From 21aae1c5590682ef14db2c08edca1d22784a56cd Mon Sep 17 00:00:00 2001 From: tmokmss Date: Sun, 24 Mar 2024 22:01:19 +0900 Subject: [PATCH] feat: add integ-test, release to pypi --- .github/workflows/build.yml | 28 + .github/workflows/release.yml | 35 + .mergify.yml | 2 + .projen/deps.json | 8 +- .projen/tasks.json | 19 +- .projenrc.ts | 14 +- LICENSE | 2 +- README.md | 27 + example/index.ts | 129 +- example/stack.ts | 132 ++ lambda/index.ts | 66 +- package.json | 18 +- src/custom-resource.ts | 26 +- test/integ.resources.ts | 23 + ...efaultTestDeployAssertAA436F18.assets.json | 32 + ...aultTestDeployAssertAA436F18.template.json | 152 ++ .../OpenSearchRestResourcesStack.assets.json | 58 + ...OpenSearchRestResourcesStack.template.json | 1375 +++++++++++ test/integ.resources.ts.snapshot/cdk.out | 1 + test/integ.resources.ts.snapshot/integ.json | 13 + .../integ.resources.ts.snapshot/manifest.json | 444 ++++ test/integ.resources.ts.snapshot/tree.json | 2011 +++++++++++++++++ yarn.lock | 70 +- 23 files changed, 4479 insertions(+), 206 deletions(-) create mode 100644 example/stack.ts create mode 100644 test/integ.resources.ts create mode 100644 test/integ.resources.ts.snapshot/OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.assets.json create mode 100644 test/integ.resources.ts.snapshot/OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.template.json create mode 100644 test/integ.resources.ts.snapshot/OpenSearchRestResourcesStack.assets.json create mode 100644 test/integ.resources.ts.snapshot/OpenSearchRestResourcesStack.template.json create mode 100644 test/integ.resources.ts.snapshot/cdk.out create mode 100644 test/integ.resources.ts.snapshot/integ.json create mode 100644 test/integ.resources.ts.snapshot/manifest.json create mode 100644 test/integ.resources.ts.snapshot/tree.json diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e63d364..3d12cc5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -110,3 +110,31 @@ jobs: run: cd .repo && npx projen package:js - name: Collect js Artifact run: mv .repo/dist dist + package-python: + needs: build + runs-on: ubuntu-latest + permissions: {} + if: "! needs.build.outputs.self_mutation_happened" + steps: + - uses: actions/setup-node@v4 + with: + node-version: 18.x + - uses: actions/setup-python@v5 + with: + python-version: 3.x + - name: Download build artifacts + uses: actions/download-artifact@v4 + with: + name: build-artifact + path: dist + - name: Restore build artifact permissions + run: cd dist && setfacl --restore=permissions-backup.acl + continue-on-error: true + - name: Prepare Repository + run: mv dist .repo + - name: Install Dependencies + run: cd .repo && yarn install --check-files --frozen-lockfile + - name: Create python artifact + run: cd .repo && npx projen package:python + - name: Collect python Artifact + run: mv .repo/dist dist diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 889543e..549b84b 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -117,3 +117,38 @@ jobs: NPM_REGISTRY: registry.npmjs.org NPM_TOKEN: ${{ secrets.NPM_TOKEN }} run: npx -p publib@latest publib-npm + release_pypi: + name: Publish to PyPI + needs: release + runs-on: ubuntu-latest + permissions: + contents: read + if: needs.release.outputs.tag_exists != 'true' && needs.release.outputs.latest_commit == github.sha + steps: + - uses: actions/setup-node@v4 + with: + node-version: 18.x + - uses: actions/setup-python@v5 + with: + python-version: 3.x + - name: Download build artifacts + uses: actions/download-artifact@v4 + with: + name: build-artifact + path: dist + - name: Restore build artifact permissions + run: cd dist && setfacl --restore=permissions-backup.acl + continue-on-error: true + - name: Prepare Repository + run: mv dist .repo + - name: Install Dependencies + run: cd .repo && yarn install --check-files --frozen-lockfile + - name: Create python artifact + run: cd .repo && npx projen package:python + - name: Collect python Artifact + run: mv .repo/dist dist + - name: Release + env: + TWINE_USERNAME: ${{ secrets.TWINE_USERNAME }} + TWINE_PASSWORD: ${{ secrets.TWINE_PASSWORD }} + run: npx -p publib@latest publib-pypi diff --git a/.mergify.yml b/.mergify.yml index 154b39f..299617c 100644 --- a/.mergify.yml +++ b/.mergify.yml @@ -8,6 +8,7 @@ queue_rules: - -label~=(do-not-merge) - status-success=build - status-success=package-js + - status-success=package-python pull_request_rules: - name: Automatic merge on approval and successful build actions: @@ -24,3 +25,4 @@ pull_request_rules: - -label~=(do-not-merge) - status-success=build - status-success=package-js + - status-success=package-python diff --git a/.projen/deps.json b/.projen/deps.json index c37c462..bca77d7 100644 --- a/.projen/deps.json +++ b/.projen/deps.json @@ -2,10 +2,12 @@ "dependencies": [ { "name": "@aws-cdk/integ-runner", + "version": "^2.133.0-alpha.0", "type": "build" }, { "name": "@aws-cdk/integ-tests-alpha", + "version": "^2.133.0-alpha.0", "type": "build" }, { @@ -28,13 +30,11 @@ "type": "build" }, { - "name": "aws-cdk-lib", - "version": "^2.38.0", + "name": "aws-cdk", "type": "build" }, { - "name": "aws-cdk", - "version": "^2.38.0", + "name": "aws-cdk-lib", "type": "build" }, { diff --git a/.projen/tasks.json b/.projen/tasks.json index 9c6a6f4..acee0bf 100644 --- a/.projen/tasks.json +++ b/.projen/tasks.json @@ -168,6 +168,9 @@ "steps": [ { "spawn": "package:js" + }, + { + "spawn": "package:python" } ] }, @@ -180,6 +183,15 @@ } ] }, + "package:python": { + "name": "package:python", + "description": "Create python language bindings", + "steps": [ + { + "exec": "jsii-pacmak -v --target python" + } + ] + }, "post-compile": { "name": "post-compile", "description": "Runs after successful compilation", @@ -231,6 +243,9 @@ }, { "spawn": "eslint" + }, + { + "exec": "yarn integ-runner" } ] }, @@ -267,13 +282,13 @@ }, "steps": [ { - "exec": "npx npm-check-updates@16 --upgrade --target=minor --peer --dep=dev,peer,prod,optional --filter=@aws-cdk/integ-runner,@aws-cdk/integ-tests-alpha,@types/jest,eslint-import-resolver-typescript,eslint-plugin-import,jest,jsii-diff,jsii-docgen,jsii-pacmak,jsii-rosetta,jsii,projen,ts-jest,ts-node,typescript" + "exec": "npx npm-check-updates@16 --upgrade --target=minor --peer --dep=dev,peer,prod,optional --filter=@types/jest,aws-cdk,aws-cdk-lib,eslint-import-resolver-typescript,eslint-plugin-import,jest,jsii-diff,jsii-docgen,jsii-pacmak,jsii-rosetta,jsii,projen,ts-jest,ts-node,typescript" }, { "exec": "yarn install --check-files" }, { - "exec": "yarn upgrade @aws-cdk/integ-runner @aws-cdk/integ-tests-alpha @types/jest @types/node @typescript-eslint/eslint-plugin @typescript-eslint/parser aws-cdk-lib aws-cdk eslint-import-resolver-typescript eslint-plugin-import eslint jest jest-junit jsii-diff jsii-docgen jsii-pacmak jsii-rosetta jsii projen standard-version ts-jest ts-node typescript constructs" + "exec": "yarn upgrade @aws-cdk/integ-runner @aws-cdk/integ-tests-alpha @types/jest @types/node @typescript-eslint/eslint-plugin @typescript-eslint/parser aws-cdk aws-cdk-lib eslint-import-resolver-typescript eslint-plugin-import eslint jest jest-junit jsii-diff jsii-docgen jsii-pacmak jsii-rosetta jsii projen standard-version ts-jest ts-node typescript constructs" }, { "exec": "npx projen" diff --git a/.projenrc.ts b/.projenrc.ts index 00b279e..5ded3e8 100644 --- a/.projenrc.ts +++ b/.projenrc.ts @@ -1,8 +1,8 @@ import { awscdk } from 'projen'; const project = new awscdk.AwsCdkConstructLibrary({ - author: 'Masashi Tomooka', + author: 'tmokmss', authorAddress: 'tomookam@live.jp', - cdkVersion: '2.1.0', + cdkVersion: '2.1.0', // we don't guarantee it works in 2.1.0, but it should. defaultReleaseBranch: 'main', jsiiVersion: '~5.3.0', name: 'opensearch-rest-resources', @@ -16,10 +16,14 @@ const project = new awscdk.AwsCdkConstructLibrary({ ignorePatterns: ['example/**/*', 'lambda/**/*', 'test/assets/**/*', 'test/*.snapshot/**/*', '*.d.ts'], }, gitignore: ['*.js', '*.d.ts', '!testq/integ.*.snapshot/**/*', 'test/cdk.out'], - devDeps: ['aws-cdk@^2.38.0', 'aws-cdk-lib@^2.38.0', 'constructs@^10.0.5', '@aws-cdk/integ-runner', '@aws-cdk/integ-tests-alpha'], + devDeps: ['aws-cdk-lib', 'aws-cdk', 'constructs', '@aws-cdk/integ-runner@^2.133.0-alpha.0', '@aws-cdk/integ-tests-alpha@^2.133.0-alpha.0'], peerDependencyOptions: { pinnedDevDependency: false, }, + publishToPypi: { + distName: 'opensearch-rest-resources', + module: 'opensearch_rest_resources', + }, npmProvenance: false, }); @@ -27,6 +31,6 @@ const project = new awscdk.AwsCdkConstructLibrary({ project.projectBuild.compileTask.prependExec('yarn install --frozen-lockfile && yarn build', { cwd: 'lambda', }); -// Run integ-test -// project.projectBuild.testTask.exec('yarn integ-runner'); +// Run integ-test. This takes about 1 hour. Good luck. +project.projectBuild.testTask.exec('yarn integ-runner'); project.synth(); diff --git a/LICENSE b/LICENSE index 9f88cd6..20e20dd 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright (c) 2024 Masashi Tomooka +Copyright (c) 2024 tmokmss Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 2151458..523bf3c 100644 --- a/README.md +++ b/README.md @@ -56,3 +56,30 @@ const roleMapping = new OpenSearchRoleMapping(this, 'RoleMapping1', { }); roleMapping.node.addDependency(role); ``` + +## Limitation +Currently this library assumes your OpenSearch domain is configured as: + +* [Fine-grained access control](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html) is enabled +* Deployed within a VPC +* Use the [`Domain`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_opensearchservice.Domain.html) L2 construct +* The credential for the master user (username and password) is stored in Secret Manager +* [Domain access policy](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-recommendations) is permissive like below: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "*" + }, + "Action": "es:ESHttp*", + "Resource": "domain-arn/*" + } + ] +} +``` + +Most of the above follow the current [operational best practices](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/bp.html) of Amazon OpenSearch Service. If you want other configuration supported, please submit [an issue](https://github.com/tmokmss/opensearch-rest-resources/issues). diff --git a/example/index.ts b/example/index.ts index ec632f8..473b304 100644 --- a/example/index.ts +++ b/example/index.ts @@ -1,130 +1,5 @@ -import { Stack, StackProps, App, RemovalPolicy, Duration } from 'aws-cdk-lib'; -import { EbsDeviceVolumeType, Vpc } from 'aws-cdk-lib/aws-ec2'; -import { PolicyStatement, AnyPrincipal } from 'aws-cdk-lib/aws-iam'; -import { Domain, EngineVersion } from 'aws-cdk-lib/aws-opensearchservice'; -import { Construct } from 'constructs'; -import { OpenSearchRole } from '../src/resources/role'; -import { OpenSearchRoleMapping } from '../src/resources/role-mapping'; -import { OpenSearchUser } from '../src/resources/user'; -import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs'; -import { join } from 'path'; - -class OpenSearchTestStack extends Stack { - constructor(scope: Construct, id: string, props: StackProps = {}) { - super(scope, id, props); - - const vpc = new Vpc(this, 'Vpc', { maxAzs: 2, natGateways: 1 }); - - const targetSubnets = [vpc.privateSubnets[0]]; - - // Following the best practices: - // https://docs.aws.amazon.com/opensearch-service/latest/developerguide/bp.html - const domain = new Domain(this, 'Domain', { - version: EngineVersion.OPENSEARCH_2_11, - capacity: { - // https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html - dataNodeInstanceType: 't3.small.search', - dataNodes: targetSubnets.length, - // masterNodeInstanceType: 't3.small.search', - // masterNodes: 1, - multiAzWithStandbyEnabled: false, - }, - // zoneAwareness: { - // enabled: