{ "Description": "(SO0134D) - The AWS CloudFormation template for deployment of the aws-centralized-waf-and-vpc-sg-management demo resources. Version v1.0.0", "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "testcloudfronts3S3LoggingBucket90D239DD": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W35", "reason": "This S3 bucket is used as the access logging bucket for another bucket" } ] } } }, "testcloudfronts3S3LoggingBucketPolicy529D4CFF": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "testcloudfronts3S3LoggingBucket90D239DD" }, "PolicyDocument": { "Statement": [ { "Action": "*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": "*", "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3S3LoggingBucket90D239DD", "Arn" ] }, "/*" ] ] }, "Sid": "HttpsOnly" } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "DemoStack/test-cloudfront-s3/S3LoggingBucket/Policy/Resource" } }, "testcloudfronts3S3BucketE0C5F76E": { "Type": "AWS::S3::Bucket", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "LifecycleConfiguration": { "Rules": [ { "NoncurrentVersionTransitions": [ { "StorageClass": "GLACIER", "TransitionInDays": 90 } ], "Status": "Enabled" } ] }, "LoggingConfiguration": { "DestinationBucketName": { "Ref": "testcloudfronts3S3LoggingBucket90D239DD" } }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true }, "VersioningConfiguration": { "Status": "Enabled" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "DemoStack/test-cloudfront-s3/S3Bucket/Resource" } }, "testcloudfronts3S3BucketPolicy250F1F61": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "testcloudfronts3S3BucketE0C5F76E" }, "PolicyDocument": { "Statement": [ { "Action": "*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": "*", "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "Arn" ] }, "/*" ] ] }, "Sid": "HttpsOnly" }, { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*" ], "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::cloudfront:user/CloudFront Origin Access Identity ", { "Ref": "testcloudfronts3CloudFrontOriginAccessIdentity2C681839" } ] ] } }, "Resource": [ { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "Arn" ] }, "/*" ] ] } ] }, { "Action": "s3:GetObject", "Effect": "Allow", "Principal": { "CanonicalUser": { "Fn::GetAtt": [ "testcloudfronts3CloudFrontOriginAccessIdentity2C681839", "S3CanonicalUserId" ] } }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "Arn" ] }, "/*" ] ] } } ], "Version": "2012-10-17" } }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "F16", "reason": "Public website bucket policy requires a wildcard principal" } ] } } }, "testcloudfronts3CloudFrontOriginAccessIdentity2C681839": { "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity", "Properties": { "CloudFrontOriginAccessIdentityConfig": { "Comment": "Access S3 bucket content only through CloudFront" } }, "Metadata": { "aws:cdk:path": "DemoStack/test-cloudfront-s3/CloudFrontOriginAccessIdentity" } }, "testcloudfronts3SetHttpSecurityHeadersServiceRole74D1E252": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } }, { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "edgelambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":logs:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":log-group:/aws/lambda/*" ] ] } } ], "Version": "2012-10-17" }, "PolicyName": "LambdaFunctionServiceRolePolicy" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-cloudfront-s3/SetHttpSecurityHeadersServiceRole/Resource" } }, "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "xray:PutTraceSegments", "xray:PutTelemetryRecords" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A", "Roles": [ { "Ref": "testcloudfronts3SetHttpSecurityHeadersServiceRole74D1E252" } ] }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Lambda needs the following minimum required permissions to send trace data to X-Ray." } ] } } }, "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "ZipFile": "exports.handler = (event, context, callback) => { const response = event.Records[0].cf.response; const headers = response.headers; headers['x-xss-protection'] = [ { key: 'X-XSS-Protection', value: '1; mode=block' } ]; headers['x-frame-options'] = [ { key: 'X-Frame-Options', value: 'DENY' } ]; headers['x-content-type-options'] = [ { key: 'X-Content-Type-Options', value: 'nosniff' } ]; headers['strict-transport-security'] = [ { key: 'Strict-Transport-Security', value: 'max-age=63072000; includeSubdomains; preload' } ]; headers['referrer-policy'] = [ { key: 