{ "Description": "(SO0241-CMS.26) connected-mobility-solution-on-aws - cms-config. Version v2.1.5", "Mappings": { "Solution": { "AssetsConfig": { "S3AssetBucketBaseName": "solutions", "S3AssetKeyPrefix": "connected-mobility-solution-on-aws/v2.1.5/cms-config" }, "Config": { "SendAnonymousUsage": "Yes" } } }, "Resources": { "appregistryconstructappregistryapplicationAC1A319B": { "Type": "AWS::ServiceCatalogAppRegistry::Application", "Properties": { "Name": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, "-", { "Ref": "AWS::Region" }, "-", { "Ref": "AWS::AccountId" } ] ] }, "Tags": { "Solutions:ApplicationType": "AWS-Solutions", "Solutions:ModuleName": "cms-config", "Solutions:SolutionID": "SO0241", "Solutions:SolutionName": "connected-mobility-solution-on-aws", "Solutions:SolutionVersion": "v2.1.5" } }, "Metadata": { "aws:cdk:path": "cms-config/app-registry-construct/app-registry-application" } }, "appregistryconstructdefaultapplicationattributes8FF6B3DB": { "Type": "AWS::ServiceCatalogAppRegistry::AttributeGroup", "Properties": { "Attributes": { "ApplicationType": "AWS-Solutions", "Version": "v2.1.5", "SolutionID": "SO0241", "SolutionName": "connected-mobility-solution-on-aws" }, "Description": "Attribute group for solution information", "Name": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, "-", { "Ref": "AWS::Region" }, "-", { "Ref": "AWS::AccountId" } ] ] }, "Tags": { "awsApplication": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] }, "Solutions:ApplicationType": "AWS-Solutions", "Solutions:ModuleName": "cms-config", "Solutions:SolutionID": "SO0241", "Solutions:SolutionName": "connected-mobility-solution-on-aws", "Solutions:SolutionVersion": "v2.1.5" } }, "Metadata": { "aws:cdk:path": "cms-config/app-registry-construct/default-application-attributes" } }, "appregistryconstructappregistryapplicationattributeassociation802A10B5": { "Type": "AWS::ServiceCatalogAppRegistry::AttributeGroupAssociation", "Properties": { "Application": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "Id" ] }, "AttributeGroup": { "Fn::GetAtt": [ "appregistryconstructdefaultapplicationattributes8FF6B3DB", "Id" ] } }, "Metadata": { "aws:cdk:path": "cms-config/app-registry-construct/app-registry-application-attribute-association" } }, "ssmappuniqueidD1DCE51D": { "Type": "AWS::SSM::Parameter", "Properties": { "Description": "SSM parameter to register an app unique ID.", "Name": { "Fn::Join": [ "", [ "/solution/", { "Ref": "AppUniqueId" } ] ] }, "Tags": { "awsApplication": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] }, "Solutions:ApplicationType": "AWS-Solutions", "Solutions:ModuleName": "cms-config", "Solutions:SolutionID": "SO0241", "Solutions:SolutionName": "connected-mobility-solution-on-aws", "Solutions:SolutionVersion": "v2.1.5" }, "Type": "String", "Value": { "Ref": "AppUniqueId" } }, "Metadata": { "aws:cdk:path": "cms-config/ssm-app-unique-id/Resource" } }, "cmsconfigcdklambdasvpcconstructsecuritygroupE578D63B": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "cms-config/cms-config/cdk-lambdas-vpc-construct/security-group", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1" } ], "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ], "VpcId": { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/vpcid}}" ] ] } }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/cdk-lambdas-vpc-construct/security-group/Resource" } }, "cmsconfigdependencylayerconstructlambdadependencylayerversionCF549CC2": { "Type": "AWS::Lambda::LayerVersion", "Properties": { "CompatibleArchitectures": [ "x86_64", "arm64" ], "CompatibleRuntimes": [ "python3.12" ], "Content": { "S3Bucket": { "Fn::Join": [ "-", [ { "Fn::FindInMap": [ "Solution", "AssetsConfig", "S3AssetBucketBaseName" ] }, { "Fn::Sub": "${AWS::Region}" } ] ] }, "S3Key": { "Fn::Join": [ "/", [ { "Fn::FindInMap": [ "Solution", "AssetsConfig", "S3AssetKeyPrefix" ] }, "assetc48f81dbd1b713e2434891129e9e850eb08c0e790639202a9fd3bff9a72f6a72.zip" ] ] } } }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/dependency-layer-construct/lambda-dependency-layer-version/Resource", "aws:asset:path": "asset.c48f81dbd1b713e2434891129e9e850eb08c0e790639202a9fd3bff9a72f6a72", "aws:asset:is-bundled": false, "aws:asset:property": "Content" } }, "cmsconfigcustomresourcelambdaconstructlambdarole41621C04": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":logs:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":log-group:/aws/lambda/", { "Ref": "AppUniqueId" }, "-config-custom-resource" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":logs:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":log-group:/aws/lambda/", { "Ref": "AppUniqueId" }, "-config-custom-resource:log-stream:*" ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "lambda-logs-policy" }, { "PolicyDocument": { "Statement": [ { "Action": "ec2:CreateNetworkInterfacePermission", "Condition": { "StringEquals": { "ec2:Subnet": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":subnet/{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/1}}" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":subnet/{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/2}}" ] ] } ], "ec2:AuthorizedService": "lambda.amazonaws.com" } }, "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":network-interface/*" ] ] } }, { "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "ec2-policy" } ], "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ] }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/custom-resource-lambda-construct/lambda-role/Resource", "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "appliesTo": [ "Resource::arn::logs:::log-group:/aws/lambda/-config-custom-resource:log-stream:*", "Resource::arn::logs:::log-group:/aws/lambda/-config-custom-resource:log-stream:*" ], "reason": "Log retention lambda uses policies that require wildcard permissions" }, { "id": "AwsSolutions-IAM5", "appliesTo": [ "Resource::arn::ec2:::network-interface/*", "Resource::*" ], "reason": "ec2 Network Interfaces permissions need to be wildcard" } ] } } }, "cmsconfigcustomresourcelambdaconstructsecuritygroup0A83289A": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "cms-config/cms-config/custom-resource-lambda-construct/security-group", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1" } ], "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ], "VpcId": { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/vpcid}}" ] ] } }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/custom-resource-lambda-construct/security-group/Resource" } }, "cmsconfigcustomresourcelambdaconstructlambdafunction670EC06C": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Join": [ "-", [ { "Fn::FindInMap": [ "Solution", "AssetsConfig", "S3AssetBucketBaseName" ] }, { "Fn::Sub": "${AWS::Region}" } ] ] }, "S3Key": { "Fn::Join": [ "/", [ { "Fn::FindInMap": [ "Solution", "AssetsConfig", "S3AssetKeyPrefix" ] }, "assetfa61f2e0af2b806dd8895cf58e04550f02558a069bd6052dac85eb553dd06f0e.zip" ] ] } }, "Environment": { "Variables": { "USER_AGENT_STRING": "AWSSOLUTION/SO0241/v2.1.5 AWSSOLUTION-CAPABILITY/CMS.26/v2.1.5" } }, "FunctionName": { "Fn::Join": [ "", [ { "Ref": "AppUniqueId" }, "-config-custom-resource" ] ] }, "Handler": "function.main.handler", "Layers": [ { "Ref": "cmsconfigdependencylayerconstructlambdadependencylayerversionCF549CC2" } ], "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "cmsconfigcustomresourcelambdaconstructlambdarole41621C04", "Arn" ] }, "Runtime": "python3.12", "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ], "Timeout": 