true, - // availabilityZoneCount: targetSubnets.length, - // }, - ebs: { - volumeSize: 30, - volumeType: EbsDeviceVolumeType.GP3, - throughput: 125, - iops: 3000, - }, - enforceHttps: true, - fineGrainedAccessControl: { - masterUserName: 'admin', - }, - nodeToNodeEncryption: true, - encryptionAtRest: { - enabled: true, - }, - vpc, - vpcSubnets: [{ subnets: targetSubnets }], - logging: { - auditLogEnabled: true, - slowSearchLogEnabled: true, - appLogEnabled: true, - slowIndexLogEnabled: true, - }, - removalPolicy: RemovalPolicy.DESTROY, - }); - - // Recommended policy when using fine-grained access control - // https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-recommendations - domain.addAccessPolicies( - new PolicyStatement({ - principals: [new AnyPrincipal()], - actions: ['es:ESHttp*'], - resources: [domain.domainArn + '/*'], - }) - ); - - const testHandler = new NodejsFunction(this, 'TestHandler', { - entry: join(__dirname, 'lambda', 'index.ts'), - depsLockFilePath: join(__dirname, 'lambda', 'package-lock.json'), - bundling: { - commandHooks: { - beforeBundling: (i, _o) => [`cd ${i} && npm install`], - afterBundling: (_i, _o) => [], - beforeInstall: (_i, _o) => [], - }, - }, - vpc, - environment: { - OPENSEARCH_HOST: domain.domainEndpoint, - }, - timeout: Duration.seconds(10), - }); - domain.connections.allowDefaultPortFrom(testHandler); - - const role = new OpenSearchRole(this, 'Role1', { - vpc, - domain, - roleName: 'Role1', - payload: { - clusterPermissions: ['indices:data/write/bulk'], - indexPermissions: [ - { - indexPatterns: ['*'], - allowedActions: ['read', 'write', 'index', 'create_index'], - }, - ], - }, - removalPolicy: RemovalPolicy.RETAIN, - }); - - const roleMapping = new OpenSearchRoleMapping(this, 'RoleMapping1', { - vpc, - domain, - roleName: 'Role1', - payload: { - backendRoles: [testHandler.role!.roleArn], - }, - }); - roleMapping.node.addDependency(role); - - new OpenSearchUser(this, 'User1', { - vpc, - domain, - userName: 'User1', - payload: { - password: '64loxy5K;5jr', - attributes: { - foo: 'bar', - }, - }, - }); - } -} +import { App } from 'aws-cdk-lib'; +import { OpenSearchTestStack } from './stack'; class TestApp extends App { constructor() { diff --git a/example/stack.ts b/example/stack.ts new file mode 100644 index 0000000..f125251 --- /dev/null +++ b/example/stack.ts @@ -0,0 +1,132 @@ +import { Stack, StackProps, RemovalPolicy, Duration } from 'aws-cdk-lib'; +import { EbsDeviceVolumeType, Vpc } from 'aws-cdk-lib/aws-ec2'; +import { PolicyStatement, AnyPrincipal } from 'aws-cdk-lib/aws-iam'; +import { Domain, EngineVersion } from 'aws-cdk-lib/aws-opensearchservice'; +import { Construct } from 'constructs'; +import { OpenSearchRole } from '../src/resources/role'; +import { OpenSearchRoleMapping } from '../src/resources/role-mapping'; +import { OpenSearchUser } from '../src/resources/user'; +import { NodejsFunction } from 'aws-cdk-lib/aws-lambda-nodejs'; +import { join } from 'path'; +import { IFunction } from 'aws-cdk-lib/aws-lambda'; + +export class OpenSearchTestStack extends Stack { + public readonly testHandler: IFunction; + + constructor(scope: Construct, id: string, props: StackProps = {}) { + super(scope, id, props); + + const vpc = new Vpc(this, 'Vpc', { maxAzs: 2, natGateways: 1 }); + + const targetSubnets = [vpc.privateSubnets[0]]; + + // Following the best practices: + // https://docs.aws.amazon.com/opensearch-service/latest/developerguide/bp.html + const domain = new Domain(this, 'Domain', { + version: EngineVersion.OPENSEARCH_2_11, + capacity: { + // https://docs.aws.amazon.com/opensearch-service/latest/developerguide/supported-instance-types.html + dataNodeInstanceType: 't3.small.search', + dataNodes: targetSubnets.length, + // masterNodeInstanceType: 't3.small.search', + // masterNodes: 1, + multiAzWithStandbyEnabled: false, + }, + // zoneAwareness: { + // enabled: true, + // availabilityZoneCount: targetSubnets.length, + // }, + ebs: { + volumeSize: 30, + volumeType: EbsDeviceVolumeType.GP3, + throughput: 125, + iops: 3000, + }, + enforceHttps: true, + fineGrainedAccessControl: { + masterUserName: 'admin', + }, + nodeToNodeEncryption: true, + encryptionAtRest: { + enabled: true, + }, + vpc, + vpcSubnets: [{ subnets: targetSubnets }], + logging: { + auditLogEnabled: true, + slowSearchLogEnabled: true, + appLogEnabled: true, + slowIndexLogEnabled: true, + }, + removalPolicy: RemovalPolicy.DESTROY, + }); + + // Recommended policy when using fine-grained access control + // https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-recommendations + domain.addAccessPolicies( + new PolicyStatement({ + principals: [new AnyPrincipal()], + actions: ['es:ESHttp*'], + resources: [domain.domainArn + '/*'], + }) + ); + + const testHandler = new NodejsFunction(this, 'TestHandler', { + entry: join(__dirname, 'lambda', 'index.ts'), + depsLockFilePath: join(__dirname, 'lambda', 'package-lock.json'), + bundling: { + commandHooks: { + beforeBundling: (i, _o) => [`cd ${i} && npm install`], + afterBundling: (_i, _o) => [], + beforeInstall: (_i, _o) => [], + }, + }, + vpc, + environment: { + OPENSEARCH_HOST: domain.domainEndpoint, + }, + timeout: Duration.seconds(10), + }); + domain.connections.allowDefaultPortFrom(testHandler); + this.testHandler = testHandler; + + // Never remove all of them! VPC Lambda requires 20 minutes to delete itself. + const role = new OpenSearchRole(this, 'Role1', { + vpc, + domain, + roleName: 'Role1', + payload: { + clusterPermissions: ['indices:data/write/bulk'], + indexPermissions: [ + { + indexPatterns: ['*'], + allowedActions: ['read', 'write', 'index', 'create_index'], + }, + ], + }, + removalPolicy: RemovalPolicy.RETAIN, + }); + + const roleMapping = new OpenSearchRoleMapping(this, 'RoleMapping1', { + vpc, + domain, + roleName: 'Role1', + payload: { + backendRoles: [testHandler.role!.roleArn], + }, + }); + roleMapping.node.addDependency(role); + + new OpenSearchUser(this, 'User1', { + vpc, + domain, + userName: 'User1', + payload: { + password: '64loxy5K;5jr', + attributes: { + foo: 'bar', + }, + }, + }); + } +} diff --git a/lambda/index.ts b/lambda/index.ts index 5ba3c72..d0f55c1 100644 --- a/lambda/index.ts +++ b/lambda/index.ts @@ -1,9 +1,44 @@ import { GetSecretValueCommand, SecretsManager } from '@aws-sdk/client-secrets-manager'; import type { CloudFormationCustomResourceEvent, CloudFormationCustomResourceHandler, Context } from 'aws-lambda'; import type { ResourceProperties } from '../src/types'; +import { setTimeout } from 'timers/promises'; const sm = new SecretsManager({}); +const fetchWithRetry = async ( + url: string, + method: string, + headers: Headers, + body: string | undefined, + successStatus: string[], + count = 0 +): Promise => { + const res = await fetch(url, { + method, + headers, + body, + }); + if (res.status == 403) { + // There is sometimes some delay before domain access policy takes effect, + // especially when we call API right after a domain is provisioned. + // It seems it usually takes about 15 seconds, so we will retry a few times. + if (count > 5) { + throw new Error(`Request failed: ${res.status} ${await res.text()}`); + } + console.log(`Retrying... ${res.status} ${await res.text()}`); + await setTimeout(Math.min(count ** 2 * 1000, 30000)); + return await fetchWithRetry(url, method, headers, body, successStatus, count + 1); + } + if (!res.ok) { + throw new Error(`Request failed: ${res.status} ${await res.text()}`); + } + const json = await res.json(); + console.log(json); + if (!successStatus.includes(json.status)) { + throw new Error(JSON.stringify(json)); + } +}; + export const handler: CloudFormationCustomResourceHandler = async (event, context) => { console.log(JSON.stringify(event)); @@ -26,38 +61,11 @@ export const handler: CloudFormationCustomResourceHandler = async (event, contex case 'Create': case 'Update': { console.log(props.payloadJson); - const res = await fetch(`${baseUrl}/${props.restEndpoint}`, { - method: 'PUT', - headers, - body: props.payloadJson, - }); - if (!res.ok) { - throw new Error(`Request failed: ${res.status} ${await res.text()}`); - } - const json = await res.json(); - console.log(json); - if (!['OK', 'CREATED'].includes(json.status)) { - throw new Error(JSON.stringify(json)); - } + await fetchWithRetry(`${baseUrl}/${props.restEndpoint}`, 'PUT', headers, props.payloadJson, ['OK', 'CREATED']); break; } case 'Delete': { - const res = await fetch(`${baseUrl}/${props.restEndpoint}`, { - method: 'DELETE', - headers, - }); - if (!res.ok) { - throw new Error(`Request failed: ${res.status} ${await res.text()}`); - } - const json = await res.json(); - console.log(json); - if (json.status == 'NOT_FOUND') { - console.log('Seems the resource has already been removed.'); - break; - } - if (!['OK'].includes(json.status)) { - throw new Error(JSON.stringify(json)); - } + await fetchWithRetry(`${baseUrl}/${props.restEndpoint}`, 'DELETE', headers, undefined, ['OK', 'NOT_FOUND']); break; } } diff --git a/package.json b/package.json index 6a24930..f81e215 100644 --- a/package.json +++ b/package.json @@ -18,6 +18,7 @@ "package": "npx projen package", "package-all": "npx projen package-all", "package:js": "npx projen package:js", + "package:python": "npx projen package:python", "post-compile": "npx projen post-compile", "post-upgrade": "npx projen post-upgrade", "pre-compile": "npx projen pre-compile", @@ -30,19 +31,19 @@ "projen": "npx projen" }, "author": { - "name": "Masashi Tomooka", + "name": "tmokmss", "email": "tomookam@live.jp", "organization": false }, "devDependencies": { - "@aws-cdk/integ-runner": "^2.72.1", + "@aws-cdk/integ-runner": "^2.133.0-alpha.0", "@aws-cdk/integ-tests-alpha": "^2.133.0-alpha.0", "@types/jest": "^29.5.12", "@types/node": "^18", "@typescript-eslint/eslint-plugin": "^6", "@typescript-eslint/parser": "^6", - "aws-cdk": "^2.38.0", - "aws-cdk-lib": "^2.38.0", + "aws-cdk": "^2.133.0", + "aws-cdk-lib": "^2.133.0", "eslint": "^8", "eslint-import-resolver-typescript": "^3.6.1", "eslint-plugin-import": "^2.29.1", @@ -50,7 +51,7 @@ "jest-junit": "^15", "jsii": "~5.3.0", "jsii-diff": "^1.96.0", - "jsii-docgen": "^10.3.24", + "jsii-docgen": "^10.3.25", "jsii-pacmak": "^1.96.0", "jsii-rosetta": "~5.3.0", "projen": "^0.80.12", @@ -118,7 +119,12 @@ "stability": "stable", "jsii": { "outdir": "dist", - "targets": {}, + "targets": { + "python": { + "distName": "opensearch-rest-resources", + "module": "opensearch_rest_resources" + } + }, "tsc": { "outDir": "lib", "rootDir": "src" diff --git a/src/custom-resource.ts b/src/custom-resource.ts index 36104b6..9bbdc9e 100644 --- a/src/custom-resource.ts +++ b/src/custom-resource.ts @@ -1,6 +1,6 @@ import { readFileSync } from 'fs'; import { join } from 'path'; -import { Duration, CustomResource, RemovalPolicy } from 'aws-cdk-lib'; +import { Duration, CustomResource, RemovalPolicy, Stack } from 'aws-cdk-lib'; import { IVpc } from 'aws-cdk-lib/aws-ec2'; import { SingletonFunction, Runtime, RuntimeFamily, Code } from 'aws-cdk-lib/aws-lambda'; import { Domain } from 'aws-cdk-lib/aws-opensearchservice'; @@ -53,7 +53,7 @@ export class OpenSearchCustomResource extends Construct { // We need to create a singleton per VPC uuid: `d4706ae7-e0a2-4092-a205-7e2d4fb887d4-${vpc.node.addr}`, lambdaPurpose: 'OpenSearchRestCustomResourceHandler', - timeout: Duration.minutes(1), + timeout: Duration.minutes(3), vpc, }); @@ -63,9 +63,8 @@ export class OpenSearchCustomResource extends Construct { const masterUserSecret = domain.node.tryFindChild('MasterUser'); if (!(masterUserSecret instanceof Secret)) { - throw new Error(`Cannot find a master user secret for domain ${domain.domainId}!