",
        "Roles": [
          {
            "Ref": "AccountDriftMonitoringFunctionRoleEEB1FC86"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountDriftMonitoring-IsbDbTableReadWrite/Resource"
      }
    },
    "AccountDriftMonitoringScheduledEvent": {
      "Type": "AWS::Scheduler::Schedule",
      "Properties": {
        "Description": "triggers Drift Monitoring every 6 hours",
        "FlexibleTimeWindow": {
          "MaximumWindowInMinutes": 30,
          "Mode": "FLEXIBLE"
        },
        "ScheduleExpression": "rate(6 hour)",
        "Target": {
          "Arn": {
            "Fn::GetAtt": [
              "AccountDriftMonitoringFunction9E5A5246",
              "Arn"
            ]
          },
          "RetryPolicy": {
            "MaximumRetryAttempts": 10
          },
          "RoleArn": {
            "Fn::GetAtt": [
              "AccountDriftMonitoringLambdaInvokeRoleB92EB6A7",
              "Arn"
            ]
          }
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountDriftMonitoringScheduledEvent"
      }
    },
    "EmailNotificationFunctionRoleB4E00EDD": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/EmailNotification/EmailNotification/FunctionRole/Resource"
      }
    },
    "EmailNotificationFunctionRoleDefaultPolicyA04611F2": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "IdcAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_Idc_Configuration"
                  ]
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "globalConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": "kms:Decrypt",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "EmailNotificationFunctionRoleDefaultPolicyA04611F2",
        "Roles": [
          {
            "Ref": "EmailNotificationFunctionRoleB4E00EDD"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/EmailNotification/EmailNotification/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "EmailNotificationFunction35F940BB": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.fc15d9e3b54bf52351087f0194425e7a9b998f87defc2a428e676a52ed968031.zip"
        },
        "Description": "consumes email notification messages and sends emails",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "ISB_EVENT_BUS": {
              "Ref": "ISBEventBusD5514129"
            },
            "APP_CONFIG_APPLICATION_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configApplicationId"
              ]
            },
            "APP_CONFIG_ENVIRONMENT_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configEnvironmentId"
              ]
            },
            "APP_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "globalConfigConfigurationProfileId"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_PREFETCH_LIST": {
              "Fn::Join": [
                "",
                [
                  "/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "globalConfigConfigurationProfileId"
                    ]
                  }
                ]
              ]
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "IDC_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "IdcAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-IdcRole"
                ]
              ]
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "IDC_CONFIG_PARAM_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":ssm:",
                  {
                    "Ref": "AWS::Region"
                  },
                  ":",
                  {
                    "Ref": "IdcAccountId"
                  },
                  ":parameter/InnovationSandbox_",
                  {
                    "Ref": "Namespace"
                  },
                  "_Idc_Configuration"
                ]
              ]
            },
            "AWS_APPCONFIG_EXTENSION_POLL_INTERVAL_SECONDS": "10m",
            "AWS_APPCONFIG_EXTENSION_HTTP_PORT": "2772"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-EmailNotification-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          },
          {
            "Fn::FindInMap": [
              "AppConfigExtensionArnMap",
              {
                "Ref": "AWS::Region"
              },
              "arn"
            ]
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "EmailNotificationFunctionRoleB4E00EDD",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 180,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "EmailNotificationFunctionRoleDefaultPolicyA04611F2",
        "EmailNotificationFunctionRoleB4E00EDD"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/EmailNotification/EmailNotification/Function/Resource",
        "aws:asset:path": "asset.fc15d9e3b54bf52351087f0194425e7a9b998f87defc2a428e676a52ed968031",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "EmailNotificationFunctionAllowEventBridgeToTriggerLambda09EFF830": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "EmailNotificationFunction35F940BB",
            "Arn"
          ]
        },
        "Principal": "events.amazonaws.com",
        "SourceArn": {
          "Fn::GetAtt": [
            "ISBEventBusD5514129",
            "Arn"
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/EmailNotification/EmailNotification/Function/AllowEventBridgeToTriggerLambda"
      }
    },
    "EmailNotificationSendPolicyEB2714FC": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "ses:SendEmail",
              "Effect": "Allow",
              "Resource": "*"
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "EmailNotificationSendPolicyEB2714FC",
        "Roles": [
          {
            "Ref": "EmailNotificationFunctionRoleB4E00EDD"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/EmailNotificationSendPolicy/Resource"
      }
    },
    "EmailEventsToLambdaA7766172": {
      "Type": "AWS::Events::Rule",
      "Properties": {
        "Description": "Triggers email notification lambda",
        "EventBusName": {
          "Ref": "ISBEventBusD5514129"
        },
        "EventPattern": {
          "detail-type": [
            "LeaseRequested",
            "LeaseApproved",
            "LeaseDenied",
            "LeaseTerminated",
            "LeaseFrozen",
            "LeaseUnfrozen",
            "LeaseProvisioningFailed",
            "AccountCleanupFailed",
            "AccountDriftDetected",
            "LeaseBudgetThresholdAlert",
            "LeaseDurationThresholdAlert",
            "GroupCostReportGenerated",
            "GroupCostReportGeneratedFailure"
          ]
        },
        "State": "ENABLED",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Targets": [
          {
            "Arn": {
              "Fn::GetAtt": [
                "EmailNotificationFunction35F940BB",
                "Arn"
              ]
            },
            "Id": "Target0",
            "RetryPolicy": {
              "MaximumEventAgeInSeconds": 14400,
              "MaximumRetryAttempts": 3
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/EmailEventsToLambda/EmailEventsToLambda/Resource"
      }
    },
    "EmailEventsToLambdaAllowEventRuleInnovationSandboxComputeEmailNotificationFunctionAF96006A3F04312C": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "EmailNotificationFunction35F940BB",
            "Arn"
          ]
        },
        "Principal": "events.amazonaws.com",
        "SourceArn": {
          "Fn::GetAtt": [
            "EmailEventsToLambdaA7766172",
            "Arn"
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/EmailEventsToLambda/EmailEventsToLambda/AllowEventRuleInnovationSandboxComputeEmailNotificationFunctionAF96006A"
      }
    },
    "AccountCleanerInitializeCleanupLambdaFunctionRole59E22179": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/InitializeCleanupLambda/FunctionRole/Resource"
      }
    },
    "AccountCleanerInitializeCleanupLambdaFunctionRoleDefaultPolicy1C72A534": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupCleanup485A102F",
                  "Arn"
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":appconfig:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":application/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configApplicationId"
                        ]
                      },
                      "/environment/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configEnvironmentId"
                        ]
                      },
                      "/configuration/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "nukeConfigConfigurationProfileId"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":appconfig:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":application/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configApplicationId"
                        ]
                      },
                      "/environment/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configEnvironmentId"
                        ]
                      },
                      "/configuration/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "globalConfigConfigurationProfileId"
                        ]
                      }
                    ]
                  ]
                }
              ]
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AccountCleanerInitializeCleanupLambdaFunctionRoleDefaultPolicy1C72A534",
        "Roles": [
          {
            "Ref": "AccountCleanerInitializeCleanupLambdaFunctionRole59E22179"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/InitializeCleanupLambda/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "AccountCleanerInitializeCleanupLambdaFunctionB9CA7E1B": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.83c3fcadf95b3f0beb9ae13c34c171fc7d9e7546e20f23b0886378bd6b163b7a.zip"
        },
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "APP_CONFIG_APPLICATION_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configApplicationId"
              ]
            },
            "APP_CONFIG_ENVIRONMENT_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configEnvironmentId"
              ]
            },
            "APP_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "globalConfigConfigurationProfileId"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_PREFETCH_LIST": {
              "Fn::Join": [
                "",
                [
                  "/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "globalConfigConfigurationProfileId"
                    ]
                  }
                ]
              ]
            },
            "ACCOUNT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "accountTable"
              ]
            },
            "ORG_MGT_ACCOUNT_ID": {
              "Ref": "OrgMgtAccountId"
            },
            "IDC_ACCOUNT_ID": {
              "Ref": "IdcAccountId"
            },
            "HUB_ACCOUNT_ID": {
              "Ref": "AWS::AccountId"
            },
            "CLEANUP_SPOKE_ROLE_NAME": {
              "Fn::Join": [
                "",
                [
                  "InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-SandboxAccountRole"
                ]
              ]
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "AWS::AccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-IntermediateRole"
                ]
              ]
            },
            "AWS_APPCONFIG_EXTENSION_POLL_INTERVAL_SECONDS": "10m",
            "AWS_APPCONFIG_EXTENSION_HTTP_PORT": "2772"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-InitializeCleanupLambda-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          },
          {
            "Fn::FindInMap": [
              "AppConfigExtensionArnMap",
              {
                "Ref": "AWS::Region"
              },
              "arn"
            ]
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupCleanup485A102F"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "AccountCleanerInitializeCleanupLambdaFunctionRole59E22179",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "AccountCleanerInitializeCleanupLambdaFunctionRoleDefaultPolicy1C72A534",
        "AccountCleanerInitializeCleanupLambdaFunctionRole59E22179"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/InitializeCleanupLambda/Function/Resource",
        "aws:asset:path": "asset.83c3fcadf95b3f0beb9ae13c34c171fc7d9e7546e20f23b0886378bd6b163b7a",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "AccountCleanerInitializeCleanupLambdaIsbDbTableReadWriteBBFE995D": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadWriteAccess",
        "Roles": [
          {
            "Ref": "AccountCleanerInitializeCleanupLambdaFunctionRole59E22179"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/InitializeCleanupLambda-IsbDbTableReadWrite/Resource"
      }
    },
    "AccountCleanerCodeBuildCleanupProjectRole3FF40319": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "codebuild.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/CodeBuildCleanupProject/Role/Resource"
      }
    },
    "AccountCleanerCodeBuildCleanupProjectRoleDefaultPolicy2BBB17A0": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupCleanup485A102F",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":logs:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":log-group:/aws/codebuild/",
                      {
                        "Ref": "AccountCleanerCodeBuildCleanupProject76064B7F"
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":logs:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":log-group:/aws/codebuild/",
                      {
                        "Ref": "AccountCleanerCodeBuildCleanupProject76064B7F"
                      },
                      ":*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "codebuild:CreateReportGroup",
                "codebuild:CreateReport",
                "codebuild:UpdateReport",
                "codebuild:BatchPutTestCases",
                "codebuild:BatchPutCodeCoverages"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":codebuild:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":report-group/",
                    {
                      "Ref": "AccountCleanerCodeBuildCleanupProject76064B7F"
                    },
                    "-*"
                  ]
                ]
              }
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "OrgMgtAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_AccountPool_Configuration"
                  ]
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":appconfig:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":application/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configApplicationId"
                        ]
                      },
                      "/environment/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configEnvironmentId"
                        ]
                      },
                      "/configuration/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "nukeConfigConfigurationProfileId"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":appconfig:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":application/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configApplicationId"
                        ]
                      },
                      "/environment/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configEnvironmentId"
                        ]
                      },
                      "/configuration/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "globalConfigConfigurationProfileId"
                        ]
                      }
                    ]
                  ]
                }
              ]
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AccountCleanerCodeBuildCleanupProjectRoleDefaultPolicy2BBB17A0",
        "Roles": [
          {
            "Ref": "AccountCleanerCodeBuildCleanupProjectRole3FF40319"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/CodeBuildCleanupProject/Role/DefaultPolicy/Resource"
      }
    },
    "AccountCleanerCodeBuildCleanupProject76064B7F": {
      "Type": "AWS::CodeBuild::Project",
      "Properties": {
        "Artifacts": {
          "Type": "NO_ARTIFACTS"
        },
        "Cache": {
          "Type": "NO_CACHE"
        },
        "EncryptionKey": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "Environment": {
          "ComputeType": "BUILD_GENERAL1_SMALL",
          "EnvironmentVariables": [
            {
              "Name": "HUB_ACCOUNT_ID",
              "Type": "PLAINTEXT",
              "Value": {
                "Ref": "AWS::AccountId"
              }
            },
            {
              "Name": "INTERMEDIATE_ROLE_ARN",
              "Type": "PLAINTEXT",
              "Value": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":iam::",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":role/InnovationSandbox-",
                    {
                      "Ref": "Namespace"
                    },
                    "-IntermediateRole"
                  ]
                ]
              }
            },
            {
              "Name": "CLEANUP_ROLE_NAME",
              "Type": "PLAINTEXT",
              "Value": {
                "Fn::Join": [
                  "",
                  [
                    "InnovationSandbox-",
                    {
                      "Ref": "Namespace"
                    },
                    "-SandboxAccountRole"
                  ]
                ]
              }
            },
            {
              "Name": "ACCOUNT_POOL_CONFIG_PARAM_ARN",
              "Type": "PLAINTEXT",
              "Value": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "OrgMgtAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_AccountPool_Configuration"
                  ]
                ]
              }
            }
          ],
          "Image": {
            "Fn::If": [
              "AccountCleanerUsePrivateEcrRepo2A0E64EA",
              {
                "Fn::Join": [
                  "",
                  [
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ".dkr.ecr.",
                    {
                      "Ref": "AWS::Region"
                    },
                    ".",
                    {
                      "Ref": "AWS::URLSuffix"
                    },
                    "/",
                    {
                      "Fn::FindInMap": [
                        "Mapping",
                        "context",
                        "privateEcrRepo",
                        {
                          "DefaultValue": ""
                        }
                      ]
                    },
                    ":latest"
                  ]
                ]
              },
              {
                "Fn::Join": [
                  "",
                  [
                    {
                      "Fn::FindInMap": [
                        "Mapping",
                        "context",
                        "publicEcrRegistry",
                        {
                          "DefaultValue": ""
                        }
                      ]
                    },
                    "/",
                    {
                      "Fn::FindInMap": [
                        "Mapping",
                        "context",
                        "solutionName",
                        {
                          "DefaultValue": ""
                        }
                      ]
                    },
                    "-account-cleaner:",
                    {
                      "Fn::If": [
                        "UseStableTaggingCondition",
                        {
                          "Fn::Join": [
                            ".",
                            [
                              {
                                "Fn::Select": [
                                  0,
                                  {
                                    "Fn::Split": [
                                      ".",
                                      {
                                        "Fn::FindInMap": [
                                          "Mapping",
                                          "context",
                                          "publicEcrTag",
                                          {
                                            "DefaultValue": ""
                                          }
                                        ]
                                      }
                                    ]
                                  }
                                ]
                              },
                              {
                                "Fn::Select": [
                                  1,
                                  {
                                    "Fn::Split": [
                                      ".",
                                      {
                                        "Fn::FindInMap": [
                                          "Mapping",
                                          "context",
                                          "publicEcrTag",
                                          {
                                            "DefaultValue": ""
                                          }
                                        ]
                                      }
                                    ]
                                  }
                                ]
                              }
                            ]
                          ]
                        },
                        {
                          "Fn::FindInMap": [
                            "Mapping",
                            "context",
                            "publicEcrTag",
                            {
                              "DefaultValue": ""
                            }
                          ]
                        }
                      ]
                    }
                  ]
                ]
              }
            ]
          },
          "ImagePullCredentialsType": "SERVICE_ROLE",
          "PrivilegedMode": false,
          "Type": "LINUX_CONTAINER"
        },
        "LogsConfig": {
          "CloudWatchLogs": {
            "GroupName": {
              "Ref": "ISBLogGroupCleanup485A102F"
            },
            "Status": "ENABLED"
          }
        },
        "ServiceRole": {
          "Fn::GetAtt": [
            "AccountCleanerCodeBuildCleanupProjectRole3FF40319",
            "Arn"
          ]
        },
        "Source": {
          "BuildSpec": "version: 0.2\nphases:\n  build:\n    commands:\n      - echo =================================== Cleaning up AWS account $CLEANUP_ACCOUNT_ID ===================================\n      - echo StateMachineExecutionId=$STATE_MACHINE_EXECUTION_ID\n      - echo ----------------------------- Retrieving nuke config file from AWS AppConfig ------------------------------\n      - |\n        export APPCONFIG_TOKEN=$(aws appconfigdata start-configuration-session --application-identifier $APPCONFIG_APPLICATION_ID \\\n        --environment-identifier $APPCONFIG_ENVIRONMENT_ID \\\n        --configuration-profile-identifier $APPCONFIG_NUKE_CONFIG_CONFIGURATION_PROFILE_ID \\\n        --query InitialConfigurationToken --output text)\n      - aws appconfigdata get-latest-configuration --configuration-token $APPCONFIG_TOKEN nuke-config.yaml\n      - echo ------------------------------ Ingesting cleanup config into nuke config file -----------------------------\n      - sed -i s/%HUB_ACCOUNT_ID%/${HUB_ACCOUNT_ID}/g nuke-config.yaml\n      - sed -i s/%CLEANUP_ACCOUNT_ID%/${CLEANUP_ACCOUNT_ID}/g nuke-config.yaml\n      - sed -i s/%CLEANUP_ROLE_NAME%/${CLEANUP_ROLE_NAME}/g nuke-config.yaml\n      - REGIONS_STR=$(aws ssm get-parameter --name $ACCOUNT_POOL_CONFIG_PARAM_ARN --query 'Parameter.Value' --output text | jq -r '.isbManagedRegions')\n      - REGION_ARRAY=$(echo $REGIONS_STR | tr ',' '\\n')\n      - for REGION in $REGION_ARRAY; do sed -i  \"s/^regions:\\s*$/regions:\\n  - ${REGION}/\" nuke-config.yaml; done\n      - cat nuke-config.yaml\n      - echo ------------------------ Assuming IAM role $INTERMEDIATE_ROLE_ARN ------------------------\n      - export INTERMEDIATE_ROLE_CREDS=$(aws sts assume-role --role-arn $INTERMEDIATE_ROLE_ARN --role-session-name AccountCleanup)\n      - aws configure set aws_access_key_id $(echo $INTERMEDIATE_ROLE_CREDS | jq -r .Credentials.AccessKeyId) --profile intermediate-role\n      - aws configure set aws_secret_access_key $(echo $INTERMEDIATE_ROLE_CREDS | jq -r .Credentials.SecretAccessKey) --profile intermediate-role\n      - aws configure set aws_session_token $(echo $INTERMEDIATE_ROLE_CREDS | jq -r .Credentials.SessionToken) --profile intermediate-role\n      - echo ------------------------ Assuming IAM role $CLEANUP_ROLE_NAME in sandbox account ------------------------\n      - export SANDBOX_ACCOUNT_ROLE_CREDS=$(aws sts assume-role --profile intermediate-role --role-arn arn:aws:iam::$CLEANUP_ACCOUNT_ID:role/$CLEANUP_ROLE_NAME --role-session-name AccountCleanup)\n      - aws configure set aws_access_key_id $(echo $SANDBOX_ACCOUNT_ROLE_CREDS | jq -r .Credentials.AccessKeyId) --profile cleanup\n      - aws configure set aws_secret_access_key $(echo $SANDBOX_ACCOUNT_ROLE_CREDS | jq -r .Credentials.SecretAccessKey) --profile cleanup\n      - aws configure set aws_session_token $(echo $SANDBOX_ACCOUNT_ROLE_CREDS | jq -r .Credentials.SessionToken) --profile cleanup\n      - echo ------------------------ Running AWS Nuke ------------------------\n      - aws-nuke nuke -c nuke-config.yaml --no-dry-run --no-alias-check --force --profile cleanup --log-format=json\n",
          "Type": "NO_SOURCE"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "TimeoutInMinutes": 60
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/CodeBuildCleanupProject/Resource"
      }
    },
    "AccountCleanerPrivateEcrRepoPolicy110E5F6B": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:BatchGetImage"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ecr:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":repository/",
                    {
                      "Fn::FindInMap": [
                        "Mapping",
                        "context",
                        "privateEcrRepo",
                        {
                          "DefaultValue": ""
                        }
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": "ecr:GetAuthorizationToken",
              "Effect": "Allow",
              "Resource": "*"
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AccountCleanerPrivateEcrRepoPolicy110E5F6B",
        "Roles": [
          {
            "Ref": "AccountCleanerCodeBuildCleanupProjectRole3FF40319"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/PrivateEcrRepoPolicy/Resource"
      },
      "Condition": "AccountCleanerUsePrivateEcrRepo2A0E64EA"
    },
    "AccountCleanerStepFunctionStateMachineRole7CC1A37A": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "states.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/StepFunction/StateMachine/Role/Resource"
      }
    },
    "AccountCleanerStepFunctionStateMachineRoleDefaultPolicy21807A48": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "lambda:InvokeFunction",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "AccountCleanerInitializeCleanupLambdaFunctionB9CA7E1B",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "AccountCleanerInitializeCleanupLambdaFunctionB9CA7E1B",
                          "Arn"
                        ]
                      },
                      ":*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": "events:PutEvents",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBEventBusD5514129",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "logs:CreateLogDelivery",
                "logs:GetLogDelivery",
                "logs:UpdateLogDelivery",
                "logs:DeleteLogDelivery",
                "logs:ListLogDeliveries",
                "logs:PutResourcePolicy",
                "logs:DescribeResourcePolicies",
                "logs:DescribeLogGroups"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords",
                "xray:GetSamplingRules",
                "xray:GetSamplingTargets"
              ],
              "Effect": "Allow",
              "Resource": "*"
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AccountCleanerStepFunctionStateMachineRoleDefaultPolicy21807A48",
        "Roles": [
          {
            "Ref": "AccountCleanerStepFunctionStateMachineRole7CC1A37A"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/StepFunction/StateMachine/Role/DefaultPolicy/Resource"
      }
    },
    "AccountCleanerStepFunctionStateMachineF32685E8": {
      "Type": "AWS::StepFunctions::StateMachine",
      "Properties": {
        "DefinitionString": {
          "Fn::Join": [
            "",
            [
              "{\"StartAt\":\"AddCodeBuildExecutionResultsObjectPass\",\"States\":{\"AddCodeBuildExecutionResultsObjectPass\":{\"Type\":\"Pass\",\"Parameters\":{\"input.$\":\"$.detail\",\"executionResults\":{\"succeeded\":0,\"failed\":0}},\"Next\":\"InitializeCleanupLambdaInvoke\"},\"InitializeCleanupLambdaInvoke\":{\"Next\":\"SkipIfCurrentlyInCleanupChoice\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":\"$.Error\",\"Next\":\"SendFailureEvent\"}],\"Type\":\"Task\",\"ResultPath\":\"$.initializeCleanup\",\"ResultSelector\":{\"payload.$\":\"$.Payload\",\"status.$\":\"$.StatusCode\"},\"Resource\":\"arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":states:::lambda:invoke\",\"Parameters\":{\"FunctionName\":\"",
              {
                "Fn::GetAtt": [
