{ "Description": "(SO0284-DataStack) innovation-sandbox-on-aws v1.2.9", "Metadata": { "AWS::CloudFormation::Interface": { "ParameterLabels": { "Namespace": { "default": "Namespace" } }, "ParameterGroups": [ { "Label": { "default": "Data Stack Configuration" }, "Parameters": [ "Namespace" ] } ] } }, "Parameters": { "Namespace": { "Type": "String", "Default": "myisb", "AllowedPattern": "^[0-9a-zA-Z]{3,8}$", "Description": "The namespace for this deployment of Innovation Sandbox (must be the same for all member stacks). Alphanumeric characters of length between 3 and 8" } }, "Resources": { "IsbKmsKeyInnovationSandboxData8BA6C3A2": { "Type": "AWS::KMS::Key", "Properties": { "Description": "Encryption Key for Innovation Sandbox: InnovationSandbox-Data", "EnableKeyRotation": true, "KeyPolicy": { "Statement": [ { "Action": "kms:*", "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::", { "Ref": "AWS::AccountId" }, ":root" ] ] } }, "Resource": "*" } ], "Version": "2012-10-17" }, "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/IsbKmsKey-InnovationSandbox-Data/Resource" } }, "IsbKmsKeyInnovationSandboxDataAliasCC5DB0BD": { "Type": "AWS::KMS::Alias", "Properties": { "AliasName": { "Fn::Join": [ "", [ "alias/AwsSolutions/InnovationSandbox/", { "Ref": "Namespace" }, "/InnovationSandbox-Data" ] ] }, "TargetKeyId": { "Fn::GetAtt": [ "IsbKmsKeyInnovationSandboxData8BA6C3A2", "Arn" ] } }, "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/IsbKmsKey-InnovationSandbox-Data/Alias/Resource" } }, "ConfigApplication1A42FDD2": { "Type": "AWS::AppConfig::Application", "Properties": { "Description": { "Fn::Join": [ "", [ "AppConfig Application for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] }, "Name": "InnovationSandboxData-Config-Application-82ABA210", "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/Application/Resource" } }, "ConfigEnvironment6C769E19": { "Type": "AWS::AppConfig::Environment", "Properties": { "ApplicationId": { "Ref": "ConfigApplication1A42FDD2" }, "Description": { "Fn::Join": [ "", [ "AppConfig Environment for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] }, "Name": "InnovationSandboxData-Config-Environment-27C6CC45", "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/Environment/Resource" } }, "ConfigDeploymentStrategy6B5E2A35": { "Type": "AWS::AppConfig::DeploymentStrategy", "Properties": { "DeploymentDurationInMinutes": 0, "Description": { "Fn::Join": [ "", [ "AppConfig DeploymentStrategy for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] }, "FinalBakeTimeInMinutes": 0, "GrowthFactor": 100, "Name": "InnovationSandboxData-Config-DeploymentStrategy-05B4EB79", "ReplicateTo": "NONE", "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/DeploymentStrategy/Resource" } }, "ConfigGlobalConfigHostedConfigurationConfigurationProfileB3D05932": { "Type": "AWS::AppConfig::ConfigurationProfile", "Properties": { "ApplicationId": { "Ref": "ConfigApplication1A42FDD2" }, "Description": { "Fn::Join": [ "", [ "GlobalConfig AppConfig HostedConfiguration for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] }, "LocationUri": "hosted", "Name": "InnovationSandboxData-Config-GlobalConfigHostedConfiguration-C30DF39C", "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/GlobalConfigHostedConfiguration/ConfigurationProfile" } }, "ConfigGlobalConfigHostedConfigurationD68D5E86": { "Type": "AWS::AppConfig::HostedConfigurationVersion", "Properties": { "ApplicationId": { "Ref": "ConfigApplication1A42FDD2" }, "ConfigurationProfileId": { "Ref": "ConfigGlobalConfigHostedConfigurationConfigurationProfileB3D05932" }, "Content": "# Flag to enable maintenance mode\nmaintenanceMode: true\n\n# Terms of Service that will be displayed to users when requesting a lease.