`); + throw new Error(`Cannot find a master user secret for domain ${domain.domainId}`); } - masterUserSecret.grantRead(handler); const properties: ResourceProperties = { @@ -75,11 +74,28 @@ export class OpenSearchCustomResource extends Construct { masterUserSecretArn: masterUserSecret.secretArn, }; - new CustomResource(this, 'Resource', { + const resource = new CustomResource(this, 'Resource', { serviceToken: handler.functionArn, resourceType: 'Custom::OpenSearchCustomResource', properties, removalPolicy: props.removalPolicy ?? RemovalPolicy.DESTROY, }); + + // Access policy is required for master user to call OpenSearch APIs. + const domainAccessPolicy = domain.node.tryFindChild('AccessPolicy')?.node.defaultChild; + if (domainAccessPolicy == null) { + throw new Error(`Cannot find an access policy for domain ${domain.domainId}`); + } + if (Stack.of(domainAccessPolicy) == Stack.of(resource)) { + resource.node.addDependency(domainAccessPolicy); + } + + const domainSecurityGroup = domain.node.tryFindChild('SecurityGroup'); + if (domainSecurityGroup == null) { + throw new Error(`Cannot find a security group for domain ${domain.domainId}`); + } + if (Stack.of(domainSecurityGroup) == Stack.of(resource)) { + resource.node.addDependency(domainSecurityGroup); + } } } diff --git a/test/integ.resources.ts b/test/integ.resources.ts new file mode 100644 index 0000000..c92188c --- /dev/null +++ b/test/integ.resources.ts @@ -0,0 +1,23 @@ +import { ExpectedResult, IntegTest } from '@aws-cdk/integ-tests-alpha'; +import { App } from 'aws-cdk-lib'; +import { OpenSearchTestStack } from '../example/stack'; + +const app = new App(); + +const stack = new OpenSearchTestStack(app, 'OpenSearchRestResourcesStack'); + +const integ = new IntegTest(app, 'OpenSearchRestResourcesIntegTest', { + testCases: [stack], + diffAssets: true, +}); + +const assertion = integ.assertions.awsApiCall('Lambda', 'Invoke', { + FunctionName: stack.testHandler.functionName, +}); +// https://docs.aws.amazon.com/lambda/latest/api/API_Invoke.html#API_Invoke_ResponseElements +assertion.expect(ExpectedResult.objectLike({ StatusCode: 200 })); +assertion.provider.addToRolePolicy({ + Effect: 'Allow', + Action: ['lambda:InvokeFunction'], + Resource: [stack.testHandler.functionArn], +}); diff --git a/test/integ.resources.ts.snapshot/OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.assets.json b/test/integ.resources.ts.snapshot/OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.assets.json new file mode 100644 index 0000000..0f79b6f --- /dev/null +++ b/test/integ.resources.ts.snapshot/OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.assets.json @@ -0,0 +1,32 @@ +{ + "version": "36.0.0", + "files": { + "45f61bab328e8191a44031ca867c949870035c7adaf4c2418c1a451b2d0c1589": { + "source": { + "path": "asset.45f61bab328e8191a44031ca867c949870035c7adaf4c2418c1a451b2d0c1589.bundle", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "45f61bab328e8191a44031ca867c949870035c7adaf4c2418c1a451b2d0c1589.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "f9ef10371a5dae742e435ad5a965e65037d096741a9f6a0926b2bd3f0554bfbf": { + "source": { + "path": "OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "f9ef10371a5dae742e435ad5a965e65037d096741a9f6a0926b2bd3f0554bfbf.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/test/integ.resources.ts.snapshot/OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.template.json b/test/integ.resources.ts.snapshot/OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.template.json new file mode 100644 index 0000000..a50aecb --- /dev/null +++ b/test/integ.resources.ts.snapshot/OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.template.json @@ -0,0 +1,152 @@ +{ + "Resources": { + "AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680": { + "Type": "Custom::DeployAssert@SdkCallLambdaInvoke", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F", + "Arn" + ] + }, + "service": "Lambda", + "api": "Invoke", + "expected": "{\"$ObjectLike\":{\"StatusCode\":200}}", + "parameters": { + "FunctionName": { + "Fn::Join": [ + "", + [ + "\"", + { + "Fn::ImportValue": "OpenSearchRestResourcesStack:ExportsOutputRefTestHandler3EEC63921B5ED14E" + }, + "\"" + ] + ] + } + }, + "flattenResponse": "false", + "salt": "1711282564981" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "lambda:Invoke" + ], + "Effect": "Allow", + "Resource": [ + "*" + ] + }, + { + "Effect": "Allow", + "Action": [ + "lambda:InvokeFunction" + ], + "Resource": [ + { + "Fn::ImportValue": "OpenSearchRestResourcesStack:ExportsOutputFnGetAttTestHandler3EEC6392Arn42B9A49B" + } + ] + } + ] + } + } + ] + } + }, + "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Runtime": "nodejs18.x", + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "45f61bab328e8191a44031ca867c949870035c7adaf4c2418c1a451b2d0c1589.zip" + }, + "Timeout": 120, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73", + "Arn" + ] + } + } + } + }, + "Outputs": { + "AssertionResultsAwsApiCallLambdaInvokee049850589ce011a8daad895dd924680": { + "Value": { + "Fn::GetAtt": [ + "AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680", + "assertion" + ] + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/test/integ.resources.ts.snapshot/OpenSearchRestResourcesStack.assets.json b/test/integ.resources.ts.snapshot/OpenSearchRestResourcesStack.assets.json new file mode 100644 index 0000000..dd73cd4 --- /dev/null +++ b/test/integ.resources.ts.snapshot/OpenSearchRestResourcesStack.assets.json @@ -0,0 +1,58 @@ +{ + "version": "36.0.0", + "files": { + "ee7de53d64cc9d6248fa6aa550f92358f6c907b5efd6f3298aeab1b5e7ea358a": { + "source": { + "path": "asset.ee7de53d64cc9d6248fa6aa550f92358f6c907b5efd6f3298aeab1b5e7ea358a", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "ee7de53d64cc9d6248fa6aa550f92358f6c907b5efd6f3298aeab1b5e7ea358a.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "cb92a348b5b60bcbbe3888108f15e75877121eb402b4a74526927300fcc54975": { + "source": { + "path": "asset.cb92a348b5b60bcbbe3888108f15e75877121eb402b4a74526927300fcc54975", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "cb92a348b5b60bcbbe3888108f15e75877121eb402b4a74526927300fcc54975.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "5417a6b05ef745939d8fd2d8866925b0582e5a0db0b9414c4265751484b766af": { + "source": { + "path": "asset.5417a6b05ef745939d8fd2d8866925b0582e5a0db0b9414c4265751484b766af", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "5417a6b05ef745939d8fd2d8866925b0582e5a0db0b9414c4265751484b766af.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "ba0b79304e5acc3b04a3922a50b114146806988393b7866a30977ff533a2c3ee": { + "source": { + "path": "OpenSearchRestResourcesStack.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "ba0b79304e5acc3b04a3922a50b114146806988393b7866a30977ff533a2c3ee.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/test/integ.resources.ts.snapshot/OpenSearchRestResourcesStack.template.json b/test/integ.resources.ts.snapshot/OpenSearchRestResourcesStack.template.json new file mode 100644 index 0000000..48b1b40 --- /dev/null +++ b/test/integ.resources.ts.snapshot/OpenSearchRestResourcesStack.template.json @@ -0,0 +1,1375 @@ +{ + "Resources": { + "Vpc8378EB38": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc" + } + ] + } + }, + "VpcPublicSubnet1Subnet5C2D37C4": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.0.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTable6C95E38E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet1RouteTableAssociation97140677": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "VpcPublicSubnet1DefaultRoute3DA9E72A": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPublicSubnet1EIPD7E02669": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1" + } + ] + } + }, + "VpcPublicSubnet1NATGateway4D7517AA": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "AllocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "SubnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VpcPublicSubnet1DefaultRoute3DA9E72A", + "VpcPublicSubnet1RouteTableAssociation97140677" + ] + }, + "VpcPublicSubnet2Subnet691E08A3": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.64.0/18", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTable94F7E489": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPublicSubnet2RouteTableAssociationDD5762D8": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "SubnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "VpcPublicSubnet2DefaultRoute97F91067": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "RouteTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + }, + "DependsOn": [ + "VpcVPCGWBF912B6E" + ] + }, + "VpcPrivateSubnet1Subnet536B997A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.128.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableB2C5B500": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet1RouteTableAssociation70C59FA6": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "VpcPrivateSubnet1DefaultRouteBE02A9ED": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "VpcPrivateSubnet2Subnet3788AAA1": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "CidrBlock": "10.0.192.0/18", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableA678073B": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet2" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcPrivateSubnet2RouteTableAssociationA89CAD56": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "SubnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "VpcPrivateSubnet2DefaultRoute060D2087": { + "Type": "AWS::EC2::Route", + "Properties": { + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "RouteTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "VpcIGWD7BA715C": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "OpenSearchRestResourcesStack/Vpc" + } + ] + } + }, + "VpcVPCGWBF912B6E": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "InternetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE": { + "Type": "Custom::VpcRestrictDefaultSG", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E", + "Arn" + ] + }, + "DefaultSecurityGroupId": { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + }, + "Account": { + "Ref": "AWS::AccountId" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ] + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + } + ], + "Policies": [ + { + "PolicyName": "Inline", + "PolicyDocument": { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:AuthorizeSecurityGroupIngress", + "ec2:AuthorizeSecurityGroupEgress", + "ec2:RevokeSecurityGroupIngress", + "ec2:RevokeSecurityGroupEgress" + ], + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":ec2:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":security-group/", + { + "Fn::GetAtt": [ + "Vpc8378EB38", + "DefaultSecurityGroup" + ] + } + ] + ] + } + ] + } + ] + } + } + ] + } + }, + "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "ee7de53d64cc9d6248fa6aa550f92358f6c907b5efd6f3298aeab1b5e7ea358a.zip" + }, + "Timeout": 900, + "MemorySize": 128, + "Handler": "__entrypoint__.handler", + "Role": { + "Fn::GetAtt": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Description": "Lambda function for removing all inbound/outbound rules from the VPC default security group" + }, + "DependsOn": [ + "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + ] + }, + "DomainSecurityGroup48AA5FD6": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Security group for domain Domain", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "DomainSecurityGroupfromOpenSearchRestResourcesStackTestHandlerSecurityGroup4A27F912443FFE31955": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "from OpenSearchRestResourcesStackTestHandlerSecurityGroup4A27F912:443", + "FromPort": 443, + "GroupId": { + "Fn::GetAtt": [ + "DomainSecurityGroup48AA5FD6", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "TestHandlerSecurityGroupF4A19ECA", + "GroupId" + ] + }, + "ToPort": 