Closed ttais2017 closed 3 years ago
Can you tell me why you think this is a bug in CDK?
Have you looked at the resulting CloudFormation template? Does it look right or wrong?
Show us some code or show us the template, otherwise we cannot help at all.
Can you tell me why you think this is a bug in CDK? -- I think this is a bug in CDK, since I tested already creating the same resources (but manually directly from the AWS-console) in AppConfig. The resources could be created without problems.
Now, using the CDK (Java Classes) I was able to create partially resources of my use case. Nevertheles I could not create the AppConfig profile, because the described error ""S3 Bucket not owned by this account".
Note that I created the S3 Bucket from the same project (with CDK), upload the JSON file (as configuration file for AppConfig), a Role for accessing that S3 Bucket (with reading privileges) and it should be assumed by app-config service. Everything was created ok.
For testing purposes I commented the block in Java Code, where i was trying to create the AppConfig Profile. The whole Stack could be created and no errors were reported. However, trying to create the AppConfig Profile, i got the error "s3 bucket not owned by this account"... but the error was reported in events (while creating the stack in cloudformation). From here, I can say you... the CF template should be clean. Do you want a copy of the template ?.
Have you looked at the resulting CloudFormation template? Does it look right or wrong?
Show us some code or show us the template, otherwise we cannot help at all.
Above u will find the two CF templates: -- the first one (basics) creates the S3 bucket, some lambda layers and the role which will be used by appconfig -- the second one (resources) takes as parameters (the s3 bucket and the role) and creates additional resources such as Lambda Functions, Extensions... and specially the AppConfig (application, environment and profile).
I hope this info is enough for checking the consistency of both templates (Stack with two nested stacks)
Resources:
devcdkresourcesD3300479:
Type: 'AWS::S3::Bucket'
Properties:
AccessControl: PublicReadWrite
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
VersioningConfiguration:
Status: Enabled
UpdateReplacePolicy: Delete
DeletionPolicy: Delete
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/dev-cdk-resources/Resource
'AWS::CloudFormation::Designer':
id: 7601ffbf-6c97-4497-a5f3-ed4c50f02326
devcdkresourcesPolicy499E661A:
Type: 'AWS::S3::BucketPolicy'
Properties:
Bucket: !Ref devcdkresourcesD3300479
PolicyDocument:
Statement:
- Action: 's3:GetObject'
Effect: Allow
Principal: '*'
Resource: !Join
- ''
- - !GetAtt
- devcdkresourcesD3300479
- Arn
- /*
- Action:
- 's3:GetBucket*'
- 's3:List*'
- 's3:DeleteObject*'
Effect: Allow
Principal:
AWS: !GetAtt
- CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092
- Arn
Resource:
- !GetAtt
- devcdkresourcesD3300479
- Arn
- !Join
- ''
- - !GetAtt
- devcdkresourcesD3300479
- Arn
- /*
- Action: 's3:*'
Effect: Allow
Principal:
AWS: !GetAtt
- devmanpccappconfigrole1132D7DE
- Arn
Resource: !GetAtt
- devcdkresourcesD3300479
- Arn
Version: 2012-10-17
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/dev-cdk-resources/Policy/Resource
'AWS::CloudFormation::Designer':
id: 5970ddf8-ff18-48ac-b113-c8be59797490
devcdkresourcesAutoDeleteObjectsCustomResourceF849E289:
Type: 'Custom::S3AutoDeleteObjects'
Properties:
ServiceToken: !GetAtt
- CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F
- Arn
BucketName: !Ref devcdkresourcesD3300479
DependsOn:
- devcdkresourcesPolicy499E661A
UpdateReplacePolicy: Delete
DeletionPolicy: Delete
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/dev-cdk-resources/AutoDeleteObjectsCustomResource/Default
'AWS::CloudFormation::Designer':
id: 33900fa9-3cf0-4389-93cd-414b647b5b59
CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Version: 2012-10-17
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
ManagedPolicyArns:
- !Sub >-
arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Role
'AWS::CloudFormation::Designer':
id: aada7cb9-2258-4611-a5af-73aa84dd5cbf
CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F:
Type: 'AWS::Lambda::Function'
Properties:
Code:
S3Bucket: !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
S3Key: 4cd61014b71160e8c66fe167e43710d5ba068b80b134e9bd84508cf9238b2392.zip
Timeout: 900
MemorySize: 128
Handler: __entrypoint__.handler
Role: !GetAtt
- CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092
- Arn
Runtime: nodejs12.x
Description: !Join
- ''
- - 'Lambda function for auto-deleting objects in '
- !Ref devcdkresourcesD3300479
- ' S3 bucket.'
DependsOn:
- CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/Custom::S3AutoDeleteObjectsCustomResourceProvider/Handler
'AWS::CloudFormation::Designer':
id: a25a4f90-05b0-4199-a19a-c389ab3d9b11
basicdeploymentAwsCliLayer9EFE5C37:
Type: 'AWS::Lambda::LayerVersion'
Properties:
Content:
S3Bucket: !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
S3Key: e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68.zip
Description: /opt/awscli/aws
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/basic-deployment/AwsCliLayer/Resource
'aws:asset:path': >-
../asset.e9882ab123687399f934da0d45effe675ecc8ce13b40cb946f3e1d6141fe8d68.zip
'aws:asset:property': Content
'AWS::CloudFormation::Designer':
id: f71f9c60-c17e-4238-8c94-a1066957c60d
basicdeploymentCustomResource9461ED10:
Type: 'Custom::CDKBucketDeployment'
Properties:
ServiceToken: !GetAtt
- CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536
- Arn
SourceBucketNames:
- !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
SourceObjectKeys:
- f75a10c8e679c01f13cd2a9d77f28b0803010b2826a2772284cf4ef01b4b06ff.zip
DestinationBucketName: !Ref devcdkresourcesD3300479
Prune: true
UpdateReplacePolicy: Delete
DeletionPolicy: Delete
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/basic-deployment/CustomResource/Default
'AWS::CloudFormation::Designer':
id: 8d57c681-3ceb-4154-8c77-b8705dddfc49
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/Resource
'AWS::CloudFormation::Designer':
id: d795ab4b-09d5-4f02-b0eb-7b1f84be47cf
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF:
Type: 'AWS::IAM::Policy'
Properties:
PolicyDocument:
Statement:
- Action:
- 's3:GetObject*'