'Referrer-Policy', value: 'same-origin' } ]; headers['content-security-policy'] = [ { key: 'Content-Security-Policy', value: \"default-src 'none'; base-uri 'self'; img-src 'self'; script-src 'self'; style-src 'self' https:; object-src 'none'; frame-ancestors 'none'; font-src 'self' https:; form-action 'self'; manifest-src 'self'; connect-src 'self'\" } ]; callback(null, response); };" }, "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "testcloudfronts3SetHttpSecurityHeadersServiceRole74D1E252", "Arn" ] }, "Runtime": "nodejs12.x", "TracingConfig": { "Mode": "Active" } }, "DependsOn": [ "testcloudfronts3SetHttpSecurityHeadersServiceRoleDefaultPolicy7A7EF47A", "testcloudfronts3SetHttpSecurityHeadersServiceRole74D1E252" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Lambda functions has the required permission to write CloudWatch Logs. It uses custom policy instead of arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole with more tighter permissions." } ] } } }, "testcloudfronts3SetHttpSecurityHeadersVersionF1C744BB": { "Type": "AWS::Lambda::Version", "Properties": { "FunctionName": { "Ref": "testcloudfronts3SetHttpSecurityHeaders6C5A1E69" } }, "Metadata": { "aws:cdk:path": "DemoStack/test-cloudfront-s3/SetHttpSecurityHeadersVersion/Resource" } }, "testcloudfronts3CloudfrontLoggingBucket985C0FE8": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W35", "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution" } ] } } }, "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8" }, "PolicyDocument": { "Statement": [ { "Action": "*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": "*", "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucket985C0FE8", "Arn" ] }, "/*" ] ] }, "Sid": "HttpsOnly" } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "DemoStack/test-cloudfront-s3/CloudfrontLoggingBucket/Policy/Resource" } }, "testcloudfronts3CloudFrontDistributionCFDistribution61FCC088": { "Type": "AWS::CloudFront::Distribution", "Properties": { "DistributionConfig": { "DefaultCacheBehavior": { "AllowedMethods": [ "GET", "HEAD" ], "CachedMethods": [ "GET", "HEAD" ], "Compress": true, "ForwardedValues": { "Cookies": { "Forward": "none" }, "QueryString": false }, "LambdaFunctionAssociations": [ { "EventType": "origin-response", "LambdaFunctionARN": { "Ref": "testcloudfronts3SetHttpSecurityHeadersVersionF1C744BB" } } ], "TargetOriginId": "origin1", "ViewerProtocolPolicy": "redirect-to-https" }, "DefaultRootObject": "index.html", "Enabled": true, "HttpVersion": "http2", "IPV6Enabled": true, "Logging": { "Bucket": { "Fn::GetAtt": [ "testcloudfronts3CloudfrontLoggingBucket985C0FE8", "RegionalDomainName" ] }, "IncludeCookies": false }, "Origins": [ { "ConnectionAttempts": 3, "ConnectionTimeout": 10, "DomainName": { "Fn::GetAtt": [ "testcloudfronts3S3BucketE0C5F76E", "RegionalDomainName" ] }, "Id": "origin1", "S3OriginConfig": { "OriginAccessIdentity": { "Fn::Join": [ "", [ "origin-access-identity/cloudfront/", { "Ref": "testcloudfronts3CloudFrontOriginAccessIdentity2C681839" } ] ] } } } ], "PriceClass": "PriceClass_100", "ViewerCertificate": { "CloudFrontDefaultCertificate": true } } }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W70", "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion" } ] } } }, "testVPC102E57DE": { "Type": "AWS::EC2::VPC", "Properties": { "CidrBlock": "10.0.0.0/16", "EnableDnsHostnames": true, "EnableDnsSupport": true, "InstanceTenancy": "default", "Tags": [ { "Key": "Name", "Value": "DemoStack/test-VPC" } ] }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W60", "reason": "Demo template, need resources to trigger violation rules in the account" } ] } } }, "testVPCPublicSubnet1SubnetD8AD9C87": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "10.0.0.0/18", "VpcId": { "Ref": "testVPC102E57DE" }, "AvailabilityZone": { "Fn::Select": [ 0, { "Fn::GetAZs": "" } ] }, "MapPublicIpOnLaunch": false, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Public" }, { "Key": "aws-cdk:subnet-type", "Value": "Public" }, { "Key": "Name", "Value": "DemoStack/test-VPC/PublicSubnet1" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet1/Subnet" } }, "testVPCPublicSubnet1RouteTable295B11B5": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "testVPC102E57DE" }, "Tags": [ { "Key": "Name", "Value": "DemoStack/test-VPC/PublicSubnet1" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet1/RouteTable" } }, "testVPCPublicSubnet1RouteTableAssociationA69C95A8": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "testVPCPublicSubnet1RouteTable295B11B5" }, "SubnetId": { "Ref": "testVPCPublicSubnet1SubnetD8AD9C87" } }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet1/RouteTableAssociation" } }, "testVPCPublicSubnet1DefaultRouteFAE04176": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "testVPCPublicSubnet1RouteTable295B11B5" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "testVPCIGW757B9544" } }, "DependsOn": [ "testVPCVPCGWC5F7FA73" ], "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet1/DefaultRoute" } }, "testVPCPublicSubnet1EIP3939D616": { "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": "DemoStack/test-VPC/PublicSubnet1" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet1/EIP" } }, "testVPCPublicSubnet1NATGateway0136082C": { "Type": "AWS::EC2::NatGateway", "Properties": { "AllocationId": { "Fn::GetAtt": [ "testVPCPublicSubnet1EIP3939D616", "AllocationId" ] }, "SubnetId": { "Ref": "testVPCPublicSubnet1SubnetD8AD9C87" }, "Tags": [ { "Key": "Name", "Value": "DemoStack/test-VPC/PublicSubnet1" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet1/NATGateway" } }, "testVPCPublicSubnet2Subnet384459D2": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "10.0.64.0/18", "VpcId": { "Ref": "testVPC102E57DE" }, "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "" } ] }, "MapPublicIpOnLaunch": false, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Public" }, { "Key": "aws-cdk:subnet-type", "Value": "Public" }, { "Key": "Name", "Value": "DemoStack/test-VPC/PublicSubnet2" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet2/Subnet" } }, "testVPCPublicSubnet2RouteTableE0FFB0D0": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "testVPC102E57DE" }, "Tags": [ { "Key": "Name", "Value": "DemoStack/test-VPC/PublicSubnet2" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet2/RouteTable" } }, "testVPCPublicSubnet2RouteTableAssociation356EF8C0": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "testVPCPublicSubnet2RouteTableE0FFB0D0" }, "SubnetId": { "Ref": "testVPCPublicSubnet2Subnet384459D2" } }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet2/RouteTableAssociation" } }, "testVPCPublicSubnet2DefaultRoute92199F72": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "testVPCPublicSubnet2RouteTableE0FFB0D0" }, "DestinationCidrBlock": "0.0.0.0/0", "GatewayId": { "Ref": "testVPCIGW757B9544" } }, "DependsOn": [ "testVPCVPCGWC5F7FA73" ], "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet2/DefaultRoute" } }, "testVPCPublicSubnet2EIPD027E151": { "Type": "AWS::EC2::EIP", "Properties": { "Domain": "vpc", "Tags": [ { "Key": "Name", "Value": "DemoStack/test-VPC/PublicSubnet2" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet2/EIP" } }, "testVPCPublicSubnet2NATGatewayF26FCD14": { "Type": "AWS::EC2::NatGateway", "Properties": { "AllocationId": { "Fn::GetAtt": [ "testVPCPublicSubnet2EIPD027E151", "AllocationId" ] }, "SubnetId": { "Ref": "testVPCPublicSubnet2Subnet384459D2" }, "Tags": [ { "Key": "Name", "Value": "DemoStack/test-VPC/PublicSubnet2" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PublicSubnet2/NATGateway" } }, "testVPCPrivateSubnet1Subnet096C7B7F": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "10.0.128.0/18", "VpcId": { "Ref": "testVPC102E57DE" }, "AvailabilityZone": { "Fn::Select": [ 0, { "Fn::GetAZs": "" } ] }, "MapPublicIpOnLaunch": false, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Private" }, { "Key": "aws-cdk:subnet-type", "Value": "Private" }, { "Key": "Name", "Value": "DemoStack/test-VPC/PrivateSubnet1" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PrivateSubnet1/Subnet" } }, "testVPCPrivateSubnet1RouteTable56F6EAE0": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "testVPC102E57DE" }, "Tags": [ { "Key": "Name", "Value": "DemoStack/test-VPC/PrivateSubnet1" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PrivateSubnet1/RouteTable" } }, "testVPCPrivateSubnet1RouteTableAssociation711EF96C": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "testVPCPrivateSubnet1RouteTable56F6EAE0" }, "SubnetId": { "Ref": "testVPCPrivateSubnet1Subnet096C7B7F" } }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PrivateSubnet1/RouteTableAssociation" } }, "testVPCPrivateSubnet1DefaultRoute31FC9F7C": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "testVPCPrivateSubnet1RouteTable56F6EAE0" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "testVPCPublicSubnet1NATGateway0136082C" } }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PrivateSubnet1/DefaultRoute" } }, "testVPCPrivateSubnet2SubnetE307A6A8": { "Type": "AWS::EC2::Subnet", "Properties": { "CidrBlock": "10.0.192.0/18", "VpcId": { "Ref": "testVPC102E57DE" }, "AvailabilityZone": { "Fn::Select": [ 