                  "AccountCleanerInitializeCleanupLambdaFunctionB9CA7E1B",
                  "Arn"
                ]
              },
              "\",\"Payload\":{\"accountId.$\":\"$.input.accountId\",\"cleanupExecutionContext\":{\"stateMachineExecutionArn.$\":\"$$.Execution.Id\",\"stateMachineExecutionStartTime.$\":\"$$.Execution.StartTime\"}}}},\"SkipIfCurrentlyInCleanupChoice\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.initializeCleanup.payload.cleanupAlreadyInProgress\",\"BooleanEquals\":true,\"Next\":\"AccountCleanupSuccess\"}],\"Default\":\"StartCodeBuildCall\"},\"StartCodeBuildCall\":{\"Next\":\"AddSuccessfulExecutionPass\",\"Type\":\"Task\",\"Resource\":\"arn:aws:states:::codebuild:startBuild.sync\",\"Parameters\":{\"ProjectName\":\"",
              {
                "Ref": "AccountCleanerCodeBuildCleanupProject76064B7F"
              },
              "\",\"EnvironmentVariablesOverride\":[{\"Name\":\"STATE_MACHINE_EXECUTION_ID\",\"Value.$\":\"$$.Execution.Id\",\"Type\":\"PLAINTEXT\"},{\"Name\":\"CLEANUP_ACCOUNT_ID\",\"Value.$\":\"$.input.accountId\",\"Type\":\"PLAINTEXT\"},{\"Name\":\"APPCONFIG_APPLICATION_ID\",\"Value\":\"",
              {
                "Fn::GetAtt": [
                  "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                  "configApplicationId"
                ]
              },
              "\",\"Type\":\"PLAINTEXT\"},{\"Name\":\"APPCONFIG_ENVIRONMENT_ID\",\"Value\":\"",
              {
                "Fn::GetAtt": [
                  "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                  "configEnvironmentId"
                ]
              },
              "\",\"Type\":\"PLAINTEXT\"},{\"Name\":\"APPCONFIG_NUKE_CONFIG_CONFIGURATION_PROFILE_ID\",\"Value\":\"",
              {
                "Fn::GetAtt": [
                  "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                  "nukeConfigConfigurationProfileId"
                ]
              },
              "\",\"Type\":\"PLAINTEXT\"}],\"LogsConfigOverride\":{\"CloudWatchLogs\":{\"Status\":\"ENABLED\",\"GroupName\":\"",
              {
                "Ref": "ISBLogGroupCleanup485A102F"
              },
              "\",\"StreamName.$\":\"States.ArrayGetItem(States.StringSplit($$.Execution.Id, ':'), 7)\"}}},\"ResultSelector\":{\"status.$\":\"$.Build.BuildStatus\"},\"ResultPath\":\"$.codeBuild\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":\"$.Error\",\"Next\":\"AddFailedExecutionPass\"}]},\"FailureRerunWait\":{\"Type\":\"Wait\",\"SecondsPath\":\"$.initializeCleanup.payload.globalConfig.cleanup.waitBeforeRetryFailedAttemptSeconds\",\"Next\":\"StartCodeBuildCall\"},\"EnoughFailedExecutionsChoice\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.executionResults.failed\",\"NumericLessThanPath\":\"$.initializeCleanup.payload.globalConfig.cleanup.numberOfFailedAttemptsToCancelCleanup\",\"Next\":\"FailureRerunWait\"}],\"Default\":\"SendFailureEvent\"},\"AddFailedExecutionPass\":{\"Type\":\"Pass\",\"Parameters\":{\"input.$\":\"$.input\",\"initializeCleanup.$\":\"$.initializeCleanup\",\"executionResults\":{\"succeeded\":0,\"failed.$\":\"States.MathAdd($.executionResults.failed, 1)\"}},\"Next\":\"EnoughFailedExecutionsChoice\"},\"SendFailureEvent\":{\"Next\":\"AccountCleanupFailed\",\"Type\":\"Task\",\"Resource\":\"arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":states:::events:putEvents\",\"Parameters\":{\"Entries\":[{\"Detail\":{\"accountId.$\":\"$.input.accountId\",\"cleanupExecutionContext\":{\"stateMachineExecutionArn.$\":\"$$.Execution.Id\",\"stateMachineExecutionStartTime.$\":\"$$.Execution.StartTime\"},\"reason.$\":\"$.input.reason\"},\"DetailType\":\"AccountCleanupFailed\",\"EventBusName\":\"",
              {
                "Fn::GetAtt": [
                  "ISBEventBusD5514129",
                  "Arn"
                ]
              },
              "\",\"Source\":\"account-cleaner\"}]}},\"AccountCleanupFailed\":{\"Type\":\"Fail\"},\"SuccessRerunWait\":{\"Type\":\"Wait\",\"SecondsPath\":\"$.initializeCleanup.payload.globalConfig.cleanup.waitBeforeRerunSuccessfulAttemptSeconds\",\"Next\":\"StartCodeBuildCall\"},\"AddSuccessfulExecutionPass\":{\"Type\":\"Pass\",\"Parameters\":{\"input.$\":\"$.input\",\"initializeCleanup.$\":\"$.initializeCleanup\",\"executionResults\":{\"succeeded.$\":\"States.MathAdd($.executionResults.succeeded, 1)\",\"failed.$\":\"$.executionResults.failed\"}},\"Next\":\"EnoughSuccessfulExecutionsChoice\"},\"EnoughSuccessfulExecutionsChoice\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.executionResults.succeeded\",\"NumericGreaterThanEqualsPath\":\"$.initializeCleanup.payload.globalConfig.cleanup.numberOfSuccessfulAttemptsToFinishCleanup\",\"Next\":\"SendSuccessEvent\"}],\"Default\":\"SuccessRerunWait\"},\"SendSuccessEvent\":{\"Next\":\"AccountCleanupSuccess\",\"Type\":\"Task\",\"Resource\":\"arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":states:::events:putEvents\",\"Parameters\":{\"Entries\":[{\"Detail\":{\"accountId.$\":\"$.input.accountId\",\"cleanupExecutionContext\":{\"stateMachineExecutionArn.$\":\"$$.Execution.Id\",\"stateMachineExecutionStartTime.$\":\"$$.Execution.StartTime\"},\"reason.$\":\"$.input.reason\"},\"DetailType\":\"AccountCleanupSucceeded\",\"EventBusName\":\"",
              {
                "Fn::GetAtt": [
                  "ISBEventBusD5514129",
                  "Arn"
                ]
              },
              "\",\"Source\":\"account-cleaner\"}]}},\"AccountCleanupSuccess\":{\"Type\":\"Succeed\"}},\"TimeoutSeconds\":43200}"
            ]
          ]
        },
        "LoggingConfiguration": {
          "Destinations": [
            {
              "CloudWatchLogsLogGroup": {
                "LogGroupArn": {
                  "Fn::GetAtt": [
                    "ISBLogGroupE607F9A7",
                    "Arn"
                  ]
                }
              }
            }
          ],
          "Level": "ALL"
        },
        "RoleArn": {
          "Fn::GetAtt": [
            "AccountCleanerStepFunctionStateMachineRole7CC1A37A",
            "Arn"
          ]
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "TracingConfiguration": {
          "Enabled": true
        }
      },
      "DependsOn": [
        "AccountCleanerStepFunctionStateMachineRoleDefaultPolicy21807A48",
        "AccountCleanerStepFunctionStateMachineRole7CC1A37A"
      ],
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/StepFunction/StateMachine/Resource"
      }
    },
    "AccountCleanerStepFunctionStateMachineEventsRole4FDC6DA2": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "events.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/StepFunction/StateMachine/EventsRole/Resource"
      }
    },
    "AccountCleanerStepFunctionStateMachineEventsRoleDefaultPolicy1C377DCB": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "states:StartExecution",
              "Effect": "Allow",
              "Resource": {
                "Ref": "AccountCleanerStepFunctionStateMachineF32685E8"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AccountCleanerStepFunctionStateMachineEventsRoleDefaultPolicy1C377DCB",
        "Roles": [
          {
            "Ref": "AccountCleanerStepFunctionStateMachineEventsRole4FDC6DA2"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/StepFunction/StateMachine/EventsRole/DefaultPolicy/Resource"
      }
    },
    "AccountCleanerStepFunctionCodeBuildStepPolicy8B6B0607": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "codebuild:StartBuild",
                "codebuild:StopBuild",
                "codebuild:BatchGetBuilds",
                "codebuild:BatchGetReports"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "AccountCleanerCodeBuildCleanupProject76064B7F",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "events:PutTargets",
                "events:PutRule",
                "events:DescribeRule"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":events:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":rule/StepFunctionsGetEventForCodeBuildStartBuildRule"
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AccountCleanerStepFunctionCodeBuildStepPolicy8B6B0607",
        "Roles": [
          {
            "Ref": "AccountCleanerStepFunctionStateMachineRole7CC1A37A"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/StepFunction/CodeBuildStepPolicy/Resource"
      }
    },
    "AccountCleanerStepFunctionDescribeStateMachineExecutionPolicy96041704": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "states:DescribeExecution",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":states:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":execution:",
                    {
                      "Fn::GetAtt": [
                        "AccountCleanerStepFunctionStateMachineF32685E8",
                        "Name"
                      ]
                    },
                    ":*"
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AccountCleanerStepFunctionDescribeStateMachineExecutionPolicy96041704",
        "Roles": [
          {
            "Ref": "AccountCleanerInitializeCleanupLambdaFunctionRole59E22179"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/StepFunction/DescribeStateMachineExecutionPolicy/Resource"
      }
    },
    "AccountCleanerStepFunctionAccountCleanupRule6AE39631": {
      "Type": "AWS::Events::Rule",
      "Properties": {
        "Description": "EventBus rule that triggers the ISB account cleanup process",
        "EventBusName": {
          "Ref": "ISBEventBusD5514129"
        },
        "EventPattern": {
          "detail-type": [
            "CleanAccountRequest"
          ]
        },
        "State": "ENABLED",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Targets": [
          {
            "Arn": {
              "Ref": "AccountCleanerStepFunctionStateMachineF32685E8"
            },
            "Id": "Target0",
            "RoleArn": {
              "Fn::GetAtt": [
                "AccountCleanerStepFunctionStateMachineEventsRole4FDC6DA2",
                "Arn"
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountCleaner/StepFunction/AccountCleanupRule/Resource"
      }
    },
    "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionRole1ABC0710": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintDeployment/DeploymentOrchestratorLambda/FunctionRole/Resource"
      }
    },
    "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionRoleDefaultPolicy18C6E050": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "cloudformation:DescribeStackSet",
                "cloudformation:DescribeStackSetOperation",
                "cloudformation:ListStackInstances"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":cloudformation:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":stackset/*:*"
                  ]
                ]
              }
            },
            {
              "Action": "cloudformation:CreateStackInstances",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":stackset/*:*"
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":stackset-target/*"
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":type/resource/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": "events:PutEvents",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBEventBusD5514129",
                  "Arn"
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionRoleDefaultPolicy18C6E050",
        "Roles": [
          {
            "Ref": "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionRole1ABC0710"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintDeployment/DeploymentOrchestratorLambda/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionC368A43B": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.dfa24ae7043a2e33eb93013ab0237baf4ae7647ff5c6605ea13d8f8b962f41df.zip"
        },
        "Description": "Orchestrates blueprint deployments via CloudFormation StackSets",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "ISB_EVENT_BUS": {
              "Ref": "ISBEventBusD5514129"
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "LEASE_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "leaseTable"
              ]
            },
            "BLUEPRINT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "blueprintTable"
              ]
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "SANDBOX_ACCOUNT_ROLE_NAME": {
              "Fn::Join": [
                "",
                [
                  "InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-SandboxAccountRole"
                ]
              ]
            },
            "ORG_MGT_ACCOUNT_ID": {
              "Ref": "OrgMgtAccountId"
            },
            "HUB_ACCOUNT_ID": {
              "Ref": "AWS::AccountId"
            }
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-DeploymentOrchestratorLambda-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionRole1ABC0710",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 300,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionRoleDefaultPolicy18C6E050",
        "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionRole1ABC0710"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintDeployment/DeploymentOrchestratorLambda/Function/Resource",
        "aws:asset:path": "asset.dfa24ae7043a2e33eb93013ab0237baf4ae7647ff5c6605ea13d8f8b962f41df",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "BlueprintDeploymentDeploymentOrchestratorLambdaIsbDbTableReadWriteB3217AE2": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadWriteAccess",
        "Roles": [
          {
            "Ref": "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionRole1ABC0710"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintDeployment/DeploymentOrchestratorLambda-IsbDbTableReadWrite/Resource"
      }
    },
    "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineRole25EC71CB": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "states.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintDeployment/StepFunction/BlueprintDeploymentStateMachine/Role/Resource"
      }
    },
    "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineRoleDefaultPolicy14EF5FC5": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "lambda:InvokeFunction",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionC368A43B",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionC368A43B",
                          "Arn"
                        ]
                      },
                      ":*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "logs:CreateLogDelivery",
                "logs:GetLogDelivery",
                "logs:UpdateLogDelivery",
                "logs:DeleteLogDelivery",
                "logs:ListLogDeliveries",
                "logs:PutResourcePolicy",
                "logs:DescribeResourcePolicies",
                "logs:DescribeLogGroups"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords",
                "xray:GetSamplingRules",
                "xray:GetSamplingTargets"
              ],
              "Effect": "Allow",
              "Resource": "*"
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineRoleDefaultPolicy14EF5FC5",
        "Roles": [
          {
            "Ref": "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineRole25EC71CB"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintDeployment/StepFunction/BlueprintDeploymentStateMachine/Role/DefaultPolicy/Resource"
      }
    },
    "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachine6A6DE17A": {
      "Type": "AWS::StepFunctions::StateMachine",
      "Properties": {
        "DefinitionString": {
          "Fn::Join": [
            "",
            [
              "{\"StartAt\":\"CreateStackInstances\",\"States\":{\"CreateStackInstances\":{\"Next\":\"EvaluateCreateResult\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":\"$.Error\",\"Next\":\"AddLambdaErrorToContext\"}],\"Type\":\"Task\",\"ResultPath\":\"$.context.deploymentResult\",\"ResultSelector\":{\"success.$\":\"$.Payload.success\",\"operationId.$\":\"$.Payload.operationId\",\"status.$\":\"$.Payload.status\",\"errorMessage.$\":\"$.Payload.errorMessage\"},\"Resource\":\"arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":states:::lambda:invoke\",\"Parameters\":{\"FunctionName\":\"",
              {
                "Fn::GetAtt": [
                  "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionC368A43B",
                  "Arn"
                ]
              },
              "\",\"Payload\":{\"action\":\"CREATE\",\"blueprintId.$\":\"$.detail.blueprintId\",\"leaseId.$\":\"$.detail.leaseId\",\"accountId.$\":\"$.detail.accountId\",\"stackSetId.$\":\"$.detail.stackSetId\",\"regions.$\":\"$.detail.regions\",\"regionConcurrencyType.$\":\"$.detail.regionConcurrencyType\",\"maxConcurrentPercentage.$\":\"$.detail.maxConcurrentPercentage\",\"failureTolerancePercentage.$\":\"$.detail.failureTolerancePercentage\",\"concurrencyMode.$\":\"$.detail.concurrencyMode\",\"executionStartTime.$\":\"$$.Execution.StartTime\"}}},\"EvaluateCreateResult\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.context.deploymentResult.success\",\"BooleanEquals\":false,\"Next\":\"PublishDeploymentResult\"}],\"Default\":\"CheckDeploymentStatus\"},\"CheckDeploymentStatus\":{\"Next\":\"EvaluateDeploymentStatus\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":\"$.Error\",\"Next\":\"AddLambdaErrorToContext\"}],\"Type\":\"Task\",\"ResultPath\":\"$.context.deploymentResult\",\"ResultSelector\":{\"operationId.$\":\"$.Payload.operationId\",\"status.$\":\"$.Payload.status\",\"errorMessage.$\":\"$.Payload.errorMessage\"},\"Resource\":\"arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":states:::lambda:invoke\",\"Parameters\":{\"FunctionName\":\"",
              {
                "Fn::GetAtt": [
                  "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionC368A43B",
                  "Arn"
                ]
              },
              "\",\"Payload\":{\"action\":\"CHECK_STATUS\",\"blueprintId.$\":\"$.detail.blueprintId\",\"leaseId.$\":\"$.detail.leaseId\",\"accountId.$\":\"$.detail.accountId\",\"stackSetId.$\":\"$.detail.stackSetId\",\"operationId.$\":\"$.context.deploymentResult.operationId\",\"deploymentTimeoutMinutes.$\":\"$.detail.deploymentTimeoutMinutes\",\"executionStartTime.$\":\"$$.Execution.StartTime\"}}},\"WaitForDeployment\":{\"Type\":\"Wait\",\"Seconds\":30,\"Next\":\"CheckDeploymentStatus\"},\"EvaluateDeploymentStatus\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.context.deploymentResult.status\",\"StringEquals\":\"SUCCEEDED\",\"Next\":\"PublishDeploymentResult\"},{\"Variable\":\"$.context.deploymentResult.status\",\"StringEquals\":\"FAILED\",\"Next\":\"PublishDeploymentResult\"}],\"Default\":\"WaitForDeployment\"},\"PublishDeploymentResult\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ClientExecutionTimeoutException\",\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":states:::lambda:invoke\",\"Parameters\":{\"FunctionName\":\"",
              {
                "Fn::GetAtt": [
                  "BlueprintDeploymentDeploymentOrchestratorLambdaFunctionC368A43B",
                  "Arn"
                ]
              },
              "\",\"Payload\":{\"action\":\"PUBLISH_RESULT\",\"blueprintId.$\":\"$.detail.blueprintId\",\"leaseId.$\":\"$.detail.leaseId\",\"userEmail.$\":\"$.detail.userEmail\",\"accountId.$\":\"$.detail.accountId\",\"blueprintName.$\":\"$.detail.blueprintName\",\"operationId.$\":\"$.context.deploymentResult.operationId\",\"status.$\":\"$.context.deploymentResult.status\",\"errorMessage.$\":\"$.context.deploymentResult.errorMessage\"}}},\"AddLambdaErrorToContext\":{\"Type\":\"Pass\",\"Parameters\":{\"detail.$\":\"$.detail\",\"Execution.$\":\"$.Execution\",\"context\":{\"deploymentResult\":{\"success\":false,\"operationId\":\"N/A\",\"status\":\"FAILED\",\"errorMessage.$\":\"States.Format('Step Functions error - Lambda function invocation failed: {}', $.Error.Cause)\"}}},\"Next\":\"PublishDeploymentResult\"}},\"TimeoutSeconds\":28800}"
            ]
          ]
        },
        "LoggingConfiguration": {
          "Destinations": [
            {
              "CloudWatchLogsLogGroup": {
                "LogGroupArn": {
                  "Fn::GetAtt": [
                    "ISBLogGroupE607F9A7",
                    "Arn"
                  ]
                }
              }
            }
          ],
          "IncludeExecutionData": true,
          "Level": "ALL"
        },
        "RoleArn": {
          "Fn::GetAtt": [
            "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineRole25EC71CB",
            "Arn"
          ]
        },
        "StateMachineType": "STANDARD",
        "Tags": [
          {
            "Key": "Component",
            "Value": "BlueprintDeployment"
          },
          {
            "Key": "ManagedBy",
            "Value": "InnovationSandbox"
          }
        ],
        "TracingConfiguration": {
          "Enabled": true
        }
      },
      "DependsOn": [
        "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineRoleDefaultPolicy14EF5FC5",
        "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineRole25EC71CB"
      ],
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintDeployment/StepFunction/BlueprintDeploymentStateMachine/Resource"
      }
    },
    "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineEventsRole340D296A": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "events.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintDeployment/StepFunction/BlueprintDeploymentStateMachine/EventsRole/Resource"
      }
    },
    "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineEventsRoleDefaultPolicyA171F120": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "states:StartExecution",
              "Effect": "Allow",
              "Resource": {
                "Ref": "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachine6A6DE17A"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineEventsRoleDefaultPolicyA171F120",
        "Roles": [
          {
            "Ref": "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineEventsRole340D296A"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintDeployment/StepFunction/BlueprintDeploymentStateMachine/EventsRole/DefaultPolicy/Resource"
      }
    },
    "BlueprintDeploymentStepFunctionBlueprintDeploymentRule9F0D2688": {
      "Type": "AWS::Events::Rule",
      "Properties": {
        "Description": "EventBus rule that triggers blueprint deployment Step Functions workflow",
        "EventBusName": {
          "Ref": "ISBEventBusD5514129"
        },
        "EventPattern": {
          "detail-type": [
            "BlueprintDeploymentRequest"
          ]
        },
        "State": "ENABLED",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Targets": [
          {
            "Arn": {
              "Ref": "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachine6A6DE17A"
            },
            "Id": "Target0",
            "RoleArn": {
              "Fn::GetAtt": [
                "BlueprintDeploymentStepFunctionBlueprintDeploymentStateMachineEventsRole340D296A",
                "Arn"
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintDeployment/StepFunction/BlueprintDeploymentRule/Resource"
      }
    },
    "JwtSecretB8834B39": {
      "Type": "AWS::SecretsManager::Secret",
      "Properties": {
        "Description": "The secret for JWT used by Innovation Sandbox",
        "GenerateSecretString": {
          "PasswordLength": 32
        },
        "KmsKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "Name": {
          "Fn::Join": [
            "",
            [
              "/InnovationSandbox/",
              {
                "Ref": "Namespace"
              },
              "/Auth/JwtSecret"
            ]
          ]
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/JwtSecret/Resource"
      }
    },
    "JwtSecretRotationScheduleDAD24282": {
      "Type": "AWS::SecretsManager::RotationSchedule",
      "Properties": {
        "RotateImmediatelyOnUpdate": true,
        "RotationLambdaARN": {
          "Fn::GetAtt": [
            "JwtSecretRotatorFunction8299D159",
            "Arn"
          ]
        },
        "RotationRules": {
          "ScheduleExpression": "rate(30 days)"
        },
        "SecretId": {
          "Ref": "JwtSecretB8834B39"
        }
      },
      "DependsOn": [
        "JwtSecretRotatorFunctionInvokeN0a2GKfZP0JmDqDEVhhu6A0TUv3NyNbk4YMFKNcD8557503"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/JwtSecret/RotationSchedule/Resource"
      }
    },
    "JwtSecretPolicy4DC9D3C1": {
      "Type": "AWS::SecretsManager::ResourcePolicy",
      "Properties": {
        "ResourcePolicy": {
          "Statement": [
            {
              "Action": "secretsmanager:DeleteSecret",
              "Effect": "Deny",
              "Principal": {
                "AWS": {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":iam::",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":root"
                    ]
                  ]
                }
              },
              "Resource": "*"
            }
          ],
          "Version": "2012-10-17"
        },
        "SecretId": {
          "Ref": "JwtSecretB8834B39"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/JwtSecret/Policy/Resource"
      }
    },
    "JwtSecretRotatorFunctionRole64A92119": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/JwtSecretRotator/FunctionRole/Resource"
      }
    },
    "JwtSecretRotatorFunctionRoleDefaultPolicy23443270": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "secretsmanager:DescribeSecret",
                "secretsmanager:GetSecretValue",
                "secretsmanager:PutSecretValue",
                "secretsmanager:UpdateSecretVersionStage"
              ],
              "Effect": "Allow",
              "Resource": {
                "Ref": "JwtSecretB8834B39"
              }
            },
            {
              "Action": "secretsmanager:GetRandomPassword",
              "Effect": "Allow",
              "Resource": "*"
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "JwtSecretRotatorFunctionRoleDefaultPolicy23443270",
        "Roles": [
          {
            "Ref": "JwtSecretRotatorFunctionRole64A92119"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/JwtSecretRotator/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "JwtSecretRotatorFunction8299D159": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.010f903000cad33aa8e25cc010d9c55c5c6453b12e8e799aff7305229af380f4.zip"
        },
        "Description": "Rotates the Isb Jwt Secret",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-JwtSecretRotator-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "ReservedConcurrentExecutions": 1,
        "Role": {
          "Fn::GetAtt": [
            "JwtSecretRotatorFunctionRole64A92119",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "JwtSecretRotatorFunctionRoleDefaultPolicy23443270",
        "JwtSecretRotatorFunctionRole64A92119"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/JwtSecretRotator/Function/Resource",
        "aws:asset:path": "asset.010f903000cad33aa8e25cc010d9c55c5c6453b12e8e799aff7305229af380f4",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "JwtSecretRotatorFunctionInvokeN0a2GKfZP0JmDqDEVhhu6A0TUv3NyNbk4YMFKNcD8557503": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "JwtSecretRotatorFunction8299D159",
            "Arn"
          ]
        },
        "Principal": "secretsmanager.amazonaws.com"
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/JwtSecretRotator/Function/InvokeN0--a2GKfZP0JmDqDE--Vhhu6+A0TUv3NyNbk4YM+FKNc="
      }
    },
    "AuthorizerLambdaFunctionFunctionRole354E8B0D": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AuthorizerLambdaFunction/FunctionRole/Resource"
      }
    },
    "AuthorizerLambdaFunctionFunctionRoleDefaultPolicy7D84D874": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret"
              ],
              "Effect": "Allow",
              "Resource": {
                "Ref": "JwtSecretB8834B39"
              }
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "globalConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AuthorizerLambdaFunctionFunctionRoleDefaultPolicy7D84D874",
        "Roles": [
          {
            "Ref": "AuthorizerLambdaFunctionFunctionRole354E8B0D"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AuthorizerLambdaFunction/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "AuthorizerLambdaFunction01123EED": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.ef9de7bee5c832c8c989c11c89131afc76bbe2ebc9ade6406f5d8f48bb853879.zip"
        },
        "Description": "Lambda function used for Innovation Sandbox on AWS API Authorization",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "JWT_SECRET_NAME": {
              "Fn::Join": [
                "",
                [
                  "/InnovationSandbox/",
                  {
                    "Ref": "Namespace"
                  },
                  "/Auth/JwtSecret"
                ]
              ]
            },
            "APP_CONFIG_APPLICATION_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configApplicationId"
              ]
            },
            "APP_CONFIG_ENVIRONMENT_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configEnvironmentId"
              ]
            },
            "APP_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "globalConfigConfigurationProfileId"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_PREFETCH_LIST": {
              "Fn::Join": [
                "",