443 + } + }, + "DomainSecurityGroupfromOpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup19DF8FA44434740CD7E": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "Description": "from OpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup19DF8FA4:443", + "FromPort": 443, + "GroupId": { + "Fn::GetAtt": [ + "DomainSecurityGroup48AA5FD6", + "GroupId" + ] + }, + "IpProtocol": "tcp", + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup61AA8C59", + "GroupId" + ] + }, + "ToPort": 443 + } + }, + "DomainMasterUserBFAFA7D9": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "GenerateSecretString": { + "ExcludeCharacters": "{}'\\*[]()`", + "GenerateStringKey": "password", + "SecretStringTemplate": "{\"username\":\"admin\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "DomainSlowSearchLogs5B35A97A": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "DomainSlowIndexLogsFE2F1061": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "DomainAppLogs21698C1B": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "DomainAuditLogs608E0FA6": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "DomainESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe58909497": { + "Type": "Custom::CloudwatchLogResourcePolicy", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "AWS679f53fac002430cb0da5b7982bd22872D164C4C", + "Arn" + ] + }, + "Create": { + "Fn::Join": [ + "", + [ + "{\"service\":\"CloudWatchLogs\",\"action\":\"putResourcePolicy\",\"parameters\":{\"policyName\":\"ESLogPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe\",\"policyDocument\":\"{\\\"Statement\\\":[{\\\"Action\\\":[\\\"logs:PutLogEvents\\\",\\\"logs:CreateLogStream\\\"],\\\"Effect\\\":\\\"Allow\\\",\\\"Principal\\\":{\\\"Service\\\":\\\"es.amazonaws.com\\\"},\\\"Resource\\\":[\\\"", + { + "Fn::GetAtt": [ + "DomainSlowSearchLogs5B35A97A", + "Arn" + ] + }, + "\\\",\\\"", + { + "Fn::GetAtt": [ + "DomainSlowIndexLogsFE2F1061", + "Arn" + ] + }, + "\\\",\\\"", + { + "Fn::GetAtt": [ + "DomainAppLogs21698C1B", + "Arn" + ] + }, + "\\\",\\\"", + { + "Fn::GetAtt": [ + "DomainAuditLogs608E0FA6", + "Arn" + ] + }, + "\\\"]}],\\\"Version\\\":\\\"2012-10-17\\\"}\"},\"physicalResourceId\":{\"id\":\"ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe\"}}" + ] + ] + }, + "Update": { + "Fn::Join": [ + "", + [ + "{\"service\":\"CloudWatchLogs\",\"action\":\"putResourcePolicy\",\"parameters\":{\"policyName\":\"ESLogPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe\",\"policyDocument\":\"{\\\"Statement\\\":[{\\\"Action\\\":[\\\"logs:PutLogEvents\\\",\\\"logs:CreateLogStream\\\"],\\\"Effect\\\":\\\"Allow\\\",\\\"Principal\\\":{\\\"Service\\\":\\\"es.amazonaws.com\\\"},\\\"Resource\\\":[\\\"", + { + "Fn::GetAtt": [ + "DomainSlowSearchLogs5B35A97A", + "Arn" + ] + }, + "\\\",\\\"", + { + "Fn::GetAtt": [ + "DomainSlowIndexLogsFE2F1061", + "Arn" + ] + }, + "\\\",\\\"", + { + "Fn::GetAtt": [ + "DomainAppLogs21698C1B", + "Arn" + ] + }, + "\\\",\\\"", + { + "Fn::GetAtt": [ + "DomainAuditLogs608E0FA6", + "Arn" + ] + }, + "\\\"]}],\\\"Version\\\":\\\"2012-10-17\\\"}\"},\"physicalResourceId\":{\"id\":\"ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe\"}}" + ] + ] + }, + "Delete": "{\"service\":\"CloudWatchLogs\",\"action\":\"deleteResourcePolicy\",\"parameters\":{\"policyName\":\"ESLogPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe\"},\"ignoreErrorCodesMatching\":\"ResourceNotFoundException\"}", + "InstallLatestAwsSdk": "false" + }, + "DependsOn": [ + "DomainESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162feCustomResourcePolicy2F7224F2" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "DomainESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162feCustomResourcePolicy2F7224F2": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:DeleteResourcePolicy", + "logs:PutResourcePolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "DomainESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162feCustomResourcePolicy2F7224F2", + "Roles": [ + { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2" + } + ] + } + }, + "Domain66AC69E0": { + "Type": "AWS::OpenSearchService::Domain", + "Properties": { + "AdvancedSecurityOptions": { + "Enabled": true, + "InternalUserDatabaseEnabled": true, + "MasterUserOptions": { + "MasterUserName": "admin", + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "DomainMasterUserBFAFA7D9" + }, + ":SecretString:password::}}" + ] + ] + } + } + }, + "ClusterConfig": { + "DedicatedMasterEnabled": false, + "InstanceCount": 1, + "InstanceType": "t3.small.search", + "MultiAZWithStandbyEnabled": false, + "ZoneAwarenessEnabled": false + }, + "DomainEndpointOptions": { + "EnforceHTTPS": true, + "TLSSecurityPolicy": "Policy-Min-TLS-1-0-2019-07" + }, + "EBSOptions": { + "EBSEnabled": true, + "Iops": 3000, + "Throughput": 125, + "VolumeSize": 30, + "VolumeType": "gp3" + }, + "EncryptionAtRestOptions": { + "Enabled": true + }, + "EngineVersion": "OpenSearch_2.11", + "LogPublishingOptions": { + "ES_APPLICATION_LOGS": { + "CloudWatchLogsLogGroupArn": { + "Fn::GetAtt": [ + "DomainAppLogs21698C1B", + "Arn" + ] + }, + "Enabled": true + }, + "SEARCH_SLOW_LOGS": { + "CloudWatchLogsLogGroupArn": { + "Fn::GetAtt": [ + "DomainSlowSearchLogs5B35A97A", + "Arn" + ] + }, + "Enabled": true + }, + "INDEX_SLOW_LOGS": { + "CloudWatchLogsLogGroupArn": { + "Fn::GetAtt": [ + "DomainSlowIndexLogsFE2F1061", + "Arn" + ] + }, + "Enabled": true + }, + "AUDIT_LOGS": { + "CloudWatchLogsLogGroupArn": { + "Fn::GetAtt": [ + "DomainAuditLogs608E0FA6", + "Arn" + ] + }, + "Enabled": true + } + }, + "NodeToNodeEncryptionOptions": { + "Enabled": true + }, + "VPCOptions": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "DomainSecurityGroup48AA5FD6", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + ] + } + }, + "DependsOn": [ + "DomainESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162feCustomResourcePolicy2F7224F2", + "DomainESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe58909497" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "DomainAccessPolicyEE735B04": { + "Type": "Custom::OpenSearchAccessPolicy", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "AWS679f53fac002430cb0da5b7982bd22872D164C4C", + "Arn" + ] + }, + "Create": { + "Fn::Join": [ + "", + [ + "{\"action\":\"updateDomainConfig\",\"service\":\"OpenSearch\",\"parameters\":{\"DomainName\":\"", + { + "Ref": "Domain66AC69E0" + }, + "\",\"AccessPolicies\":\"{\\\"Statement\\\":[{\\\"Action\\\":\\\"es:ESHttp*\\\",\\\"Effect\\\":\\\"Allow\\\",\\\"Principal\\\":{\\\"AWS\\\":\\\"*\\\"},\\\"Resource\\\":\\\"", + { + "Fn::GetAtt": [ + "Domain66AC69E0", + "Arn" + ] + }, + "/*\\\"}],\\\"Version\\\":\\\"2012-10-17\\\"}\"},\"outputPaths\":[\"DomainConfig.AccessPolicies\"],\"physicalResourceId\":{\"id\":\"", + { + "Ref": "Domain66AC69E0" + }, + "AccessPolicy\"}}" + ] + ] + }, + "Update": { + "Fn::Join": [ + "", + [ + "{\"action\":\"updateDomainConfig\",\"service\":\"OpenSearch\",\"parameters\":{\"DomainName\":\"", + { + "Ref": "Domain66AC69E0" + }, + "\",\"AccessPolicies\":\"{\\\"Statement\\\":[{\\\"Action\\\":\\\"es:ESHttp*\\\",\\\"Effect\\\":\\\"Allow\\\",\\\"Principal\\\":{\\\"AWS\\\":\\\"*\\\"},\\\"Resource\\\":\\\"", + { + "Fn::GetAtt": [ + "Domain66AC69E0", + "Arn" + ] + }, + "/*\\\"}],\\\"Version\\\":\\\"2012-10-17\\\"}\"},\"outputPaths\":[\"DomainConfig.AccessPolicies\"],\"physicalResourceId\":{\"id\":\"", + { + "Ref": "Domain66AC69E0" + }, + "AccessPolicy\"}}" + ] + ] + }, + "InstallLatestAwsSdk": false + }, + "DependsOn": [ + "DomainAccessPolicyCustomResourcePolicyE61F1845" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "DomainAccessPolicyCustomResourcePolicyE61F1845": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "es:UpdateDomainConfig", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Domain66AC69E0", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "DomainAccessPolicyCustomResourcePolicyE61F1845", + "Roles": [ + { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2" + } + ] + } + }, + "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "AWS679f53fac002430cb0da5b7982bd22872D164C4C": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "cb92a348b5b60bcbbe3888108f15e75877121eb402b4a74526927300fcc54975.zip" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Timeout": 120 + }, + "DependsOn": [ + "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2" + ] + }, + "TestHandlerServiceRole954A02F5": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + }, + "DependsOn": [ + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "TestHandlerSecurityGroupF4A19ECA": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Automatic security group for Lambda Function OpenSearchRestResourcesStackTestHandler018C7E9E", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "DependsOn": [ + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "TestHandler3EEC6392": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "5417a6b05ef745939d8fd2d8866925b0582e5a0db0b9414c4265751484b766af.zip" + }, + "Environment": { + "Variables": { + "OPENSEARCH_HOST": { + "Fn::GetAtt": [ + "Domain66AC69E0", + "DomainEndpoint" + ] + }, + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "TestHandlerServiceRole954A02F5", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Timeout": 10, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "TestHandlerSecurityGroupF4A19ECA", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + } + }, + "DependsOn": [ + "TestHandlerServiceRole954A02F5", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "Role19E695EAB": { + "Type": "Custom::OpenSearchCustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f9460E7A2E7", + "Arn" + ] + }, + "opensearchHost": { + "Fn::GetAtt": [ + "Domain66AC69E0", + "DomainEndpoint" + ] + }, + "restEndpoint": "_plugins/_security/api/roles/Role1", + "payloadJson": "{\"cluster_permissions\":[\"indices:data/write/bulk\"],\"index_permissions\":[{\"index_patterns\":[\"*\"],\"allowed_actions\":[\"read\",\"write\",\"index\",\"create_index\"]}]}", + "masterUserSecretArn": { + "Ref": "DomainMasterUserBFAFA7D9" + } + }, + "DependsOn": [ + "DomainAccessPolicyEE735B04", + "DomainSecurityGroupfromOpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup19DF8FA44434740CD7E", + "DomainSecurityGroupfromOpenSearchRestResourcesStackTestHandlerSecurityGroup4A27F912443FFE31955", + "DomainSecurityGroup48AA5FD6" + ], + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleD6AC8912": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + }, + "DependsOn": [ + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleDefaultPolicy216C71AF": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "DomainMasterUserBFAFA7D9" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "tCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleDefaultPolicy216C71AF", + "Roles": [ + { + "Ref": "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleD6AC8912" + } + ] + }, + "DependsOn": [ + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup61AA8C59": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Automatic security group for Lambda Function OpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f945911071F", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Ref": "Vpc8378EB38" + } + }, + "DependsOn": [ + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f9460E7A2E7": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "ZipFile": "\"use strict\";var u=Object.defineProperty;var g=Object.getOwnPropertyDescriptor;var S=Object.getOwnPropertyNames;var f=Object.prototype.hasOwnProperty;var h=(o,e)=>{for(var a in e)u(o,a,{get:e[a],enumerable:!0})},R=(o,e,a,n)=>{if(e&&typeof e==\"object\"||typeof e==\"function\")for(let t of S(e))!f.call(o,t)&&t!==a&&u(o,t,{get:()=>e[t],enumerable:!