1, { "Fn::GetAZs": "" } ] }, "MapPublicIpOnLaunch": false, "Tags": [ { "Key": "aws-cdk:subnet-name", "Value": "Private" }, { "Key": "aws-cdk:subnet-type", "Value": "Private" }, { "Key": "Name", "Value": "DemoStack/test-VPC/PrivateSubnet2" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PrivateSubnet2/Subnet" } }, "testVPCPrivateSubnet2RouteTable77E55988": { "Type": "AWS::EC2::RouteTable", "Properties": { "VpcId": { "Ref": "testVPC102E57DE" }, "Tags": [ { "Key": "Name", "Value": "DemoStack/test-VPC/PrivateSubnet2" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PrivateSubnet2/RouteTable" } }, "testVPCPrivateSubnet2RouteTableAssociationEB05AD1A": { "Type": "AWS::EC2::SubnetRouteTableAssociation", "Properties": { "RouteTableId": { "Ref": "testVPCPrivateSubnet2RouteTable77E55988" }, "SubnetId": { "Ref": "testVPCPrivateSubnet2SubnetE307A6A8" } }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PrivateSubnet2/RouteTableAssociation" } }, "testVPCPrivateSubnet2DefaultRoute33BB2C0B": { "Type": "AWS::EC2::Route", "Properties": { "RouteTableId": { "Ref": "testVPCPrivateSubnet2RouteTable77E55988" }, "DestinationCidrBlock": "0.0.0.0/0", "NatGatewayId": { "Ref": "testVPCPublicSubnet2NATGatewayF26FCD14" } }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/PrivateSubnet2/DefaultRoute" } }, "testVPCIGW757B9544": { "Type": "AWS::EC2::InternetGateway", "Properties": { "Tags": [ { "Key": "Name", "Value": "DemoStack/test-VPC" } ] }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/IGW" } }, "testVPCVPCGWC5F7FA73": { "Type": "AWS::EC2::VPCGatewayAttachment", "Properties": { "VpcId": { "Ref": "testVPC102E57DE" }, "InternetGatewayId": { "Ref": "testVPCIGW757B9544" } }, "Metadata": { "aws:cdk:path": "DemoStack/test-VPC/VPCGW" } }, "testvpcsg50B306C9": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "DemoStack/test-vpc-sg", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1" } ], "SecurityGroupIngress": [ { "CidrIp": "0.0.0.0/0", "Description": "from 0.0.0.0/0:ALL PORTS", "FromPort": 0, "IpProtocol": "tcp", "ToPort": 65535 } ], "VpcId": { "Ref": "testVPC102E57DE" } }, "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W40", "reason": "Demo template, need resources to trigger violation rules in the account" }, { "id": "W5", "reason": "Demo template, need resources to trigger violation rules in the account" }, { "id": "W9", "reason": "Demo template, need resources to trigger violation rules in the account" }, { "id": "W2", "reason": "Demo template, need resources to trigger violation rules in the account" }, { "id": "W27", "reason": "Demo template, need resources to trigger violation rules in the account" } ] } } }, "CDKMetadata": { "Type": "AWS::CDK::Metadata", "Properties": { "Modules": "aws-cdk=1.64.1,@aws-cdk/assets=1.64.1,@aws-cdk/aws-apigateway=1.64.1,@aws-cdk/aws-applicationautoscaling=1.64.1,@aws-cdk/aws-autoscaling-common=1.64.1,@aws-cdk/aws-certificatemanager=1.64.1,@aws-cdk/aws-cloudfront=1.64.1,@aws-cdk/aws-cloudwatch=1.64.1,@aws-cdk/aws-codeguruprofiler=1.64.1,@aws-cdk/aws-cognito=1.64.1,@aws-cdk/aws-dynamodb=1.64.1,@aws-cdk/aws-ec2=1.64.1,@aws-cdk/aws-elasticsearch=1.64.1,@aws-cdk/aws-events=1.64.1,@aws-cdk/aws-iam=1.64.1,@aws-cdk/aws-kinesis=1.64.1,@aws-cdk/aws-kinesisanalytics=1.64.1,@aws-cdk/aws-kms=1.64.1,@aws-cdk/aws-lambda=1.64.1,@aws-cdk/aws-lambda-event-sources=1.64.1,@aws-cdk/aws-logs=1.64.1,@aws-cdk/aws-s3=1.64.1,@aws-cdk/aws-s3-assets=1.64.1,@aws-cdk/aws-s3-notifications=1.64.1,@aws-cdk/aws-sns=1.64.1,@aws-cdk/aws-sns-subscriptions=1.64.1,@aws-cdk/aws-sqs=1.64.1,@aws-cdk/aws-ssm=1.64.1,@aws-cdk/aws-stepfunctions=1.64.1,@aws-cdk/cloud-assembly-schema=1.64.1,@aws-cdk/core=1.64.1,@aws-cdk/custom-resources=1.64.1,@aws-cdk/cx-api=1.64.1,@aws-cdk/region-info=1.64.1,@aws-solutions-constructs/aws-cloudfront-s3=1.64.1,@aws-solutions-constructs/aws-events-rule-lambda=1.64.1,@aws-solutions-constructs/aws-lambda-dynamodb=1.64.1,@aws-solutions-constructs/core=1.64.1,jsii-runtime=node.js/v10.19.0" }, "Condition": "CDKMetadataAvailable" } }, "Conditions": { "CDKMetadataAvailable": { "Fn::Or": [ { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-northwest-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-1" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "sa-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-2" ] } ] } ] } } }