                [
                  "/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "globalConfigConfigurationProfileId"
                    ]
                  }
                ]
              ]
            },
            "AWS_APPCONFIG_EXTENSION_POLL_INTERVAL_SECONDS": "10m",
            "AWS_APPCONFIG_EXTENSION_HTTP_PORT": "2772"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-AuthorizerLambdaFunction-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          },
          {
            "Fn::FindInMap": [
              "AppConfigExtensionArnMap",
              {
                "Ref": "AWS::Region"
              },
              "arn"
            ]
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "AuthorizerLambdaFunctionFunctionRole354E8B0D",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "AuthorizerLambdaFunctionFunctionRoleDefaultPolicy7D84D874",
        "AuthorizerLambdaFunctionFunctionRole354E8B0D"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AuthorizerLambdaFunction/Function/Resource",
        "aws:asset:path": "asset.ef9de7bee5c832c8c989c11c89131afc76bbe2ebc9ade6406f5d8f48bb853879",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "AuthorizerLambdaFunctionInnovationSandboxComputeAuthorizer73F8A83EPermissionsADDE3DED": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AuthorizerLambdaFunction01123EED",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/authorizers/",
              {
                "Ref": "AuthorizerBD825682"
              }
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AuthorizerLambdaFunction/Function/InnovationSandboxComputeAuthorizer73F8A83E:Permissions"
      }
    },
    "AuthorizerBD825682": {
      "Type": "AWS::ApiGateway::Authorizer",
      "Properties": {
        "AuthorizerResultTtlInSeconds": 300,
        "AuthorizerUri": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Fn::Select": [
                  1,
                  {
                    "Fn::Split": [
                      ":",
                      {
                        "Fn::GetAtt": [
                          "AuthorizerLambdaFunction01123EED",
                          "Arn"
                        ]
                      }
                    ]
                  }
                ]
              },
              ":apigateway:",
              {
                "Fn::Select": [
                  3,
                  {
                    "Fn::Split": [
                      ":",
                      {
                        "Fn::GetAtt": [
                          "AuthorizerLambdaFunction01123EED",
                          "Arn"
                        ]
                      }
                    ]
                  }
                ]
              },
              ":lambda:path/2015-03-31/functions/",
              {
                "Fn::GetAtt": [
                  "AuthorizerLambdaFunction01123EED",
                  "Arn"
                ]
              },
              "/invocations"
            ]
          ]
        },
        "IdentitySource": "method.request.header.Authorization,context.path,context.httpMethod",
        "Name": "InnovationSandboxComputeAuthorizer73F8A83E",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        },
        "Type": "REQUEST"
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/Authorizer/Resource"
      }
    },
    "IsbRestApi377E2CC6": {
      "Type": "AWS::ApiGateway::RestApi",
      "Properties": {
        "Description": "Innovation Sandbox on AWS Rest API",
        "Name": "IsbRestApi",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Resource"
      }
    },
    "IsbRestApiCloudWatchRole3E2A3B92": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "apigateway.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "ManagedPolicyArns": [
          {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs"
              ]
            ]
          }
        ],
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/CloudWatchRole/Resource"
      }
    },
    "IsbRestApiAccountF2A31F36": {
      "Type": "AWS::ApiGateway::Account",
      "Properties": {
        "CloudWatchRoleArn": {
          "Fn::GetAtt": [
            "IsbRestApiCloudWatchRole3E2A3B92",
            "Arn"
          ]
        }
      },
      "DependsOn": [
        "IsbRestApi377E2CC6"
      ],
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Account"
      }
    },
    "IsbRestApiDeployment120FC0535a53492b2af965ff417ce477dd1404ea": {
      "Type": "AWS::ApiGateway::Deployment",
      "Properties": {
        "Description": "Innovation Sandbox on AWS Rest API",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "DependsOn": [
        "IsbRestApiaccountsawsAccountIdejectPOST8D3E80E9",
        "IsbRestApiaccountsawsAccountIdeject6D451D8A",
        "IsbRestApiaccountsawsAccountIdGETA3567A33",
        "IsbRestApiaccountsawsAccountId279CF7F2",
        "IsbRestApiaccountsawsAccountIdretryCleanupPOST8F8AF552",
        "IsbRestApiaccountsawsAccountIdretryCleanup5F96B82E",
        "IsbRestApiaccountsGET9C185DB2",
        "IsbRestApiaccountsPOST13FEF3B9",
        "IsbRestApiaccounts69CD8364",
        "IsbRestApiaccountsunregisteredGET1A7AE469",
        "IsbRestApiaccountsunregistered0069F65F",
        "IsbRestApiauthactionGET60DF4D62",
        "IsbRestApiauthactionOPTIONSA6DC7412",
        "IsbRestApiauthactionPOST28128E1C",
        "IsbRestApiauthaction909DADD2",
        "IsbRestApiauthE905B564",
        "IsbRestApiblueprintsblueprintIdDELETE999AABA6",
        "IsbRestApiblueprintsblueprintIdGETBD57AC27",
        "IsbRestApiblueprintsblueprintIdPUT4E2B6458",
        "IsbRestApiblueprintsblueprintId49293701",
        "IsbRestApiblueprintsGET8E9D6FB5",
        "IsbRestApiblueprintsPOSTA9016983",
        "IsbRestApiblueprints5F702E36",
        "IsbRestApiblueprintsstacksetsGETDEEB1121",
        "IsbRestApiblueprintsstacksets500BFF02",
        "IsbRestApiconfigurationsGETCB095983",
        "IsbRestApiconfigurationsPOSTD70E362B",
        "IsbRestApiconfigurations6FE57EA4",
        "IsbRestApileasesleaseIdfreezePOSTDE894D78",
        "IsbRestApileasesleaseIdfreeze3A28784A",
        "IsbRestApileasesleaseIdGETFC53DF30",
        "IsbRestApileasesleaseIdPATCHAB95D5E9",
        "IsbRestApileasesleaseId9851F99B",
        "IsbRestApileasesleaseIdreviewPOST03D6AD94",
        "IsbRestApileasesleaseIdreview53E1F41F",
        "IsbRestApileasesleaseIdterminatePOSTD029AED7",
        "IsbRestApileasesleaseIdterminate0B5F429B",
        "IsbRestApileasesleaseIdunfreezePOST63C4E6CA",
        "IsbRestApileasesleaseIdunfreezeC90D1F13",
        "IsbRestApileasesGET2040EBB6",
        "IsbRestApileasesPOST0BA078F5",
        "IsbRestApileases603F143D",
        "IsbRestApileaseTemplatesleaseTemplateNameDELETEC19BA76D",
        "IsbRestApileaseTemplatesleaseTemplateNameGETABE25277",
        "IsbRestApileaseTemplatesleaseTemplateNamePUTA18EDFBF",
        "IsbRestApileaseTemplatesleaseTemplateName6CF1F9DC",
        "IsbRestApileaseTemplatesGETD139D035",
        "IsbRestApileaseTemplatesPOST61718B66",
        "IsbRestApileaseTemplates87AB84C6"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Deployment/Resource",
        "aws:cdk:do-not-refactor": true
      }
    },
    "IsbRestApiDeploymentStageprod7DDD9304": {
      "Type": "AWS::ApiGateway::Stage",
      "Properties": {
        "AccessLogSetting": {
          "DestinationArn": {
            "Fn::GetAtt": [
              "ISBLogGroupE607F9A7",
              "Arn"
            ]
          },
          "Format": "$context.identity.sourceIp $context.identity.caller $context.identity.user [$context.requestTime] \"$context.httpMethod $context.resourcePath $context.protocol\" $context.status $context.responseLength $context.requestId"
        },
        "DeploymentId": {
          "Ref": "IsbRestApiDeployment120FC0535a53492b2af965ff417ce477dd1404ea"
        },
        "MethodSettings": [
          {
            "DataTraceEnabled": false,
            "HttpMethod": "*",
            "ResourcePath": "/*",
            "ThrottlingBurstLimit": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "apiThrottlingBurstLimit",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "ThrottlingRateLimit": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "apiThrottlingRateLimit",
                {
                  "DefaultValue": ""
                }
              ]
            }
          }
        ],
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        },
        "StageName": "prod",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "TracingEnabled": true
      },
      "DependsOn": [
        "IsbRestApiAccountF2A31F36"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/DeploymentStage.prod/Resource",
        "guard": {
          "SuppressedRules": [
            "API_GW_CACHE_ENABLED_AND_ENCRYPTED"
          ]
        }
      }
    },
    "IsbRestApiauthE905B564": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Fn::GetAtt": [
            "IsbRestApi377E2CC6",
            "RootResourceId"
          ]
        },
        "PathPart": "auth",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/auth/Resource"
      }
    },
    "IsbRestApiauthaction909DADD2": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApiauthE905B564"
        },
        "PathPart": "{action+}",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/auth/{action+}/Resource",
        "guard": {
          "SuppressedRules": [
            "API_GW_METHOD_AUTHORIZATION_TYPE_RULE"
          ]
        }
      }
    },
    "IsbRestApiauthactionGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETauthactionEC43DB2D": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "SsoHandlerFunction8FE0A4A7",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/auth/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/auth/{action+}/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..auth.{action+}"
      }
    },
    "IsbRestApiauthactionGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETauthactionE9F04410": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "SsoHandlerFunction8FE0A4A7",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/auth/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/auth/{action+}/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..auth.{action+}"
      }
    },
    "IsbRestApiauthactionGET60DF4D62": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "NONE",
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "SsoHandlerFunction8FE0A4A7",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiauthaction909DADD2"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/auth/{action+}/GET/Resource",
        "guard": {
          "SuppressedRules": [
            "API_GW_METHOD_AUTHORIZATION_TYPE_RULE"
          ]
        }
      }
    },
    "IsbRestApiauthactionPOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTauthaction6F528774": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "SsoHandlerFunction8FE0A4A7",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/auth/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/auth/{action+}/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..auth.{action+}"
      }
    },
    "IsbRestApiauthactionPOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTauthaction579CB129": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "SsoHandlerFunction8FE0A4A7",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/auth/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/auth/{action+}/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..auth.{action+}"
      }
    },
    "IsbRestApiauthactionPOST28128E1C": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "NONE",
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "SsoHandlerFunction8FE0A4A7",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiauthaction909DADD2"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/auth/{action+}/POST/Resource",
        "guard": {
          "SuppressedRules": [
            "API_GW_METHOD_AUTHORIZATION_TYPE_RULE"
          ]
        }
      }
    },
    "IsbRestApiauthactionOPTIONSApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007OPTIONSauthactionCB860424": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "SsoHandlerFunction8FE0A4A7",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/OPTIONS/auth/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/auth/{action+}/OPTIONS/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.OPTIONS..auth.{action+}"
      }
    },
    "IsbRestApiauthactionOPTIONSApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007OPTIONSauthaction103838DB": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "SsoHandlerFunction8FE0A4A7",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/OPTIONS/auth/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/auth/{action+}/OPTIONS/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.OPTIONS..auth.{action+}"
      }
    },
    "IsbRestApiauthactionOPTIONSA6DC7412": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "NONE",
        "HttpMethod": "OPTIONS",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "SsoHandlerFunction8FE0A4A7",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiauthaction909DADD2"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/auth/{action+}/OPTIONS/Resource",
        "guard": {
          "SuppressedRules": [
            "API_GW_METHOD_AUTHORIZATION_TYPE_RULE"
          ]
        }
      }
    },
    "IsbRestApileases603F143D": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Fn::GetAtt": [
            "IsbRestApi377E2CC6",
            "RootResourceId"
          ]
        },
        "PathPart": "leases",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/Resource"
      }
    },
    "IsbRestApileasesGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETleasesF96F30F2": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/leases"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..leases"
      }
    },
    "IsbRestApileasesGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETleases64573D40": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/leases"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..leases"
      }
    },
    "IsbRestApileasesGET2040EBB6": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeasesLambdaFunction6133D88B",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileases603F143D"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/GET/Resource"
      }
    },
    "IsbRestApileasesPOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTleases01474BA9": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/leases"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leases"
      }
    },
    "IsbRestApileasesPOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTleasesDA568788": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/leases"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leases"
      }
    },
    "IsbRestApileasesPOST0BA078F5": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeasesLambdaFunction6133D88B",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileases603F143D"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/POST/Resource"
      }
    },
    "IsbRestApileasesleaseId9851F99B": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApileases603F143D"
        },
        "PathPart": "{leaseId}",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/Resource"
      }
    },
    "IsbRestApileasesleaseIdGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETleasesleaseId4FB5D873": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/leases/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..leases.{leaseId}"
      }
    },
    "IsbRestApileasesleaseIdGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETleasesleaseId12E86A16": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/leases/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..leases.{leaseId}"
      }
    },
    "IsbRestApileasesleaseIdGETFC53DF30": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeasesLambdaFunction6133D88B",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileasesleaseId9851F99B"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/GET/Resource"
      }
    },
    "IsbRestApileasesleaseIdPATCHApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007PATCHleasesleaseId2BDAEB15": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/PATCH/leases/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/PATCH/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.PATCH..leases.{leaseId}"
      }
    },
    "IsbRestApileasesleaseIdPATCHApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007PATCHleasesleaseId5630CB56": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/PATCH/leases/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/PATCH/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.PATCH..leases.{leaseId}"
      }
    },
    "IsbRestApileasesleaseIdPATCHAB95D5E9": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "PATCH",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeasesLambdaFunction6133D88B",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileasesleaseId9851F99B"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/PATCH/Resource"
      }
    },
    "IsbRestApileasesleaseIdreview53E1F41F": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApileasesleaseId9851F99B"
        },
        "PathPart": "review",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/review/Resource"
      }
    },
    "IsbRestApileasesleaseIdreviewPOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTleasesleaseIdreviewAE391C69": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/leases/*/review"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/review/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leases.{leaseId}.review"
      }
    },
    "IsbRestApileasesleaseIdreviewPOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTleasesleaseIdreview8C333AC3": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/leases/*/review"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/review/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leases.{leaseId}.review"
      }
    },
    "IsbRestApileasesleaseIdreviewPOST03D6AD94": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeasesLambdaFunction6133D88B",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileasesleaseIdreview53E1F41F"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/review/POST/Resource"
      }
    },
    "IsbRestApileasesleaseIdfreeze3A28784A": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApileasesleaseId9851F99B"
        },
        "PathPart": "freeze",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/freeze/Resource"
      }
    },
    "IsbRestApileasesleaseIdfreezePOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTleasesleaseIdfreezeD9A48CF9": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/leases/*/freeze"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/freeze/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leases.{leaseId}.freeze"
      }
    },
    "IsbRestApileasesleaseIdfreezePOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTleasesleaseIdfreezeDE813A18": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/leases/*/freeze"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/freeze/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leases.{leaseId}.freeze"
      }
    },
    "IsbRestApileasesleaseIdfreezePOSTDE894D78": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeasesLambdaFunction6133D88B",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileasesleaseIdfreeze3A28784A"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/freeze/POST/Resource"
      }
    },
    "IsbRestApileasesleaseIdunfreezeC90D1F13": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApileasesleaseId9851F99B"
        },
        "PathPart": "unfreeze",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/unfreeze/Resource"
      }
    },
    "IsbRestApileasesleaseIdunfreezePOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTleasesleaseIdunfreezeD0F25169": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/leases/*/unfreeze"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/unfreeze/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leases.{leaseId}.unfreeze"
      }
    },
    "IsbRestApileasesleaseIdunfreezePOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTleasesleaseIdunfreeze3DD8301E": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/leases/*/unfreeze"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/unfreeze/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leases.{leaseId}.unfreeze"
      }
    },
    "IsbRestApileasesleaseIdunfreezePOST63C4E6CA": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeasesLambdaFunction6133D88B",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileasesleaseIdunfreezeC90D1F13"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/unfreeze/POST/Resource"
      }
    },
    "IsbRestApileasesleaseIdterminate0B5F429B": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApileasesleaseId9851F99B"
        },
        "PathPart": "terminate",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/terminate/Resource"
      }
    },
    "IsbRestApileasesleaseIdterminatePOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTleasesleaseIdterminate0EF4225F": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/leases/*/terminate"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/terminate/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leases.{leaseId}.terminate"
      }
    },
    "IsbRestApileasesleaseIdterminatePOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTleasesleaseIdterminate227088A9": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeasesLambdaFunction6133D88B",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/leases/*/terminate"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/terminate/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leases.{leaseId}.terminate"
      }
    },
    "IsbRestApileasesleaseIdterminatePOSTD029AED7": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeasesLambdaFunction6133D88B",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileasesleaseIdterminate0B5F429B"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leases/{leaseId}/terminate/POST/Resource"
      }
    },
    "IsbRestApileaseTemplates87AB84C6": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Fn::GetAtt": [
            "IsbRestApi377E2CC6",
            "RootResourceId"
          ]
        },
        "PathPart": "leaseTemplates",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/Resource"
      }
    },
    "IsbRestApileaseTemplatesGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETleaseTemplates392C8D46": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeaseTemplatesLambdaFunction2965B8D5",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/leaseTemplates"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..leaseTemplates"
      }
    },
    "IsbRestApileaseTemplatesGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETleaseTemplates18586AE9": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeaseTemplatesLambdaFunction2965B8D5",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/leaseTemplates"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..leaseTemplates"
      }
    },
    "IsbRestApileaseTemplatesGETD139D035": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeaseTemplatesLambdaFunction2965B8D5",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileaseTemplates87AB84C6"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/GET/Resource"
      }
    },
    "IsbRestApileaseTemplatesPOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTleaseTemplates60B460A6": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeaseTemplatesLambdaFunction2965B8D5",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/leaseTemplates"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leaseTemplates"
      }
    },
    "IsbRestApileaseTemplatesPOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTleaseTemplates185DC666": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeaseTemplatesLambdaFunction2965B8D5",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/leaseTemplates"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..leaseTemplates"
      }
    },
    "IsbRestApileaseTemplatesPOST61718B66": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeaseTemplatesLambdaFunction2965B8D5",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileaseTemplates87AB84C6"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/POST/Resource"
      }
    },
    "IsbRestApileaseTemplatesleaseTemplateName6CF1F9DC": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApileaseTemplates87AB84C6"
        },
        "PathPart": "{leaseTemplateName}",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/{leaseTemplateName}/Resource"
      }
    },
    "IsbRestApileaseTemplatesleaseTemplateNameGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETleaseTemplatesleaseTemplateName49E26F2B": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeaseTemplatesLambdaFunction2965B8D5",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/leaseTemplates/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/{leaseTemplateName}/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..leaseTemplates.{leaseTemplateName}"
      }
    },
    "IsbRestApileaseTemplatesleaseTemplateNameGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETleaseTemplatesleaseTemplateNameCE3757F1": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeaseTemplatesLambdaFunction2965B8D5",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/leaseTemplates/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/{leaseTemplateName}/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..leaseTemplates.{leaseTemplateName}"
      }
    },
    "IsbRestApileaseTemplatesleaseTemplateNameGETABE25277": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeaseTemplatesLambdaFunction2965B8D5",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileaseTemplatesleaseTemplateName6CF1F9DC"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/{leaseTemplateName}/GET/Resource"
      }
    },
    "IsbRestApileaseTemplatesleaseTemplateNamePUTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007PUTleaseTemplatesleaseTemplateName3E0A367E": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeaseTemplatesLambdaFunction2965B8D5",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/PUT/leaseTemplates/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/{leaseTemplateName}/PUT/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.PUT..leaseTemplates.{leaseTemplateName}"
      }
    },
    "IsbRestApileaseTemplatesleaseTemplateNamePUTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007PUTleaseTemplatesleaseTemplateNameB9E2CCAF": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeaseTemplatesLambdaFunction2965B8D5",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/PUT/leaseTemplates/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/{leaseTemplateName}/PUT/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.PUT..leaseTemplates.{leaseTemplateName}"
      }
    },
    "IsbRestApileaseTemplatesleaseTemplateNamePUTA18EDFBF": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "PUT",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeaseTemplatesLambdaFunction2965B8D5",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileaseTemplatesleaseTemplateName6CF1F9DC"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/{leaseTemplateName}/PUT/Resource"
      }
    },
    "IsbRestApileaseTemplatesleaseTemplateNameDELETEApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007DELETEleaseTemplatesleaseTemplateName57A6E2EB": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeaseTemplatesLambdaFunction2965B8D5",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/DELETE/leaseTemplates/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/{leaseTemplateName}/DELETE/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.DELETE..leaseTemplates.{leaseTemplateName}"
      }
    },
    "IsbRestApileaseTemplatesleaseTemplateNameDELETEApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007DELETEleaseTemplatesleaseTemplateName7F7AA768": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "LeaseTemplatesLambdaFunction2965B8D5",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/DELETE/leaseTemplates/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/{leaseTemplateName}/DELETE/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.DELETE..leaseTemplates.{leaseTemplateName}"
      }
    },
    "IsbRestApileaseTemplatesleaseTemplateNameDELETEC19BA76D": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "DELETE",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "LeaseTemplatesLambdaFunction2965B8D5",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApileaseTemplatesleaseTemplateName6CF1F9DC"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/leaseTemplates/{leaseTemplateName}/DELETE/Resource"
      }
    },
    "IsbRestApiaccounts69CD8364": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Fn::GetAtt": [
            "IsbRestApi377E2CC6",
            "RootResourceId"
          ]
        },
        "PathPart": "accounts",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/Resource"
      }
    },
    "IsbRestApiaccountsGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETaccountsAF515070": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/accounts"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..accounts"
      }
    },