- 's3:GetBucket*'
- 's3:List*'
Effect: Allow
Resource:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':s3:::'
- !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':s3:::'
- !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
- /*
- Action:
- 's3:GetObject*'
- 's3:GetBucket*'
- 's3:List*'
- 's3:DeleteObject*'
- 's3:PutObject'
- 's3:Abort*'
Effect: Allow
Resource:
- !GetAtt
- devcdkresourcesD3300479
- Arn
- !Join
- ''
- - !GetAtt
- devcdkresourcesD3300479
- Arn
- /*
Version: 2012-10-17
PolicyName: >-
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF
Roles:
- !Ref >-
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/ServiceRole/DefaultPolicy/Resource
'AWS::CloudFormation::Designer':
id: a2739a1e-1261-447a-9484-425cfb10ab98
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536:
Type: 'AWS::Lambda::Function'
Properties:
Code:
S3Bucket: !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
S3Key: c24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cf.zip
Role: !GetAtt
- >-
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265
- Arn
Handler: index.handler
Layers:
- !Ref basicdeploymentAwsCliLayer9EFE5C37
Runtime: python3.6
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Timeout: 900
DependsOn:
- >-
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRoleDefaultPolicy88902FDF
- >-
CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756CServiceRole89A01265
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/Custom::CDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C/Resource
'aws:asset:path': >-
../asset.c24b999656e4fe6c609c31bae56a1cf4717a405619c3aa6ba1bc686b8c2c86cf
'aws:asset:property': Code
'AWS::CloudFormation::Designer':
id: 5d96d380-1b75-4bdc-a678-ef1b991ee621
devmanpccappconfigrole1132D7DE:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: appconfig.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/AmazonS3FullAccess'
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/AWSCloudFormationFullAccess'
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/CloudWatchLogsFullAccess'
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/CloudWatchFullAccess'
Policies:
- PolicyDocument:
Statement:
- Action:
- 's3:GetObject'
- 's3:GetObjectVersion'
Effect: Allow
Resource: !Join
- ''
- - !GetAtt
- devcdkresourcesD3300479
- Arn
- /admin/appconfig.json
- Action:
- 's3:GetBucketVersioning'
- 's3:GetBucketLocation'
- 's3:ListBucketVersions'
- 's3:ListBucket'
Effect: Allow
Resource: !GetAtt
- devcdkresourcesD3300479
- Arn
- Action: 's3:ListAllMyBuckets'
Effect: Allow
Resource: '*'
Version: 2012-10-17
PolicyName: devappconfig
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/devman-pcc-appconfig-role/Resource
'AWS::CloudFormation::Designer':
id: 1d5f9356-3c4f-4bf8-a654-0f228b8047dd
basicsawslibsaslayer37BB77A5:
Type: 'AWS::Lambda::LayerVersion'
Properties:
Content:
S3Bucket: !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
S3Key: 88f7ea55a12b149017fa1372ba687334cd2dcdda0ba362f5595a1c9dc22d4f25.jar
CompatibleRuntimes:
- java11
Description: AWS Libs As Lambda-Layer
LayerName: basics-aws-libs-as-layer
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/basics-aws-libs-as-layer/Resource
'aws:asset:path': >-
../asset.88f7ea55a12b149017fa1372ba687334cd2dcdda0ba362f5595a1c9dc22d4f25.jar
'aws:asset:property': Content
'AWS::CloudFormation::Designer':
id: 32bd9da5-e21e-45df-8cc1-1b79ef4f5541
basicslambdadbex2F3D7F2DB:
Type: 'AWS::Lambda::LayerVersion'
Properties:
Content:
S3Bucket: !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
S3Key: 634eb1dd6ec69064416ef401f3cced40b304372c55fff4d6c24556a36895baa5.zip
CompatibleRuntimes:
- java11
Description: External Extension for Lambda/Dynamo
LayerName: basics-lambda-db-ex2
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/basics-lambda-db-ex2/Resource
'aws:asset:path': >-
../asset.634eb1dd6ec69064416ef401f3cced40b304372c55fff4d6c24556a36895baa5.zip
'aws:asset:property': Content
'AWS::CloudFormation::Designer':
id: 5779686d-042d-44ee-bed5-c1cef6961d2a
CDKMetadata:
Type: 'AWS::CDK::Metadata'
Properties:
Analytics: >-
v2:deflate64:H4sIAAAAAAAAA1WQQW/DIAyFf0vvDg3qabd1mXaYpq1Kpd0ZeBULgQpDqwjlvw+SLulOfvjh5w844/UDqzeP4kqVVN02SeeRpXekgOoYhOygcZaCjzJAEym4vkVy0UuE5tuu+p918O6iFXrYE2HIMSdtT3A/+BHDOYaicrzSQTs7QoFItGPpKcoOJ/em5nJwRsthbc/nEWhXJYVn44YebWCz+bw0QBQKYhPMCEb0X0qwlGPexID+Ez3l9XDMjAaDsy/RygIEi8hXF30/M4IWPUutM/NvlLpC3vD+NlamTFb5kdJotr9SY/QUNsKruIgt56xmnG9+SOvKRxt0j6yd6y+8iw1WqAEAAA==
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xBasicsNestedStack/CDKMetadata/Default
'AWS::CloudFormation::Designer':
id: 8380ccaf-6bad-4270-bebc-10cbfe8fb8fc
Condition: CDKMetadataAvailable
Outputs:
s3Output:
Description: S3 Repository
Value: !Join
- ''
- - 's3://'
- !Ref devcdkresourcesD3300479
s3AppConfig:
Description: s3-AppConfig
Value: !Join
- ''
- - 's3://'
- !Ref devcdkresourcesD3300479
- /admin/appconfig.json
ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackdevcdkresources9474E3DCRef:
Value: !Ref devcdkresourcesD3300479
ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackdevmanpccappconfigrole831838E2Arn:
Value: !GetAtt
- devmanpccappconfigrole1132D7DE
- Arn
ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicsawslibsaslayer7CCE1E2FRef:
Value: !Ref basicsawslibsaslayer37BB77A5
ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicslambdadbex23DF60C1CRef:
Value: !Ref basicslambdadbex2F3D7F2DB
Conditions:
CDKMetadataAvailable: !Or
- !Or
- !Equals
- !Ref 'AWS::Region'
- af-south-1
- !Equals
- !Ref 'AWS::Region'
- ap-east-1
- !Equals
- !Ref 'AWS::Region'
- ap-northeast-1
- !Equals
- !Ref 'AWS::Region'
- ap-northeast-2
- !Equals
- !Ref 'AWS::Region'
- ap-south-1
- !Equals
- !Ref 'AWS::Region'
- ap-southeast-1
- !Equals
- !Ref 'AWS::Region'
- ap-southeast-2
- !Equals
- !Ref 'AWS::Region'
- ca-central-1
- !Equals
- !Ref 'AWS::Region'
- cn-north-1
- !Equals
- !Ref 'AWS::Region'
- cn-northwest-1
- !Or
- !Equals
- !Ref 'AWS::Region'
- eu-central-1
- !Equals
- !Ref 'AWS::Region'
- eu-north-1
- !Equals
- !Ref 'AWS::Region'
- eu-south-1
- !Equals
- !Ref 'AWS::Region'
- eu-west-1
- !Equals
- !Ref 'AWS::Region'
- eu-west-2
- !Equals
- !Ref 'AWS::Region'
- eu-west-3
- !Equals
- !Ref 'AWS::Region'
- me-south-1
- !Equals
- !Ref 'AWS::Region'
- sa-east-1
- !Equals
- !Ref 'AWS::Region'
- us-east-1
- !Equals
- !Ref 'AWS::Region'
- us-east-2
- !Or