300, "VpcConfig": { "SecurityGroupIds": [ { "Fn::GetAtt": [ "cmsconfigcustomresourcelambdaconstructsecuritygroup0A83289A", "GroupId" ] } ], "SubnetIds": [ { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/1}}" ] ] }, { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/2}}" ] ] } ] } }, "DependsOn": [ "cmsconfigcustomresourcelambdaconstructlambdarole41621C04", "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/custom-resource-lambda-construct/lambda-function/Resource", "aws:asset:path": "asset.fa61f2e0af2b806dd8895cf58e04550f02558a069bd6052dac85eb553dd06f0e.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-L1", "reason": "The non-container Lambda function is not configured to use the latest runtime version." } ] } } }, "cmsconfigcustomresourcelambdaconstructlambdafunctionLogRetentionF23B423D": { "Type": "Custom::LogRetention", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn" ] }, "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "cmsconfigcustomresourcelambdaconstructlambdafunction670EC06C" } ] ] }, "RetentionInDays": 90 }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/custom-resource-lambda-construct/lambda-function/LogRetention/Resource" } }, "cmsconfigdeploymentuuidconstructdeploymentuuidcustomresourceD01A8D82": { "Type": "Custom::CreateDeploymentUUID", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "cmsconfigcustomresourcelambdaconstructlambdafunction670EC06C", "Arn" ] }, "Resource": "CreateDeploymentUUID" }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "cms-config/cms-config/deployment-uuid-construct/deployment-uuid-custom-resource/Default" } }, "cmsconfigmetricsconstructlambdaroleCB9421AE": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":logs:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":log-group:/aws/lambda/", { "Ref": "AppUniqueId" }, "-config-anonymous-metrics" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":logs:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":log-group:/aws/lambda/", { "Ref": "AppUniqueId" }, "-config-anonymous-metrics:log-stream:*" ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "lambda-logs-policy" }, { "PolicyDocument": { "Statement": [ { "Action": [ "cloudwatch:GetMetricData", "cloudwatch:GetMetricStatistics", "cloudwatch:ListMetrics" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "cloudwatch-metrics-policy" }, { "PolicyDocument": { "Statement": [ { "Action": [ "tag:GetResources", "tag:GetTagKeys", "tag:GetTagValues" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "resourcegroupstaggingapi-policy" }, { "PolicyDocument": { "Statement": [ { "Action": "ec2:CreateNetworkInterfacePermission", "Condition": { "StringEquals": { "ec2:Subnet": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":subnet/{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/1}}" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":subnet/{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/2}}" ] ] } ], "ec2:AuthorizedService": "lambda.amazonaws.com" } }, "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":network-interface/*" ] ] } }, { "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "ec2-policy" } ], "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ] }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/metrics-construct/lambda-role/Resource", "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "appliesTo": [ "Resource::arn::logs:::log-group:/aws/lambda/-config-anonymous-metrics:log-stream:*", "Resource::*" ], "reason": "Wildcard permissions required to write to log streams and get cloudwatch metrics." }, { "id": "AwsSolutions-IAM5", "reason": "ec2 Network Interfaces permissions need to be wildcard", "appliesTo": [ "Resource::arn::ec2:::network-interface/*" ] } ] } }, "Condition": "cmsconfigSendAnonymousUsage2AEBF069" }, "cmsconfigmetricsconstructsecuritygroupE9E75D81": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "cms-config/cms-config/metrics-construct/security-group", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1" } ], "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ], "VpcId": { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/vpcid}}" ] ] } }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/metrics-construct/security-group/Resource" }, "Condition": "cmsconfigSendAnonymousUsage2AEBF069" }, "cmsconfigmetricsconstructlambdafunction7416C7AB": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Join": [ "-", [ { "Fn::FindInMap": [ "Solution", "AssetsConfig", "S3AssetBucketBaseName" ] }, { "Fn::Sub": "${AWS::Region}" } ] ] }, "S3Key": { "Fn::Join": [ "/", [ { "Fn::FindInMap": [ "Solution", "AssetsConfig", "S3AssetKeyPrefix" ] }, "assetf41573b0365ecc7ca89b9642ace9c59e40ff9597869e0d437a41c1034453d9e7.zip" ] ] } }, "Environment": { "Variables": { "USER_AGENT_STRING": "AWSSOLUTION/SO0241/v2.1.5 AWSSOLUTION-CAPABILITY/CMS.26/v2.1.5", "SOLUTION_ID": "SO0241", "SOLUTION_VERSION": "v2.1.5", "AWS_ACCOUNT_ID": { "Ref": "AWS::AccountId" }, "DEPLOYMENT_UUID": { "Fn::GetAtt": [ "cmsconfigdeploymentuuidconstructdeploymentuuidcustomresourceD01A8D82", "SolutionUUID" ] }, "METRICS_SOLUTION_URL": "https://metrics.awssolutionsbuilder.com/generic" } }, "FunctionName": { "Fn::Join": [ "", [ { "Ref": "AppUniqueId" }, "-config-anonymous-metrics" ] ] }, "Handler": "function.main.handler", "Layers": [ { "Ref": "cmsconfigdependencylayerconstructlambdadependencylayerversionCF549CC2" } ], "Role": { "Fn::GetAtt": [ "cmsconfigmetricsconstructlambdaroleCB9421AE", "Arn" ] }, "Runtime": "python3.12", "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ], "Timeout": 300, "VpcConfig": { "SecurityGroupIds": [ { "Fn::GetAtt": [ "cmsconfigmetricsconstructsecuritygroupE9E75D81", "GroupId" ] } ], "SubnetIds": [ { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/1}}" ] ] }, { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/2}}" ] ] } ] } }, "DependsOn": [ "cmsconfigmetricsconstructlambdaroleCB9421AE", "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/metrics-construct/lambda-function/Resource", "aws:asset:path": "asset.f41573b0365ecc7ca89b9642ace9c59e40ff9597869e0d437a41c1034453d9e7.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-L1", "reason": "The non-container Lambda function is not configured to use the latest runtime version." } ] } }, "Condition": "cmsconfigSendAnonymousUsage2AEBF069" }, "cmsconfigmetricsconstructlambdafunctionLogRetentionCB5BEDD7": { "Type": "Custom::LogRetention", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn" ] }, "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "cmsconfigmetricsconstructlambdafunction7416C7AB" } ] ] }, "RetentionInDays": 90 }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/metrics-construct/lambda-function/LogRetention/Resource" }, "Condition": "cmsconfigSendAnonymousUsage2AEBF069" }, "cmsconfigmetricsconstructcronruleC48A9B55": { "Type": "AWS::Events::Rule", "Properties": { "ScheduleExpression": "cron(0 1 * * ? *)", "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "cmsconfigmetricsconstructlambdafunction7416C7AB", "Arn" ] }, "Id": "Target0" } ] }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/metrics-construct/cron-rule/Resource" }, "Condition": "cmsconfigSendAnonymousUsage2AEBF069" }, "cmsconfigmetricsconstructcronruleAllowEventRulecmsconfigmetricsconstructlambdafunction4C93E93C6AFF8B41": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "cmsconfigmetricsconstructlambdafunction7416C7AB", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "cmsconfigmetricsconstructcronruleC48A9B55", "Arn" ] } }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/metrics-construct/cron-rule/AllowEventRulecmsconfigmetricsconstructlambdafunction4C93E93C" }, "Condition": "cmsconfigSendAnonymousUsage2AEBF069" }, "cmsconfigawsresourcelookupcustomresourcelambdalambdaroleA434B0CE": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":logs:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":log-group:/aws/lambda/", { "Ref": "AppUniqueId" }, "-config-aws-resource-lookup" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":logs:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":log-group:/aws/lambda/", { "Ref": "AppUniqueId" }, "-config-aws-resource-lookup:log-stream:*" ] ] } ] } ], "Version": "2012-10-17" }, "PolicyName": "lambda-logs-policy" }, { "PolicyDocument": { "Statement": [ { "Action": "ec2:CreateNetworkInterfacePermission", "Condition": { "StringEquals": { "ec2:Subnet": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":subnet/{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/1}}" ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":subnet/{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/2}}" ] ] } ], "ec2:AuthorizedService": "lambda.amazonaws.com" } }, "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":network-interface/*" ] ] } }, { "Action": [ "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface", "ec2:DescribeNetworkInterfaces" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "ec2-policy" } ], "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ] }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/aws-resource-lookup-custom-resource-lambda/lambda-role/Resource", "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "appliesTo": [ "Resource::arn::logs:::log-group:/aws/lambda/-config-aws-resource-lookup:log-stream:*", "Resource::arn::logs:::log-group:/aws/lambda/-config-aws-resource-lookup:log-stream:*" ], "reason": "Log retention lambda uses policies that require wildcard permissions" }, { "id": "AwsSolutions-IAM5", "appliesTo": [ "Resource::arn::ec2:::network-interface/*", "Resource::*" ], "reason": "ec2 Network Interfaces permissions need to be wildcard" } ] } } }, "cmsconfigawsresourcelookupcustomresourcelambdasecuritygroupED99DFD8": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "GroupDescription": "cms-config/cms-config/aws-resource-lookup-custom-resource-lambda/security-group", "SecurityGroupEgress": [ { "CidrIp": "0.0.0.0/0", "Description": "Allow all outbound traffic by default", "IpProtocol": "-1" } ], "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ], "VpcId": { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/vpcid}}" ] ] } }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/aws-resource-lookup-custom-resource-lambda/security-group/Resource" } }, "cmsconfigawsresourcelookupcustomresourcelambdalambdafunctionFAC5FBD0": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Join": [ "-", [ { "Fn::FindInMap": [ "Solution", "AssetsConfig", "S3AssetBucketBaseName" ] }, { "Fn::Sub": "${AWS::Region}" } ] ] }, "S3Key": { "Fn::Join": [ "/", [ { "Fn::FindInMap": [ "Solution", "AssetsConfig", "S3AssetKeyPrefix" ] }, "assetc3cb4daf429ceb312b0a931ccc3d09b6eda59ca50e2a83e248b925f2da68d910.zip" ] ] } }, "Environment": { "Variables": { "USER_AGENT_STRING": "AWSSOLUTION/SO0241/v2.1.5 AWSSOLUTION-CAPABILITY/CMS.26/v2.1.5" } }, "FunctionName": { "Fn::Join": [ "", [ { "Ref": "AppUniqueId" }, "-config-aws-resource-lookup" ] ] }, "Handler": "function.main.handler", "Layers": [ { "Ref": "cmsconfigdependencylayerconstructlambdadependencylayerversionCF549CC2" } ], "MemorySize": 1024, "Role": { "Fn::GetAtt": [ "cmsconfigawsresourcelookupcustomresourcelambdalambdaroleA434B0CE", "Arn" ] }, "Runtime": "python3.12", "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ], "Timeout": 300, "VpcConfig": { "SecurityGroupIds": [ { "Fn::GetAtt": [ "cmsconfigawsresourcelookupcustomresourcelambdasecuritygroupED99DFD8", "GroupId" ] } ], "SubnetIds": [ { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/1}}" ] ] }, { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/2}}" ] ] } ] } }, "DependsOn": [ "cmsconfigawsresourcelookupcustomresourcelambdalambdaroleA434B0CE", "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/aws-resource-lookup-custom-resource-lambda/lambda-function/Resource", "aws:asset:path": "asset.c3cb4daf429ceb312b0a931ccc3d09b6eda59ca50e2a83e248b925f2da68d910.zip", "aws:asset:is-bundled": false, "aws:asset:property": "Code", "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-L1", "reason": "The non-container Lambda function is not configured to use the latest runtime version." } ] } } }, "cmsconfigawsresourcelookupcustomresourcelambdalambdafunctionLogRetention1F74CCE0": { "Type": "Custom::LogRetention", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", "Arn" ] }, "LogGroupName": { "Fn::Join": [ "", [ "/aws/lambda/", { "Ref": "cmsconfigawsresourcelookupcustomresourcelambdalambdafunctionFAC5FBD0" } ] ] }, "RetentionInDays": 90 }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/aws-resource-lookup-custom-resource-lambda/lambda-function/LogRetention/Resource" } }, "cmsconfigmoduleoutputsconstructssmdeploymentuuidBBDE349B": { "Type": "AWS::SSM::Parameter", "Properties": { "Description": { "Fn::Join": [ "", [ "Deployment UUID associated with app unique ID - ", { "Ref": "AppUniqueId" } ] ] }, "Name": { "Fn::Join": [ "", [ "/solution/", { "Ref": "AppUniqueId" }, "/config/deployment-uuid" ] ] }, "Tags": { "awsApplication": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] }, "Solutions:ApplicationType": "AWS-Solutions", "Solutions:ModuleName": "cms-config", "Solutions:SolutionID": "SO0241", "Solutions:SolutionName": "connected-mobility-solution-on-aws", "Solutions:SolutionVersion": "v2.1.5" }, "Type": "String", "Value": { "Fn::GetAtt": [ "cmsconfigdeploymentuuidconstructdeploymentuuidcustomresourceD01A8D82", "SolutionUUID" ] } }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/module-outputs-construct/ssm-deployment-uuid/Resource" } }, "cmsconfigmoduleoutputsconstructidentityproviderid38238832": { "Type": "AWS::SSM::Parameter", "Properties": { "Description": { "Fn::Join": [ "", [ "Identity Provider ID associated with app unique ID - ", { "Ref": "AppUniqueId" } ] ] }, "Name": { "Fn::Join": [ "", [ "/solution/", { "Ref": "AppUniqueId" }, "/config/auth/identity-provider-id" ] ] }, "Tags": { "awsApplication": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] }, "Solutions:ApplicationType": "AWS-Solutions", "Solutions:ModuleName": "cms-config", "Solutions:SolutionID": "SO0241", "Solutions:SolutionName": "connected-mobility-solution-on-aws", "Solutions:SolutionVersion": "v2.1.5" }, "Type": "String", "Value": { "Ref": "IdentityProviderId" } }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/module-outputs-construct/identity-provider-id/Resource" } }, "cmsconfigmoduleoutputsconstructvpcname47751DBB": { "Type": "AWS::SSM::Parameter", "Properties": { "Description": "VPC Name", "Name": { "Fn::Join": [ "", [ "/solution/", { "Ref": "AppUniqueId" }, "/config/vpc/name" ] ] }, "Tags": { "awsApplication": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] }, "Solutions:ApplicationType": "AWS-Solutions", "Solutions:ModuleName": "cms-config", "Solutions:SolutionID": "SO0241", "Solutions:SolutionName": "connected-mobility-solution-on-aws", "Solutions:SolutionVersion": "v2.1.5" }, "Type": "String", "Value": { "Ref": "VpcName" } }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/module-outputs-construct/vpc-name/Resource" } }, "cmsconfigmoduleoutputsconstructawsresourcelookuplambdaarn1F7B695D": { "Type": "AWS::SSM::Parameter", "Properties": { "Description": "Arn