    "IsbRestApiaccountsGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETaccountsB9E6E2AD": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/accounts"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..accounts"
      }
    },
    "IsbRestApiaccountsGET9C185DB2": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "AccountsLambdaFunction47AFACD2",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiaccounts69CD8364"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/GET/Resource"
      }
    },
    "IsbRestApiaccountsPOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTaccounts9A78638B": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/accounts"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..accounts"
      }
    },
    "IsbRestApiaccountsPOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTaccountsC5E7AB33": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/accounts"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..accounts"
      }
    },
    "IsbRestApiaccountsPOST13FEF3B9": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "AccountsLambdaFunction47AFACD2",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiaccounts69CD8364"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/POST/Resource"
      }
    },
    "IsbRestApiaccountsawsAccountId279CF7F2": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApiaccounts69CD8364"
        },
        "PathPart": "{awsAccountId}",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/Resource"
      }
    },
    "IsbRestApiaccountsawsAccountIdGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETaccountsawsAccountId204640B8": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/accounts/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..accounts.{awsAccountId}"
      }
    },
    "IsbRestApiaccountsawsAccountIdGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETaccountsawsAccountId09130513": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/accounts/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..accounts.{awsAccountId}"
      }
    },
    "IsbRestApiaccountsawsAccountIdGETA3567A33": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "AccountsLambdaFunction47AFACD2",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiaccountsawsAccountId279CF7F2"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/GET/Resource"
      }
    },
    "IsbRestApiaccountsawsAccountIdretryCleanup5F96B82E": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApiaccountsawsAccountId279CF7F2"
        },
        "PathPart": "retryCleanup",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/retryCleanup/Resource"
      }
    },
    "IsbRestApiaccountsawsAccountIdretryCleanupPOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTaccountsawsAccountIdretryCleanup00AD40F6": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/accounts/*/retryCleanup"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/retryCleanup/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..accounts.{awsAccountId}.retryCleanup"
      }
    },
    "IsbRestApiaccountsawsAccountIdretryCleanupPOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTaccountsawsAccountIdretryCleanupA8AB6F2C": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/accounts/*/retryCleanup"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/retryCleanup/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..accounts.{awsAccountId}.retryCleanup"
      }
    },
    "IsbRestApiaccountsawsAccountIdretryCleanupPOST8F8AF552": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "AccountsLambdaFunction47AFACD2",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiaccountsawsAccountIdretryCleanup5F96B82E"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/retryCleanup/POST/Resource"
      }
    },
    "IsbRestApiaccountsawsAccountIdeject6D451D8A": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApiaccountsawsAccountId279CF7F2"
        },
        "PathPart": "eject",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/eject/Resource"
      }
    },
    "IsbRestApiaccountsawsAccountIdejectPOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTaccountsawsAccountIdejectADB12F2B": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/accounts/*/eject"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/eject/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..accounts.{awsAccountId}.eject"
      }
    },
    "IsbRestApiaccountsawsAccountIdejectPOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTaccountsawsAccountIdejectAB799075": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/accounts/*/eject"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/eject/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..accounts.{awsAccountId}.eject"
      }
    },
    "IsbRestApiaccountsawsAccountIdejectPOST8D3E80E9": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "AccountsLambdaFunction47AFACD2",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiaccountsawsAccountIdeject6D451D8A"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/{awsAccountId}/eject/POST/Resource"
      }
    },
    "IsbRestApiaccountsunregistered0069F65F": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApiaccounts69CD8364"
        },
        "PathPart": "unregistered",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/unregistered/Resource"
      }
    },
    "IsbRestApiaccountsunregisteredGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETaccountsunregistered26B4C43A": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/accounts/unregistered"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/unregistered/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..accounts.unregistered"
      }
    },
    "IsbRestApiaccountsunregisteredGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETaccountsunregistered09A9E44D": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AccountsLambdaFunction47AFACD2",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/accounts/unregistered"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/unregistered/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..accounts.unregistered"
      }
    },
    "IsbRestApiaccountsunregisteredGET1A7AE469": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "AccountsLambdaFunction47AFACD2",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiaccountsunregistered0069F65F"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/accounts/unregistered/GET/Resource"
      }
    },
    "IsbRestApiblueprints5F702E36": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Fn::GetAtt": [
            "IsbRestApi377E2CC6",
            "RootResourceId"
          ]
        },
        "PathPart": "blueprints",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/Resource"
      }
    },
    "IsbRestApiblueprintsGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETblueprintsA202C78A": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/blueprints"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..blueprints"
      }
    },
    "IsbRestApiblueprintsGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETblueprints4C829A94": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/blueprints"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..blueprints"
      }
    },
    "IsbRestApiblueprintsGET8E9D6FB5": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "BlueprintsLambdaFunction92CE4466",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiblueprints5F702E36"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/GET/Resource"
      }
    },
    "IsbRestApiblueprintsPOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTblueprints4B6A01BF": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/blueprints"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..blueprints"
      }
    },
    "IsbRestApiblueprintsPOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTblueprintsEAD04AAB": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/blueprints"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..blueprints"
      }
    },
    "IsbRestApiblueprintsPOSTA9016983": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "BlueprintsLambdaFunction92CE4466",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiblueprints5F702E36"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/POST/Resource"
      }
    },
    "IsbRestApiblueprintsstacksets500BFF02": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApiblueprints5F702E36"
        },
        "PathPart": "stacksets",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/stacksets/Resource"
      }
    },
    "IsbRestApiblueprintsstacksetsGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETblueprintsstacksets7EE665F0": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/blueprints/stacksets"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/stacksets/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..blueprints.stacksets"
      }
    },
    "IsbRestApiblueprintsstacksetsGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETblueprintsstacksets1CF64955": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/blueprints/stacksets"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/stacksets/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..blueprints.stacksets"
      }
    },
    "IsbRestApiblueprintsstacksetsGETDEEB1121": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "BlueprintsLambdaFunction92CE4466",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiblueprintsstacksets500BFF02"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/stacksets/GET/Resource"
      }
    },
    "IsbRestApiblueprintsblueprintId49293701": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Ref": "IsbRestApiblueprints5F702E36"
        },
        "PathPart": "{blueprintId}",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/{blueprintId}/Resource"
      }
    },
    "IsbRestApiblueprintsblueprintIdGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETblueprintsblueprintId337545DC": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/blueprints/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/{blueprintId}/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..blueprints.{blueprintId}"
      }
    },
    "IsbRestApiblueprintsblueprintIdGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETblueprintsblueprintId1296BDB6": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/blueprints/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/{blueprintId}/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..blueprints.{blueprintId}"
      }
    },
    "IsbRestApiblueprintsblueprintIdGETBD57AC27": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "BlueprintsLambdaFunction92CE4466",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiblueprintsblueprintId49293701"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/{blueprintId}/GET/Resource"
      }
    },
    "IsbRestApiblueprintsblueprintIdPUTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007PUTblueprintsblueprintId23776594": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/PUT/blueprints/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/{blueprintId}/PUT/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.PUT..blueprints.{blueprintId}"
      }
    },
    "IsbRestApiblueprintsblueprintIdPUTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007PUTblueprintsblueprintId9B700D93": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/PUT/blueprints/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/{blueprintId}/PUT/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.PUT..blueprints.{blueprintId}"
      }
    },
    "IsbRestApiblueprintsblueprintIdPUT4E2B6458": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "PUT",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "BlueprintsLambdaFunction92CE4466",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiblueprintsblueprintId49293701"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/{blueprintId}/PUT/Resource"
      }
    },
    "IsbRestApiblueprintsblueprintIdDELETEApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007DELETEblueprintsblueprintId6EAAF73B": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/DELETE/blueprints/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/{blueprintId}/DELETE/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.DELETE..blueprints.{blueprintId}"
      }
    },
    "IsbRestApiblueprintsblueprintIdDELETEApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007DELETEblueprintsblueprintId22D9A1CF": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunction92CE4466",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/DELETE/blueprints/*"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/{blueprintId}/DELETE/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.DELETE..blueprints.{blueprintId}"
      }
    },
    "IsbRestApiblueprintsblueprintIdDELETE999AABA6": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "DELETE",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "BlueprintsLambdaFunction92CE4466",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiblueprintsblueprintId49293701"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/blueprints/{blueprintId}/DELETE/Resource"
      }
    },
    "IsbRestApiconfigurations6FE57EA4": {
      "Type": "AWS::ApiGateway::Resource",
      "Properties": {
        "ParentId": {
          "Fn::GetAtt": [
            "IsbRestApi377E2CC6",
            "RootResourceId"
          ]
        },
        "PathPart": "configurations",
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/configurations/Resource"
      }
    },
    "IsbRestApiconfigurationsGETApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007GETconfigurations8BE4A8AD": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "ConfigurationsLambdaFunctionBD1B5393",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/GET/configurations"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/configurations/GET/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.GET..configurations"
      }
    },
    "IsbRestApiconfigurationsGETApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007GETconfigurationsBDC07FAD": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "ConfigurationsLambdaFunctionBD1B5393",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/GET/configurations"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/configurations/GET/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.GET..configurations"
      }
    },
    "IsbRestApiconfigurationsGETCB095983": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "GET",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "ConfigurationsLambdaFunctionBD1B5393",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiconfigurations6FE57EA4"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/configurations/GET/Resource"
      }
    },
    "IsbRestApiconfigurationsPOSTApiPermissionInnovationSandboxComputeIsbRestApi0C9DF007POSTconfigurations37AC66DB": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "ConfigurationsLambdaFunctionBD1B5393",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              },
              "/POST/configurations"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/configurations/POST/ApiPermission.InnovationSandboxComputeIsbRestApi0C9DF007.POST..configurations"
      }
    },
    "IsbRestApiconfigurationsPOSTApiPermissionTestInnovationSandboxComputeIsbRestApi0C9DF007POSTconfigurationsB5CC3139": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "ConfigurationsLambdaFunctionBD1B5393",
            "Arn"
          ]
        },
        "Principal": "apigateway.amazonaws.com",
        "SourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":execute-api:",
              {
                "Ref": "AWS::Region"
              },
              ":",
              {
                "Ref": "AWS::AccountId"
              },
              ":",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/test-invoke-stage/POST/configurations"
            ]
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/configurations/POST/ApiPermission.Test.InnovationSandboxComputeIsbRestApi0C9DF007.POST..configurations"
      }
    },
    "IsbRestApiconfigurationsPOSTD70E362B": {
      "Type": "AWS::ApiGateway::Method",
      "Properties": {
        "AuthorizationType": "CUSTOM",
        "AuthorizerId": {
          "Ref": "AuthorizerBD825682"
        },
        "HttpMethod": "POST",
        "Integration": {
          "IntegrationHttpMethod": "POST",
          "Type": "AWS_PROXY",
          "Uri": {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":apigateway:",
                {
                  "Ref": "AWS::Region"
                },
                ":lambda:path/2015-03-31/functions/",
                {
                  "Fn::GetAtt": [
                    "ConfigurationsLambdaFunctionBD1B5393",
                    "Arn"
                  ]
                },
                "/invocations"
              ]
            ]
          }
        },
        "ResourceId": {
          "Ref": "IsbRestApiconfigurations6FE57EA4"
        },
        "RestApiId": {
          "Ref": "IsbRestApi377E2CC6"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Default/configurations/POST/Resource"
      }
    },
    "IsbRestApiWafIPSet5A3AFEFA": {
      "Type": "AWS::WAFv2::IPSet",
      "Properties": {
        "Addresses": {
          "Ref": "AllowListedIPRanges"
        },
        "IPAddressVersion": "IPV4",
        "Scope": "REGIONAL",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Waf/IPSet"
      }
    },
    "IsbRestApiWafWebAcl54DDDB1F": {
      "Type": "AWS::WAFv2::WebACL",
      "Properties": {
        "CustomResponseBodies": {
          "TooManyRequests": {
            "Content": "{\"message\":\"Too many requests\"}",
            "ContentType": "APPLICATION_JSON"
          }
        },
        "DefaultAction": {
          "Allow": {}
        },
        "Rules": [
          {
            "Action": {
              "Block": {}
            },
            "Name": "IsbAllowListRule",
            "Priority": 0,
            "Statement": {
              "NotStatement": {
                "Statement": {
                  "IPSetReferenceStatement": {
                    "Arn": {
                      "Fn::GetAtt": [
                        "IsbRestApiWafIPSet5A3AFEFA",
                        "Arn"
                      ]
                    },
                    "IPSetForwardedIPConfig": {
                      "FallbackBehavior": "NO_MATCH",
                      "HeaderName": "X-Forwarded-For",
                      "Position": "FIRST"
                    }
                  }
                }
              }
            },
            "VisibilityConfig": {
              "CloudWatchMetricsEnabled": true,
              "MetricName": "IsbAllowListRuleMetric",
              "SampledRequestsEnabled": true
            }
          },
          {
            "Action": {
              "Block": {
                "CustomResponse": {
                  "CustomResponseBodyKey": "TooManyRequests",
                  "ResponseCode": 429
                }
              }
            },
            "Name": "IsbRateLimitRule",
            "Priority": 1,
            "Statement": {
              "RateBasedStatement": {
                "AggregateKeyType": "FORWARDED_IP",
                "EvaluationWindowSec": 60,
                "ForwardedIPConfig": {
                  "FallbackBehavior": "MATCH",
                  "HeaderName": "X-Forwarded-For"
                },
                "Limit": 200
              }
            },
            "VisibilityConfig": {
              "CloudWatchMetricsEnabled": true,
              "MetricName": "IsbRateLimitRuleMetric",
              "SampledRequestsEnabled": true
            }
          },
          {
            "Name": "AWSManagedRulesCommonRuleSet",
            "OverrideAction": {
              "None": {}
            },
            "Priority": 2,
            "Statement": {
              "ManagedRuleGroupStatement": {
                "ExcludedRules": [
                  {
                    "Name": "SizeRestrictions_BODY"
                  },
                  {
                    "Name": "SizeRestrictions_QUERYSTRING"
                  },
                  {
                    "Name": "CrossSiteScripting_BODY"
                  }
                ],
                "Name": "AWSManagedRulesCommonRuleSet",
                "VendorName": "AWS"
              }
            },
            "VisibilityConfig": {
              "CloudWatchMetricsEnabled": true,
              "MetricName": "AWSManagedRulesCommonRuleSetMetric",
              "SampledRequestsEnabled": true
            }
          },
          {
            "Name": "AWSManagedRulesAmazonIpReputationList",
            "OverrideAction": {
              "None": {}
            },
            "Priority": 3,
            "Statement": {
              "ManagedRuleGroupStatement": {
                "Name": "AWSManagedRulesAmazonIpReputationList",
                "VendorName": "AWS"
              }
            },
            "VisibilityConfig": {
              "CloudWatchMetricsEnabled": true,
              "MetricName": "AWSManagedRulesAmazonIpReputationListMetric",
              "SampledRequestsEnabled": true
            }
          },
          {
            "Name": "AWSManagedRulesAnonymousIpList",
            "OverrideAction": {
              "None": {}
            },
            "Priority": 4,
            "Statement": {
              "ManagedRuleGroupStatement": {
                "Name": "AWSManagedRulesAnonymousIpList",
                "VendorName": "AWS"
              }
            },
            "VisibilityConfig": {
              "CloudWatchMetricsEnabled": true,
              "MetricName": "AWSManagedRulesAnonymousIpListMetric",
              "SampledRequestsEnabled": true
            }
          }
        ],
        "Scope": "REGIONAL",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "VisibilityConfig": {
          "CloudWatchMetricsEnabled": true,
          "MetricName": "IsbWebAclMetric",
          "SampledRequestsEnabled": true
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Waf/WebAcl"
      }
    },
    "IsbRestApiWafWebAclAssociation2A0E86C5": {
      "Type": "AWS::WAFv2::WebACLAssociation",
      "Properties": {
        "ResourceArn": {
          "Fn::Join": [
            "",
            [
              "arn:",
              {
                "Ref": "AWS::Partition"
              },
              ":apigateway:",
              {
                "Ref": "AWS::Region"
              },
              "::/restapis/",
              {
                "Ref": "IsbRestApi377E2CC6"
              },
              "/stages/",
              {
                "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
              }
            ]
          ]
        },
        "WebACLArn": {
          "Fn::GetAtt": [
            "IsbRestApiWafWebAcl54DDDB1F",
            "Arn"
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Waf/WebAclAssociation"
      }
    },
    "IsbRestApiWafWafLogGroup2DCE5310": {
      "Type": "AWS::Logs::LogGroup",
      "Properties": {
        "KmsKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "LogGroupName": {
          "Fn::Join": [
            "",
            [
              "aws-waf-logs-isb-",
              {
                "Ref": "Namespace"
              },
              "-blocked-requests"
            ]
          ]
        },
        "RetentionInDays": {
          "Fn::FindInMap": [
            "Mapping",
            "context",
            "cloudWatchLogRetentionInDays",
            {
              "DefaultValue": ""
            }
          ]
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Waf/WafLogGroup/Resource",
        "guard": {
          "SuppressedRules": [
            "CW_LOGGROUP_RETENTION_PERIOD_CHECK"
          ]
        }
      }
    },
    "IsbRestApiWafWafLogGroupPolicyResourcePolicy8B1646A9": {
      "Type": "AWS::Logs::ResourcePolicy",
      "Properties": {
        "PolicyDocument": {
          "Fn::Join": [
            "",
            [
              "{\"Statement\":[{\"Action\":[\"logs:CreateLogStream\",\"logs:PutLogEvents\"],\"Effect\":\"Allow\",\"Principal\":{\"Service\":\"wafv2.amazonaws.com\"},\"Resource\":\"",
              {
                "Fn::GetAtt": [
                  "IsbRestApiWafWafLogGroup2DCE5310",
                  "Arn"
                ]
              },
              "\"}],\"Version\":\"2012-10-17\"}"
            ]
          ]
        },
        "PolicyName": "InnovationSandboxComputeIsbRestApiWafWafLogGroupPolicy0557E49F"
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Waf/WafLogGroup/Policy/ResourcePolicy"
      }
    },
    "IsbRestApiWafWafLoggingConfiguration780FE8DA": {
      "Type": "AWS::WAFv2::LoggingConfiguration",
      "Properties": {
        "LogDestinationConfigs": [
          {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":logs:",
                {
                  "Ref": "AWS::Region"
                },
                ":",
                {
                  "Ref": "AWS::AccountId"
                },
                ":log-group:",
                {
                  "Ref": "IsbRestApiWafWafLogGroup2DCE5310"
                }
              ]
            ]
          }
        ],
        "LoggingFilter": {
          "DefaultBehavior": "DROP",
          "Filters": [
            {
              "Behavior": "KEEP",
              "Conditions": [
                {
                  "ActionCondition": {
                    "Action": "BLOCK"
                  }
                }
              ],
              "Requirement": "MEETS_ANY"
            }
          ]
        },
        "RedactedFields": [
          {
            "SingleHeader": {
              "Name": "Authorization"
            }
          }
        ],
        "ResourceArn": {
          "Fn::GetAtt": [
            "IsbRestApiWafWebAcl54DDDB1F",
            "Arn"
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Waf/WafLoggingConfiguration"
      }
    },
    "IsbRestApiWafWafBlockedRequestsAlarm78C2384C": {
      "Type": "AWS::CloudWatch::Alarm",
      "Properties": {
        "AlarmDescription": "Alert when WAF blocks requests to the Innovation Sandbox API - may indicate misconfigured WAF rules blocking legitimate users",
        "ComparisonOperator": "GreaterThanOrEqualToThreshold",
        "Dimensions": [
          {
            "Name": "Region",
            "Value": {
              "Ref": "AWS::Region"
            }
          },
          {
            "Name": "Rule",
            "Value": "ALL"
          },
          {
            "Name": "WebACL",
            "Value": {
              "Fn::Select": [
                0,
                {
                  "Fn::Split": [
                    "|",
                    {
                      "Ref": "IsbRestApiWafWebAcl54DDDB1F"
                    }
                  ]
                }
              ]
            }
          }
        ],
        "EvaluationPeriods": 1,
        "MetricName": "BlockedRequests",
        "Namespace": "AWS/WAFV2",
        "Period": 60,
        "Statistic": "Sum",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Threshold": 1,
        "TreatMissingData": "notBreaching"
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbRestApi/Waf/WafBlockedRequestsAlarm/Resource"
      }
    },
    "IdpCertC53FAE82": {
      "Type": "AWS::SecretsManager::Secret",
      "Properties": {
        "Description": "IAM Identity Center Certificate of the ISB SAML 2.0 custom app",
        "KmsKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "Name": {
          "Fn::Join": [
            "",
            [
              "/InnovationSandbox/",
              {
                "Ref": "Namespace"
              },
              "/Auth/IdpCert"
            ]
          ]
        },
        "SecretString": "Please paste the IAM Identity Center Certificate of the Innovation Sandbox SAML 2.0 custom application here",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IdpCert/Resource"
      }
    },
    "SsoHandlerFunctionRoleA9C67752": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/SsoHandler/FunctionRole/Resource"
      }
    },
    "SsoHandlerFunctionRoleDefaultPolicyD29168B4": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "IdcAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_Idc_Configuration"
                  ]
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "globalConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret"
              ],
              "Effect": "Allow",
              "Resource": {
                "Ref": "IdpCertC53FAE82"
              }
            },
            {
              "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret"
              ],
              "Effect": "Allow",
              "Resource": {
                "Ref": "JwtSecretB8834B39"
              }
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "SsoHandlerFunctionRoleDefaultPolicyD29168B4",
        "Roles": [
          {
            "Ref": "SsoHandlerFunctionRoleA9C67752"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/SsoHandler/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "SsoHandlerFunction8FE0A4A7": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.37c6894d89cdf699bf298be6b6a0560968f0657f21b51ee28c25bb3f637a2331.zip"
        },
        "Description": "Handles SSO operations",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "SsoHandler",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "JWT_SECRET_NAME": {
              "Fn::Join": [
                "",