(n=g(e,t))||n.enumerable});return o};var C=o=>R(u({},\"__esModule\",{value:!0}),o);var $={};h($,{handler:()=>E});module.exports=C($);var d=require(\"@aws-sdk/client-secrets-manager\"),w=require(\"timers/promises\"),y=new d.SecretsManager({}),l=async(o,e,a,n,t,r=0)=>{let s=await fetch(o,{method:e,headers:a,body:n});if(s.status==403){if(r>5)throw new Error(`Request failed: ${s.status} ${await s.text()}`);return console.log(`Retrying... ${s.status} ${await s.text()}`),await(0,w.setTimeout)(Math.min(r**2*1e3,3e4)),await l(o,e,a,n,t,r+1)}if(!s.ok)throw new Error(`Request failed: ${s.status} ${await s.text()}`);let i=await s.json();if(console.log(i),!t.includes(i.status))throw new Error(JSON.stringify(i))},E=async(o,e)=>{console.log(JSON.stringify(o));let{ServiceToken:a,...n}=o.ResourceProperties,t=n;try{let r=await y.send(new d.GetSecretValueCommand({SecretId:t.masterUserSecretArn})),{username:s,password:i}=JSON.parse(r.SecretString),p=`https://${t.opensearchHost}`,c=new Headers;switch(c.append(\"Authorization\",\"Basic \"+Buffer.from(s+\":\"+i).toString(\"base64\")),c.append(\"Content-type\",\"application/json\"),o.RequestType){case\"Create\":case\"Update\":{console.log(t.payloadJson),await l(`${p}/${t.restEndpoint}`,\"PUT\",c,t.payloadJson,[\"OK\",\"CREATED\"]);break}case\"Delete\":{await l(`${p}/${t.restEndpoint}`,\"DELETE\",c,void 0,[\"OK\",\"NOT_FOUND\"]);break}}await m(\"SUCCESS\",o,e,t)}catch(r){console.log(r),await m(\"FAILED\",o,e,t,r.message)}},m=async(o,e,a,n,t)=>{let r=JSON.stringify({Status:o,Reason:(t??\"\")+\" See the details in CloudWatch Log Stream: \"+a.logStreamName,PhysicalResourceId:n.restEndpoint,StackId:e.StackId,RequestId:e.RequestId,LogicalResourceId:e.LogicalResourceId,NoEcho:!1,Data:{}});await(await fetch(e.ResponseURL,{method:\"PUT\",body:r,headers:{\"Content-Type\":\"\",\"Content-Length\":r.length.toString()}})).text()};0&&(module.exports={handler});\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleD6AC8912", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Timeout": 180, + "VpcConfig": { + "SecurityGroupIds": [ + { + "Fn::GetAtt": [ + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup61AA8C59", + "GroupId" + ] + } + ], + "SubnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ] + } + }, + "DependsOn": [ + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleDefaultPolicy216C71AF", + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleD6AC8912", + "VpcPrivateSubnet1DefaultRouteBE02A9ED", + "VpcPrivateSubnet1RouteTableAssociation70C59FA6", + "VpcPrivateSubnet2DefaultRoute060D2087", + "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + ] + }, + "RoleMapping19E8BDED7": { + "Type": "Custom::OpenSearchCustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f9460E7A2E7", + "Arn" + ] + }, + "opensearchHost": { + "Fn::GetAtt": [ + "Domain66AC69E0", + "DomainEndpoint" + ] + }, + "restEndpoint": "_plugins/_security/api/rolesmapping/Role1", + "payloadJson": { + "Fn::Join": [ + "", + [ + "{\"backend_roles\":[\"", + { + "Fn::GetAtt": [ + "TestHandlerServiceRole954A02F5", + "Arn" + ] + }, + "\"]}" + ] + ] + }, + "masterUserSecretArn": { + "Ref": "DomainMasterUserBFAFA7D9" + } + }, + "DependsOn": [ + "DomainAccessPolicyEE735B04", + "DomainSecurityGroupfromOpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup19DF8FA44434740CD7E", + "DomainSecurityGroupfromOpenSearchRestResourcesStackTestHandlerSecurityGroup4A27F912443FFE31955", + "DomainSecurityGroup48AA5FD6", + "Role19E695EAB" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "User1A2F34FC8": { + "Type": "Custom::OpenSearchCustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f9460E7A2E7", + "Arn" + ] + }, + "opensearchHost": { + "Fn::GetAtt": [ + "Domain66AC69E0", + "DomainEndpoint" + ] + }, + "restEndpoint": "_plugins/_security/api/internalusers/User1", + "payloadJson": "{\"password\":\"64loxy5K;5jr\",\"attributes\":{\"foo\":\"bar\"}}", + "masterUserSecretArn": { + "Ref": "DomainMasterUserBFAFA7D9" + } + }, + "DependsOn": [ + "DomainAccessPolicyEE735B04", + "DomainSecurityGroupfromOpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup19DF8FA44434740CD7E", + "DomainSecurityGroupfromOpenSearchRestResourcesStackTestHandlerSecurityGroup4A27F912443FFE31955", + "DomainSecurityGroup48AA5FD6" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Outputs": { + "ExportsOutputRefTestHandler3EEC63921B5ED14E": { + "Value": { + "Ref": "TestHandler3EEC6392" + }, + "Export": { + "Name": "OpenSearchRestResourcesStack:ExportsOutputRefTestHandler3EEC63921B5ED14E" + } + }, + "ExportsOutputFnGetAttTestHandler3EEC6392Arn42B9A49B": { + "Value": { + "Fn::GetAtt": [ + "TestHandler3EEC6392", + "Arn" + ] + }, + "Export": { + "Name": "OpenSearchRestResourcesStack:ExportsOutputFnGetAttTestHandler3EEC6392Arn42B9A49B" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/test/integ.resources.ts.snapshot/cdk.out b/test/integ.resources.ts.snapshot/cdk.out new file mode 100644 index 0000000..1f0068d --- /dev/null +++ b/test/integ.resources.ts.snapshot/cdk.out @@ -0,0 +1 @@ +{"version":"36.0.0"} \ No newline at end of file diff --git a/test/integ.resources.ts.snapshot/integ.json b/test/integ.resources.ts.snapshot/integ.json new file mode 100644 index 0000000..78fc407 --- /dev/null +++ b/test/integ.resources.ts.snapshot/integ.json @@ -0,0 +1,13 @@ +{ + "version": "36.0.0", + "testCases": { + "OpenSearchRestResourcesIntegTest/DefaultTest": { + "stacks": [ + "OpenSearchRestResourcesStack" + ], + "diffAssets": true, + "assertionStack": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert", + "assertionStackName": "OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18" + } + } +} \ No newline at end of file diff --git a/test/integ.resources.ts.snapshot/manifest.json b/test/integ.resources.ts.snapshot/manifest.json new file mode 100644 index 0000000..cbf59b7 --- /dev/null +++ b/test/integ.resources.ts.snapshot/manifest.json @@ -0,0 +1,444 @@ +{ + "version": "36.0.0", + "artifacts": { + "OpenSearchRestResourcesStack.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "OpenSearchRestResourcesStack.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "OpenSearchRestResourcesStack": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "OpenSearchRestResourcesStack.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/ba0b79304e5acc3b04a3922a50b114146806988393b7866a30977ff533a2c3ee.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "OpenSearchRestResourcesStack.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "OpenSearchRestResourcesStack.assets" + ], + "metadata": { + "/OpenSearchRestResourcesStack/Vpc/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Vpc8378EB38" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1Subnet5C2D37C4" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTable6C95E38E" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1RouteTableAssociation97140677" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1DefaultRoute3DA9E72A" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1EIPD7E02669" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet1NATGateway4D7517AA" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2Subnet691E08A3" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTable94F7E489" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2RouteTableAssociationDD5762D8" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPublicSubnet2DefaultRoute97F91067" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1Subnet536B997A" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableB2C5B500" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1RouteTableAssociation70C59FA6" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PrivateSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet1DefaultRouteBE02A9ED" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableA678073B" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2RouteTableAssociationA89CAD56" + } + ], + "/OpenSearchRestResourcesStack/Vpc/PrivateSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcPrivateSubnet2DefaultRoute060D2087" + } + ], + "/OpenSearchRestResourcesStack/Vpc/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcIGWD7BA715C" + } + ], + "/OpenSearchRestResourcesStack/Vpc/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcVPCGWBF912B6E" + } + ], + "/OpenSearchRestResourcesStack/Vpc/RestrictDefaultSecurityGroupCustomResource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "VpcRestrictDefaultSecurityGroupCustomResourceC73DA2BE" + } + ], + "/OpenSearchRestResourcesStack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderRole26592FE0" + } + ], + "/OpenSearchRestResourcesStack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "CustomVpcRestrictDefaultSGCustomResourceProviderHandlerDC833E5E" + } + ], + "/OpenSearchRestResourcesStack/Domain/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainSecurityGroup48AA5FD6" + } + ], + "/OpenSearchRestResourcesStack/Domain/SecurityGroup/from OpenSearchRestResourcesStackTestHandlerSecurityGroup4A27F912:443": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainSecurityGroupfromOpenSearchRestResourcesStackTestHandlerSecurityGroup4A27F912443FFE31955" + } + ], + "/OpenSearchRestResourcesStack/Domain/SecurityGroup/from OpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup19DF8FA4:443": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainSecurityGroupfromOpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup19DF8FA44434740CD7E" + } + ], + "/OpenSearchRestResourcesStack/Domain/MasterUser/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainMasterUserBFAFA7D9" + } + ], + "/OpenSearchRestResourcesStack/Domain/SlowSearchLogs/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainSlowSearchLogs5B35A97A" + } + ], + "/OpenSearchRestResourcesStack/Domain/SlowIndexLogs/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainSlowIndexLogsFE2F1061" + } + ], + "/OpenSearchRestResourcesStack/Domain/AppLogs/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainAppLogs21698C1B" + } + ], + "/OpenSearchRestResourcesStack/Domain/AuditLogs/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainAuditLogs608E0FA6" + } + ], + "/OpenSearchRestResourcesStack/Domain/ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe": [ + { + "type": "aws:cdk:warning", + "data": "installLatestAwsSdk was not specified, and defaults to true. You probably do not want this. Set the global context flag '@aws-cdk/customresources:installLatestAwsSdkDefault' to false to switch this behavior off project-wide, or set the property explicitly to true if you know you need to call APIs that are not in Lambda's built-in SDK version. [ack: @aws-cdk/custom-resources:installLatestAwsSdkNotSpecified]" + } + ], + "/OpenSearchRestResourcesStack/Domain/ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe58909497" + } + ], + "/OpenSearchRestResourcesStack/Domain/ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe/CustomResourcePolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162feCustomResourcePolicy2F7224F2" + } + ], + "/OpenSearchRestResourcesStack/Domain/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Domain66AC69E0" + } + ], + "/OpenSearchRestResourcesStack/Domain/AccessPolicy/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainAccessPolicyEE735B04" + } + ], + "/OpenSearchRestResourcesStack/Domain/AccessPolicy/CustomResourcePolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "DomainAccessPolicyCustomResourcePolicyE61F1845" + } + ], + "/OpenSearchRestResourcesStack/AWS679f53fac002430cb0da5b7982bd2287/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2" + } + ], + "/OpenSearchRestResourcesStack/AWS679f53fac002430cb0da5b7982bd2287/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "AWS679f53fac002430cb0da5b7982bd22872D164C4C" + } + ], + "/OpenSearchRestResourcesStack/TestHandler/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestHandlerServiceRole954A02F5" + } + ], + "/OpenSearchRestResourcesStack/TestHandler/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestHandlerSecurityGroupF4A19ECA" + } + ], + "/OpenSearchRestResourcesStack/TestHandler/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestHandler3EEC6392" + } + ], + "/OpenSearchRestResourcesStack/Role1/Resource/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "Role19E695EAB" + } + ], + "/OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleD6AC8912" + } + ], + "/OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleDefaultPolicy216C71AF" + } + ], + "/OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup61AA8C59" + } + ], + "/OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f9460E7A2E7" + } + ], + "/OpenSearchRestResourcesStack/RoleMapping1/Resource/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "RoleMapping19E8BDED7" + } + ], + "/OpenSearchRestResourcesStack/User1/Resource/Resource/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "User1A2F34FC8" + } + ], + "/OpenSearchRestResourcesStack/Exports/Output{\"Ref\":\"TestHandler3EEC6392\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefTestHandler3EEC63921B5ED14E" + } + ], + "/OpenSearchRestResourcesStack/Exports/Output{\"Fn::GetAtt\":[\"TestHandler3EEC6392\",\"Arn\"]}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputFnGetAttTestHandler3EEC6392Arn42B9A49B" + } + ], + "/OpenSearchRestResourcesStack/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/OpenSearchRestResourcesStack/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "OpenSearchRestResourcesStack" + }, + "OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/f9ef10371a5dae742e435ad5a965e65037d096741a9f6a0926b2bd3f0554bfbf.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "OpenSearchRestResourcesStack", + "OpenSearchRestResourcesIntegTestDefaultTestDeployAssertAA436F18.assets" + ], + "metadata": { + "/OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680/Default/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680" + } + ], + "/OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680/AssertionResults": [ + { + "type": "aws:cdk:logicalId", + "data": "AssertionResultsAwsApiCallLambdaInvokee049850589ce011a8daad895dd924680" + } + ], + "/OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Role": [ + { + "type": "aws:cdk:logicalId", + "data": "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73" + } + ], + "/OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Handler": [ + { + "type": "aws:cdk:logicalId", + "data": "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F" + } + ], + "/OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + } + } +} \ No newline at end of file diff --git a/test/integ.resources.ts.snapshot/tree.json b/test/integ.resources.ts.snapshot/tree.json new file mode 100644 index 0000000..811153b --- /dev/null +++ b/test/integ.resources.ts.snapshot/tree.json @@ -0,0 +1,2011 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "OpenSearchRestResourcesStack": { + "id": "OpenSearchRestResourcesStack", + "path": "OpenSearchRestResourcesStack", + "children": { + "Vpc": { + "id": "Vpc", + "path": "OpenSearchRestResourcesStack/Vpc", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Vpc/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "2.133.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.0.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "2.133.0" + } + }, + "Acl": { + "id": "Acl", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.133.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "2.133.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "2.133.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet1RouteTable6C95E38E" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "2.133.0" + } + }, + "EIP": { + "id": "EIP", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "2.133.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "allocationId": { + "Fn::GetAtt": [ + "VpcPublicSubnet1EIPD7E02669", + "AllocationId" + ] + }, + "subnetId": { + "Ref": "VpcPublicSubnet1Subnet5C2D37C4" + }, + "tags": [ + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "2.133.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.64.0/18", + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "2.133.0" + } + }, + "Acl": { + "id": "Acl", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.133.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc/PublicSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "2.133.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + }, + "subnetId": { + "Ref": "VpcPublicSubnet2Subnet691E08A3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "2.133.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "OpenSearchRestResourcesStack/Vpc/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "routeTableId": { + "Ref": "VpcPublicSubnet2RouteTable94F7E489" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "2.133.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.128.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "2.133.0" + } + }, + "Acl": { + "id": "Acl", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.133.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "2.133.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "2.133.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet1RouteTableB2C5B500" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "2.133.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "cidrBlock": "10.0.192.0/18", + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "2.133.0" + } + }, + "Acl": { + "id": "Acl", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.133.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet2" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "2.133.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + }, + "subnetId": { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "2.133.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "OpenSearchRestResourcesStack/Vpc/PrivateSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VpcPublicSubnet1NATGateway4D7517AA" + }, + "routeTableId": { + "Ref": "VpcPrivateSubnet2RouteTableA678073B" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "2.133.0" + } + }, + "IGW": { + "id": "IGW", + "path": "OpenSearchRestResourcesStack/Vpc/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "OpenSearchRestResourcesStack/Vpc" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "2.133.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "OpenSearchRestResourcesStack/Vpc/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "internetGatewayId": { + "Ref": "VpcIGWD7BA715C" + }, + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "2.133.0" + } + }, + "RestrictDefaultSecurityGroupCustomResource": { + "id": "RestrictDefaultSecurityGroupCustomResource", + "path": "OpenSearchRestResourcesStack/Vpc/RestrictDefaultSecurityGroupCustomResource", + "children": { + "Default": { + "id": "Default", + "path": "OpenSearchRestResourcesStack/Vpc/RestrictDefaultSecurityGroupCustomResource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "2.133.0" + } + }, + "Custom::VpcRestrictDefaultSGCustomResourceProvider": { + "id": "Custom::VpcRestrictDefaultSGCustomResourceProvider", + "path": "OpenSearchRestResourcesStack/Custom::VpcRestrictDefaultSGCustomResourceProvider", + "children": { + "Staging": { + "id": "Staging", + "path": "OpenSearchRestResourcesStack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.133.0" + } + }, + "Role": { + "id": "Role", + "path": "OpenSearchRestResourcesStack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.133.0" + } + }, + "Handler": { + "id": "Handler", + "path": "OpenSearchRestResourcesStack/Custom::VpcRestrictDefaultSGCustomResourceProvider/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResourceProviderBase", + "version": "2.133.0" + } + }, + "Domain": { + "id": "Domain", + "path": "OpenSearchRestResourcesStack/Domain", + "children": { + "SecurityGroup": { + "id": "SecurityGroup", + "path": "OpenSearchRestResourcesStack/Domain/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Domain/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Security group for domain Domain", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "2.133.0" + } + }, + "from OpenSearchRestResourcesStackTestHandlerSecurityGroup4A27F912:443": { + "id": "from OpenSearchRestResourcesStackTestHandlerSecurityGroup4A27F912:443", + "path": "OpenSearchRestResourcesStack/Domain/SecurityGroup/from OpenSearchRestResourcesStackTestHandlerSecurityGroup4A27F912:443", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "from OpenSearchRestResourcesStackTestHandlerSecurityGroup4A27F912:443", + "fromPort": 443, + "groupId": { + "Fn::GetAtt": [ + "DomainSecurityGroup48AA5FD6", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "TestHandlerSecurityGroupF4A19ECA", + "GroupId" + ] + }, + "toPort": 443 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", + "version": "2.133.0" + } + }, + "from OpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup19DF8FA4:443": { + "id": "from OpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup19DF8FA4:443", + "path": "OpenSearchRestResourcesStack/Domain/SecurityGroup/from OpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup19DF8FA4:443", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "description": "from OpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup19DF8FA4:443", + "fromPort": 443, + "groupId": { + "Fn::GetAtt": [ + "DomainSecurityGroup48AA5FD6", + "GroupId" + ] + }, + "ipProtocol": "tcp", + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup61AA8C59", + "GroupId" + ] + }, + "toPort": 443 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "2.133.0" + } + }, + "MasterUser": { + "id": "MasterUser", + "path": "OpenSearchRestResourcesStack/Domain/MasterUser", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Domain/MasterUser/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "generateSecretString": { + "secretStringTemplate": "{\"username\":\"admin\"}", + "generateStringKey": "password", + "excludeCharacters": "{}'\\*[]()`" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.Secret", + "version": "2.133.0" + } + }, + "SlowSearchLogs": { + "id": "SlowSearchLogs", + "path": "OpenSearchRestResourcesStack/Domain/SlowSearchLogs", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Domain/SlowSearchLogs/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 30 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "2.133.0" + } + }, + "SlowIndexLogs": { + "id": "SlowIndexLogs", + "path": "OpenSearchRestResourcesStack/Domain/SlowIndexLogs", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Domain/SlowIndexLogs/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 30 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "2.133.0" + } + }, + "AppLogs": { + "id": "AppLogs", + "path": "OpenSearchRestResourcesStack/Domain/AppLogs", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Domain/AppLogs/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 30 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "2.133.0" + } + }, + "AuditLogs": { + "id": "AuditLogs", + "path": "OpenSearchRestResourcesStack/Domain/AuditLogs", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Domain/AuditLogs/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 30 