\ntermsOfService: |\n Users, who use a leased AWS account for their sandbox experiments, should NOT,\n\n * Attempt to access data that they are not authorized to use or access.\n * Use content for a sandbox use case that has not been approved by an admin.\n * Perform any unauthorized changes or store unapproved company data within the leased AWS account.\n * Provide static passwords, such as default or actual passwords.\n * Change or modify quotas/limits out of band for accounts.\n * Transfer data or software to any person or organization not authorized to use the leased AWS account.\n * Use any material or information from the leased AWS accounts, including images, logos, or photographs in any manner that violates copyright, trademark, or intellectual property laws.\n\n# global controls on leases\n# requireMaxBudget - Flag that determines whether or not LeaseTemplates must be created with a maximum budget\n# maxBudget - The maximum value (in dollars) that can be set for a LeaseTemplate budget, if requireMaxBudget is false this configuration is ignored\n# requireMaxDuration - Flag that determines whether or not LeaseTemplates must be created with a maximum duration\n# maxDurationHours - The maximum duration (in hours) that can be set for a LeaseTemplate duration, if requireMaxDuration is false this configuration is ignored\n# maxLeasesPerUser - The maximum number of concurrent active leases/lease requests that a single user can have\n# ttl - The number of days an expired lease record will remain in the database before it is permanently deleted (records may take up to 48 hours to be deleted)\nleases:\n requireMaxBudget: true\n maxBudget: 50 # in dollars\n requireMaxDuration: true\n maxDurationHours: 168 # 7 days\n maxLeasesPerUser: 3\n ttl: 30 # in days\n\n# Account Cleanup controls\n# numberOfFailedAttemptsToCancelCleanup - The number of total failed AWS Nuke attempts required before an account fails cleanup and is sent to quarantine\n# waitBeforeRetryFailedAttemptSeconds - The delay between failed attempts of failed AWS Nuke executions\n# numberOfSuccessfulAttemptsToFinishCleanup - The number of total successful AWS Nuke attempts required before an account succeeds cleanup and is sent to available\n# waitBeforeRerunSuccessfulAttemptSeconds - The delay between successful attempts of AWS Nuke executions\ncleanup:\n numberOfFailedAttemptsToCancelCleanup: 3\n waitBeforeRetryFailedAttemptSeconds: 5\n numberOfSuccessfulAttemptsToFinishCleanup: 2\n waitBeforeRerunSuccessfulAttemptSeconds: 30\n\n# Authentication Configuration\n# idpSignInUrl - The value of \"IAM Identity Center sign-in URL\"\n# idpSignOutUrl - The value of \"IAM Identity Center sign-out URL\"\n# idpAudience - The audience identifier set in the creation of the IAM Identity Center custom application\n# webAppUrl - The cloud front distribution URL or the URL of your custom domain\n# awsAccessPortalUrl - The value of \"AWS access portal URL\".