                [
                  "/InnovationSandbox/",
                  {
                    "Ref": "Namespace"
                  },
                  "/Auth/JwtSecret"
                ]
              ]
            },
            "IDP_CERT_SECRET_NAME": {
              "Fn::Join": [
                "",
                [
                  "/InnovationSandbox/",
                  {
                    "Ref": "Namespace"
                  },
                  "/Auth/IdpCert"
                ]
              ]
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "IDC_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "IdcAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-IdcRole"
                ]
              ]
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "APP_CONFIG_APPLICATION_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configApplicationId"
              ]
            },
            "APP_CONFIG_ENVIRONMENT_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configEnvironmentId"
              ]
            },
            "APP_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "globalConfigConfigurationProfileId"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_PREFETCH_LIST": {
              "Fn::Join": [
                "",
                [
                  "/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "globalConfigConfigurationProfileId"
                    ]
                  }
                ]
              ]
            },
            "IDC_CONFIG_PARAM_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":ssm:",
                  {
                    "Ref": "AWS::Region"
                  },
                  ":",
                  {
                    "Ref": "IdcAccountId"
                  },
                  ":parameter/InnovationSandbox_",
                  {
                    "Ref": "Namespace"
                  },
                  "_Idc_Configuration"
                ]
              ]
            },
            "AWS_APPCONFIG_EXTENSION_POLL_INTERVAL_SECONDS": "10m",
            "AWS_APPCONFIG_EXTENSION_HTTP_PORT": "2772"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-SsoHandler-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          },
          {
            "Fn::FindInMap": [
              "AppConfigExtensionArnMap",
              {
                "Ref": "AWS::Region"
              },
              "arn"
            ]
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "SsoHandlerFunctionRoleA9C67752",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "SsoHandlerFunctionRoleDefaultPolicyD29168B4",
        "SsoHandlerFunctionRoleA9C67752"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/SsoHandler/Function/Resource",
        "aws:asset:path": "asset.37c6894d89cdf699bf298be6b6a0560968f0657f21b51ee28c25bb3f637a2331",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "LeasesLambdaFunctionFunctionRole8C813149": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeasesLambdaFunction/FunctionRole/Resource"
      }
    },
    "LeasesLambdaFunctionFunctionRoleDefaultPolicy3E670257": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "IdcAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_Idc_Configuration"
                  ]
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "OrgMgtAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_AccountPool_Configuration"
                  ]
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "globalConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "reportingConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": "events:PutEvents",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBEventBusD5514129",
                  "Arn"
                ]
              }
            },
            {
              "Action": "cloudformation:DescribeStackSet",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":cloudformation:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":stackset/*:*"
                  ]
                ]
              }
            },
            {
              "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret"
              ],
              "Effect": "Allow",
              "Resource": {
                "Ref": "JwtSecretB8834B39"
              }
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "cloudformation:DescribeStackSet",
                "cloudformation:ListStackInstances"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":cloudformation:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":stackset/*:*"
                  ]
                ]
              }
            },
            {
              "Action": "cloudformation:DeleteStackInstances",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":stackset/*:*"
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":stackset-target/*"
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":type/resource/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "LeasesLambdaFunctionFunctionRoleDefaultPolicy3E670257",
        "Roles": [
          {
            "Ref": "LeasesLambdaFunctionFunctionRole8C813149"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeasesLambdaFunction/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "LeasesLambdaFunction6133D88B": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.6d7bd7970f82a05c20fc897f518da55afc9bcafef16ae6f235f5c0a4863523c0.zip"
        },
        "Description": "Lambda used as API GW method integration for leases resources",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "JWT_SECRET_NAME": {
              "Fn::Join": [
                "",
                [
                  "/InnovationSandbox/",
                  {
                    "Ref": "Namespace"
                  },
                  "/Auth/JwtSecret"
                ]
              ]
            },
            "APP_CONFIG_APPLICATION_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configApplicationId"
              ]
            },
            "APP_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "globalConfigConfigurationProfileId"
              ]
            },
            "REPORTING_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "reportingConfigConfigurationProfileId"
              ]
            },
            "APP_CONFIG_ENVIRONMENT_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configEnvironmentId"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_PREFETCH_LIST": {
              "Fn::Join": [
                "",
                [
                  "/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "globalConfigConfigurationProfileId"
                    ]
                  },
                  ",/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "reportingConfigConfigurationProfileId"
                    ]
                  },
                  ","
                ]
              ]
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "ACCOUNT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "accountTable"
              ]
            },
            "LEASE_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "leaseTable"
              ]
            },
            "LEASE_TEMPLATE_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "leaseTemplateTable"
              ]
            },
            "ISB_EVENT_BUS": {
              "Ref": "ISBEventBusD5514129"
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "IDC_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "IdcAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-IdcRole"
                ]
              ]
            },
            "ORG_MGT_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-OrgMgtRole"
                ]
              ]
            },
            "BLUEPRINT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "blueprintTable"
              ]
            },
            "SANDBOX_ACCOUNT_ROLE_NAME": {
              "Fn::Join": [
                "",
                [
                  "InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-SandboxAccountRole"
                ]
              ]
            },
            "ACCOUNT_POOL_CONFIG_PARAM_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":ssm:",
                  {
                    "Ref": "AWS::Region"
                  },
                  ":",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":parameter/InnovationSandbox_",
                  {
                    "Ref": "Namespace"
                  },
                  "_AccountPool_Configuration"
                ]
              ]
            },
            "IDC_CONFIG_PARAM_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":ssm:",
                  {
                    "Ref": "AWS::Region"
                  },
                  ":",
                  {
                    "Ref": "IdcAccountId"
                  },
                  ":parameter/InnovationSandbox_",
                  {
                    "Ref": "Namespace"
                  },
                  "_Idc_Configuration"
                ]
              ]
            },
            "ORG_MGT_ACCOUNT_ID": {
              "Ref": "OrgMgtAccountId"
            },
            "HUB_ACCOUNT_ID": {
              "Ref": "AWS::AccountId"
            },
            "AWS_APPCONFIG_EXTENSION_POLL_INTERVAL_SECONDS": "10m",
            "AWS_APPCONFIG_EXTENSION_HTTP_PORT": "2772"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-LeasesLambdaFunction-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          },
          {
            "Fn::FindInMap": [
              "AppConfigExtensionArnMap",
              {
                "Ref": "AWS::Region"
              },
              "arn"
            ]
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "LeasesLambdaFunctionFunctionRole8C813149",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "LeasesLambdaFunctionFunctionRoleDefaultPolicy3E670257",
        "LeasesLambdaFunctionFunctionRole8C813149"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeasesLambdaFunction/Function/Resource",
        "aws:asset:path": "asset.6d7bd7970f82a05c20fc897f518da55afc9bcafef16ae6f235f5c0a4863523c0",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "LeasesLambdaFunctionIsbDbTableReadWrite68C6437B": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTemplateTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTemplateTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadWriteAccess",
        "Roles": [
          {
            "Ref": "LeasesLambdaFunctionFunctionRole8C813149"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeasesLambdaFunction-IsbDbTableReadWrite/Resource"
      }
    },
    "LeaseTemplatesLambdaFunctionFunctionRoleC7543D26": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeaseTemplatesLambdaFunction/FunctionRole/Resource"
      }
    },
    "LeaseTemplatesLambdaFunctionFunctionRoleDefaultPolicy67EAD3ED": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":appconfig:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":application/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configApplicationId"
                        ]
                      },
                      "/environment/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configEnvironmentId"
                        ]
                      },
                      "/configuration/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "globalConfigConfigurationProfileId"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":appconfig:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":application/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configApplicationId"
                        ]
                      },
                      "/environment/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "configEnvironmentId"
                        ]
                      },
                      "/configuration/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "reportingConfigConfigurationProfileId"
                        ]
                      }
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret"
              ],
              "Effect": "Allow",
              "Resource": {
                "Ref": "JwtSecretB8834B39"
              }
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "LeaseTemplatesLambdaFunctionFunctionRoleDefaultPolicy67EAD3ED",
        "Roles": [
          {
            "Ref": "LeaseTemplatesLambdaFunctionFunctionRoleC7543D26"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeaseTemplatesLambdaFunction/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "LeaseTemplatesLambdaFunction2965B8D5": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.047eea803fa2538a7214aec62787beecf1286500841916f83cb7e3559ca18341.zip"
        },
        "Description": "Lambda used as API GW method integration for lease-templates resources",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "JWT_SECRET_NAME": {
              "Fn::Join": [
                "",
                [
                  "/InnovationSandbox/",
                  {
                    "Ref": "Namespace"
                  },
                  "/Auth/JwtSecret"
                ]
              ]
            },
            "APP_CONFIG_APPLICATION_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configApplicationId"
              ]
            },
            "APP_CONFIG_ENVIRONMENT_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configEnvironmentId"
              ]
            },
            "APP_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "globalConfigConfigurationProfileId"
              ]
            },
            "REPORTING_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "reportingConfigConfigurationProfileId"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_PREFETCH_LIST": {
              "Fn::Join": [
                "",
                [
                  "/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "globalConfigConfigurationProfileId"
                    ]
                  },
                  ",/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "reportingConfigConfigurationProfileId"
                    ]
                  }
                ]
              ]
            },
            "LEASE_TEMPLATE_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "leaseTemplateTable"
              ]
            },
            "BLUEPRINT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "blueprintTable"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_POLL_INTERVAL_SECONDS": "10m",
            "AWS_APPCONFIG_EXTENSION_HTTP_PORT": "2772"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-LeaseTemplatesLambdaFunction-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          },
          {
            "Fn::FindInMap": [
              "AppConfigExtensionArnMap",
              {
                "Ref": "AWS::Region"
              },
              "arn"
            ]
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "LeaseTemplatesLambdaFunctionFunctionRoleC7543D26",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "LeaseTemplatesLambdaFunctionFunctionRoleDefaultPolicy67EAD3ED",
        "LeaseTemplatesLambdaFunctionFunctionRoleC7543D26"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeaseTemplatesLambdaFunction/Function/Resource",
        "aws:asset:path": "asset.047eea803fa2538a7214aec62787beecf1286500841916f83cb7e3559ca18341",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "LeaseTemplatesLambdaFunctionIsbDbTableReadWriteE2959C86": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTemplateTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTemplateTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadWriteAccess",
        "Roles": [
          {
            "Ref": "LeaseTemplatesLambdaFunctionFunctionRoleC7543D26"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeaseTemplatesLambdaFunction-IsbDbTableReadWrite/Resource"
      }
    },
    "LeaseTemplatesLambdaFunctionIsbDbTableReadOnly0A30EBFF": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadOnlyAccess",
        "Roles": [
          {
            "Ref": "LeaseTemplatesLambdaFunctionFunctionRoleC7543D26"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LeaseTemplatesLambdaFunction-IsbDbTableReadOnly/Resource"
      }
    },
    "AccountsLambdaFunctionFunctionRole3A22EFEC": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountsLambdaFunction/FunctionRole/Resource"
      }
    },
    "AccountsLambdaFunctionFunctionRoleDefaultPolicy067BE69C": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "IdcAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_Idc_Configuration"
                  ]
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "OrgMgtAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_AccountPool_Configuration"
                  ]
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "globalConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": "events:PutEvents",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBEventBusD5514129",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret"
              ],
              "Effect": "Allow",
              "Resource": {
                "Ref": "JwtSecretB8834B39"
              }
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "cloudformation:DescribeStackSet",
                "cloudformation:ListStackInstances"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":cloudformation:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":stackset/*:*"
                  ]
                ]
              }
            },
            {
              "Action": "cloudformation:DeleteStackInstances",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":stackset/*:*"
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":stackset-target/*"
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":cloudformation:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":type/resource/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AccountsLambdaFunctionFunctionRoleDefaultPolicy067BE69C",
        "Roles": [
          {
            "Ref": "AccountsLambdaFunctionFunctionRole3A22EFEC"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountsLambdaFunction/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "AccountsLambdaFunction47AFACD2": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.573e303ad210993b56f48b88b1bb8df01b5048be5cfad9c03bc493193bc12456.zip"
        },
        "Description": "Lambda used as API GW method integration for account resources",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "JWT_SECRET_NAME": {
              "Fn::Join": [
                "",
                [
                  "/InnovationSandbox/",
                  {
                    "Ref": "Namespace"
                  },
                  "/Auth/JwtSecret"
                ]
              ]
            },
            "APP_CONFIG_APPLICATION_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configApplicationId"
              ]
            },
            "APP_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "globalConfigConfigurationProfileId"
              ]
            },
            "APP_CONFIG_ENVIRONMENT_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configEnvironmentId"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_PREFETCH_LIST": {
              "Fn::Join": [
                "",
                [
                  "/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "globalConfigConfigurationProfileId"
                    ]
                  }
                ]
              ]
            },
            "ACCOUNT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "accountTable"
              ]
            },
            "LEASE_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "leaseTable"
              ]
            },
            "BLUEPRINT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "blueprintTable"
              ]
            },
            "SANDBOX_ACCOUNT_ROLE_NAME": {
              "Fn::Join": [
                "",
                [
                  "InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-SandboxAccountRole"
                ]
              ]
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "ORG_MGT_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-OrgMgtRole"
                ]
              ]
            },
            "IDC_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "IdcAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-IdcRole"
                ]
              ]
            },
            "ACCOUNT_POOL_CONFIG_PARAM_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":ssm:",
                  {
                    "Ref": "AWS::Region"
                  },
                  ":",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":parameter/InnovationSandbox_",
                  {
                    "Ref": "Namespace"
                  },
                  "_AccountPool_Configuration"
                ]
              ]
            },
            "IDC_CONFIG_PARAM_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":ssm:",
                  {
                    "Ref": "AWS::Region"
                  },
                  ":",
                  {
                    "Ref": "IdcAccountId"
                  },
                  ":parameter/InnovationSandbox_",
                  {
                    "Ref": "Namespace"
                  },
                  "_Idc_Configuration"
                ]
              ]
            },
            "ISB_EVENT_BUS": {
              "Ref": "ISBEventBusD5514129"
            },
            "ORG_MGT_ACCOUNT_ID": {
              "Ref": "OrgMgtAccountId"
            },
            "IDC_ACCOUNT_ID": {
              "Ref": "IdcAccountId"
            },
            "HUB_ACCOUNT_ID": {
              "Ref": "AWS::AccountId"
            },
            "AWS_APPCONFIG_EXTENSION_POLL_INTERVAL_SECONDS": "10m",
            "AWS_APPCONFIG_EXTENSION_HTTP_PORT": "2772"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-AccountsLambdaFunction-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          },
          {
            "Fn::FindInMap": [
              "AppConfigExtensionArnMap",
              {
                "Ref": "AWS::Region"
              },
              "arn"
            ]
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "AccountsLambdaFunctionFunctionRole3A22EFEC",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "AccountsLambdaFunctionFunctionRoleDefaultPolicy067BE69C",
        "AccountsLambdaFunctionFunctionRole3A22EFEC"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountsLambdaFunction/Function/Resource",
        "aws:asset:path": "asset.573e303ad210993b56f48b88b1bb8df01b5048be5cfad9c03bc493193bc12456",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "AccountsLambdaFunctionIsbDbTableReadWrite5A96FF7F": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadWriteAccess",
        "Roles": [
          {
            "Ref": "AccountsLambdaFunctionFunctionRole3A22EFEC"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AccountsLambdaFunction-IsbDbTableReadWrite/Resource"
      }
    },
    "BlueprintsLambdaFunctionFunctionRoleE6A626CE": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintsLambdaFunction/FunctionRole/Resource"
      }
    },
    "BlueprintsLambdaFunctionFunctionRoleDefaultPolicy1A29AFF1": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "globalConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": "cloudformation:DescribeStackSet",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":cloudformation:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":stackset/*:*"
                  ]
                ]
              }
            },
            {
              "Action": "cloudformation:ListStackSets",
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret"
              ],
              "Effect": "Allow",
              "Resource": {
                "Ref": "JwtSecretB8834B39"
              }
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "BlueprintsLambdaFunctionFunctionRoleDefaultPolicy1A29AFF1",
        "Roles": [
          {
            "Ref": "BlueprintsLambdaFunctionFunctionRoleE6A626CE"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintsLambdaFunction/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "BlueprintsLambdaFunction92CE4466": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.a0010a24b42f03e444f40d6acfc8ec53f52d2b457902ab582ec92356fa325858.zip"
        },
        "Description": "Lambda used as API GW method integration for blueprints resources",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "JWT_SECRET_NAME": {
              "Fn::Join": [
                "",
                [
                  "/InnovationSandbox/",
                  {
                    "Ref": "Namespace"
                  },
                  "/Auth/JwtSecret"
                ]
              ]
            },
            "APP_CONFIG_APPLICATION_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configApplicationId"
              ]
            },
            "APP_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "globalConfigConfigurationProfileId"
              ]
            },
            "APP_CONFIG_ENVIRONMENT_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configEnvironmentId"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_PREFETCH_LIST": {
              "Fn::Join": [
                "",
                [
                  "/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "globalConfigConfigurationProfileId"
                    ]
                  }
                ]
              ]
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "BLUEPRINT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "blueprintTable"
              ]
            },
            "LEASE_TEMPLATE_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "leaseTemplateTable"
              ]
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "SANDBOX_ACCOUNT_ROLE_NAME": {
              "Fn::Join": [
                "",
                [
                  "InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-SandboxAccountRole"
                ]
              ]
            },
            "ORG_MGT_ACCOUNT_ID": {
              "Ref": "OrgMgtAccountId"
            },
            "HUB_ACCOUNT_ID": {
              "Ref": "AWS::AccountId"
            },
            "AWS_APPCONFIG_EXTENSION_POLL_INTERVAL_SECONDS": "10m",
            "AWS_APPCONFIG_EXTENSION_HTTP_PORT": "2772"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-BlueprintsLambdaFunction-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          },
          {
            "Fn::FindInMap": [
              "AppConfigExtensionArnMap",
              {
                "Ref": "AWS::Region"
              },
              "arn"
            ]
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "BlueprintsLambdaFunctionFunctionRoleE6A626CE",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "BlueprintsLambdaFunctionFunctionRoleDefaultPolicy1A29AFF1",
        "BlueprintsLambdaFunctionFunctionRoleE6A626CE"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintsLambdaFunction/Function/Resource",
        "aws:asset:path": "asset.a0010a24b42f03e444f40d6acfc8ec53f52d2b457902ab582ec92356fa325858",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "BlueprintsLambdaFunctionIsbDbTableReadWrite685D08DC": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem",
                "dynamodb:BatchWriteItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTemplateTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTemplateTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadWriteAccess",
        "Roles": [
          {
            "Ref": "BlueprintsLambdaFunctionFunctionRoleE6A626CE"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/BlueprintsLambdaFunction-IsbDbTableReadWrite/Resource"
      }
    },
    "ConfigurationsLambdaFunctionFunctionRole3EA8ADFC": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/ConfigurationsLambdaFunction/FunctionRole/Resource"
      }
    },
    "ConfigurationsLambdaFunctionFunctionRoleDefaultPolicy2216B975": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "globalConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "reportingConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "OrgMgtAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_AccountPool_Configuration"
                  ]
                ]
              }
            },
            {
              "Action": [
                "secretsmanager:GetSecretValue",
                "secretsmanager:DescribeSecret"
              ],
              "Effect": "Allow",
              "Resource": {
                "Ref": "JwtSecretB8834B39"
              }
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "ConfigurationsLambdaFunctionFunctionRoleDefaultPolicy2216B975",
        "Roles": [
          {
            "Ref": "ConfigurationsLambdaFunctionFunctionRole3EA8ADFC"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/ConfigurationsLambdaFunction/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "ConfigurationsLambdaFunctionBD1B5393": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.7f897023f6af079678e90ce269f85371b09015891f983996ddcda2f9de3c4206.zip"
        },
        "Description": "Lambda used as API GW method integration for configurations resources",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "JWT_SECRET_NAME": {
              "Fn::Join": [
                "",
                [
                  "/InnovationSandbox/",
                  {
                    "Ref": "Namespace"
                  },
                  "/Auth/JwtSecret"