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "2.133.0" + } + }, + "ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe": { + "id": "ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe", + "path": "OpenSearchRestResourcesStack/Domain/ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe", + "children": { + "Provider": { + "id": "Provider", + "path": "OpenSearchRestResourcesStack/Domain/ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe/Provider", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.SingletonFunction", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Domain/ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe/Resource", + "children": { + "Default": { + "id": "Default", + "path": "OpenSearchRestResourcesStack/Domain/ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe/Resource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "2.133.0" + } + }, + "CustomResourcePolicy": { + "id": "CustomResourcePolicy", + "path": "OpenSearchRestResourcesStack/Domain/ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe/CustomResourcePolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Domain/ESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162fe/CustomResourcePolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:DeleteResourcePolicy", + "logs:PutResourcePolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "DomainESLogGroupPolicyc863b05dd93583f2ecb995b6da736699fcd77162feCustomResourcePolicy2F7224F2", + "roles": [ + { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.custom_resources.AwsCustomResource", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Domain/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::OpenSearchService::Domain", + "aws:cdk:cloudformation:props": { + "advancedSecurityOptions": { + "enabled": true, + "internalUserDatabaseEnabled": true, + "masterUserOptions": { + "masterUserName": "admin", + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "DomainMasterUserBFAFA7D9" + }, + ":SecretString:password::}}" + ] + ] + } + } + }, + "clusterConfig": { + "dedicatedMasterEnabled": false, + "instanceCount": 1, + "instanceType": "t3.small.search", + "multiAzWithStandbyEnabled": false, + "zoneAwarenessEnabled": false + }, + "domainEndpointOptions": { + "enforceHttps": true, + "tlsSecurityPolicy": "Policy-Min-TLS-1-0-2019-07" + }, + "ebsOptions": { + "ebsEnabled": true, + "volumeSize": 30, + "volumeType": "gp3", + "iops": 3000, + "throughput": 125 + }, + "encryptionAtRestOptions": { + "enabled": true + }, + "engineVersion": "OpenSearch_2.11", + "logPublishingOptions": { + "ES_APPLICATION_LOGS": { + "enabled": true, + "cloudWatchLogsLogGroupArn": { + "Fn::GetAtt": [ + "DomainAppLogs21698C1B", + "Arn" + ] + } + }, + "SEARCH_SLOW_LOGS": { + "enabled": true, + "cloudWatchLogsLogGroupArn": { + "Fn::GetAtt": [ + "DomainSlowSearchLogs5B35A97A", + "Arn" + ] + } + }, + "INDEX_SLOW_LOGS": { + "enabled": true, + "cloudWatchLogsLogGroupArn": { + "Fn::GetAtt": [ + "DomainSlowIndexLogsFE2F1061", + "Arn" + ] + } + }, + "AUDIT_LOGS": { + "enabled": true, + "cloudWatchLogsLogGroupArn": { + "Fn::GetAtt": [ + "DomainAuditLogs608E0FA6", + "Arn" + ] + } + } + }, + "nodeToNodeEncryptionOptions": { + "enabled": true + }, + "vpcOptions": { + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "DomainSecurityGroup48AA5FD6", + "GroupId" + ] + } + ], + "subnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_opensearchservice.CfnDomain", + "version": "2.133.0" + } + }, + "AccessPolicy": { + "id": "AccessPolicy", + "path": "OpenSearchRestResourcesStack/Domain/AccessPolicy", + "children": { + "Provider": { + "id": "Provider", + "path": "OpenSearchRestResourcesStack/Domain/AccessPolicy/Provider", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.SingletonFunction", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Domain/AccessPolicy/Resource", + "children": { + "Default": { + "id": "Default", + "path": "OpenSearchRestResourcesStack/Domain/AccessPolicy/Resource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "2.133.0" + } + }, + "CustomResourcePolicy": { + "id": "CustomResourcePolicy", + "path": "OpenSearchRestResourcesStack/Domain/AccessPolicy/CustomResourcePolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Domain/AccessPolicy/CustomResourcePolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "es:UpdateDomainConfig", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Domain66AC69E0", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "DomainAccessPolicyCustomResourcePolicyE61F1845", + "roles": [ + { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.custom_resources.AwsCustomResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_opensearchservice.Domain", + "version": "2.133.0" + } + }, + "AWS679f53fac002430cb0da5b7982bd2287": { + "id": "AWS679f53fac002430cb0da5b7982bd2287", + "path": "OpenSearchRestResourcesStack/AWS679f53fac002430cb0da5b7982bd2287", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "OpenSearchRestResourcesStack/AWS679f53fac002430cb0da5b7982bd2287/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "OpenSearchRestResourcesStack/AWS679f53fac002430cb0da5b7982bd2287/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/AWS679f53fac002430cb0da5b7982bd2287/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.133.0" + } + }, + "Code": { + "id": "Code", + "path": "OpenSearchRestResourcesStack/AWS679f53fac002430cb0da5b7982bd2287/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "OpenSearchRestResourcesStack/AWS679f53fac002430cb0da5b7982bd2287/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.133.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "OpenSearchRestResourcesStack/AWS679f53fac002430cb0da5b7982bd2287/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/AWS679f53fac002430cb0da5b7982bd2287/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "cb92a348b5b60bcbbe3888108f15e75877121eb402b4a74526927300fcc54975.zip" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", + "Arn" + ] + }, + "runtime": "nodejs18.x", + "timeout": 120 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.133.0" + } + }, + "TestHandler": { + "id": "TestHandler", + "path": "OpenSearchRestResourcesStack/TestHandler", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "OpenSearchRestResourcesStack/TestHandler/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "OpenSearchRestResourcesStack/TestHandler/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/TestHandler/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.133.0" + } + }, + "Code": { + "id": "Code", + "path": "OpenSearchRestResourcesStack/TestHandler/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "OpenSearchRestResourcesStack/TestHandler/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.133.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "OpenSearchRestResourcesStack/TestHandler/Code/AssetBucket", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.133.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "OpenSearchRestResourcesStack/TestHandler/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/TestHandler/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Automatic security group for Lambda Function OpenSearchRestResourcesStackTestHandler018C7E9E", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/TestHandler/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "5417a6b05ef745939d8fd2d8866925b0582e5a0db0b9414c4265751484b766af.zip" + }, + "environment": { + "variables": { + "OPENSEARCH_HOST": { + "Fn::GetAtt": [ + "Domain66AC69E0", + "DomainEndpoint" + ] + }, + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "TestHandlerServiceRole954A02F5", + "Arn" + ] + }, + "runtime": "nodejs18.x", + "timeout": 10, + "vpcConfig": { + "subnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "TestHandlerSecurityGroupF4A19ECA", + "GroupId" + ] + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda_nodejs.NodejsFunction", + "version": "2.133.0" + } + }, + "Role1": { + "id": "Role1", + "path": "OpenSearchRestResourcesStack/Role1", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Role1/Resource", + "children": { + "CustomResourceHandler": { + "id": "CustomResourceHandler", + "path": "OpenSearchRestResourcesStack/Role1/Resource/CustomResourceHandler", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.SingletonFunction", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/Role1/Resource/Resource", + "children": { + "Default": { + "id": "Default", + "path": "OpenSearchRestResourcesStack/Role1/Resource/Resource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94": { + "id": "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94", + "path": "OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/ServiceRole", + "children": { + "ImportServiceRole": { + "id": "ImportServiceRole", + "path": "OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/ServiceRole/ImportServiceRole", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.133.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "secretsmanager:DescribeSecret", + "secretsmanager:GetSecretValue" + ], + "Effect": "Allow", + "Resource": { + "Ref": "DomainMasterUserBFAFA7D9" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "tCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleDefaultPolicy216C71AF", + "roles": [ + { + "Ref": "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleD6AC8912" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.133.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Automatic security group for Lambda Function OpenSearchRestResourcesStackOpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f945911071F", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Ref": "Vpc8378EB38" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "zipFile": "\"use strict\";var u=Object.defineProperty;var g=Object.getOwnPropertyDescriptor;var S=Object.getOwnPropertyNames;var f=Object.prototype.hasOwnProperty;var h=(o,e)=>{for(var a in e)u(o,a,{get:e[a],enumerable:!0})},R=(o,e,a,n)=>{if(e&&typeof e==\"object\"||typeof e==\"function\")for(let t of S(e))!f.call(o,t)&&t!==a&&u(o,t,{get:()=>e[t],enumerable:!(n=g(e,t))||n.enumerable});return o};var C=o=>R(u({},\"__esModule\",{value:!0}),o);var $={};h($,{handler:()=>E});module.exports=C($);var d=require(\"@aws-sdk/client-secrets-manager\"),w=require(\"timers/promises\"),y=new d.SecretsManager({}),l=async(o,e,a,n,t,r=0)=>{let s=await fetch(o,{method:e,headers:a,body:n});if(s.status==403){if(r>5)throw new Error(`Request failed: ${s.status} ${await s.text()}`);return console.log(`Retrying... ${s.status} ${await s.text()}`),await(0,w.setTimeout)(Math.min(r**2*1e3,3e4)),await l(o,e,a,n,t,r+1)}if(!s.ok)throw new Error(`Request failed: ${s.status} ${await s.text()}`);let i=await s.json();if(console.log(i),!t.includes(i.status))throw new Error(JSON.stringify(i))},E=async(o,e)=>{console.log(JSON.stringify(o));let{ServiceToken:a,...n}=o.ResourceProperties,t=n;try{let r=await y.send(new d.GetSecretValueCommand({SecretId:t.masterUserSecretArn})),{username:s,password:i}=JSON.parse(r.SecretString),p=`https://${t.opensearchHost}`,c=new Headers;switch(c.append(\"Authorization\",\"Basic \"+Buffer.from(s+\":\"+i).toString(\"base64\")),c.append(\"Content-type\",\"application/json\"),o.RequestType){case\"Create\":case\"Update\":{console.log(t.payloadJson),await l(`${p}/${t.restEndpoint}`,\"PUT\",c,t.payloadJson,[\"OK\",\"CREATED\"]);break}case\"Delete\":{await l(`${p}/${t.restEndpoint}`,\"DELETE\",c,void 0,[\"OK\",\"NOT_FOUND\"]);break}}await m(\"SUCCESS\",o,e,t)}catch(r){console.log(r),await m(\"FAILED\",o,e,t,r.message)}},m=async(o,e,a,n,t)=>{let r=JSON.stringify({Status:o,Reason:(t??