of AWS resource lookup Lambda function", "Name": { "Fn::Join": [ "", [ "/solution/", { "Ref": "AppUniqueId" }, "/config/aws-resource-lookup-lambda/arn" ] ] }, "Tags": { "awsApplication": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] }, "Solutions:ApplicationType": "AWS-Solutions", "Solutions:ModuleName": "cms-config", "Solutions:SolutionID": "SO0241", "Solutions:SolutionName": "connected-mobility-solution-on-aws", "Solutions:SolutionVersion": "v2.1.5" }, "Type": "String", "Value": { "Fn::GetAtt": [ "cmsconfigawsresourcelookupcustomresourcelambdalambdafunctionFAC5FBD0", "Arn" ] } }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/module-outputs-construct/aws-resource-lookup-lambda-arn/Resource" } }, "cmsconfigmoduleoutputsconstructssmanonymousmetricsenabledE1C6DC68": { "Type": "AWS::SSM::Parameter", "Properties": { "Description": { "Fn::Join": [ "", [ "Anonymous metrics enabled or not for app unique ID - ", { "Ref": "AppUniqueId" } ] ] }, "Name": { "Fn::Join": [ "", [ "/solution/", { "Ref": "AppUniqueId" }, "/config/metrics/enabled" ] ] }, "Tags": { "awsApplication": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] }, "Solutions:ApplicationType": "AWS-Solutions", "Solutions:ModuleName": "cms-config", "Solutions:SolutionID": "SO0241", "Solutions:SolutionName": "connected-mobility-solution-on-aws", "Solutions:SolutionVersion": "v2.1.5" }, "Type": "String", "Value": { "Fn::FindInMap": [ "Solution", "Config", "SendAnonymousUsage" ] } }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/module-outputs-construct/ssm-anonymous-metrics-enabled/Resource" } }, "cmsconfigmoduleoutputsconstructssmanonymousmetricsurlD8C5A271": { "Type": "AWS::SSM::Parameter", "Properties": { "Description": { "Fn::Join": [ "", [ "URL to send anonymous metrics to for app unique ID - ", { "Ref": "AppUniqueId" } ] ] }, "Name": { "Fn::Join": [ "", [ "/solution/", { "Ref": "AppUniqueId" }, "/config/metrics/url" ] ] }, "Tags": { "awsApplication": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] }, "Solutions:ApplicationType": "AWS-Solutions", "Solutions:ModuleName": "cms-config", "Solutions:SolutionID": "SO0241", "Solutions:SolutionName": "connected-mobility-solution-on-aws", "Solutions:SolutionVersion": "v2.1.5" }, "Type": "String", "Value": "https://metrics.awssolutionsbuilder.com/generic" }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/module-outputs-construct/ssm-anonymous-metrics-url/Resource" }, "Condition": "cmsconfigSendAnonymousUsage2AEBF069" }, "cmsconfigssm0DF0CC25": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "ssm:GetParameter", "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ssm:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":parameter/solution/", { "Ref": "AppUniqueId" }, "/config/*" ] ] } } ], "Version": "2012-10-17" }, "PolicyName": "cmsconfigssm0DF0CC25", "Roles": [ { "Ref": "cmsconfigawsresourcelookupcustomresourcelambdalambdaroleA434B0CE" } ] }, "DependsOn": [ "ssmappuniqueidD1DCE51D" ], "Metadata": { "aws:cdk:path": "cms-config/cms-config/ssm/Resource", "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "appliesTo": [ "Resource::arn::ssm:::parameter/solution//config/*" ], "reason": "Wildcard permissions allow for generalizing the lambda to lookup any SSM parameters with the known cms_config prefix in their name." } ] } } }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" }, "ManagedPolicyArns": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ] ] } ], "Policies": [ { "PolicyDocument": { "Statement": [ { "Action": [ "ec2:CreateNetworkInterfacePermission" ], "Condition": { "StringEquals": { "ec2:Subnet": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":subnet/", { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/1}}" ] ] } ] ] }, { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":subnet/", { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/2}}" ] ] } ] ] } ], "ec2:AuthorizedService": "lambda.amazonaws.com" } }, "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":ec2:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":network-interface/*" ] ] } }, { "Action": [ "ec2:DescribeNetworkInterfaces", "ec2:CreateNetworkInterface", "ec2:DeleteNetworkInterface" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "ec2-policy" } ], "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ] }, "Metadata": { "aws:cdk:path": "cms-config/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource", "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM4", "appliesTo": [ "Policy::arn::iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" ], "reason": "Log retention lambda uses AWS managed policies." } ] } } }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "logs:DeleteRetentionPolicy", "logs:PutRetentionPolicy" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", "Roles": [ { "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" } ] }, "Metadata": { "aws:cdk:path": "cms-config/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "id": "AwsSolutions-IAM5", "appliesTo": [ "Resource::*" ], "reason": "Log retention lambda uses policies that require wildcard permissions." } ] } } }, "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { "Type": "AWS::Lambda::Function", "Properties": { "Handler": "index.handler", "Runtime": "nodejs22.x", "Timeout": 900, "Code": { "S3Bucket": { "Fn::Join": [ "-", [ { "Fn::FindInMap": [ "Solution", "AssetsConfig", "S3AssetBucketBaseName" ] }, { "Fn::Sub": "${AWS::Region}" } ] ] }, "S3Key": { "Fn::Join": [ "/", [ { "Fn::FindInMap": [ "Solution", "AssetsConfig", "S3AssetKeyPrefix" ] }, "asset2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d.zip" ] ] } }, "Role": { "Fn::GetAtt": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", "Arn" ] }, "Tags": [ { "Key": "awsApplication", "Value": { "Fn::GetAtt": [ "appregistryconstructappregistryapplicationAC1A319B", "ApplicationTagValue" ] } }, { "Key": "Solutions:ApplicationType", "Value": "AWS-Solutions" }, { "Key": "Solutions:ModuleName", "Value": "cms-config" }, { "Key": "Solutions:SolutionID", "Value": "SO0241" }, { "Key": "Solutions:SolutionName", "Value": "connected-mobility-solution-on-aws" }, { "Key": "Solutions:SolutionVersion", "Value": "v2.1.5" } ], "VpcConfig": { "SecurityGroupIds": [ { "Fn::GetAtt": [ "cmsconfigcdklambdasvpcconstructsecuritygroupE578D63B", "GroupId" ] } ], "SubnetIds": [ { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/1}}" ] ] }, { "Fn::Join": [ "", [ "{{resolve:ssm:/solution/vpc/", { "Ref": "VpcName" }, "/subnets/private/2}}" ] ] } ] } }, "DependsOn": [ "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" ], "Metadata": { "aws:cdk:path": "cms-config/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource", "aws:asset:path": "asset.2819175352ad1ce0dae768e83fc328fb70fb5f10b4a8ff0ccbcb791f02b0716d", "aws:asset:is-bundled": false, "aws:asset:property": "Code" } }, "CDKMetadata": { "Type": "AWS::CDK::Metadata", "Properties": { "Analytics": "v2:deflate64:H4sIAAAAAAAA/2VQXW/CMAz8LbyHDMovKJW2F5CqIu0VmWAyjzSpYgdURf3vU8vHhvZ0Psfnu7jQxaLQixlceW6O57mjg847AXNW1clvoevIWwVX3mfGeCGDBgRcsNB1ES2xxF7n6uTLrnNkQCj4UVmKRDokwY8YUve/UzIHQ9P4oJjb0TSStzVEaFEwjpInGRSaQucdmhRJ+ufOl8agHLSHI+i8gR7jJ0a+h3nh78mbR8q/dY2xJeZboNUemFFYlyMoXul1MmeUNTAqglbnJjgcZRPWwZHppy1TNSgXLOtNsA0K+skCL+iFdW7SXZgcDsPLN1WDHFI0qCbbnYAdrz8OPx6qxBLaX3ryVfBHut2x7uUr+LeVXhZ6uZx9M9E8Ji/Uom5u+APAOUFm8AEAAA==" }, "Metadata": { "aws:cdk:path": "cms-config/CDKMetadata/Default" }, "Condition": "CDKMetadataAvailable" } }, "Parameters": { "AppUniqueId": { "Type": "String", "AllowedPattern": "^(?!-)[a-z0-9-]+(?