                ]
              ]
            },
            "APP_CONFIG_APPLICATION_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configApplicationId"
              ]
            },
            "APP_CONFIG_ENVIRONMENT_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configEnvironmentId"
              ]
            },
            "APP_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "globalConfigConfigurationProfileId"
              ]
            },
            "REPORTING_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "reportingConfigConfigurationProfileId"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_PREFETCH_LIST": {
              "Fn::Join": [
                "",
                [
                  "/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "globalConfigConfigurationProfileId"
                    ]
                  },
                  ",/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "reportingConfigConfigurationProfileId"
                    ]
                  }
                ]
              ]
            },
            "ACCOUNT_POOL_CONFIG_PARAM_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":ssm:",
                  {
                    "Ref": "AWS::Region"
                  },
                  ":",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":parameter/InnovationSandbox_",
                  {
                    "Ref": "Namespace"
                  },
                  "_AccountPool_Configuration"
                ]
              ]
            },
            "AWS_APPCONFIG_EXTENSION_POLL_INTERVAL_SECONDS": "10m",
            "AWS_APPCONFIG_EXTENSION_HTTP_PORT": "2772"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-ConfigurationsLambdaFunction-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          },
          {
            "Fn::FindInMap": [
              "AppConfigExtensionArnMap",
              {
                "Ref": "AWS::Region"
              },
              "arn"
            ]
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "ConfigurationsLambdaFunctionFunctionRole3EA8ADFC",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "ConfigurationsLambdaFunctionFunctionRoleDefaultPolicy2216B975",
        "ConfigurationsLambdaFunctionFunctionRole3EA8ADFC"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/ConfigurationsLambdaFunction/Function/Resource",
        "aws:asset:path": "asset.7f897023f6af079678e90ce269f85371b09015891f983996ddcda2f9de3c4206",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "CloudFrontUiApiIsbFrontEndBucket1A358E74": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "BucketEncryption": {
          "ServerSideEncryptionConfiguration": [
            {
              "ServerSideEncryptionByDefault": {
                "KMSMasterKeyID": {
                  "Fn::GetAtt": [
                    "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                    "Arn"
                  ]
                },
                "SSEAlgorithm": "aws:kms"
              }
            }
          ]
        },
        "OwnershipControls": {
          "Rules": [
            {
              "ObjectOwnership": "ObjectWriter"
            }
          ]
        },
        "PublicAccessBlockConfiguration": {
          "BlockPublicAcls": true,
          "BlockPublicPolicy": true,
          "IgnorePublicAcls": true,
          "RestrictPublicBuckets": true
        },
        "Tags": [
          {
            "Key": "aws-cdk:cr-owned:c2f85297",
            "Value": "true"
          },
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "VersioningConfiguration": {
          "Status": "Enabled"
        }
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/IsbFrontEndBucket/Resource",
        "guard": {
          "SuppressedRules": [
            "S3_BUCKET_LOGGING_ENABLED"
          ]
        }
      }
    },
    "CloudFrontUiApiIsbFrontEndBucketPolicyC6425170": {
      "Type": "AWS::S3::BucketPolicy",
      "Properties": {
        "Bucket": {
          "Ref": "CloudFrontUiApiIsbFrontEndBucket1A358E74"
        },
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "s3:*",
              "Condition": {
                "Bool": {
                  "aws:SecureTransport": "false"
                }
              },
              "Effect": "Deny",
              "Principal": {
                "AWS": "*"
              },
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "CloudFrontUiApiIsbFrontEndBucket1A358E74",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "CloudFrontUiApiIsbFrontEndBucket1A358E74",
                          "Arn"
                        ]
                      },
                      "/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": "s3:GetObject",
              "Condition": {
                "StringEquals": {
                  "AWS:SourceArn": {
                    "Fn::Join": [
                      "",
                      [
                        "arn:",
                        {
                          "Ref": "AWS::Partition"
                        },
                        ":cloudfront::",
                        {
                          "Ref": "AWS::AccountId"
                        },
                        ":distribution/",
                        {
                          "Ref": "CloudFrontUiApiIsbCloudFrontDistributionA7327667"
                        }
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "Service": "cloudfront.amazonaws.com"
              },
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    {
                      "Fn::GetAtt": [
                        "CloudFrontUiApiIsbFrontEndBucket1A358E74",
                        "Arn"
                      ]
                    },
                    "/*"
                  ]
                ]
              }
            },
            {
              "Action": "s3:GetObject",
              "Condition": {
                "StringEquals": {
                  "AWS:SourceArn": {
                    "Fn::Join": [
                      "",
                      [
                        "arn:aws:cloudfront::",
                        {
                          "Ref": "AWS::AccountId"
                        },
                        ":distribution/",
                        {
                          "Ref": "CloudFrontUiApiIsbCloudFrontDistributionA7327667"
                        }
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "Service": "cloudfront.amazonaws.com"
              },
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    {
                      "Fn::GetAtt": [
                        "CloudFrontUiApiIsbFrontEndBucket1A358E74",
                        "Arn"
                      ]
                    },
                    "/*"
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/IsbFrontEndBucket/Policy/Resource"
      }
    },
    "CloudFrontUiApiIsbFrontEndAccessLogsBucketB8ACDB31": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "BucketEncryption": {
          "ServerSideEncryptionConfiguration": [
            {
              "ServerSideEncryptionByDefault": {
                "KMSMasterKeyID": {
                  "Fn::GetAtt": [
                    "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                    "Arn"
                  ]
                },
                "SSEAlgorithm": "aws:kms"
              }
            }
          ]
        },
        "LifecycleConfiguration": {
          "Rules": [
            {
              "ExpirationInDays": {
                "Fn::FindInMap": [
                  "Mapping",
                  "context",
                  "s3LogsGlacierRetentionInDays",
                  {
                    "DefaultValue": ""
                  }
                ]
              },
              "Status": "Enabled",
              "Transitions": [
                {
                  "StorageClass": "GLACIER",
                  "TransitionInDays": {
                    "Fn::FindInMap": [
                      "Mapping",
                      "context",
                      "s3LogsArchiveRetentionInDays",
                      {
                        "DefaultValue": ""
                      }
                    ]
                  }
                }
              ]
            }
          ]
        },
        "OwnershipControls": {
          "Rules": [
            {
              "ObjectOwnership": "ObjectWriter"
            }
          ]
        },
        "PublicAccessBlockConfiguration": {
          "BlockPublicAcls": true,
          "BlockPublicPolicy": true,
          "IgnorePublicAcls": true,
          "RestrictPublicBuckets": true
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/IsbFrontEndAccessLogsBucket/Resource",
        "guard": {
          "SuppressedRules": [
            "S3_BUCKET_LOGGING_ENABLED"
          ]
        }
      },
      "Condition": "CloudFrontUiApiSupportsCloudFrontLoggingF1020F6E"
    },
    "CloudFrontUiApiIsbFrontEndAccessLogsBucketPolicyC5EC85B6": {
      "Type": "AWS::S3::BucketPolicy",
      "Properties": {
        "Bucket": {
          "Ref": "CloudFrontUiApiIsbFrontEndAccessLogsBucketB8ACDB31"
        },
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "s3:*",
              "Condition": {
                "Bool": {
                  "aws:SecureTransport": "false"
                }
              },
              "Effect": "Deny",
              "Principal": {
                "AWS": "*"
              },
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "CloudFrontUiApiIsbFrontEndAccessLogsBucketB8ACDB31",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "CloudFrontUiApiIsbFrontEndAccessLogsBucketB8ACDB31",
                          "Arn"
                        ]
                      },
                      "/*"
                    ]
                  ]
                }
              ]
            }
          ],
          "Version": "2012-10-17"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/IsbFrontEndAccessLogsBucket/Policy/Resource"
      },
      "Condition": "CloudFrontUiApiSupportsCloudFrontLoggingF1020F6E"
    },
    "CloudFrontUiApiIsbCloudFrontDistributionOac0A271AA8": {
      "Type": "AWS::CloudFront::OriginAccessControl",
      "Properties": {
        "OriginAccessControlConfig": {
          "Name": "IsbCloudFrontDistributionOac",
          "OriginAccessControlOriginType": "s3",
          "SigningBehavior": "always",
          "SigningProtocol": "sigv4"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/IsbCloudFrontDistributionOac/Resource"
      }
    },
    "CloudFrontUiApiIsbCloudFrontResponseHeadersPolicy524822A1": {
      "Type": "AWS::CloudFront::ResponseHeadersPolicy",
      "Properties": {
        "ResponseHeadersPolicyConfig": {
          "CustomHeadersConfig": {
            "Items": [
              {
                "Header": "Cache-Control",
                "Override": true,
                "Value": "no-store, no-cache"
              }
            ]
          },
          "Name": "InnovationSandboxComputeCloudFrontUiApiIsbCloudFrontResponseHeadersPolicy4E411193",
          "SecurityHeadersConfig": {
            "ContentSecurityPolicy": {
              "ContentSecurityPolicy": "upgrade-insecure-requests; default-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; img-src 'self' data:; font-src 'self' data:; connect-src 'self' https://api.github.com; manifest-src 'self'; frame-ancestors 'none'; base-uri 'none';",
              "Override": true
            },
            "ContentTypeOptions": {
              "Override": true
            },
            "FrameOptions": {
              "FrameOption": "DENY",
              "Override": true
            },
            "ReferrerPolicy": {
              "Override": true,
              "ReferrerPolicy": "no-referrer"
            },
            "StrictTransportSecurity": {
              "AccessControlMaxAgeSec": 46656000,
              "IncludeSubdomains": true,
              "Override": true
            }
          }
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/IsbCloudFrontResponseHeadersPolicy/Resource"
      }
    },
    "CloudFrontUiApiIsbApiCloudFrontResponseHeadersPolicy0C690633": {
      "Type": "AWS::CloudFront::ResponseHeadersPolicy",
      "Properties": {
        "ResponseHeadersPolicyConfig": {
          "CustomHeadersConfig": {
            "Items": [
              {
                "Header": "Cache-Control",
                "Override": true,
                "Value": "no-store, no-cache"
              }
            ]
          },
          "Name": "InnovationSandboxComputeCloudFrontUiApiIsbApiCloudFrontResponseHeadersPolicy496A8940",
          "SecurityHeadersConfig": {
            "ContentTypeOptions": {
              "Override": true
            }
          }
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/IsbApiCloudFrontResponseHeadersPolicy/Resource"
      }
    },
    "CloudFrontUiApiIsbPathRewriteCloudFrontFunction646416CD": {
      "Type": "AWS::CloudFront::Function",
      "Properties": {
        "AutoPublish": true,
        "FunctionCode": "\n          function handler (event) {\n            const request = event.request;\n            const uri = request.uri;\n            const cfPrefix = \"/api\"\n            if (uri.startsWith(cfPrefix)) {\n              request.uri = uri.replace(cfPrefix, \"\");\n            }\n            return request;\n          }\n      ",
        "FunctionConfig": {
          "Comment": "IsbPathRewriteCloudFrontFunction",
          "Runtime": "cloudfront-js-2.0"
        },
        "Name": "IsbPathRewriteCloudFrontFunction",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/IsbPathRewriteCloudFrontFunction/Resource"
      }
    },
    "CloudFrontUiApiIsbS3OriginPathRedirectCloudFrontFunctionDB601A75": {
      "Type": "AWS::CloudFront::Function",
      "Properties": {
        "AutoPublish": true,
        "FunctionCode": "\n          function handler(event) {\n            const request = event.request;\n            const hasType = request.uri.split(/\\#|\\?/)[0].split(\".\").length >= 2;\n            if (hasType) return request;\n            request.uri = \"/index.html\";\n            return request;\n          }\n      ",
        "FunctionConfig": {
          "Comment": "IsbS3OriginPathRedirectCloudFrontFunction",
          "Runtime": "cloudfront-js-2.0"
        },
        "Name": "IsbS3OriginPathRedirectCloudFrontFunction",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/IsbS3OriginPathRedirectCloudFrontFunction/Resource"
      }
    },
    "CloudFrontUiApiIsbCloudFrontDistributionA7327667": {
      "Type": "AWS::CloudFront::Distribution",
      "Properties": {
        "DistributionConfig": {
          "CacheBehaviors": [
            {
              "AllowedMethods": [
                "GET",
                "HEAD",
                "OPTIONS",
                "PUT",
                "PATCH",
                "POST",
                "DELETE"
              ],
              "CachePolicyId": "4135ea2d-6df8-44a3-9df3-4b5a84be39ad",
              "Compress": true,
              "FunctionAssociations": [
                {
                  "EventType": "viewer-request",
                  "FunctionARN": {
                    "Fn::GetAtt": [
                      "CloudFrontUiApiIsbPathRewriteCloudFrontFunction646416CD",
                      "FunctionARN"
                    ]
                  }
                }
              ],
              "OriginRequestPolicyId": "b689b0a8-53d0-40ab-baf2-68738e2966ac",
              "PathPattern": "/api/*",
              "ResponseHeadersPolicyId": {
                "Ref": "CloudFrontUiApiIsbApiCloudFrontResponseHeadersPolicy0C690633"
              },
              "TargetOriginId": "InnovationSandboxComputeCloudFrontUiApiIsbCloudFrontDistributionOrigin2A994B75A",
              "ViewerProtocolPolicy": "redirect-to-https"
            }
          ],
          "Comment": "ISB CloudFront Distribution",
          "DefaultCacheBehavior": {
            "AllowedMethods": [
              "GET",
              "HEAD",
              "OPTIONS",
              "PUT",
              "PATCH",
              "POST",
              "DELETE"
            ],
            "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
            "Compress": true,
            "FunctionAssociations": [
              {
                "EventType": "viewer-request",
                "FunctionARN": {
                  "Fn::GetAtt": [
                    "CloudFrontUiApiIsbS3OriginPathRedirectCloudFrontFunctionDB601A75",
                    "FunctionARN"
                  ]
                }
              }
            ],
            "ResponseHeadersPolicyId": {
              "Ref": "CloudFrontUiApiIsbCloudFrontResponseHeadersPolicy524822A1"
            },
            "TargetOriginId": "S3Origin",
            "ViewerProtocolPolicy": "redirect-to-https"
          },
          "DefaultRootObject": "index.html",
          "Enabled": true,
          "HttpVersion": "http2",
          "IPV6Enabled": false,
          "Logging": {
            "Fn::If": [
              "CloudFrontUiApiSupportsCloudFrontLoggingF1020F6E",
              {
                "Bucket": {
                  "Fn::GetAtt": [
                    "CloudFrontUiApiIsbFrontEndAccessLogsBucketB8ACDB31",
                    "DomainName"
                  ]
                },
                "IncludeCookies": true,
                "Prefix": "isb-fe-logs/"
              },
              {
                "Ref": "AWS::NoValue"
              }
            ]
          },
          "Origins": [
            {
              "DomainName": {
                "Fn::GetAtt": [
                  "CloudFrontUiApiIsbFrontEndBucket1A358E74",
                  "RegionalDomainName"
                ]
              },
              "Id": "S3Origin",
              "OriginAccessControlId": {
                "Fn::GetAtt": [
                  "CloudFrontUiApiIsbCloudFrontDistributionOac0A271AA8",
                  "Id"
                ]
              },
              "S3OriginConfig": {
                "OriginAccessIdentity": ""
              }
            },
            {
              "CustomOriginConfig": {
                "OriginProtocolPolicy": "https-only",
                "OriginSSLProtocols": [
                  "TLSv1.2"
                ]
              },
              "DomainName": {
                "Fn::Select": [
                  2,
                  {
                    "Fn::Split": [
                      "/",
                      {
                        "Fn::Join": [
                          "",
                          [
                            "https://",
                            {
                              "Ref": "IsbRestApi377E2CC6"
                            },
                            ".execute-api.",
                            {
                              "Ref": "AWS::Region"
                            },
                            ".",
                            {
                              "Ref": "AWS::URLSuffix"
                            },
                            "/",
                            {
                              "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
                            },
                            "/"
                          ]
                        ]
                      }
                    ]
                  }
                ]
              },
              "Id": "InnovationSandboxComputeCloudFrontUiApiIsbCloudFrontDistributionOrigin2A994B75A",
              "OriginPath": {
                "Fn::Join": [
                  "",
                  [
                    "/",
                    {
                      "Fn::Select": [
                        3,
                        {
                          "Fn::Split": [
                            "/",
                            {
                              "Fn::Join": [
                                "",
                                [
                                  "https://",
                                  {
                                    "Ref": "IsbRestApi377E2CC6"
                                  },
                                  ".execute-api.",
                                  {
                                    "Ref": "AWS::Region"
                                  },
                                  ".",
                                  {
                                    "Ref": "AWS::URLSuffix"
                                  },
                                  "/",
                                  {
                                    "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
                                  },
                                  "/"
                                ]
                              ]
                            }
                          ]
                        }
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "PriceClass": "PriceClass_All"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/IsbCloudFrontDistribution/Resource",
        "guard": {
          "SuppressedRules": [
            "CLOUDFRONT_MINIMUM_PROTOCOL_VERSION_RULE"
          ]
        }
      }
    },
    "CloudFrontUiApiDeployIsbFrontEndAwsCliLayerA79739D4": {
      "Type": "AWS::Lambda::LayerVersion",
      "Properties": {
        "Content": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.e2659170a0721541efa761a8d5d04d5e36cbbf691c4b15a9053002b7c825055d.zip"
        },
        "Description": "/opt/awscli/aws"
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/DeployIsbFrontEnd/AwsCliLayer/Resource",
        "aws:asset:path": "asset.e2659170a0721541efa761a8d5d04d5e36cbbf691c4b15a9053002b7c825055d.zip",
        "aws:asset:is-bundled": false,
        "aws:asset:property": "Content"
      }
    },
    "CloudFrontUiApiDeployIsbFrontEndCustomResource6D2B744F": {
      "Type": "Custom::CDKBucketDeployment",
      "Properties": {
        "ServiceToken": {
          "Fn::GetAtt": [
            "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536",
            "Arn"
          ]
        },
        "SourceBucketNames": [
          {
            "Fn::Sub": "solutions-${AWS::Region}"
          }
        ],
        "SourceObjectKeys": [
          "innovation-sandbox-on-aws/v1.2.9/asset.c9773ce0cdcc1652ca9170639be5151f64491156279c5006cfd1e39672045c22.zip"
        ],
        "DestinationBucketName": {
          "Ref": "CloudFrontUiApiIsbFrontEndBucket1A358E74"
        },
        "WaitForDistributionInvalidation": true,
        "Prune": true,
        "DistributionId": {
          "Ref": "CloudFrontUiApiIsbCloudFrontDistributionA7327667"
        },
        "DistributionPaths": [
          "/*"
        ],
        "OutputObjectKeys": true
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CloudFrontUiApi/DeployIsbFrontEnd/CustomResource/Default"
      }
    },
    "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "ManagedPolicyArns": [
          {
            "Fn::Join": [
              "",
              [
                "arn:",
                {
                  "Ref": "AWS::Partition"
                },
                ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
              ]
            ]
          }
        ],
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/Resource"
      }
    },
    "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "s3:GetObject*",
                "s3:GetBucket*",
                "s3:List*"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":s3:::",
                      {
                        "Fn::Sub": "solutions-${AWS::Region}"
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":s3:::",
                      {
                        "Fn::Sub": "solutions-${AWS::Region}"
                      },
                      "/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "s3:GetObject*",
                "s3:GetBucket*",
                "s3:List*",
                "s3:DeleteObject*",
                "s3:PutObject",
                "s3:PutObjectLegalHold",
                "s3:PutObjectRetention",
                "s3:PutObjectTagging",
                "s3:PutObjectVersionTagging",
                "s3:Abort*"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "CloudFrontUiApiIsbFrontEndBucket1A358E74",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "CloudFrontUiApiIsbFrontEndBucket1A358E74",
                          "Arn"
                        ]
                      },
                      "/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "cloudfront:GetInvalidation",
                "cloudfront:CreateInvalidation"
              ],
              "Effect": "Allow",
              "Resource": "*"
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF",
        "Roles": [
          {
            "Ref": "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/DefaultPolicy/Resource"
      }
    },
    "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9.zip"
        },
        "Environment": {
          "Variables": {
            "AWS_CA_BUNDLE": "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
          }
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "CloudFrontUiApiDeployIsbFrontEndAwsCliLayerA79739D4"
          }
        ],
        "LoggingConfig": {
          "LogGroup": {
            "Ref": "ISBLogGroupCustomResources63629E09"
          }
        },
        "Role": {
          "Fn::GetAtt": [
            "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265",
            "Arn"
          ]
        },
        "Runtime": "python3.13",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 900
      },
      "DependsOn": [
        "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF",
        "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Resource",
        "aws:asset:path": "asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9",
        "aws:asset:is-bundled": false,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "LogInsightsQueriesLogQuery845977A8": {
      "Type": "AWS::Logs::QueryDefinition",
      "Properties": {
        "LogGroupNames": [
          {
            "Ref": "ISBLogGroupE607F9A7"
          }
        ],
        "Name": {
          "Fn::Join": [
            "",
            [
              "ISB-",
              {
                "Ref": "Namespace"
              },
              "/LogQuery"
            ]
          ]
        },
        "QueryString": "# Innovation Sandbox Log Query\n# Remember to set the time range for this log query in the widget above\nfields @timestamp, @message\n# Replace /PasteReferenceIDHere/ with a reference ID such as an AWS Account ID,\n# Lease UUID, user email address, or other unique identifier\n| filter @message like /PasteReferenceIDHere/\n| filter isPresent(message) or isPresent(errorMessage) or isPresent(message.errorMessage)\n| filter level != 'DEBUG'\n| filter message != 'Lambda invocation event'\n| sort @timestamp desc\n| display @timestamp, concat(message, message.errorMessage, errorMessage) as msg"
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LogInsightsQueries/LogQuery"
      }
    },
    "LogInsightsQueriesErrorsLogsC86921EA": {
      "Type": "AWS::Logs::QueryDefinition",
      "Properties": {
        "LogGroupNames": [
          {
            "Ref": "ISBLogGroupE607F9A7"
          }
        ],
        "Name": {
          "Fn::Join": [
            "",
            [
              "ISB-",
              {
                "Ref": "Namespace"
              },
              "/ErrorLogs"
            ]
          ]
        },
        "QueryString": "# Innovation Sandbox Errors Query\n# View all errors and warnings that have been raised by the core operational\n# components of Innovation Sandbox\n# Remember to set the time range for this log query in the widget above\nfields @timestamp, @message, message.errorMessage\n| filter level = 'ERROR' or level = \"WARN\"\n| filter message != 'Lambda invocation event'\n| sort @timestamp desc\n| display @timestamp, level, concat(message, message.errorMessage, errorMessage) as msg"
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LogInsightsQueries/ErrorsLogs"
      }
    },
    "LogInsightsQueriesAccountCleanupLogsBCC2CA19": {
      "Type": "AWS::Logs::QueryDefinition",
      "Properties": {
        "LogGroupNames": [
          {
            "Ref": "ISBLogGroupCleanup485A102F"
          }
        ],
        "Name": {
          "Fn::Join": [
            "",
            [
              "ISB-",
              {
                "Ref": "Namespace"
              },
              "/AccountCleanupLogs"
            ]
          ]
        },
        "QueryString": "# Innovation Sandbox Account Cleanup Logs\n# View all logs from the account cleanup process for a given state machine execution id.\n# Results show resource deletion failures that occurred and aws nuke summary logs.\n# Remember to set the time range for this log query in the widget above\nfields @timestamp, type as resourceType, owner as region, name, msg\n# Replace /PasteStateMachineExecutionIdHere/ with the account cleanup state machine execution id for the account under investigation.\n| filter @logStream like /PasteStateMachineExecutionIdHere/\n| filter # Comment out this filter to see all logs from the state machine execution.\n  component = \"libnuke\"\n   or state = \"failed\"\n| sort @timestamp desc\n| sort time desc"
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LogInsightsQueries/AccountCleanupLogs"
      }
    },
    "AnonymizedMetricsReportingFunctionFunctionRole3FADEEB2": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/ReportingFunction/FunctionRole/Resource"