\"\")+\" See the details in CloudWatch Log Stream: \"+a.logStreamName,PhysicalResourceId:n.restEndpoint,StackId:e.StackId,RequestId:e.RequestId,LogicalResourceId:e.LogicalResourceId,NoEcho:!1,Data:{}});await(await fetch(e.ResponseURL,{method:\"PUT\",body:r,headers:{\"Content-Type\":\"\",\"Content-Length\":r.length.toString()}})).text()};0&&(module.exports={handler});\n" + }, + "handler": "index.handler", + "role": { + "Fn::GetAtt": [ + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94ServiceRoleD6AC8912", + "Arn" + ] + }, + "runtime": "nodejs18.x", + "timeout": 180, + "vpcConfig": { + "subnetIds": [ + { + "Ref": "VpcPrivateSubnet1Subnet536B997A" + }, + { + "Ref": "VpcPrivateSubnet2Subnet3788AAA1" + } + ], + "securityGroupIds": [ + { + "Fn::GetAtt": [ + "OpenSearchRestCustomResourceHandlerd4706ae7e0a24092a2057e2d4fb887d4c8e35097ce732b8fe8a8d95ca1c119b98830288f94SecurityGroup61AA8C59", + "GroupId" + ] + } + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.133.0" + } + }, + "RoleMapping1": { + "id": "RoleMapping1", + "path": "OpenSearchRestResourcesStack/RoleMapping1", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/RoleMapping1/Resource", + "children": { + "CustomResourceHandler": { + "id": "CustomResourceHandler", + "path": "OpenSearchRestResourcesStack/RoleMapping1/Resource/CustomResourceHandler", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.SingletonFunction", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/RoleMapping1/Resource/Resource", + "children": { + "Default": { + "id": "Default", + "path": "OpenSearchRestResourcesStack/RoleMapping1/Resource/Resource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "User1": { + "id": "User1", + "path": "OpenSearchRestResourcesStack/User1", + "children": { + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/User1/Resource", + "children": { + "CustomResourceHandler": { + "id": "CustomResourceHandler", + "path": "OpenSearchRestResourcesStack/User1/Resource/CustomResourceHandler", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.SingletonFunction", + "version": "2.133.0" + } + }, + "Resource": { + "id": "Resource", + "path": "OpenSearchRestResourcesStack/User1/Resource/Resource", + "children": { + "Default": { + "id": "Default", + "path": "OpenSearchRestResourcesStack/User1/Resource/Resource/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "Exports": { + "id": "Exports", + "path": "OpenSearchRestResourcesStack/Exports", + "children": { + "Output{\"Ref\":\"TestHandler3EEC6392\"}": { + "id": "Output{\"Ref\":\"TestHandler3EEC6392\"}", + "path": "OpenSearchRestResourcesStack/Exports/Output{\"Ref\":\"TestHandler3EEC6392\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.133.0" + } + }, + "Output{\"Fn::GetAtt\":[\"TestHandler3EEC6392\",\"Arn\"]}": { + "id": "Output{\"Fn::GetAtt\":[\"TestHandler3EEC6392\",\"Arn\"]}", + "path": "OpenSearchRestResourcesStack/Exports/Output{\"Fn::GetAtt\":[\"TestHandler3EEC6392\",\"Arn\"]}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "OpenSearchRestResourcesStack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "2.133.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "OpenSearchRestResourcesStack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "2.133.0" + } + }, + "OpenSearchRestResourcesIntegTest": { + "id": "OpenSearchRestResourcesIntegTest", + "path": "OpenSearchRestResourcesIntegTest", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert", + "children": { + "AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680": { + "id": "AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680", + "children": { + "SdkProvider": { + "id": "SdkProvider", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680/SdkProvider", + "children": { + "AssertionsProvider": { + "id": "AssertionsProvider", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680/SdkProvider/AssertionsProvider", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.AssertionsProvider", + "version": "2.133.0-alpha.0" + } + }, + "Default": { + "id": "Default", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680/Default", + "children": { + "Default": { + "id": "Default", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680/Default/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "2.133.0" + } + }, + "AssertionResults": { + "id": "AssertionResults", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/AwsApiCallLambdaInvokee049850589ce011a8daad895dd924680/AssertionResults", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.AwsApiCall", + "version": "2.133.0-alpha.0" + } + }, + "SingletonFunction1488541a7b23466481b69b4408076b81": { + "id": "SingletonFunction1488541a7b23466481b69b4408076b81", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81", + "children": { + "Staging": { + "id": "Staging", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Staging", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.133.0" + } + }, + "Role": { + "id": "Role", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Role", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.133.0" + } + }, + "Handler": { + "id": "Handler", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Handler", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "2.133.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "OpenSearchRestResourcesIntegTest/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "2.133.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "2.133.0-alpha.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "2.133.0-alpha.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "2.133.0" + } + } +} \ No newline at end of file diff --git a/yarn.lock b/yarn.lock index 729e559..ba1958c 100644 --- a/yarn.lock +++ b/yarn.lock @@ -30,18 +30,36 @@ resolved "https://registry.yarnpkg.com/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz#6dc9b7cdb22ff622a7176141197962360c33e9ac" integrity sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg== -"@aws-cdk/integ-runner@^2.72.1": - version "2.72.1" - resolved "https://registry.yarnpkg.com/@aws-cdk/integ-runner/-/integ-runner-2.72.1.tgz#c0ef2968182205aa4616305d581ba9d9e8e0266d" - integrity sha512-K+PHvPRrhLbGC33vro5kDNdol5HW/ECORLesxjk5LMXQGDgHqEIIlYgtloVAswlaNSpjopTGrH+/BZYI7Oa8eQ== +"@aws-cdk/aws-service-spec@0.0.53": + version "0.0.53" + resolved "https://registry.yarnpkg.com/@aws-cdk/aws-service-spec/-/aws-service-spec-0.0.53.tgz#d8f7b2edc69e9819a304261fcc9c0c0b87916015" + integrity sha512-CcKhkQDuf4I9K93/5v/Bq3ekWIq2A5KmUQTWqnqWjXaof1J3mk+htsFU8vP7AhsLfTuYsJM9vTLF7WK6fPD5mA== dependencies: - aws-cdk "2.72.1" + "@aws-cdk/service-spec-types" "^0.0.53" + "@cdklabs/tskb" "^0.0.3" + +"@aws-cdk/integ-runner@^2.133.0-alpha.0": + version "2.133.0-alpha.0" + resolved "https://registry.yarnpkg.com/@aws-cdk/integ-runner/-/integ-runner-2.133.0-alpha.0.tgz#7e18f132cf410688339544efe658948ea3c610b5" + integrity sha512-r/erPrdQZzWBoDMsZXw2SDxJ0ZIjb8B9SU4smZ73QmvHcUhkI3G0s13xLPKC3VtZ2yIxJIZY/XXdFfBoAlpRLg== + dependencies: + "@aws-cdk/aws-service-spec" "0.0.53" + aws-cdk "2.133.0" + optionalDependencies: + fsevents "2.3.2" "@aws-cdk/integ-tests-alpha@^2.133.0-alpha.0": version "2.133.0-alpha.0" resolved "https://registry.yarnpkg.com/@aws-cdk/integ-tests-alpha/-/integ-tests-alpha-2.133.0-alpha.0.tgz#950871f5efa13e23fb2f7fac678532e602bfea0f" integrity sha512-yQGUmbEa52oMyeu97QfLFR7VpN9QWrgsKnhBHfEPwOFvMU3LMPpm83RTmYppEFkgo8d1t/BmeNDYmvR4WjjUtw== +"@aws-cdk/service-spec-types@^0.0.53": + version "0.0.53" + resolved "https://registry.yarnpkg.com/@aws-cdk/service-spec-types/-/service-spec-types-0.0.53.tgz#026e203d973114973f1cdc67d8c2feb6026f2888" + integrity sha512-TbZ9/9wkGlwZyE4/Tuv0azCbUqHHPlp91SWwqd8CjNFHZ3r+1r0m8yKdJgGdfO6PO973Ojesr4+4IxMc8rmy/w== + dependencies: + "@cdklabs/tskb" "^0.0.3" + "@babel/code-frame@^7.0.0", "@babel/code-frame@^7.12.13", "@babel/code-frame@^7.23.5", "@babel/code-frame@^7.24.1", "@babel/code-frame@^7.24.2": version "7.24.2" resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.24.2.tgz#718b4b19841809a58b29b68cde80bc5e1aa6d9ae" @@ -335,6 +353,11 @@ resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39" integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw== +"@cdklabs/tskb@^0.0.3": + version "0.0.3" + resolved "https://registry.yarnpkg.com/@cdklabs/tskb/-/tskb-0.0.3.tgz#4b79846d9381eb1252ba85d5d20b7cd7d99b6ecb" + integrity sha512-JR+MuD4awAXvutu7HArephXfZm09GPTaSAQUqNcJB5+ZENRm4kV+L6vJL6Tn1xHjCcHksO+HAqj3gYtm5K94vA== + "@cspotcode/source-map-support@^0.8.0": version "0.8.1" resolved "https://registry.yarnpkg.com/@cspotcode/source-map-support/-/source-map-support-0.8.1.tgz#00629c35a688e05a88b1cda684fb9d5e73f000a1" @@ -744,9 +767,9 @@ "@sinonjs/commons" "^3.0.0" "@tsconfig/node10@^1.0.7": - version "1.0.9" - resolved "https://registry.yarnpkg.com/@tsconfig/node10/-/node10-1.0.9.tgz#df4907fc07a886922637b15e02d4cebc4c0021b2" - integrity sha512-jNsYVVxU8v5g43Erja32laIDHXeoNvFEpX33OK4d6hljo3jDhCBDhx5dhCCTMWUojscpAagGiRkBKxpdl9fxqA== + version "1.0.10" + resolved "https://registry.yarnpkg.com/@tsconfig/node10/-/node10-1.0.10.tgz#b7ebd3adfa7750628d100594f6726b054d2c33b2" + integrity sha512-PiaIWIoPvO6qm6t114ropMCagj6YAF24j9OkCA2mJDXFnlionEwhsBCJ8yek4aib575BI3OkART/90WsgHgLWw== "@tsconfig/node12@^1.0.7": version "1.0.11" @@ -1197,7 +1220,7 @@ available-typed-arrays@^1.0.7: dependencies: possible-typed-array-names "^1.0.0" -aws-cdk-lib@^2.38.0: +aws-cdk-lib@^2.133.0: version "2.133.0" resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.133.0.tgz#a70ac4a22333f9b57db8f1a6eb9a9ed03a4a1489" integrity sha512-5/ezv8Ir2xyz3myeXQcODwrjVRN/cDD2OpBwU/ySFBe+uNac25OoHfTXwUPwE7oLj9qetSt6/i1QvY2iIs6yiQ== @@ -1217,14 +1240,7 @@ aws-cdk-lib@^2.38.0: table "^6.8.1" yaml "1.10.2" -aws-cdk@2.72.1: - version "2.72.1" - resolved "https://registry.yarnpkg.com/aws-cdk/-/aws-cdk-2.72.1.tgz#5c8dc41239ed7f47d2dd2f54afb980df2a58a24b" - integrity sha512-Noihlxyurq9ecz/aTx+j3raeedI0hcPaYFKqS1CkFDoOEvLHIuIEB6regoJHWy9GER/yYYgKu68c7xYo3LaZPA== - optionalDependencies: - fsevents "2.3.2" - -aws-cdk@^2.38.0: +aws-cdk@2.133.0, aws-cdk@^2.133.0: version "2.133.0" resolved "https://registry.yarnpkg.com/aws-cdk/-/aws-cdk-2.133.0.tgz#df80e98280a5d2d3ae356cef04b0bb33f7e01a05" integrity sha512-EwH8VgQQ8ODeMwjE3p+WhbcbWNkCbvuJJl+Py9IB5znGf7GwLcEmOu4YWBsBGPVu41SXbSAf36twMBrJytCFZA== @@ -3421,17 +3437,17 @@ jsii-diff@^1.96.0: log4js "^6.9.1" yargs "^16.2.0" -jsii-docgen@^10.3.24: - version "10.3.24" - resolved "https://registry.yarnpkg.com/jsii-docgen/-/jsii-docgen-10.3.24.tgz#cb6a9a57ca17b91dee33a70c294bed3a341fd830" - integrity sha512-1lkED/gwapIycO7SpCja5jSGa+FOe+FQCNuZnXPaWul6SWWZefpyW8RvV5FOTGNowJx52r60CwV7CT+UMvSwLw== +jsii-docgen@^10.3.25: + version "10.3.25" + resolved "https://registry.yarnpkg.com/jsii-docgen/-/jsii-docgen-10.3.25.tgz#d53af1f3912031df446a7ce2e705720383f49f8a" + integrity sha512-mR6L9ZKmOBlGRMKtZn+falJwCEDqrXVcYFa0bZDmwKU6rzCtc6jfImZaIB/2honPJi/ee02muoR1DxDfghIPoQ== dependencies: - "@jsii/spec" "^1.95.0" + "@jsii/spec" "^1.96.0" case "^1.6.3" fs-extra "^10.1.0" glob "^8.1.0" glob-promise "^6.0.5" - jsii-reflect "^1.95.0" + jsii-reflect "^1.96.0" semver "^7.6.0" yargs "^16.2.0" @@ -3454,7 +3470,7 @@ jsii-pacmak@^1.96.0: xmlbuilder "^15.1.1" yargs "^16.2.0" -jsii-reflect@^1.95.0, jsii-reflect@^1.96.0: +jsii-reflect@^1.96.0: version "1.96.0" resolved "https://registry.yarnpkg.com/jsii-reflect/-/jsii-reflect-1.96.0.tgz#235cdd30617d226ab8190b9abbc5477740412f7f" integrity sha512-nvT/HPR4ZMmp+zDZbotKAeSSmQODGcpR50xzl0QXxkskzH3qCW/+fkdqFq8QL9mUrJHbwdmdk/MY6+V8zb49DQ== @@ -5021,9 +5037,9 @@ typescript@^5.4.3: integrity sha512-KrPd3PKaCLr78MalgiwJnA25Nm8HAmdwN3mYUYZgG/wizIo9EainNVQI9/yDavtVFRN2h3k8uf3GLHuhDMgEHg== typescript@next: - version "5.5.0-dev.20240322" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.5.0-dev.20240322.tgz#2318ec29a8971394749b7e7b9b37533877681855" - integrity sha512-z05wAbLJ5lx9QKlbZFaV+B6T8Y/9AvVb4ma+glJ0JL0lp+QeAZuWSDoBALphG6fwkvfjaCYWb5t37VcUOPTR/w== + version "5.5.0-dev.20240323" + resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.5.0-dev.20240323.tgz#c6916ad6fdb5971f87ebb3a5d34d91ae75f0def3" + integrity sha512-FD1ido8fG+7+540B3/WeTAKq6Nr4QLO0IBrZc+jBUj4pEqwG15o/XE+GKv+dDryLvgtchSHXZWserTik0Vkq4w== typescript@~3.9.10: version "3.9.10"