- !Equals
- !Ref 'AWS::Region'
- us-west-1
- !Equals
- !Ref 'AWS::Region'
- us-west-2
Metadata:
'AWS::CloudFormation::Designer':
8380ccaf-6bad-4270-bebc-10cbfe8fb8fc:
size:
width: 60
height: 60
position:
x: 60
'y': 90
z: 1
embeds: []
5779686d-042d-44ee-bed5-c1cef6961d2a:
size:
width: 60
height: 60
position:
x: 180
'y': 90
z: 1
embeds: []
32bd9da5-e21e-45df-8cc1-1b79ef4f5541:
size:
width: 60
height: 60
position:
x: 60
'y': 210
z: 1
embeds: []
d795ab4b-09d5-4f02-b0eb-7b1f84be47cf:
size:
width: 60
height: 60
position:
x: 180
'y': 210
z: 1
embeds: []
f71f9c60-c17e-4238-8c94-a1066957c60d:
size:
width: 60
height: 60
position:
x: 300
'y': 90
z: 1
embeds: []
aada7cb9-2258-4611-a5af-73aa84dd5cbf:
size:
width: 60
height: 60
position:
x: 300
'y': 210
z: 1
embeds: []
7601ffbf-6c97-4497-a5f3-ed4c50f02326:
size:
width: 60
height: 60
position:
x: 60
'y': 330
z: 1
embeds: []
1d5f9356-3c4f-4bf8-a654-0f228b8047dd:
size:
width: 60
height: 60
position:
x: 180
'y': 330
z: 1
embeds: []
a2739a1e-1261-447a-9484-425cfb10ab98:
size:
width: 60
height: 60
position:
x: 300
'y': 330
z: 1
embeds: []
isassociatedwith:
- d795ab4b-09d5-4f02-b0eb-7b1f84be47cf
5d96d380-1b75-4bdc-a678-ef1b991ee621:
size:
width: 60
height: 60
position:
x: 420
'y': 90
z: 1
embeds: []
dependson:
- a2739a1e-1261-447a-9484-425cfb10ab98
8d57c681-3ceb-4154-8c77-b8705dddfc49:
size:
width: 60
height: 60
position:
x: 420
'y': 210
z: 1
embeds: []
a25a4f90-05b0-4199-a19a-c389ab3d9b11:
size:
width: 60
height: 60
position:
x: 420
'y': 330
z: 1
embeds: []
5970ddf8-ff18-48ac-b113-c8be59797490:
size:
width: 60
height: 60
position:
x: 60
'y': 450
z: 1
embeds: []
isassociatedwith:
- 7601ffbf-6c97-4497-a5f3-ed4c50f02326
33900fa9-3cf0-4389-93cd-414b647b5b59:
size:
width: 60
height: 60
position:
x: 180
'y': 450
z: 1
embeds: []
dependson:
- 5970ddf8-ff18-48ac-b113-c8be59797490
Resources:
devitems19A1DDE0:
Type: 'AWS::DynamoDB::Table'
Properties:
KeySchema:
- AttributeName: itemId
KeyType: HASH
AttributeDefinitions:
- AttributeName: itemId
AttributeType: S
ProvisionedThroughput:
ReadCapacityUnits: 5
WriteCapacityUnits: 5
TableName: dev_items
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
UpdateReplacePolicy: Delete
DeletionPolicy: Delete
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/dev_items/Resource
devmanpccgluedatabaseFEE00865:
Type: 'AWS::Glue::Database'
Properties:
CatalogId: !Ref 'AWS::AccountId'
DatabaseInput:
Name: dev_man-pcc-glue-database
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devman-pcc-glue-database/Resource
devmanpcccrawlerrole74B3AF71:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: glue.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/service-role/AWSGlueServiceRole'
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/AmazonS3FullAccess'
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/CloudWatchLogsFullAccess'
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/CloudWatchFullAccess'
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devman-pcc-crawler-role/Resource
devmanpccmodelcrawler:
Type: 'AWS::Glue::Crawler'
Properties:
Role: !Ref devmanpcccrawlerrole74B3AF71
Targets:
S3Targets:
- Path: !Join
- ''
- - 's3://'
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackdevcdkresources9474E3DCRef
- /data
DatabaseName: !Ref devmanpccgluedatabaseFEE00865
Name: dev_crawler
Schedule:
ScheduleExpression: cron(00 7 ? * * *)
TablePrefix: cdk
Tags:
PROJECT: M.A.N-PCC
STACK: BACKEND
STAGE: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devman-pcc-model-crawler
devjobextractor:
Type: 'AWS::Glue::Job'
Properties:
Command:
Name: glueetl
ScriptLocation: !Join
- ''
- - 's3://'
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackdevcdkresources9474E3DCRef
- /admin/extractor.py
Role: !Ref devmanpcccrawlerrole74B3AF71
DefaultArguments:
'--P_S3': !Join
- ''
- - 's3://'
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackdevcdkresources9474E3DCRef
- /target
'--P_TABLE': cdkdata
'--P_DB': !Ref devmanpccgluedatabaseFEE00865
'--job-bookmark-option': job-bookmark-enable
Description: extractor of main information from diabetics db
GlueVersion: '2.0'
Name: dev_job-extractor
Tags:
PROJECT: M.A.N-PCC
STACK: BACKEND
STAGE: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devjob-extractor
devappAC:
Type: 'AWS::AppConfig::Application'
Properties:
Name: devappAC
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devappAC
devenvAC:
Type: 'AWS::AppConfig::Environment'
Properties:
ApplicationId: !Ref devappAC
Name: devenvAC
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devenvAC
appprofile:
Type: 'AWS::AppConfig::ConfigurationProfile'
Properties:
ApplicationId: !Ref devappAC
LocationUri: !Join
- ''
- - 's3://'
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackdevcdkresources9474E3DCRef
- admin/appconfig.json
Name: appprofile
RetrievalRoleArn: !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackdevmanpccappconfigrole831838E2Arn
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/appprofile
devDeploymentStrategy:
Type: 'AWS::AppConfig::DeploymentStrategy'
Properties:
DeploymentDurationInMinutes: 2
GrowthFactor: 100
Name: devdeployStg
ReplicateTo: NONE
Description: 'AppConfig deployment strategy - All at once deployment (i.e., immediate)'
FinalBakeTimeInMinutes: 2
GrowthType: LINEAR
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devDeploymentStrategy
devdeployment:
Type: 'AWS::AppConfig::Deployment'
Properties:
ApplicationId: !Ref devappAC
ConfigurationProfileId: !Ref appprofile
ConfigurationVersion: '1'
DeploymentStrategyId: !Ref devDeploymentStrategy
EnvironmentId: !Ref devenvAC
DependsOn:
- devappAC
- devenvAC
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devdeployment
createItemFunctionServiceRole1BBF2178:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/createItemFunction/ServiceRole/Resource
createItemFunctionServiceRoleDefaultPolicy8FAF1611:
Type: 'AWS::IAM::Policy'
Properties:
PolicyDocument:
Statement:
- Action:
- 'dynamodb:BatchGetItem'
- 'dynamodb:GetRecords'
- 'dynamodb:GetShardIterator'
- 'dynamodb:Query'
- 'dynamodb:GetItem'
- 'dynamodb:Scan'
- 'dynamodb:ConditionCheckItem'
- 'dynamodb:BatchWriteItem'
- 'dynamodb:PutItem'
- 'dynamodb:UpdateItem'
- 'dynamodb:DeleteItem'
Effect: Allow
Resource:
- !GetAtt
- devitems19A1DDE0
- Arn
- !Ref 'AWS::NoValue'
Version: 2012-10-17
PolicyName: createItemFunctionServiceRoleDefaultPolicy8FAF1611