\n# sessionDurationInMinutes - The length of time (in minutes) that a user's session should remain valid before requiring re-authentication\nauth:\n idpSignInUrl: \"\"\n idpSignOutUrl: \"\"\n idpAudience: \"\"\n webAppUrl: \"\"\n awsAccessPortalUrl: \"\"\n sessionDurationInMinutes: 60\n\n# Email Notification controls\n# emailFrom - The email address to use in the \"from\" field of all email notifications\nnotification:\n emailFrom: \"\"\n", "ContentType": "application/x-yaml", "Description": { "Fn::Join": [ "", [ "GlobalConfig AppConfig HostedConfiguration for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/GlobalConfigHostedConfiguration/Resource" } }, "ConfigGlobalConfigHostedConfigurationDeploymentC180F8B263E01": { "Type": "AWS::AppConfig::Deployment", "Properties": { "ApplicationId": { "Ref": "ConfigApplication1A42FDD2" }, "ConfigurationProfileId": { "Ref": "ConfigGlobalConfigHostedConfigurationConfigurationProfileB3D05932" }, "ConfigurationVersion": { "Ref": "ConfigGlobalConfigHostedConfigurationD68D5E86" }, "DeploymentStrategyId": { "Ref": "ConfigDeploymentStrategy6B5E2A35" }, "Description": { "Fn::Join": [ "", [ "GlobalConfig AppConfig HostedConfiguration for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] }, "EnvironmentId": { "Ref": "ConfigEnvironment6C769E19" }, "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/GlobalConfigHostedConfiguration/DeploymentC180F" } }, "ConfigNukeConfigHostedConfigurationConfigurationProfileEC3A0164": { "Type": "AWS::AppConfig::ConfigurationProfile", "Properties": { "ApplicationId": { "Ref": "ConfigApplication1A42FDD2" }, "Description": { "Fn::Join": [ "", [ "NukeConfig AppConfig HostedConfiguration for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] }, "LocationUri": "hosted", "Name": "InnovationSandboxData-Config-NukeConfigHostedConfiguration-03245D50", "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/NukeConfigHostedConfiguration/ConfigurationProfile" } }, "ConfigNukeConfigHostedConfiguration997D7FAE": { "Type": "AWS::AppConfig::HostedConfigurationVersion", "Properties": { "ApplicationId": { "Ref": "ConfigApplication1A42FDD2" }, "ConfigurationProfileId": { "Ref": "ConfigNukeConfigHostedConfigurationConfigurationProfileEC3A0164" }, "Content": "regions:\n - global # further AWS regions will be added dynamically from CleanupConfig\nbypass-alias-check-accounts:\n - \"%CLEANUP_ACCOUNT_ID%\"\nsettings:\n CloudFormationStack:\n DisableDeletionProtection: true\n CreateRoleToDeleteStack: true\n CognitoUserPool:\n DisableDeletionProtection: true\n DSQLCluster:\n DisableDeletionProtection: true\n DynamoDBTable:\n DisableDeletionProtection: true\n EC2Image:\n IncludeDisabled: true\n IncludeDeprecated: true\n DisableDeregistrationProtection: true\n EC2Instance:\n DisableStopProtection: true\n DisableDeletionProtection: true\n ELBv2:\n DisableDeletionProtection: true\n LightsailInstance:\n ForceDeleteAddOns: true\n NeptuneCluster:\n DisableDeletionProtection: true\n NeptuneInstance:\n DisableClusterDeletionProtection: true\n DisableDeletionProtection: true\n NeptuneGraph:\n DisableDeletionProtection: true\n QLDBLedger:\n DisableDeletionProtection: true\n QuickSightSubscription:\n DisableTerminationProtection: true\n RDSInstance:\n DisableDeletionProtection: true\n S3Bucket:\n BypassGovernanceRetention: true\n RemoveObjectLegalHold: true\nresource-types:\n excludes:\n - S3Object # Let the S3Bucket delete all Objects instead of individual objects (optimization)\n - ConfigServiceConfigurationRecorder\n - ConfigServiceDeliveryChannel\nblocklist:\n - \"%HUB_ACCOUNT_ID%\" # placeholder HUB_ACCOUNT_ID will be dynamically replaced during CodeBuild execution\naccounts:\n \"%CLEANUP_ACCOUNT_ID%\": # placeholder CLEANUP_ACCOUNT_ID will be dynamically replaced during CodeBuild execution\n