      }
    },
    "AnonymizedMetricsReportingFunctionFunctionRoleDefaultPolicy1B30EFB0": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "globalConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": [
                "appconfig:StartConfigurationSession",
                "appconfig:GetLatestConfiguration"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":appconfig:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":application/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configApplicationId"
                      ]
                    },
                    "/environment/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "configEnvironmentId"
                      ]
                    },
                    "/configuration/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "reportingConfigConfigurationProfileId"
                      ]
                    }
                  ]
                ]
              }
            },
            {
              "Action": "ssm:GetParameter",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":ssm:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "OrgMgtAccountId"
                    },
                    ":parameter/InnovationSandbox_",
                    {
                      "Ref": "Namespace"
                    },
                    "_AccountPool_Configuration"
                  ]
                ]
              }
            },
            {
              "Action": "cloudformation:GetTemplateSummary",
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":cloudformation:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":stackset/*"
                  ]
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AnonymizedMetricsReportingFunctionFunctionRoleDefaultPolicy1B30EFB0",
        "Roles": [
          {
            "Ref": "AnonymizedMetricsReportingFunctionFunctionRole3FADEEB2"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/ReportingFunction/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "AnonymizedMetricsReportingFunctionB13E720A": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.f76fd3761a64ce895329e612a3aca13fe8dfb5d5242ec58d97b3f7fce3c2241b.zip"
        },
        "Description": "Periodic heartbeat lambda for summarizing the solution deployment",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "METRICS_URL": "https://metrics.awssolutionsbuilder.com/generic",
            "SOLUTION_ID": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "solutionId",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "SOLUTION_VERSION": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "version",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "METRICS_UUID": {
              "Fn::GetAtt": [
                "DeploymentUUIDLambdaFunctionIsbCustomResourceE707861E",
                "DeploymentUUID"
              ]
            },
            "HUB_ACCOUNT_ID": {
              "Ref": "AWS::AccountId"
            },
            "ORG_MGT_ACCOUNT_ID": {
              "Ref": "OrgMgtAccountId"
            },
            "ACCOUNT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "accountTable"
              ]
            },
            "LEASE_TEMPLATE_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "leaseTemplateTable"
              ]
            },
            "BLUEPRINT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "blueprintTable"
              ]
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "ORG_MGT_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-OrgMgtRole"
                ]
              ]
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "APP_CONFIG_APPLICATION_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configApplicationId"
              ]
            },
            "APP_CONFIG_ENVIRONMENT_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "configEnvironmentId"
              ]
            },
            "APP_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "globalConfigConfigurationProfileId"
              ]
            },
            "REPORTING_CONFIG_PROFILE_ID": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "reportingConfigConfigurationProfileId"
              ]
            },
            "AWS_APPCONFIG_EXTENSION_PREFETCH_LIST": {
              "Fn::Join": [
                "",
                [
                  "/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "globalConfigConfigurationProfileId"
                    ]
                  },
                  ",/applications/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configApplicationId"
                    ]
                  },
                  "/environments/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "configEnvironmentId"
                    ]
                  },
                  "/configurations/",
                  {
                    "Fn::GetAtt": [
                      "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                      "reportingConfigConfigurationProfileId"
                    ]
                  },
                  ","
                ]
              ]
            },
            "IS_STABLE_TAGGING_ENABLED": {
              "Ref": "UseStableTagging"
            },
            "ACCOUNT_POOL_CONFIG_PARAM_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":ssm:",
                  {
                    "Ref": "AWS::Region"
                  },
                  ":",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":parameter/InnovationSandbox_",
                  {
                    "Ref": "Namespace"
                  },
                  "_AccountPool_Configuration"
                ]
              ]
            },
            "AWS_APPCONFIG_EXTENSION_POLL_INTERVAL_SECONDS": "10m",
            "AWS_APPCONFIG_EXTENSION_HTTP_PORT": "2772"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-ReportingFunction-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          },
          {
            "Fn::FindInMap": [
              "AppConfigExtensionArnMap",
              {
                "Ref": "AWS::Region"
              },
              "arn"
            ]
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "ReservedConcurrentExecutions": 1,
        "Role": {
          "Fn::GetAtt": [
            "AnonymizedMetricsReportingFunctionFunctionRole3FADEEB2",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "AnonymizedMetricsReportingFunctionFunctionRoleDefaultPolicy1B30EFB0",
        "AnonymizedMetricsReportingFunctionFunctionRole3FADEEB2"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/ReportingFunction/Function/Resource",
        "aws:asset:path": "asset.f76fd3761a64ce895329e612a3aca13fe8dfb5d5242ec58d97b3f7fce3c2241b",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "AnonymizedMetricsReportingFunctionIsbDbTableReadOnly5A24E3F5": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTemplateTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTemplateTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "blueprintTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadOnlyAccess",
        "Roles": [
          {
            "Ref": "AnonymizedMetricsReportingFunctionFunctionRole3FADEEB2"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/ReportingFunction-IsbDbTableReadOnly/Resource"
      }
    },
    "AnonymizedMetricsLambdaInvokeRoleF931E38F": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "scheduler.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Description": "allows EventBridgeScheduler to invoke Innovation Sandbox's heartbeat metrics lambda",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/LambdaInvokeRole/Resource"
      }
    },
    "AnonymizedMetricsLambdaInvokeRoleDefaultPolicyC9FABACF": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "lambda:InvokeFunction",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "AnonymizedMetricsReportingFunctionB13E720A",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "AnonymizedMetricsReportingFunctionB13E720A",
                          "Arn"
                        ]
                      },
                      ":*"
                    ]
                  ]
                }
              ]
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AnonymizedMetricsLambdaInvokeRoleDefaultPolicyC9FABACF",
        "Roles": [
          {
            "Ref": "AnonymizedMetricsLambdaInvokeRoleF931E38F"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/LambdaInvokeRole/DefaultPolicy/Resource"
      }
    },
    "AnonymizedMetricsScheduledEventA5C9F868": {
      "Type": "AWS::Scheduler::Schedule",
      "Properties": {
        "Description": "triggers heartbeat metrics lambda to execute once per day",
        "FlexibleTimeWindow": {
          "MaximumWindowInMinutes": 60,
          "Mode": "FLEXIBLE"
        },
        "ScheduleExpression": "rate(1 day)",
        "Target": {
          "Arn": {
            "Fn::GetAtt": [
              "AnonymizedMetricsReportingFunctionB13E720A",
              "Arn"
            ]
          },
          "Input": "{\"action\":\"gather-metrics\"}",
          "RetryPolicy": {
            "MaximumRetryAttempts": 2
          },
          "RoleArn": {
            "Fn::GetAtt": [
              "AnonymizedMetricsLambdaInvokeRoleF931E38F",
              "Arn"
            ]
          }
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/ScheduledEvent"
      }
    },
    "AnonymizedMetricsLogMetricsLogProcessorFunctionRole755579AC": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/LogMetrics/LogProcessor/FunctionRole/Resource"
      }
    },
    "AnonymizedMetricsLogMetricsLogProcessorFunctionRoleDefaultPolicy51A815C2": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "AnonymizedMetricsLogMetricsLogProcessorFunctionRoleDefaultPolicy51A815C2",
        "Roles": [
          {
            "Ref": "AnonymizedMetricsLogMetricsLogProcessorFunctionRole755579AC"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/LogMetrics/LogProcessor/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "AnonymizedMetricsLogMetricsLogProcessorFunctionCC7E9605": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.fe6cce91c434f0158e633ab7ba280bbefed550f26d0b63f7240bd365e812b538.zip"
        },
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "METRICS_URL": "https://metrics.awssolutionsbuilder.com/generic",
            "SOLUTION_ID": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "solutionId",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "SOLUTION_VERSION": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "version",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "METRICS_UUID": {
              "Fn::GetAtt": [
                "DeploymentUUIDLambdaFunctionIsbCustomResourceE707861E",
                "DeploymentUUID"
              ]
            },
            "HUB_ACCOUNT_ID": {
              "Ref": "AWS::AccountId"
            }
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-LogProcessor-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "Role": {
          "Fn::GetAtt": [
            "AnonymizedMetricsLogMetricsLogProcessorFunctionRole755579AC",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 300,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "AnonymizedMetricsLogMetricsLogProcessorFunctionRoleDefaultPolicy51A815C2",
        "AnonymizedMetricsLogMetricsLogProcessorFunctionRole755579AC"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/LogMetrics/LogProcessor/Function/Resource",
        "aws:asset:path": "asset.fe6cce91c434f0158e633ab7ba280bbefed550f26d0b63f7240bd365e812b538",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "AnonymizedMetricsLogMetricsLogSubscriptionCanInvokeLambda4E714CE8": {
      "Type": "AWS::Lambda::Permission",
      "Properties": {
        "Action": "lambda:InvokeFunction",
        "FunctionName": {
          "Fn::GetAtt": [
            "AnonymizedMetricsLogMetricsLogProcessorFunctionCC7E9605",
            "Arn"
          ]
        },
        "Principal": "logs.amazonaws.com",
        "SourceArn": {
          "Fn::GetAtt": [
            "ISBLogGroupE607F9A7",
            "Arn"
          ]
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/LogMetrics/LogSubscription/CanInvokeLambda"
      }
    },
    "AnonymizedMetricsLogMetricsLogSubscription74C86A18": {
      "Type": "AWS::Logs::SubscriptionFilter",
      "Properties": {
        "DestinationArn": {
          "Fn::GetAtt": [
            "AnonymizedMetricsLogMetricsLogProcessorFunctionCC7E9605",
            "Arn"
          ]
        },
        "FilterPattern": "{ $.logDetailType = \"*\" }",
        "LogGroupName": {
          "Ref": "ISBLogGroupE607F9A7"
        }
      },
      "DependsOn": [
        "AnonymizedMetricsLogMetricsLogSubscriptionCanInvokeLambda4E714CE8"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/AnonymizedMetrics/LogMetrics/LogSubscription/Resource"
      }
    },
    "CostReportingLambdaFunctionRole7410FFF1": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CostReportingLambda/CostReportingLambda/FunctionRole/Resource"
      }
    },
    "CostReportingLambdaFunctionRoleDefaultPolicy62FE1881": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "CostReportingLambdaFunctionRoleDefaultPolicy62FE1881",
        "Roles": [
          {
            "Ref": "CostReportingLambdaFunctionRole7410FFF1"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CostReportingLambda/CostReportingLambda/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "CostReportingLambdaFunction2AD931B1": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.8e31a9769c72f2ef00dc0cbcae649c6517bc956679e28faef4ff4ea7752ebac5.zip"
        },
        "Description": "Scans the accounts and reports / logs aggregated monthly cost",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "ACCOUNT_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "accountTable"
              ]
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "ORG_MGT_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-OrgMgtRole"
                ]
              ]
            },
            "ISB_TAG_NAME": "aws-solutions:isb-id",
            "ISB_TAG_VALUE": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            },
            "IDC_ACCOUNT_ID": {
              "Ref": "IdcAccountId"
            },
            "ORG_MGT_ACCOUNT_ID": {
              "Ref": "OrgMgtAccountId"
            },
            "HUB_ACCOUNT_ID": {
              "Ref": "AWS::AccountId"
            }
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-CostReportingLambda-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "ReservedConcurrentExecutions": 1,
        "Role": {
          "Fn::GetAtt": [
            "CostReportingLambdaFunctionRole7410FFF1",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "CostReportingLambdaFunctionRoleDefaultPolicy62FE1881",
        "CostReportingLambdaFunctionRole7410FFF1"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CostReportingLambda/CostReportingLambda/Function/Resource",
        "aws:asset:path": "asset.8e31a9769c72f2ef00dc0cbcae649c6517bc956679e28faef4ff4ea7752ebac5",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "CostReportingLambdaInvokeRole508E505A": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "scheduler.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Description": "allows EventBridgeScheduler to invoke Innovation Sandbox's CostMonitoring lambda",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CostReportingLambdaInvokeRole/Resource"
      }
    },
    "CostReportingLambdaInvokeRoleDefaultPolicy98A4092D": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "lambda:InvokeFunction",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "CostReportingLambdaFunction2AD931B1",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "CostReportingLambdaFunction2AD931B1",
                          "Arn"
                        ]
                      },
                      ":*"
                    ]
                  ]
                }
              ]
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "CostReportingLambdaInvokeRoleDefaultPolicy98A4092D",
        "Roles": [
          {
            "Ref": "CostReportingLambdaInvokeRole508E505A"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CostReportingLambdaInvokeRole/DefaultPolicy/Resource"
      }
    },
    "CostReportingLambdaIsbDbTableReadOnlyADD8E406": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "accountTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadOnlyAccess",
        "Roles": [
          {
            "Ref": "CostReportingLambdaFunctionRole7410FFF1"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CostReportingLambda-IsbDbTableReadOnly/Resource"
      }
    },
    "CostReportingScheduledEvent": {
      "Type": "AWS::Scheduler::Schedule",
      "Properties": {
        "Description": "triggers Cost Monitoring on the forth day of every month",
        "FlexibleTimeWindow": {
          "MaximumWindowInMinutes": 360,
          "Mode": "FLEXIBLE"
        },
        "ScheduleExpression": "cron(25 1 4 * ? *)",
        "Target": {
          "Arn": {
            "Fn::GetAtt": [
              "CostReportingLambdaFunction2AD931B1",
              "Arn"
            ]
          },
          "RetryPolicy": {
            "MaximumRetryAttempts": 5
          },
          "RoleArn": {
            "Fn::GetAtt": [
              "CostReportingLambdaInvokeRole508E505A",
              "Arn"
            ]
          }
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CostReportingScheduledEvent"
      }
    },
    "GroupCostReportingLambdaGroupCostReportingBucketF096C1FB": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "BucketEncryption": {
          "ServerSideEncryptionConfiguration": [
            {
              "ServerSideEncryptionByDefault": {
                "KMSMasterKeyID": {
                  "Fn::GetAtt": [
                    "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                    "Arn"
                  ]
                },
                "SSEAlgorithm": "aws:kms"
              }
            }
          ]
        },
        "PublicAccessBlockConfiguration": {
          "BlockPublicAcls": true,
          "BlockPublicPolicy": true,
          "IgnorePublicAcls": true,
          "RestrictPublicBuckets": true
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "VersioningConfiguration": {
          "Status": "Enabled"
        }
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/GroupCostReportingLambda/GroupCostReportingBucket/Resource",
        "guard": {
          "SuppressedRules": [
            "S3_BUCKET_LOGGING_ENABLED"
          ]
        }
      }
    },
    "GroupCostReportingLambdaGroupCostReportingBucketPolicyBBD5631E": {
      "Type": "AWS::S3::BucketPolicy",
      "Properties": {
        "Bucket": {
          "Ref": "GroupCostReportingLambdaGroupCostReportingBucketF096C1FB"
        },
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "s3:*",
              "Condition": {
                "Bool": {
                  "aws:SecureTransport": "false"
                }
              },
              "Effect": "Deny",
              "Principal": {
                "AWS": "*"
              },
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "GroupCostReportingLambdaGroupCostReportingBucketF096C1FB",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "GroupCostReportingLambdaGroupCostReportingBucketF096C1FB",
                          "Arn"
                        ]
                      },
                      "/*"
                    ]
                  ]
                }
              ]
            }
          ],
          "Version": "2012-10-17"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/GroupCostReportingLambda/GroupCostReportingBucket/Policy/Resource"
      }
    },
    "GroupCostReportingLambdaGroupCostReportingDLQ99CBE290": {
      "Type": "AWS::SQS::Queue",
      "Properties": {
        "KmsMasterKeyId": {
          "Fn::GetAtt": [
            "IsbKmsKeyInnovationSandboxComputeB43F03BE",
            "Arn"
          ]
        },
        "MessageRetentionPeriod": 1209600,
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "VisibilityTimeout": 300
      },
      "UpdateReplacePolicy": "Delete",
      "DeletionPolicy": "Delete",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/GroupCostReportingLambda/GroupCostReportingDLQ/Resource"
      }
    },
    "GroupCostReportingLambdaFunctionRole775BD77E": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/GroupCostReportingLambda/GroupCostReportingLambda/FunctionRole/Resource"
      }
    },
    "GroupCostReportingLambdaFunctionRoleDefaultPolicy0F62951F": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "sqs:SendMessage",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "GroupCostReportingLambdaGroupCostReportingDLQ99CBE290",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": "events:PutEvents",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBEventBusD5514129",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "s3:DeleteObject*",
                "s3:PutObject",
                "s3:PutObjectLegalHold",
                "s3:PutObjectRetention",
                "s3:PutObjectTagging",
                "s3:PutObjectVersionTagging",
                "s3:Abort*"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "GroupCostReportingLambdaGroupCostReportingBucketF096C1FB",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "GroupCostReportingLambdaGroupCostReportingBucketF096C1FB",
                          "Arn"
                        ]
                      },
                      "/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*",
                "kms:Decrypt"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            },
            {
              "Action": "kms:Decrypt",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            },
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IntermediateRole6D2F2036",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "GroupCostReportingLambdaFunctionRoleDefaultPolicy0F62951F",
        "Roles": [
          {
            "Ref": "GroupCostReportingLambdaFunctionRole775BD77E"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/GroupCostReportingLambda/GroupCostReportingLambda/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "GroupCostReportingLambdaFunctionA011B6BB": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.06ab80eec16e6afbdb81cdf9a0ad6a4dc7eca201ab532b6ad038035ac995bc73.zip"
        },
        "DeadLetterConfig": {
          "TargetArn": {
            "Fn::GetAtt": [
              "GroupCostReportingLambdaGroupCostReportingDLQ99CBE290",
              "Arn"
            ]
          }
        },
        "Description": "Generates monthly CSV cost reports aggregated by cost report groups",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "LEASE_TABLE_NAME": {
              "Fn::GetAtt": [
                "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                "leaseTable"
              ]
            },
            "ISB_EVENT_BUS": {
              "Ref": "ISBEventBusD5514129"
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "REPORT_BUCKET_NAME": {
              "Ref": "GroupCostReportingLambdaGroupCostReportingBucketF096C1FB"
            },
            "INTERMEDIATE_ROLE_ARN": {
              "Fn::GetAtt": [
                "IntermediateRole6D2F2036",
                "Arn"
              ]
            },
            "ORG_MGT_ROLE_ARN": {
              "Fn::Join": [
                "",
                [
                  "arn:",
                  {
                    "Ref": "AWS::Partition"
                  },
                  ":iam::",
                  {
                    "Ref": "OrgMgtAccountId"
                  },
                  ":role/InnovationSandbox-",
                  {
                    "Ref": "Namespace"
                  },
                  "-OrgMgtRole"
                ]
              ]
            }
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-GroupCostReportingLambda-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "ReservedConcurrentExecutions": 1,
        "Role": {
          "Fn::GetAtt": [
            "GroupCostReportingLambdaFunctionRole775BD77E",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 900,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "GroupCostReportingLambdaFunctionRoleDefaultPolicy0F62951F",
        "GroupCostReportingLambdaFunctionRole775BD77E"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/GroupCostReportingLambda/GroupCostReportingLambda/Function/Resource",
        "aws:asset:path": "asset.06ab80eec16e6afbdb81cdf9a0ad6a4dc7eca201ab532b6ad038035ac995bc73",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "GroupCostReportingLambdaGroupCostReportingScheduleRole462747D3": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "scheduler.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Description": "Allows EventBridgeScheduler to invoke Group Cost Reporting Lambda",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/GroupCostReportingLambda/GroupCostReportingScheduleRole/Resource"
      }
    },
    "GroupCostReportingLambdaGroupCostReportingScheduleRoleDefaultPolicyF3C813ED": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "lambda:InvokeFunction",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "GroupCostReportingLambdaFunctionA011B6BB",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "GroupCostReportingLambdaFunctionA011B6BB",
                          "Arn"
                        ]
                      },
                      ":*"
                    ]
                  ]
                }
              ]
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "GroupCostReportingLambdaGroupCostReportingScheduleRoleDefaultPolicyF3C813ED",
        "Roles": [
          {
            "Ref": "GroupCostReportingLambdaGroupCostReportingScheduleRole462747D3"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/GroupCostReportingLambda/GroupCostReportingScheduleRole/DefaultPolicy/Resource"
      }
    },
    "GroupCostReportingLambdaIsbDbTableReadOnly313255B3": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "dynamodb:GetItem",
                "dynamodb:Query",
                "dynamodb:Scan",
                "dynamodb:ConditionCheckItem",
                "dynamodb:BatchGetItem"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTable"
                        ]
                      }
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      "arn:",
                      {
                        "Ref": "AWS::Partition"
                      },
                      ":dynamodb:",
                      {
                        "Ref": "AWS::Region"
                      },
                      ":",
                      {
                        "Ref": "AWS::AccountId"
                      },
                      ":table/",
                      {
                        "Fn::GetAtt": [
                          "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                          "leaseTable"
                        ]
                      },
                      "/index/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:ReEncrypt*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    "arn:",
                    {
                      "Ref": "AWS::Partition"
                    },
                    ":kms:",
                    {
                      "Ref": "AWS::Region"
                    },
                    ":",
                    {
                      "Ref": "AWS::AccountId"
                    },
                    ":key/",
                    {
                      "Fn::GetAtt": [
                        "IsbSpokeConfigJsonParamResolverParseJsonConfigurationIsbCustomResource57F98B57",
                        "tableKmsKeyId"
                      ]
                    }
                  ]
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "DynamoDBReadOnlyAccess",
        "Roles": [
          {
            "Ref": "GroupCostReportingLambdaFunctionRole775BD77E"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/GroupCostReportingLambda-IsbDbTableReadOnly/Resource"
      }
    },
    "GroupCostReportingScheduledEvent": {
      "Type": "AWS::Scheduler::Schedule",
      "Properties": {
        "Description": "triggers Cost Monitoring on the fifth day of every month",
        "FlexibleTimeWindow": {
          "MaximumWindowInMinutes": 360,
          "Mode": "FLEXIBLE"
        },
        "ScheduleExpression": "cron(25 1 2 * ? *)",
        "Target": {
          "Arn": {
            "Fn::GetAtt": [
              "GroupCostReportingLambdaFunctionA011B6BB",
              "Arn"
            ]
          },
          "DeadLetterConfig": {
            "Arn": {
              "Fn::GetAtt": [
                "GroupCostReportingLambdaGroupCostReportingDLQ99CBE290",
                "Arn"
              ]
            }
          },
          "RetryPolicy": {
            "MaximumRetryAttempts": 5
          },
          "RoleArn": {
            "Fn::GetAtt": [
              "GroupCostReportingLambdaGroupCostReportingScheduleRole462747D3",
              "Arn"
            ]
          }
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/GroupCostReportingScheduledEvent"
      }
    },
    "LogArchivingIsbLogsArchiveC37D082C": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "BucketEncryption": {
          "ServerSideEncryptionConfiguration": [
            {
              "ServerSideEncryptionByDefault": {
                "KMSMasterKeyID": {
                  "Fn::GetAtt": [