Roles:
- !Ref createItemFunctionServiceRole1BBF2178
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/createItemFunction/ServiceRole/DefaultPolicy/Resource
createItemFunction8D47E48A:
Type: 'AWS::Lambda::Function'
Properties:
Code:
S3Bucket: !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
S3Key: 9229849ef2f661408390d85ec623a2e2e5926f801d799866f1739fa3a0a85fa5.jar
Role: !GetAtt
- createItemFunctionServiceRole1BBF2178
- Arn
Environment:
Variables:
TABLE_NAME: !Ref devitems19A1DDE0
PRIMARY_KEY: itemId
APPCONFIG_PROFILE: >-
http://localhost:2772/applications/X_APP/environments/X_ENV/configurations/X_CNF
Handler: de.materna.aws.man.pcc.lambda.CreateItem
Layers:
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicsawslibsaslayer7CCE1E2FRef
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicslambdadbex23DF60C1CRef
- 'arn:aws:lambda:eu-west-1:434848589818:layer:AWS-AppConfig-Extension:41'
MemorySize: 512
Runtime: java11
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Timeout: 30
DependsOn:
- createItemFunctionServiceRoleDefaultPolicy8FAF1611
- createItemFunctionServiceRole1BBF2178
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/createItemFunction/Resource
'aws:asset:path': >-
../asset.9229849ef2f661408390d85ec623a2e2e5926f801d799866f1739fa3a0a85fa5.jar
'aws:asset:property': Code
getOneItemFunctionServiceRoleCFD54796:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/getOneItemFunction/ServiceRole/Resource
getOneItemFunctionServiceRoleDefaultPolicy6B743AA8:
Type: 'AWS::IAM::Policy'
Properties:
PolicyDocument:
Statement:
- Action:
- 'dynamodb:BatchGetItem'
- 'dynamodb:GetRecords'
- 'dynamodb:GetShardIterator'
- 'dynamodb:Query'
- 'dynamodb:GetItem'
- 'dynamodb:Scan'
- 'dynamodb:ConditionCheckItem'
- 'dynamodb:BatchWriteItem'
- 'dynamodb:PutItem'
- 'dynamodb:UpdateItem'
- 'dynamodb:DeleteItem'
Effect: Allow
Resource:
- !GetAtt
- devitems19A1DDE0
- Arn
- !Ref 'AWS::NoValue'
Version: 2012-10-17
PolicyName: getOneItemFunctionServiceRoleDefaultPolicy6B743AA8
Roles:
- !Ref getOneItemFunctionServiceRoleCFD54796
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/getOneItemFunction/ServiceRole/DefaultPolicy/Resource
getOneItemFunctionE3257B22:
Type: 'AWS::Lambda::Function'
Properties:
Code:
S3Bucket: !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
S3Key: 9229849ef2f661408390d85ec623a2e2e5926f801d799866f1739fa3a0a85fa5.jar
Role: !GetAtt
- getOneItemFunctionServiceRoleCFD54796
- Arn
Environment:
Variables:
TABLE_NAME: !Ref devitems19A1DDE0
PRIMARY_KEY: itemId
APPCONFIG_PROFILE: >-
http://localhost:2772/applications/X_APP/environments/X_ENV/configurations/X_CNF
Handler: de.materna.aws.man.pcc.lambda.GetOneItem
Layers:
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicsawslibsaslayer7CCE1E2FRef
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicslambdadbex23DF60C1CRef
- 'arn:aws:lambda:eu-west-1:434848589818:layer:AWS-AppConfig-Extension:41'
MemorySize: 512
Runtime: java11
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Timeout: 30
DependsOn:
- getOneItemFunctionServiceRoleDefaultPolicy6B743AA8
- getOneItemFunctionServiceRoleCFD54796
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/getOneItemFunction/Resource
'aws:asset:path': >-
../asset.9229849ef2f661408390d85ec623a2e2e5926f801d799866f1739fa3a0a85fa5.jar
'aws:asset:property': Code
getAllItemsFunctionServiceRoleCC084440:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/getAllItemsFunction/ServiceRole/Resource
getAllItemsFunctionServiceRoleDefaultPolicyF069C759:
Type: 'AWS::IAM::Policy'
Properties:
PolicyDocument:
Statement:
- Action:
- 'dynamodb:BatchGetItem'
- 'dynamodb:GetRecords'
- 'dynamodb:GetShardIterator'
- 'dynamodb:Query'
- 'dynamodb:GetItem'
- 'dynamodb:Scan'
- 'dynamodb:ConditionCheckItem'
- 'dynamodb:BatchWriteItem'
- 'dynamodb:PutItem'
- 'dynamodb:UpdateItem'
- 'dynamodb:DeleteItem'
Effect: Allow
Resource:
- !GetAtt
- devitems19A1DDE0
- Arn
- !Ref 'AWS::NoValue'
Version: 2012-10-17
PolicyName: getAllItemsFunctionServiceRoleDefaultPolicyF069C759
Roles:
- !Ref getAllItemsFunctionServiceRoleCC084440
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/getAllItemsFunction/ServiceRole/DefaultPolicy/Resource
getAllItemsFunction0B7A913E:
Type: 'AWS::Lambda::Function'
Properties:
Code:
S3Bucket: !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
S3Key: 9229849ef2f661408390d85ec623a2e2e5926f801d799866f1739fa3a0a85fa5.jar
Role: !GetAtt
- getAllItemsFunctionServiceRoleCC084440
- Arn
Environment:
Variables:
TABLE_NAME: !Ref devitems19A1DDE0
PRIMARY_KEY: itemId
APPCONFIG_PROFILE: >-
http://localhost:2772/applications/X_APP/environments/X_ENV/configurations/X_CNF
Handler: de.materna.aws.man.pcc.lambda.GetAllItems
Layers:
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicsawslibsaslayer7CCE1E2FRef
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicslambdadbex23DF60C1CRef
- 'arn:aws:lambda:eu-west-1:434848589818:layer:AWS-AppConfig-Extension:41'
MemorySize: 512
Runtime: java11
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Timeout: 30
DependsOn:
- getAllItemsFunctionServiceRoleDefaultPolicyF069C759
- getAllItemsFunctionServiceRoleCC084440
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/getAllItemsFunction/Resource
'aws:asset:path': >-
../asset.9229849ef2f661408390d85ec623a2e2e5926f801d799866f1739fa3a0a85fa5.jar
'aws:asset:property': Code
updateItemFunctionServiceRole40035396:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/updateItemFunction/ServiceRole/Resource
updateItemFunctionServiceRoleDefaultPolicy6A793729:
Type: 'AWS::IAM::Policy'
Properties:
PolicyDocument:
Statement:
- Action:
- 'dynamodb:BatchGetItem'
- 'dynamodb:GetRecords'
- 'dynamodb:GetShardIterator'
- 'dynamodb:Query'
- 'dynamodb:GetItem'
- 'dynamodb:Scan'
- 'dynamodb:ConditionCheckItem'
- 'dynamodb:BatchWriteItem'
- 'dynamodb:PutItem'
- 'dynamodb:UpdateItem'
- 'dynamodb:DeleteItem'
Effect: Allow
Resource:
- !GetAtt
- devitems19A1DDE0
- Arn
- !Ref 'AWS::NoValue'
Version: 2012-10-17
PolicyName: updateItemFunctionServiceRoleDefaultPolicy6A793729
Roles:
- !Ref updateItemFunctionServiceRole40035396
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/updateItemFunction/ServiceRole/DefaultPolicy/Resource
updateItemFunction59415205:
Type: 'AWS::Lambda::Function'
Properties:
Code:
S3Bucket: !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
S3Key: 9229849ef2f661408390d85ec623a2e2e5926f801d799866f1739fa3a0a85fa5.jar
Role: !GetAtt
- updateItemFunctionServiceRole40035396
- Arn
Environment:
Variables:
TABLE_NAME: !Ref devitems19A1DDE0
PRIMARY_KEY: itemId
APPCONFIG_PROFILE: >-
http://localhost:2772/applications/X_APP/environments/X_ENV/configurations/X_CNF
Handler: de.materna.aws.man.pcc.lambda.UpdateItem
Layers:
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicsawslibsaslayer7CCE1E2FRef
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicslambdadbex23DF60C1CRef
- 'arn:aws:lambda:eu-west-1:434848589818:layer:AWS-AppConfig-Extension:41'
MemorySize: 512
Runtime: java11
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Timeout: 30
DependsOn:
- updateItemFunctionServiceRoleDefaultPolicy6A793729
- updateItemFunctionServiceRole40035396
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/updateItemFunction/Resource
'aws:asset:path': >-
../asset.9229849ef2f661408390d85ec623a2e2e5926f801d799866f1739fa3a0a85fa5.jar
'aws:asset:property': Code
deleteItemFunctionServiceRole5C201FCC:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/deleteItemFunction/ServiceRole/Resource
deleteItemFunctionServiceRoleDefaultPolicyDCE46F14:
Type: 'AWS::IAM::Policy'
Properties:
PolicyDocument:
Statement:
- Action:
- 'dynamodb:BatchGetItem'
- 'dynamodb:GetRecords'
- 'dynamodb:GetShardIterator'
- 'dynamodb:Query'
- 'dynamodb:GetItem'
- 'dynamodb:Scan'
- 'dynamodb:ConditionCheckItem'
- 'dynamodb:BatchWriteItem'
- 'dynamodb:PutItem'
- 'dynamodb:UpdateItem'
- 'dynamodb:DeleteItem'
Effect: Allow
Resource:
- !GetAtt
- devitems19A1DDE0
- Arn
- !Ref 'AWS::NoValue'
Version: 2012-10-17
PolicyName: deleteItemFunctionServiceRoleDefaultPolicyDCE46F14
Roles:
- !Ref deleteItemFunctionServiceRole5C201FCC
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/deleteItemFunction/ServiceRole/DefaultPolicy/Resource
deleteItemFunction2918B1B0:
Type: 'AWS::Lambda::Function'
Properties:
Code:
S3Bucket: !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
S3Key: 9229849ef2f661408390d85ec623a2e2e5926f801d799866f1739fa3a0a85fa5.jar
Role: !GetAtt
- deleteItemFunctionServiceRole5C201FCC
- Arn
Environment:
Variables:
TABLE_NAME: !Ref devitems19A1DDE0
PRIMARY_KEY: itemId
APPCONFIG_PROFILE: >-
http://localhost:2772/applications/X_APP/environments/X_ENV/configurations/X_CNF
Handler: de.materna.aws.man.pcc.lambda.DeleteItem
Layers:
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicsawslibsaslayer7CCE1E2FRef
- !Ref >-
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicslambdadbex23DF60C1CRef
- 'arn:aws:lambda:eu-west-1:434848589818:layer:AWS-AppConfig-Extension:41'
MemorySize: 512
Runtime: java11
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Timeout: 30
DependsOn:
- deleteItemFunctionServiceRoleDefaultPolicyDCE46F14
- deleteItemFunctionServiceRole5C201FCC
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/deleteItemFunction/Resource
'aws:asset:path': >-
../asset.9229849ef2f661408390d85ec623a2e2e5926f801d799866f1739fa3a0a85fa5.jar
'aws:asset:property': Code
devidRoleForLambdaGlueBridgeBC500400:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: lambda.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/service-role/AWSLambdaBasicExecutionRole'
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devidRoleForLambdaGlueBridge/Resource
devidRoleForLambdaGlueBridgeDefaultPolicy5F045768:
Type: 'AWS::IAM::Policy'
Properties:
PolicyDocument:
Statement:
- Action:
- 'glue:StartCrawler'
- 'glue:StartJobRun'
Effect: Allow
Resource: '*'
Version: 2012-10-17
PolicyName: devidRoleForLambdaGlueBridgeDefaultPolicy5F045768
Roles:
- !Ref devidRoleForLambdaGlueBridgeBC500400
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devidRoleForLambdaGlueBridge/DefaultPolicy/Resource
devglueBridgeFunction26F93100:
Type: 'AWS::Lambda::Function'
Properties:
Code:
S3Bucket: !Sub 'cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}'
S3Key: 03b8202dae9c7338a94ffab6a321e98c0cda59971dead60822d6e945f10901f4.jar
Role: !GetAtt
- devidRoleForLambdaGlueBridgeBC500400
- Arn
Environment:
Variables:
TABLE_NAME: !Ref devitems19A1DDE0
PRIMARY_KEY: itemId
APPCONFIG_PROFILE: >-
http://localhost:2772/applications/X_APP/environments/X_ENV/configurations/X_CNF
Handler: de.materna.aws.man.pcc.lambda.GlueBridge
MemorySize: 512
Runtime: java11
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Timeout: 30
DependsOn:
- devidRoleForLambdaGlueBridgeDefaultPolicy5F045768
- devidRoleForLambdaGlueBridgeBC500400
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devglueBridgeFunction/Resource
'aws:asset:path': >-
../asset.03b8202dae9c7338a94ffab6a321e98c0cda59971dead60822d6e945f10901f4.jar
'aws:asset:property': Code
devitemsApiFCAFD795:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Name: Items Service
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Resource
devitemsApiCloudWatchRoleFD8723FB:
Type: 'AWS::IAM::Role'
Properties:
AssumeRolePolicyDocument:
Statement:
- Action: 'sts:AssumeRole'
Effect: Allow
Principal:
Service: apigateway.amazonaws.com
Version: 2012-10-17
ManagedPolicyArns:
- !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs'
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/CloudWatchRole/Resource
devitemsApiAccount65C01377:
Type: 'AWS::ApiGateway::Account'
Properties:
CloudWatchRoleArn: !GetAtt
- devitemsApiCloudWatchRoleFD8723FB
- Arn
DependsOn:
- devitemsApiFCAFD795
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Account
devitemsApiDeploymentFF13EFD8c93a72687f85ce6536c73b63589837fe:
Type: 'AWS::ApiGateway::Deployment'
Properties:
RestApiId: !Ref devitemsApiFCAFD795
Description: Automatically created by the RestApi construct
DependsOn:
- devitemsApigluecommandidGETC2DBFB5A
- devitemsApigluecommandidEE171367
- devitemsApigluecommand30B64C9A
- devitemsApiglue955FDCE9
- devitemsApiitemsidDELETE9516454D
- devitemsApiitemsidGET985CD038
- devitemsApiitemsidOPTIONSCFA59780
- devitemsApiitemsidPATCHB8E6DA7D
- devitemsApiitemsidE0A72004
- devitemsApiitemsGET14712FCA
- devitemsApiitemsOPTIONS960F4704
- devitemsApiitemsPOST93A6098A
- devitemsApiitems10AF9DB2
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Deployment/Resource
devitemsApiDeploymentStageprod95A3AA6A:
Type: 'AWS::ApiGateway::Stage'
Properties:
RestApiId: !Ref devitemsApiFCAFD795