filters:\n CloudFormationStack:\n - type: glob\n value: StackSet-Isb-* # protects sandbox account stack set instance from being deleted\n CloudTrailTrail:\n - type: glob\n value: aws-controltower-*\n - type: exact\n value: all-org-cloud-trail\n CloudWatchEventsRule:\n - property: Name\n type: glob\n value: aws-controltower-*\n - property: Name\n type: contains\n value: AWSControlTower\n IAMRole:\n - type: exact\n value: \"%CLEANUP_ROLE_NAME%\" # placeholder CLEANUP_ROLE_NAME will be dynamically replaced during CodeBuild executio\n - type: exact\n value: OrganizationAccountAccessRole\n - type: glob\n value: stacksets-exec-*\n - type: glob\n value: AWSReservedSSO_*\n - type: contains\n value: AWSControlTower\n - type: glob\n value: aws-controltower-*\n IAMRolePolicy:\n - property: \"role:RoleName\"\n type: exact\n value: \"%CLEANUP_ROLE_NAME%\" # placeholder CLEANUP_ROLE_NAME will be dynamically replaced during CodeBuild execution\n - property: \"role:RoleName\"\n type: exact\n value: OrganizationAccountAccessRole\n - property: \"role:RoleName\"\n type: glob\n value: stacksets-exec-*\n - type: glob\n value: AWSReservedSSO_*\n - property: \"role:RoleName\"\n type: contains\n value: AWSControlTower\n - property: \"role:RoleName\"\n type: glob\n value: aws-controltower-*\n IAMRolePolicyAttachment:\n - property: RoleName\n type: exact\n value: \"%CLEANUP_ROLE_NAME%\" # placeholder CLEANUP_ROLE_NAME will be dynamically replaced during CodeBuild execution\n - property: RoleName\n type: exact\n value: OrganizationAccountAccessRole\n - property: RoleName\n type: glob\n value: stacksets-exec-*\n - type: glob\n value: AWSReservedSSO_*\n - property: RoleName\n type: contains\n value: AWSControlTower\n - property: RoleName\n type: glob\n value: aws-controltower-*\n IAMSAMLProvider:\n - type: contains\n value: AWSSSO\n LambdaFunction:\n - type: glob\n value: aws-controltower-*\n CloudWatchLogsLogGroup:\n - type: contains\n value: aws-controltower\n OSPackage:\n - type: glob\n value: pkg-*\n - type: glob\n value: G*\n SNSSubscription:\n - property: \"ARN\"\n type: contains\n value: \"aws-controltower\"\n SNSTopic:\n - type: glob\n value: aws-controltower-*\n", "ContentType": "application/x-yaml", "Description": { "Fn::Join": [ "", [ "NukeConfig AppConfig HostedConfiguration for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/NukeConfigHostedConfiguration/Resource" } }, "ConfigNukeConfigHostedConfigurationDeploymentC180F1F24ADA5": { "Type": "AWS::AppConfig::Deployment", "Properties": { "ApplicationId": { "Ref": "ConfigApplication1A42FDD2" }, "ConfigurationProfileId": { "Ref": "ConfigNukeConfigHostedConfigurationConfigurationProfileEC3A0164" }, "ConfigurationVersion": { "Ref": "ConfigNukeConfigHostedConfiguration997D7FAE" }, "DeploymentStrategyId": { "Ref": "ConfigDeploymentStrategy6B5E2A35" }, "Description": { "Fn::Join": [ "", [ "NukeConfig AppConfig HostedConfiguration for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] }, "EnvironmentId": { "Ref": "ConfigEnvironment6C769E19" }, "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "DependsOn": [ "ConfigGlobalConfigHostedConfigurationDeploymentC180F8B263E01" ], "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/NukeConfigHostedConfiguration/DeploymentC180F" } }, "ConfigReportingConfigHostedConfigurationConfigurationProfile5913A97C": { "Type": "AWS::AppConfig::ConfigurationProfile", "Properties": { "ApplicationId": { "Ref": "ConfigApplication1A42FDD2" }, "Description": { "Fn::Join": [ "", [ "ReportingConfig AppConfig HostedConfiguration for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] }, "LocationUri": "hosted", "Name": "InnovationSandboxData-Config-ReportingConfigHostedConfiguration-2DEA3D86", "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/ReportingConfigHostedConfiguration/ConfigurationProfile" } }, "ConfigReportingConfigHostedConfiguration72D392CF": { "Type": "AWS::AppConfig::HostedConfigurationVersion", "Properties": { "ApplicationId": { "Ref": "ConfigApplication1A42FDD2" }, "ConfigurationProfileId": { "Ref": "ConfigReportingConfigHostedConfigurationConfigurationProfile5913A97C" }, "Content": "# cost report group controls for leases\n# costReportGroup - The list of valid cost report groups that can be used\n# requireCostReportGroup - Flag that determines whether or not cost report group is required when creating/updating lease templates\ncostReportGroups: []\nrequireCostReportGroup: false\n", "ContentType": "application/x-yaml", "Description": { "Fn::Join": [ "", [ "ReportingConfig AppConfig HostedConfiguration for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/ReportingConfigHostedConfiguration/Resource" } }, "ConfigReportingConfigHostedConfigurationDeploymentC180F82109728": { "Type": "AWS::AppConfig::Deployment", "Properties": { "ApplicationId": { "Ref": "ConfigApplication1A42FDD2" }, "ConfigurationProfileId": { "Ref": "ConfigReportingConfigHostedConfigurationConfigurationProfile5913A97C" }, "ConfigurationVersion": { "Ref": "ConfigReportingConfigHostedConfiguration72D392CF" }, "DeploymentStrategyId": { "Ref": "ConfigDeploymentStrategy6B5E2A35" }, "Description": { "Fn::Join": [ "", [ "ReportingConfig AppConfig HostedConfiguration for Innovation Sandbox on AWS - ", { "Ref": "Namespace" } ] ] }, "EnvironmentId": { "Ref": "ConfigEnvironment6C769E19" }, "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "DependsOn": [ "ConfigNukeConfigHostedConfigurationDeploymentC180F1F24ADA5" ], "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/Config/ReportingConfigHostedConfiguration/DeploymentC180F" } }, "SandboxAccountTableEFB9C069": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "awsAccountId", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "DeletionProtectionEnabled": true, "KeySchema": [ { "AttributeName": "awsAccountId", "KeyType": "HASH" } ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "SSESpecification": { "KMSMasterKeyId": { "Fn::GetAtt": [ "IsbKmsKeyInnovationSandboxData8BA6C3A2", "Arn" ] }, "SSEEnabled": true, "SSEType": "KMS" }, "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/SandboxAccountTable/Resource" } }, "LeaseTemplateTable5128F8F4": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "uuid", "AttributeType": "S" }, { "AttributeName": "blueprintId", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "DeletionProtectionEnabled": true, "GlobalSecondaryIndexes": [ { "IndexName": "blueprintId-index", "KeySchema": [ { "AttributeName": "blueprintId", "KeyType": "HASH" } ], "Projection": { "ProjectionType": "KEYS_ONLY" } } ], "KeySchema": [ { "AttributeName": "uuid", "KeyType": "HASH" } ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "SSESpecification": { "KMSMasterKeyId": { "Fn::GetAtt": [ "IsbKmsKeyInnovationSandboxData8BA6C3A2", "Arn" ] }, "SSEEnabled": true, "SSEType": "KMS" }, "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ] }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/LeaseTemplateTable/Resource" } }, "LeaseTable473C6DF2": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "userEmail", "AttributeType": "S" }, { "AttributeName": "uuid", "AttributeType": "S" }, { "AttributeName": "status", "AttributeType": "S" }, { "AttributeName": "originalLeaseTemplateUuid", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "DeletionProtectionEnabled": true, "GlobalSecondaryIndexes": [ { "IndexName": "StatusIndex", "KeySchema": [ { "AttributeName": "status", "KeyType": "HASH" }, { "AttributeName": "originalLeaseTemplateUuid", "KeyType": "RANGE" } ], "Projection": { "ProjectionType": "ALL" } } ], "KeySchema": [ { "AttributeName": "userEmail", "KeyType": "HASH" }, { "AttributeName": "uuid", "KeyType": "RANGE" } ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "SSESpecification": { "KMSMasterKeyId": { "Fn::GetAtt": [ "IsbKmsKeyInnovationSandboxData8BA6C3A2", "Arn" ] }, "SSEEnabled": true, "SSEType": "KMS" }, "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ], "TimeToLiveSpecification": { "AttributeName": "ttl", "Enabled": true } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/LeaseTable/Resource" } }, "BlueprintTableCDBC8C50": { "Type": "AWS::DynamoDB::Table", "Properties": { "AttributeDefinitions": [ { "AttributeName": "PK", "AttributeType": "S" }, { "AttributeName": "SK", "AttributeType": "S" }, { "AttributeName": "itemType", "AttributeType": "S" }, { "AttributeName": "blueprintId", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "DeletionProtectionEnabled": true, "GlobalSecondaryIndexes": [ { "IndexName": "itemType-blueprintId-index", "KeySchema": [ { "AttributeName": "itemType", "KeyType": "HASH" }, { "AttributeName": "blueprintId", "KeyType": "RANGE" } ], "Projection": { "ProjectionType": "ALL" } } ], "KeySchema": [ { "AttributeName": "PK", "KeyType": "HASH" }, { "AttributeName": "SK", "KeyType": "RANGE" } ], "PointInTimeRecoverySpecification": { "PointInTimeRecoveryEnabled": true }, "SSESpecification": { "KMSMasterKeyId": { "Fn::GetAtt": [ "IsbKmsKeyInnovationSandboxData8BA6C3A2", "Arn" ] }, "SSEEnabled": true, "SSEType": "KMS" }, "Tags": [ { "Key": "aws-solutions:isb-id", "Value": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } } ], "TimeToLiveSpecification": { "AttributeName": "ttl", "Enabled": true } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/BlueprintTable/Resource" } }, "DataConfiguration459A4DE7": { "Type": "AWS::SSM::Parameter", "Properties": { "Description": "The configuration of the data stack of Innovation Sandbox", "Name": { "Fn::Join": [ "", [ "InnovationSandbox_", { "Ref": "Namespace" }, "_Data_Configuration" ] ] }, "Tags": { "aws-solutions:isb-id": { "Fn::Join": [ "", [ { "Ref": "Namespace" }, "_isb" ] ] } }, "Type": "String", "Value": { "Fn::Join": [ "", [ "{\"configApplicationId\":\"", { "Ref": "ConfigApplication1A42FDD2" }, "\",\"configEnvironmentId\":\"", { "Ref": "ConfigEnvironment6C769E19" }, "\",\"globalConfigConfigurationProfileId\":\"", { "Ref": "ConfigGlobalConfigHostedConfigurationConfigurationProfileB3D05932" }, "\",\"nukeConfigConfigurationProfileId\":\"", { "Ref": "ConfigNukeConfigHostedConfigurationConfigurationProfileEC3A0164" }, "\",\"reportingConfigConfigurationProfileId\":\"", { "Ref": "ConfigReportingConfigHostedConfigurationConfigurationProfile5913A97C" }, "\",\"accountTable\":\"", { "Ref": "SandboxAccountTableEFB9C069" }, "\",\"leaseTemplateTable\":\"", { "Ref": "LeaseTemplateTable5128F8F4" }, "\",\"leaseTable\":\"", { "Ref": "LeaseTable473C6DF2" }, "\",\"blueprintTable\":\"", { "Ref": "BlueprintTableCDBC8C50" }, "\",\"tableKmsKeyId\":\"", { "Ref": "IsbKmsKeyInnovationSandboxData8BA6C3A2" }, "\",\"solutionVersion\":\"", { "Fn::FindInMap": [ "Mapping", "context", "version", { "DefaultValue": "" } ] }, "\",\"supportedSchemas\":\"[\\\"1\\\"]\"}" ] ] } }, "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/DataConfiguration/Resource" } }, "CDKMetadata": { "Type": "AWS::CDK::Metadata", "Properties": { "Analytics": "v2:deflate64:H4sIAAAAAAAA/21Q0WrDMAz8lr47XjHbB5RuMBhjpR17HUqiBjWxbCynJQT/+7A71gz6pLuTTgdntHl61OsVXKRq2r4aqNbzIULTq+2RdxDAYsSg4CLfc29Fz2845VUem4FAMikgKfC+cXykTs8b7wdqIJLjcrCgL3ym4Ngix7xa0mf0g5syPMQAEbsSdUd9dRKx3ZawMfzF/BN2wR1pwKzfOf/CIL+u2/+k2onBurbW8yfUV3MBSYnY3Ewg7m61LDtKSe1R3BiaYnsH74m7DD/G6MeYFLsW9UkezsZoY/R6dRKiKowcyaLeX+cPv24BspIBAAA=" }, "Metadata": { "aws:cdk:path": "InnovationSandbox-Data/CDKMetadata/Default" }, "Condition": "CDKMetadataAvailable" } }, "Mappings": { "Mapping": { "context": { "solutionName": "innovation-sandbox-on-aws", "solutionId": "SO0284", "version": "v1.2.9", "distOutputBucket": "solutions", "publicEcrRegistry": "public.ecr.aws/aws-solutions", "publicEcrTag": "v1.2.9", "logLevel": "INFO", "deploymentMode": "prod", "cloudWatchLogRetentionInDays": 90, "s3LogsArchiveRetentionInDays": 365, "s3LogsGlacierRetentionInDays": 2555, "apiThrottlingRateLimit": 100, "apiThrottlingBurstLimit": 200, "bucketPrefix": "innovation-sandbox-on-aws/v1.2.9/asset." } } }, "Outputs": { "ConfigApplicationId": { "Value": { "Ref": "ConfigApplication1A42FDD2" }, "Export": { "Name": "InnovationSandbox-Data-ConfigApplicationId" } }, "ConfigEnvironmentId": { "Value": { "Ref": "ConfigEnvironment6C769E19" }, "Export": { "Name": "InnovationSandbox-Data-ConfigEnvironmentId" } }, "ConfigDeploymentStrategyId": { "Value": { "Ref": "ConfigDeploymentStrategy6B5E2A35" }, "Export": { "Name": "InnovationSandbox-Data-ConfigDeploymentStrategyId" } }, "GlobalConfigConfigurationProfileId": { "Value": { "Ref": "ConfigGlobalConfigHostedConfigurationConfigurationProfileB3D05932" }, "Export": { "Name": "InnovationSandbox-Data-GlobalConfigConfigurationProfileId" } }, "NukeConfigConfigurationProfileId": { "Value": { "Ref": "ConfigNukeConfigHostedConfigurationConfigurationProfileEC3A0164" }, "Export": { "Name": "InnovationSandbox-Data-NukeConfigConfigurationProfileId" } }, "ReportingConfigConfigurationId": { "Value": { "Ref": "ConfigReportingConfigHostedConfigurationConfigurationProfile5913A97C" }, "Export": { "Name": "InnovationSandbox-Data-ReportingConfigConfigurationId" } }, "SandboxAccountTable": { "Value": { "Ref": "SandboxAccountTableEFB9C069" }, "Export": { "Name": "InnovationSandbox-Data-SandboxAccountTable" } }, "LeaseTemplateTable": { "Value": { "Ref": "LeaseTemplateTable5128F8F4" }, "Export": { "Name": "InnovationSandbox-Data-LeaseTemplateTable" } }, "LeaseTable": { "Value": { "Ref": "LeaseTable473C6DF2" }, "Export": { "Name": "InnovationSandbox-Data-LeaseTable" } } }, "Conditions": { "CDKMetadataAvailable": { "Fn::Or": [ { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "af-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-3" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-4" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-northwest-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-2" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "il-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "sa-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-1" ] } ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-2" ] } ] } } }