                    "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                    "Arn"
                  ]
                },
                "SSEAlgorithm": "aws:kms"
              }
            }
          ]
        },
        "LifecycleConfiguration": {
          "Rules": [
            {
              "ExpirationInDays": {
                "Fn::FindInMap": [
                  "Mapping",
                  "context",
                  "s3LogsGlacierRetentionInDays",
                  {
                    "DefaultValue": ""
                  }
                ]
              },
              "Status": "Enabled",
              "Transitions": [
                {
                  "StorageClass": "GLACIER",
                  "TransitionInDays": {
                    "Fn::FindInMap": [
                      "Mapping",
                      "context",
                      "s3LogsArchiveRetentionInDays",
                      {
                        "DefaultValue": ""
                      }
                    ]
                  }
                }
              ]
            }
          ]
        },
        "OwnershipControls": {
          "Rules": [
            {
              "ObjectOwnership": "ObjectWriter"
            }
          ]
        },
        "PublicAccessBlockConfiguration": {
          "BlockPublicAcls": true,
          "BlockPublicPolicy": true,
          "IgnorePublicAcls": true,
          "RestrictPublicBuckets": true
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "UpdateReplacePolicy": "Retain",
      "DeletionPolicy": "Retain",
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LogArchiving/IsbLogsArchive/Resource",
        "guard": {
          "SuppressedRules": [
            "S3_BUCKET_LOGGING_ENABLED"
          ]
        }
      }
    },
    "LogArchivingIsbLogsArchivePolicyDB21B3FF": {
      "Type": "AWS::S3::BucketPolicy",
      "Properties": {
        "Bucket": {
          "Ref": "LogArchivingIsbLogsArchiveC37D082C"
        },
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "s3:*",
              "Condition": {
                "Bool": {
                  "aws:SecureTransport": "false"
                }
              },
              "Effect": "Deny",
              "Principal": {
                "AWS": "*"
              },
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "LogArchivingIsbLogsArchiveC37D082C",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "LogArchivingIsbLogsArchiveC37D082C",
                          "Arn"
                        ]
                      },
                      "/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": "s3:GetBucketAcl",
              "Condition": {
                "StringEquals": {
                  "aws:SourceAccount": {
                    "Ref": "AWS::AccountId"
                  }
                },
                "ArnLike": {
                  "aws:SourceArn": {
                    "Fn::Join": [
                      "",
                      [
                        "arn:",
                        {
                          "Ref": "AWS::Partition"
                        },
                        ":logs:",
                        {
                          "Ref": "AWS::Region"
                        },
                        ":",
                        {
                          "Ref": "AWS::AccountId"
                        },
                        ":*"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "Service": {
                  "Fn::Join": [
                    "",
                    [
                      "logs.",
                      {
                        "Ref": "AWS::Region"
                      },
                      ".amazonaws.com"
                    ]
                  ]
                }
              },
              "Resource": {
                "Fn::GetAtt": [
                  "LogArchivingIsbLogsArchiveC37D082C",
                  "Arn"
                ]
              },
              "Sid": "S3BucketReadPermissions"
            },
            {
              "Action": "s3:PutObject",
              "Condition": {
                "StringEquals": {
                  "s3:x-amz-acl": "bucket-owner-full-control",
                  "aws:SourceAccount": {
                    "Ref": "AWS::AccountId"
                  }
                },
                "ArnLike": {
                  "aws:SourceArn": {
                    "Fn::Join": [
                      "",
                      [
                        "arn:",
                        {
                          "Ref": "AWS::Partition"
                        },
                        ":logs:",
                        {
                          "Ref": "AWS::Region"
                        },
                        ":",
                        {
                          "Ref": "AWS::AccountId"
                        },
                        ":*"
                      ]
                    ]
                  }
                }
              },
              "Effect": "Allow",
              "Principal": {
                "Service": {
                  "Fn::Join": [
                    "",
                    [
                      "logs.",
                      {
                        "Ref": "AWS::Region"
                      },
                      ".amazonaws.com"
                    ]
                  ]
                }
              },
              "Resource": {
                "Fn::Join": [
                  "",
                  [
                    {
                      "Fn::GetAtt": [
                        "LogArchivingIsbLogsArchiveC37D082C",
                        "Arn"
                      ]
                    },
                    "/*"
                  ]
                ]
              },
              "Sid": "S3ObjectWritePermissions"
            }
          ],
          "Version": "2012-10-17"
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LogArchiving/IsbLogsArchive/Policy/Resource"
      }
    },
    "LogArchivingFunctionRole93CCD436": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "lambda.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LogArchiving/LogArchiving/FunctionRole/Resource"
      }
    },
    "LogArchivingFunctionRoleDefaultPolicyD95F3E8A": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": [
                "xray:PutTraceSegments",
                "xray:PutTelemetryRecords"
              ],
              "Effect": "Allow",
              "Resource": "*"
            },
            {
              "Action": [
                "logs:CreateLogStream",
                "logs:PutLogEvents"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "ISBLogGroupE607F9A7",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "s3:GetObject*",
                "s3:GetBucket*",
                "s3:List*",
                "s3:DeleteObject*",
                "s3:PutObject",
                "s3:PutObjectLegalHold",
                "s3:PutObjectRetention",
                "s3:PutObjectTagging",
                "s3:PutObjectVersionTagging",
                "s3:Abort*"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "LogArchivingIsbLogsArchiveC37D082C",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "LogArchivingIsbLogsArchiveC37D082C",
                          "Arn"
                        ]
                      },
                      "/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:DescribeKey",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            },
            {
              "Action": [
                "logs:CreateExportTask",
                "logs:DescribeExportTasks",
                "logs:DescribeLogStreams",
                "logs:ReadLogGroup",
                "logs:ReadLogStream"
              ],
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "ISBLogGroupE607F9A7",
                          "Arn"
                        ]
                      },
                      ":*"
                    ]
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "ISBLogGroupE607F9A7",
                          "Arn"
                        ]
                      },
                      ":log-stream/*"
                    ]
                  ]
                }
              ]
            },
            {
              "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:ReEncrypt*",
                "kms:GenerateDataKey*"
              ],
              "Effect": "Allow",
              "Resource": {
                "Fn::GetAtt": [
                  "IsbKmsKeyInnovationSandboxComputeB43F03BE",
                  "Arn"
                ]
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "LogArchivingFunctionRoleDefaultPolicyD95F3E8A",
        "Roles": [
          {
            "Ref": "LogArchivingFunctionRole93CCD436"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LogArchiving/LogArchiving/FunctionRole/DefaultPolicy/Resource"
      }
    },
    "LogArchivingFunction69A8FEEA": {
      "Type": "AWS::Lambda::Function",
      "Properties": {
        "Architectures": [
          "arm64"
        ],
        "Code": {
          "S3Bucket": {
            "Fn::Sub": "solutions-${AWS::Region}"
          },
          "S3Key": "innovation-sandbox-on-aws/v1.2.9/asset.f65dda46c1a5924407af5cfddd313f6e0d957ce54d15ee497f392c851649010e.zip"
        },
        "Description": "Archives ISB logs every 7 days",
        "Environment": {
          "Variables": {
            "NODE_OPTIONS": "--enable-source-maps",
            "USER_AGENT_EXTRA": "AwsSolution/SO0284/v1.2.9",
            "POWERTOOLS_LOG_LEVEL": {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "logLevel",
                {
                  "DefaultValue": ""
                }
              ]
            },
            "POWERTOOLS_SERVICE_NAME": "innovation-sandbox",
            "AWS_XRAY_CONTEXT_MISSING": "IGNORE_ERROR",
            "DESTINATION_PREFIX": "isb-archive",
            "LOG_GROUP_NAME": {
              "Ref": "ISBLogGroupE607F9A7"
            },
            "DESTINATION_BUCKET_NAME": {
              "Ref": "LogArchivingIsbLogsArchiveC37D082C"
            },
            "ISB_NAMESPACE": {
              "Ref": "Namespace"
            },
            "EXPORT_PERIOD_DAYS": "7"
          }
        },
        "FunctionName": {
          "Fn::Join": [
            "",
            [
              "ISB-LogArchiving-",
              {
                "Ref": "Namespace"
              }
            ]
          ]
        },
        "Handler": "index.handler",
        "Layers": [
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeDependenciesLayerVersion4DD7969A"
          },
          {
            "Ref": "IsbSpokeConfigJsonParamResolverISBLambdaLayerInnovationSandboxComputeCommonLayerVersionB1BF66A1"
          }
        ],
        "LoggingConfig": {
          "LogFormat": "JSON",
          "LogGroup": {
            "Ref": "ISBLogGroupE607F9A7"
          },
          "SystemLogLevel": "INFO"
        },
        "MemorySize": 1024,
        "ReservedConcurrentExecutions": 1,
        "Role": {
          "Fn::GetAtt": [
            "LogArchivingFunctionRole93CCD436",
            "Arn"
          ]
        },
        "Runtime": "nodejs22.x",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ],
        "Timeout": 60,
        "TracingConfig": {
          "Mode": "Active"
        }
      },
      "DependsOn": [
        "LogArchivingFunctionRoleDefaultPolicyD95F3E8A",
        "LogArchivingFunctionRole93CCD436"
      ],
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LogArchiving/LogArchiving/Function/Resource",
        "aws:asset:path": "asset.f65dda46c1a5924407af5cfddd313f6e0d957ce54d15ee497f392c851649010e",
        "aws:asset:is-bundled": true,
        "aws:asset:property": "Code",
        "guard": {
          "SuppressedRules": [
            "LAMBDA_INSIDE_VPC",
            "LAMBDA_CONCURRENCY_CHECK"
          ]
        }
      }
    },
    "LogArchivingLambdaInvokeRoleB96CEF22": {
      "Type": "AWS::IAM::Role",
      "Properties": {
        "AssumeRolePolicyDocument": {
          "Statement": [
            {
              "Action": "sts:AssumeRole",
              "Effect": "Allow",
              "Principal": {
                "Service": "scheduler.amazonaws.com"
              }
            }
          ],
          "Version": "2012-10-17"
        },
        "Description": "Allows EventBridgeScheduler to invoke Innovation Sandbox's Log Archiving lambda",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LogArchivingLambdaInvokeRole/Resource"
      }
    },
    "LogArchivingLambdaInvokeRoleDefaultPolicyD9530B5E": {
      "Type": "AWS::IAM::Policy",
      "Properties": {
        "PolicyDocument": {
          "Statement": [
            {
              "Action": "lambda:InvokeFunction",
              "Effect": "Allow",
              "Resource": [
                {
                  "Fn::GetAtt": [
                    "LogArchivingFunction69A8FEEA",
                    "Arn"
                  ]
                },
                {
                  "Fn::Join": [
                    "",
                    [
                      {
                        "Fn::GetAtt": [
                          "LogArchivingFunction69A8FEEA",
                          "Arn"
                        ]
                      },
                      ":*"
                    ]
                  ]
                }
              ]
            }
          ],
          "Version": "2012-10-17"
        },
        "PolicyName": "LogArchivingLambdaInvokeRoleDefaultPolicyD9530B5E",
        "Roles": [
          {
            "Ref": "LogArchivingLambdaInvokeRoleB96CEF22"
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LogArchivingLambdaInvokeRole/DefaultPolicy/Resource"
      }
    },
    "LogArchivingScheduledEvent": {
      "Type": "AWS::Scheduler::Schedule",
      "Properties": {
        "Description": "Invokes Log Archiving 7 days",
        "FlexibleTimeWindow": {
          "MaximumWindowInMinutes": 240,
          "Mode": "FLEXIBLE"
        },
        "ScheduleExpression": "rate(7 days)",
        "Target": {
          "Arn": {
            "Fn::GetAtt": [
              "LogArchivingFunction69A8FEEA",
              "Arn"
            ]
          },
          "RetryPolicy": {
            "MaximumRetryAttempts": 3
          },
          "RoleArn": {
            "Fn::GetAtt": [
              "LogArchivingLambdaInvokeRoleB96CEF22",
              "Arn"
            ]
          }
        }
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/LogArchivingScheduledEvent"
      }
    },
    "IsbApplicationInsightsIsbTaggedResourceGroupAB8DC40C": {
      "Type": "AWS::ResourceGroups::Group",
      "Properties": {
        "Name": "IsbTaggedResourceGroup",
        "ResourceQuery": {
          "Query": {
            "ResourceTypeFilters": [
              "AWS::AllSupported"
            ],
            "TagFilters": [
              {
                "Key": "aws-solutions:isb-id",
                "Values": [
                  {
                    "Fn::Join": [
                      "",
                      [
                        {
                          "Ref": "Namespace"
                        },
                        "_isb"
                      ]
                    ]
                  }
                ]
              }
            ]
          },
          "Type": "TAG_FILTERS_1_0"
        },
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbApplicationInsights/IsbTaggedResourceGroup"
      }
    },
    "IsbApplicationInsightsIsbTaggedApplication81994B95": {
      "Type": "AWS::ApplicationInsights::Application",
      "Properties": {
        "AutoConfigurationEnabled": true,
        "CWEMonitorEnabled": true,
        "LogPatternSets": [
          {
            "LogPatterns": [
              {
                "Pattern": "Invalid Records Found",
                "PatternName": "DataValidationWarning",
                "Rank": 1
              }
            ],
            "PatternSetName": "DataValidationWarning"
          },
          {
            "LogPatterns": [
              {
                "Pattern": "Failed to send email",
                "PatternName": "EmailSendingError",
                "Rank": 3
              }
            ],
            "PatternSetName": "EmailSendingError"
          },
          {
            "LogPatterns": [
              {
                "Pattern": "Failed to send email",
                "PatternName": "AccountDrift",
                "Rank": 2
              }
            ],
            "PatternSetName": "AccountDrift"
          }
        ],
        "OpsCenterEnabled": false,
        "ResourceGroupName": "IsbTaggedResourceGroup",
        "Tags": [
          {
            "Key": "aws-solutions:isb-id",
            "Value": {
              "Fn::Join": [
                "",
                [
                  {
                    "Ref": "Namespace"
                  },
                  "_isb"
                ]
              ]
            }
          }
        ]
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/IsbApplicationInsights/IsbTaggedApplication"
      }
    },
    "CDKMetadata": {
      "Type": "AWS::CDK::Metadata",
      "Properties": {
        "Analytics": "v2:deflate64:H4sIAAAAAAAA/4VU227bMAz9lr6r2pBuH+C661asXTMbWB8DRqYdNrLkilKCzPC/D5LtJL0AezHPIWWKF5ELufj6RX6+gD1fqmp7qWkt+9KD2oq8Nktw0KJHJ2DPq56glX1hNUZbkkurSR3S0YQGoaFdV7AytsJnlr+SuA1GebJG8NWqB2b0LLMoRIWdtocWjZfXQW3R3xwVg+Ar2Y/aa2AUI4x3TWgUpxDO+RyI7PPaHO8/gns4oPuDjiPJa/OKf9uh8aUNTuEDdB2ZJh75WLtE1xKn30oyjUZvj9cNYtuy7H9iii6KTBNwJAkMQtuGZX9vm+/Ohi4FMuMCOd11Su+95ndAd7jBmgylrMqwZuWoi+SWdOxbXpv32kHwC8v+d8CAk5+AIn1fOZ/pIDAmz7JPRbgOfCxIxEWYXkTQOAhWG6yCRifj3RMRqJwssLNM3rpD6qeyFa4D6Ur2S2efUaXeTnAQ7LGrp0qy7JfALPLA3ralB4/iCciLMiiFWIlbIC3yjSWFIpkfQG3IpLDO+Ru3Kw+8jR1Ib+XO7OwWx/ZfO6oaXAafGA+CUTn03IKBBp3sy8ST/xEV1kN0ekw5zcgb3f+6OgjoqAGPezjIvsCXgOyz4DfW0d+xnWesiMaOJjczzJSywXhxGqWoPWOlh2auTHOKKTVlJuehiQf0G1tF1YgGsYd6t0izdbcsxzI84TrL708oY7aKUvrTw27INLk1NTXBwTggSttQ7cGrjewzDa4dhwNcO9lqZ42XfXn16KihmBsy59Z4Z3U8+5G6QO6sYfyBUKHjV7X+wHBcCueb4obYO1qH2XDOB+GmyjRxVDk+9HFooes0qZQbGaZm45MxO6kHkRZfrHzcICo96NXsj+XS2R1VsdPJ8mE7Yh+mDXSuy62paI73Mfgu+Hkb67jeVrBnpUlme841pY03iLin5TN/2i0WcrGQny+emejSBeOpRVmM8h+RvkI0JQYAAA=="
      },
      "Metadata": {
        "aws:cdk:path": "InnovationSandbox-Compute/CDKMetadata/Default"
      },
      "Condition": "CDKMetadataAvailable"
    }
  },
  "Mappings": {
    "Mapping": {
      "context": {
        "solutionName": "innovation-sandbox-on-aws",
        "solutionId": "SO0284",
        "version": "v1.2.9",
        "distOutputBucket": "solutions",
        "publicEcrRegistry": "public.ecr.aws/aws-solutions",
        "publicEcrTag": "v1.2.9",
        "logLevel": "INFO",
        "deploymentMode": "prod",
        "cloudWatchLogRetentionInDays": 90,
        "s3LogsArchiveRetentionInDays": 365,
        "s3LogsGlacierRetentionInDays": 2555,
        "apiThrottlingRateLimit": 100,
        "apiThrottlingBurstLimit": 200,
        "bucketPrefix": "innovation-sandbox-on-aws/v1.2.9/asset."
      }
    },
    "AppConfigExtensionArnMap": {
      "us-east-1": {
        "arn": "arn:aws:lambda:us-east-1:027255383542:layer:AWS-AppConfig-Extension-Arm64:140"
      },
      "us-east-2": {
        "arn": "arn:aws:lambda:us-east-2:728743619870:layer:AWS-AppConfig-Extension-Arm64:114"
      },
      "us-west-1": {
        "arn": "arn:aws:lambda:us-west-1:958113053741:layer:AWS-AppConfig-Extension-Arm64:135"
      },
      "us-west-2": {
        "arn": "arn:aws:lambda:us-west-2:359756378197:layer:AWS-AppConfig-Extension-Arm64:164"
      },
      "ca-central-1": {
        "arn": "arn:aws:lambda:ca-central-1:039592058896:layer:AWS-AppConfig-Extension-Arm64:72"
      },
      "ca-west-1": {
        "arn": "arn:aws:lambda:ca-west-1:436199621743:layer:AWS-AppConfig-Extension-Arm64:47"
      },
      "eu-central-1": {
        "arn": "arn:aws:lambda:eu-central-1:066940009817:layer:AWS-AppConfig-Extension-Arm64:132"
      },
      "eu-central-2": {
        "arn": "arn:aws:lambda:eu-central-2:758369105281:layer:AWS-AppConfig-Extension-Arm64:64"
      },
      "eu-west-1": {
        "arn": "arn:aws:lambda:eu-west-1:434848589818:layer:AWS-AppConfig-Extension-Arm64:127"
      },
      "eu-west-2": {
        "arn": "arn:aws:lambda:eu-west-2:282860088358:layer:AWS-AppConfig-Extension-Arm64:85"
      },
      "eu-west-3": {
        "arn": "arn:aws:lambda:eu-west-3:493207061005:layer:AWS-AppConfig-Extension-Arm64:81"
      },
      "eu-north-1": {
        "arn": "arn:aws:lambda:eu-north-1:646970417810:layer:AWS-AppConfig-Extension-Arm64:118"
      },
      "eu-south-1": {
        "arn": "arn:aws:lambda:eu-south-1:203683718741:layer:AWS-AppConfig-Extension-Arm64:68"
      },
      "eu-south-2": {
        "arn": "arn:aws:lambda:eu-south-2:586093569114:layer:AWS-AppConfig-Extension-Arm64:63"
      },
      "ap-east-1": {
        "arn": "arn:aws:lambda:ap-east-1:630222743974:layer:AWS-AppConfig-Extension-Arm64:70"
      },
      "ap-northeast-1": {
        "arn": "arn:aws:lambda:ap-northeast-1:980059726660:layer:AWS-AppConfig-Extension-Arm64:108"
      },
      "ap-northeast-2": {
        "arn": "arn:aws:lambda:ap-northeast-2:826293736237:layer:AWS-AppConfig-Extension-Arm64:73"
      },
      "ap-northeast-3": {
        "arn": "arn:aws:lambda:ap-northeast-3:706869817123:layer:AWS-AppConfig-Extension-Arm64:74"
      },
      "ap-southeast-1": {
        "arn": "arn:aws:lambda:ap-southeast-1:421114256042:layer:AWS-AppConfig-Extension-Arm64:108"
      },
      "ap-southeast-2": {
        "arn": "arn:aws:lambda:ap-southeast-2:080788657173:layer:AWS-AppConfig-Extension-Arm64:142"
      },
      "ap-southeast-3": {
        "arn": "arn:aws:lambda:ap-southeast-3:418787028745:layer:AWS-AppConfig-Extension-Arm64:87"
      },
      "ap-southeast-4": {
        "arn": "arn:aws:lambda:ap-southeast-4:307021474294:layer:AWS-AppConfig-Extension-Arm64:63"
      },
      "ap-southeast-5": {
        "arn": "arn:aws:lambda:ap-southeast-5:631746059939:layer:AWS-AppConfig-Extension-Arm64:30"
      },
      "ap-south-1": {
        "arn": "arn:aws:lambda:ap-south-1:554480029851:layer:AWS-AppConfig-Extension-Arm64:117"
      },
      "ap-south-2": {
        "arn": "arn:aws:lambda:ap-south-2:489524808438:layer:AWS-AppConfig-Extension-Arm64:62"
      },
      "sa-east-1": {
        "arn": "arn:aws:lambda:sa-east-1:000010852771:layer:AWS-AppConfig-Extension-Arm64:103"
      },
      "af-south-1": {
        "arn": "arn:aws:lambda:af-south-1:574348263942:layer:AWS-AppConfig-Extension-Arm64:80"
      },
      "me-central-1": {
        "arn": "arn:aws:lambda:me-central-1:662846165436:layer:AWS-AppConfig-Extension-Arm64:76"
      },
      "me-south-1": {
        "arn": "arn:aws:lambda:me-south-1:559955524753:layer:AWS-AppConfig-Extension-Arm64:82"
      },
      "il-central-1": {
        "arn": "arn:aws:lambda:il-central-1:895787185223:layer:AWS-AppConfig-Extension-Arm64:64"
      },
      "cn-north-1": {
        "arn": "arn:aws-cn:lambda:cn-north-1:615057806174:layer:AWS-AppConfig-Extension-Arm64:55"
      },
      "cn-northwest-1": {
        "arn": "arn:aws-cn:lambda:cn-northwest-1:615084187847:layer:AWS-AppConfig-Extension-Arm64:53"
      },
      "us-gov-east-1": {
        "arn": "arn:aws-us-gov:lambda:us-gov-east-1:946561847325:layer:AWS-AppConfig-Extension-Arm64:56"
      },
      "us-gov-west-1": {
        "arn": "arn:aws-us-gov:lambda:us-gov-west-1:946746059096:layer:AWS-AppConfig-Extension-Arm64:55"
      }
    }
  },
  "Conditions": {
    "UseStableTaggingCondition": {
      "Fn::Equals": [
        {
          "Ref": "UseStableTagging"
        },
        "Yes"
      ]
    },
    "AccountCleanerUsePrivateEcrRepo2A0E64EA": {
      "Fn::Not": [
        {
          "Fn::Equals": [
            {
              "Fn::FindInMap": [
                "Mapping",
                "context",
                "privateEcrRepo",
                {
                  "DefaultValue": ""
                }
              ]
            },
            ""
          ]
        }
      ]
    },
    "CloudFrontUiApiSupportsCloudFrontLoggingF1020F6E": {
      "Fn::Not": [
        {
          "Fn::Or": [
            {
              "Fn::Or": [
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "af-south-1"
                  ]
                },
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "ap-east-1"
                  ]
                },
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "ap-south-2"
                  ]
                },
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "ap-southeast-3"
                  ]
                },
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "ap-southeast-4"
                  ]
                },
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "ca-west-1"
                  ]
                },
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "eu-south-1"
                  ]
                },
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "eu-south-2"
                  ]
                },
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "eu-central-2"
                  ]
                },
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "il-central-1"
                  ]
                }
              ]
            },
            {
              "Fn::Or": [
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "me-south-1"
                  ]
                },
                {
                  "Fn::Equals": [
                    {
                      "Ref": "AWS::Region"
                    },
                    "me-central-1"
                  ]
                }
              ]
            }
          ]
        }
      ]
    },
    "CDKMetadataAvailable": {
      "Fn::Or": [
        {
          "Fn::Or": [
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "af-south-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ap-east-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ap-northeast-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ap-northeast-2"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ap-northeast-3"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ap-south-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ap-south-2"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ap-southeast-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ap-southeast-2"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ap-southeast-3"
              ]
            }
          ]
        },
        {
          "Fn::Or": [
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ap-southeast-4"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ca-central-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "ca-west-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "cn-north-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "cn-northwest-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "eu-central-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "eu-central-2"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "eu-north-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "eu-south-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "eu-south-2"
              ]
            }
          ]
        },
        {
          "Fn::Or": [
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "eu-west-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "eu-west-2"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "eu-west-3"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "il-central-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "me-central-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "me-south-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "sa-east-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "us-east-1"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "us-east-2"
              ]
            },
            {
              "Fn::Equals": [
                {
                  "Ref": "AWS::Region"
                },
                "us-west-1"
              ]
            }
          ]
        },
        {
          "Fn::Equals": [
            {
              "Ref": "AWS::Region"
            },
            "us-west-2"
          ]
        }
      ]
    }
  },
  "Outputs": {
    "JwtSecretArn": {
      "Description": "The ARN of the created secret for JWT",
      "Value": {
        "Ref": "JwtSecretB8834B39"
      }
    },
    "IsbRestApiEndpoint11756625": {
      "Value": {
        "Fn::Join": [
          "",
          [
            "https://",
            {
              "Ref": "IsbRestApi377E2CC6"
            },
            ".execute-api.",
            {
              "Ref": "AWS::Region"
            },
            ".",
            {
              "Ref": "AWS::URLSuffix"
            },
            "/",
            {
              "Ref": "IsbRestApiDeploymentStageprod7DDD9304"
            },
            "/"
          ]
        ]
      }
    },
    "IdpCertArn": {
      "Description": "The ARN of the created secret to store the IDP certificate",
      "Value": {
        "Ref": "IdpCertC53FAE82"
      }
    },
    "CloudFrontDistributionUrl": {
      "Value": {
        "Fn::Join": [
          "",
          [
            "https://",
            {
              "Fn::GetAtt": [
                "CloudFrontUiApiIsbCloudFrontDistributionA7327667",
                "DomainName"
              ]
            }
          ]
        ]
      }
    },
    "DeploymentUUIDOutput": {
      "Value": {
        "Fn::GetAtt": [
          "DeploymentUUIDLambdaFunctionIsbCustomResourceE707861E",
          "DeploymentUUID"
        ]
      }
    }
  }
}