DeploymentId: !Ref devitemsApiDeploymentFF13EFD8c93a72687f85ce6536c73b63589837fe
StageName: prod
Tags:
- Key: PROJECT
Value: M.A.N-PCC
- Key: STACK
Value: BACKEND
- Key: STAGE
Value: dev
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/DeploymentStage.prod/Resource
devitemsApiitems10AF9DB2:
Type: 'AWS::ApiGateway::Resource'
Properties:
ParentId: !GetAtt
- devitemsApiFCAFD795
- RootResourceId
PathPart: items
RestApiId: !Ref devitemsApiFCAFD795
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/Resource
devitemsApiitemsPOSTApiPermissionManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDPOSTitems6A1F613D:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- createItemFunction8D47E48A
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /
- !Ref devitemsApiDeploymentStageprod95A3AA6A
- /POST/items
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/POST/ApiPermission.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.POST..items
devitemsApiitemsPOSTApiPermissionTestManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDPOSTitems2E07236D:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- createItemFunction8D47E48A
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /test-invoke-stage/POST/items
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/POST/ApiPermission.Test.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.POST..items
devitemsApiitemsPOST93A6098A:
Type: 'AWS::ApiGateway::Method'
Properties:
HttpMethod: POST
ResourceId: !Ref devitemsApiitems10AF9DB2
RestApiId: !Ref devitemsApiFCAFD795
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':apigateway:'
- !Ref 'AWS::Region'
- ':lambda:path/2015-03-31/functions/'
- !GetAtt
- createItemFunction8D47E48A
- Arn
- /invocations
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/POST/Resource
devitemsApiitemsOPTIONS960F4704:
Type: 'AWS::ApiGateway::Method'
Properties:
HttpMethod: OPTIONS
ResourceId: !Ref devitemsApiitems10AF9DB2
RestApiId: !Ref devitemsApiFCAFD795
AuthorizationType: NONE
Integration:
IntegrationResponses:
- ResponseParameters:
method.response.header.Access-Control-Allow-Credentials: '''false'''
method.response.header.Access-Control-Allow-Methods: '''OPTIONS,GET,PUT,POST,DELETE'''
method.response.header.Access-Control-Allow-Headers: >-
'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'
method.response.header.Access-Control-Allow-Origin: '''*'''
StatusCode: '200'
PassthroughBehavior: NEVER
RequestTemplates:
application/json: '{"statusCode": 200}'
Type: MOCK
MethodResponses:
- ResponseParameters:
method.response.header.Access-Control-Allow-Credentials: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Origin: true
StatusCode: '200'
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/OPTIONS/Resource
devitemsApiitemsGETApiPermissionManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDGETitemsE1373F18:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- getAllItemsFunction0B7A913E
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /
- !Ref devitemsApiDeploymentStageprod95A3AA6A
- /GET/items
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/GET/ApiPermission.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.GET..items
devitemsApiitemsGETApiPermissionTestManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDGETitemsE6E9AE13:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- getAllItemsFunction0B7A913E
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /test-invoke-stage/GET/items
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/GET/ApiPermission.Test.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.GET..items
devitemsApiitemsGET14712FCA:
Type: 'AWS::ApiGateway::Method'
Properties:
HttpMethod: GET
ResourceId: !Ref devitemsApiitems10AF9DB2
RestApiId: !Ref devitemsApiFCAFD795
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':apigateway:'
- !Ref 'AWS::Region'
- ':lambda:path/2015-03-31/functions/'
- !GetAtt
- getAllItemsFunction0B7A913E
- Arn
- /invocations
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/GET/Resource
devitemsApiitemsidE0A72004:
Type: 'AWS::ApiGateway::Resource'
Properties:
ParentId: !Ref devitemsApiitems10AF9DB2
PathPart: '{id}'
RestApiId: !Ref devitemsApiFCAFD795
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/{id}/Resource
devitemsApiitemsidGETApiPermissionManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDGETitemsid4E85C199:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- getOneItemFunctionE3257B22
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /
- !Ref devitemsApiDeploymentStageprod95A3AA6A
- /GET/items/*
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/{id}/GET/ApiPermission.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.GET..items.{id}
devitemsApiitemsidGETApiPermissionTestManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDGETitemsid54AE137D:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- getOneItemFunctionE3257B22
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /test-invoke-stage/GET/items/*
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/{id}/GET/ApiPermission.Test.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.GET..items.{id}
devitemsApiitemsidGET985CD038:
Type: 'AWS::ApiGateway::Method'
Properties:
HttpMethod: GET
ResourceId: !Ref devitemsApiitemsidE0A72004
RestApiId: !Ref devitemsApiFCAFD795
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':apigateway:'
- !Ref 'AWS::Region'
- ':lambda:path/2015-03-31/functions/'
- !GetAtt
- getOneItemFunctionE3257B22
- Arn
- /invocations
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/{id}/GET/Resource
devitemsApiitemsidPATCHApiPermissionManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDPATCHitemsid9449BC12:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- updateItemFunction59415205
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /
- !Ref devitemsApiDeploymentStageprod95A3AA6A
- /PATCH/items/*
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/{id}/PATCH/ApiPermission.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.PATCH..items.{id}
devitemsApiitemsidPATCHApiPermissionTestManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDPATCHitemsid7FF0692A:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- updateItemFunction59415205
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /test-invoke-stage/PATCH/items/*
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/{id}/PATCH/ApiPermission.Test.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.PATCH..items.{id}
devitemsApiitemsidPATCHB8E6DA7D:
Type: 'AWS::ApiGateway::Method'
Properties:
HttpMethod: PATCH
ResourceId: !Ref devitemsApiitemsidE0A72004
RestApiId: !Ref devitemsApiFCAFD795
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':apigateway:'
- !Ref 'AWS::Region'
- ':lambda:path/2015-03-31/functions/'
- !GetAtt
- updateItemFunction59415205
- Arn
- /invocations
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/{id}/PATCH/Resource
devitemsApiitemsidDELETEApiPermissionManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDDELETEitemsid646E4395:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- deleteItemFunction2918B1B0
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /
- !Ref devitemsApiDeploymentStageprod95A3AA6A
- /DELETE/items/*
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/{id}/DELETE/ApiPermission.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.DELETE..items.{id}
devitemsApiitemsidDELETEApiPermissionTestManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDDELETEitemsid6E3F4F12:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- deleteItemFunction2918B1B0
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /test-invoke-stage/DELETE/items/*
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/{id}/DELETE/ApiPermission.Test.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.DELETE..items.{id}
devitemsApiitemsidDELETE9516454D:
Type: 'AWS::ApiGateway::Method'
Properties:
HttpMethod: DELETE
ResourceId: !Ref devitemsApiitemsidE0A72004
RestApiId: !Ref devitemsApiFCAFD795
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':apigateway:'
- !Ref 'AWS::Region'
- ':lambda:path/2015-03-31/functions/'
- !GetAtt
- deleteItemFunction2918B1B0
- Arn
- /invocations
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/{id}/DELETE/Resource
devitemsApiitemsidOPTIONSCFA59780:
Type: 'AWS::ApiGateway::Method'
Properties:
HttpMethod: OPTIONS
ResourceId: !Ref devitemsApiitemsidE0A72004
RestApiId: !Ref devitemsApiFCAFD795
AuthorizationType: NONE
Integration:
IntegrationResponses:
- ResponseParameters:
method.response.header.Access-Control-Allow-Credentials: '''false'''
method.response.header.Access-Control-Allow-Methods: '''OPTIONS,GET,PUT,POST,DELETE'''
method.response.header.Access-Control-Allow-Headers: >-
'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,X-Amz-User-Agent'
method.response.header.Access-Control-Allow-Origin: '''*'''
StatusCode: '200'
PassthroughBehavior: NEVER
RequestTemplates:
application/json: '{"statusCode": 200}'
Type: MOCK
MethodResponses:
- ResponseParameters:
method.response.header.Access-Control-Allow-Credentials: true
method.response.header.Access-Control-Allow-Methods: true
method.response.header.Access-Control-Allow-Headers: true
method.response.header.Access-Control-Allow-Origin: true
StatusCode: '200'
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/items/{id}/OPTIONS/Resource
devitemsApiglue955FDCE9:
Type: 'AWS::ApiGateway::Resource'
Properties:
ParentId: !GetAtt
- devitemsApiFCAFD795
- RootResourceId
PathPart: glue
RestApiId: !Ref devitemsApiFCAFD795
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/glue/Resource
devitemsApigluecommand30B64C9A:
Type: 'AWS::ApiGateway::Resource'
Properties:
ParentId: !Ref devitemsApiglue955FDCE9
PathPart: '{command}'
RestApiId: !Ref devitemsApiFCAFD795
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/glue/{command}/Resource
devitemsApigluecommandidEE171367:
Type: 'AWS::ApiGateway::Resource'
Properties:
ParentId: !Ref devitemsApigluecommand30B64C9A
PathPart: '{id}'
RestApiId: !Ref devitemsApiFCAFD795
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/glue/{command}/{id}/Resource
devitemsApigluecommandidGETApiPermissionManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDGETgluecommandidA05A92E4:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- devglueBridgeFunction26F93100
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /
- !Ref devitemsApiDeploymentStageprod95A3AA6A
- /GET/glue/*/*
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/glue/{command}/{id}/GET/ApiPermission.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.GET..glue.{command}.{id}
devitemsApigluecommandidGETApiPermissionTestManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7EDGETgluecommandid10263AF9:
Type: 'AWS::Lambda::Permission'
Properties:
Action: 'lambda:InvokeFunction'
FunctionName: !GetAtt
- devglueBridgeFunction26F93100
- Arn
Principal: apigateway.amazonaws.com
SourceArn: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':execute-api:'
- !Ref 'AWS::Region'
- ':'
- !Ref 'AWS::AccountId'
- ':'
- !Ref devitemsApiFCAFD795
- /test-invoke-stage/GET/glue/*/*
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/glue/{command}/{id}/GET/ApiPermission.Test.ManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xResourcesNestedStackdevitemsApiD4AEC7ED.GET..glue.{command}.{id}
devitemsApigluecommandidGETC2DBFB5A:
Type: 'AWS::ApiGateway::Method'
Properties:
HttpMethod: GET
ResourceId: !Ref devitemsApigluecommandidEE171367
RestApiId: !Ref devitemsApiFCAFD795
AuthorizationType: NONE
Integration:
IntegrationHttpMethod: POST
Type: AWS_PROXY
Uri: !Join
- ''
- - 'arn:'
- !Ref 'AWS::Partition'
- ':apigateway:'
- !Ref 'AWS::Region'
- ':lambda:path/2015-03-31/functions/'
- !GetAtt
- devglueBridgeFunction26F93100
- Arn
- /invocations
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/devitemsApi/Default/glue/{command}/{id}/GET/Resource
CDKMetadata:
Type: 'AWS::CDK::Metadata'
Properties:
Analytics: >-
v2:deflate64:H4sIAAAAAAAAA1VRy27CMBD8Fu7GEPXUW1NoD0htEfQHNrZJtyS25QcoivzvXTtA4eTx7GhnPK54tXzmy9kLnP1cyONiFMYpPn4qH5TcBxBHtlPeRCcUq71XgbgWdctWB/0Vg42BrYz2wUURMncTE6aBxIBGJ5bXj3LQ0BvZ8PEbmq5ICkis7SKZriFAA74M7vHKwblTLsONaRJD6Pm4M9OGcm5Nh2LI1wmRobXC6AO2fCS2tpZoyFmy6E2f0BndKx0uOUkYXZlvnTngtHqtbGeGrNoHGqp2eGQT66BvJPDxPWpxXX6Pt8r16H2pwD/NIRfoeemREmJLS88w0GOo7tripcArrIUwkSL+Oz76s/wXJekErt2/5t7uP+KGP1T4MTJTE0opsQ2cYFFVfMmravbrEeeOTLFXfDedfyHQ88skAgAA
Metadata:
'aws:cdk:path': >-
ManPcc00PipelineStack/DEV/ManPcc02BackEndStack/ManPcc02xResourcesNestedStack/CDKMetadata/Default
Condition: CDKMetadataAvailable
Outputs:
devitemsApiEndpointD2D4DF0D:
Value: !Join
- ''
- - 'https://'
- !Ref devitemsApiFCAFD795
- .execute-api.
- !Ref 'AWS::Region'
- .
- !Ref 'AWS::URLSuffix'
- /
- !Ref devitemsApiDeploymentStageprod95A3AA6A
- /
callerGlueCrawlerEP:
Description: Glue Crawler Caller Endpoint
Value: !Join
- ''
- - 'https://'
- !Ref devitemsApiFCAFD795
- .execute-api.
- !Ref 'AWS::Region'
- .
- !Ref 'AWS::URLSuffix'
- /
- !Ref devitemsApiDeploymentStageprod95A3AA6A
- /glue/crawler/dev_crawler
callGlueJobEP:
Description: Glue Crawler Job Endpoint
Value: !Join
- ''
- - 'https://'
- !Ref devitemsApiFCAFD795
- .execute-api.
- !Ref 'AWS::Region'
- .
- !Ref 'AWS::URLSuffix'
- /
- !Ref devitemsApiDeploymentStageprod95A3AA6A
- /glue/job/dev_job-extractor
Conditions:
CDKMetadataAvailable: !Or
- !Or
- !Equals
- !Ref 'AWS::Region'
- af-south-1
- !Equals
- !Ref 'AWS::Region'
- ap-east-1
- !Equals
- !Ref 'AWS::Region'
- ap-northeast-1
- !Equals
- !Ref 'AWS::Region'
- ap-northeast-2
- !Equals
- !Ref 'AWS::Region'
- ap-south-1
- !Equals
- !Ref 'AWS::Region'
- ap-southeast-1
- !Equals
- !Ref 'AWS::Region'
- ap-southeast-2
- !Equals
- !Ref 'AWS::Region'
- ca-central-1
- !Equals
- !Ref 'AWS::Region'
- cn-north-1
- !Equals
- !Ref 'AWS::Region'
- cn-northwest-1
- !Or
- !Equals
- !Ref 'AWS::Region'
- eu-central-1
- !Equals
- !Ref 'AWS::Region'
- eu-north-1
- !Equals
- !Ref 'AWS::Region'
- eu-south-1
- !Equals
- !Ref 'AWS::Region'
- eu-west-1
- !Equals
- !Ref 'AWS::Region'
- eu-west-2
- !Equals
- !Ref 'AWS::Region'
- eu-west-3
- !Equals
- !Ref 'AWS::Region'
- me-south-1
- !Equals
- !Ref 'AWS::Region'
- sa-east-1
- !Equals
- !Ref 'AWS::Region'
- us-east-1
- !Equals
- !Ref 'AWS::Region'
- us-east-2
- !Or
- !Equals
- !Ref 'AWS::Region'
- us-west-1
- !Equals
- !Ref 'AWS::Region'
- us-west-2
Parameters:
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackdevcdkresources9474E3DCRef:
Type: String
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackdevmanpccappconfigrole831838E2Arn:
Type: String
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicsawslibsaslayer7CCE1E2FRef:
Type: String
referencetoManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackNestedStackManPcc02xBasicsNestedStackNestedStackResource6427959DOutputsManPcc00PipelineStackDEVManPcc02BackEndStackManPcc02xBasicsNestedStackbasicslambdadbex23DF60C1CRef:
Type: String
In Java code (with stage="dev"):
private void createAppConfigBasics()
{
CfnApplication appConfigApp = CfnApplication.Builder.create(this, stage + "appAC")
.name(stage + "appAC")
.build();
String appRefId = appConfigApp.getRef();
CfnEnvironment acEnv = CfnEnvironment.Builder.create(this, stage + "envAC")
.applicationId(appRefId)
.name(stage + "envAC")
.build();
/* --- AC with 's3' configuration --- 02 */
CfnConfigurationProfile acProfile = CfnConfigurationProfile.Builder.create(this, "appprofile")
.applicationId(appRefId)
.locationUri(resourcesBucket.s3UrlForObject() + "admin/appconfig.json")
.retrievalRoleArn(appConfigRole.getRoleArn())
.name("appprofile")
.build();
String acProfileId = acProfile.getRef();
/* --- end --- 02 */
CfnDeploymentStrategy deploymentStrategy = CfnDeploymentStrategy.Builder.create(this, stage + "DeploymentStrategy")
.name(stage + "deployStg")
.deploymentDurationInMinutes(2)
.growthFactor(100)
.finalBakeTimeInMinutes(2)
.replicateTo("NONE")
.growthType("LINEAR")
.description("AppConfig deployment strategy - All at once deployment (i.e., immediate)")
.build();
CfnDeployment deployment = CfnDeployment.Builder.create(this, stage + "deployment")
.applicationId(appRefId)
.configurationProfileId(acProfileId)
.configurationVersion("1")
.deploymentStrategyId(deploymentStrategy.getRef())
.environmentId(acEnv.getRef())
.build();
deployment.addDependsOn(acEnv);
deployment.addDependsOn(appConfigApp);
}
I looked at the source code of the service.
The IAM Role you use has to have s3:ListBuckets
: *
permissions for the ownership check to succeed.
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.
After having created a Bucket (Bucket.Builder) and followed other additional successfully steps (for app config, such as create an application, setup an environment), I'm trying to create a CfnConfigurationProfile which source is a file located on the above described bucket. An error is generated by deployment: S3 Bucket not owned by this account
Reproduction Steps
using cdk java classes:
(in Context of AppConfig)
What did you expect to happen?
Results to be expected:
What actually happened?
An error is generated while creating the Stack. The error is:
The AppConfig profile cannot be created: S3 Bucket not owned by this account (Service: AmazonAppConfig; Status Code: 400; Error Code: BadRequestException; Request ID: d49d96c2-f6ad-4da2-b503-a2fad7e9814d)
Environment
Other
This is :bug: Bug Report