diff --git a/go.mod b/go.mod index 9de34c83..c0299101 100644 --- a/go.mod +++ b/go.mod @@ -8,13 +8,13 @@ require ( //github.com/ake-persson/mapslice-json v0.0.0-20210720081907-22c8edf57807 github.com/appscode/jsonpatch v1.0.1 github.com/aws/aws-sdk-go-v2 v1.31.0 - github.com/aws/aws-sdk-go-v2/config v1.27.28 - github.com/aws/aws-sdk-go-v2/credentials v1.17.28 - github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.15.1 - github.com/aws/aws-sdk-go-v2/service/cloudformation v1.53.4 - github.com/aws/aws-sdk-go-v2/service/ec2 v1.175.1 - github.com/aws/aws-sdk-go-v2/service/s3 v1.60.0 - github.com/aws/aws-sdk-go-v2/service/sts v1.30.4 + github.com/aws/aws-sdk-go-v2/config v1.27.39 + github.com/aws/aws-sdk-go-v2/credentials v1.17.37 + github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.17.3 + github.com/aws/aws-sdk-go-v2/service/cloudformation v1.54.3 + github.com/aws/aws-sdk-go-v2/service/ec2 v1.179.2 + github.com/aws/aws-sdk-go-v2/service/s3 v1.63.3 + github.com/aws/aws-sdk-go-v2/service/sts v1.31.3 github.com/aws/smithy-go v1.21.0 github.com/chzyer/readline v1.5.1 github.com/google/go-cmp v0.6.0 @@ -23,45 +23,45 @@ require ( github.com/nathan-fiscaletti/consolesize-go v0.0.0-20220204101620-317176b6684d github.com/spf13/cobra v1.8.1 github.com/spf13/pflag v1.0.5 - golang.org/x/sys v0.24.0 - golang.org/x/term v0.23.0 + golang.org/x/sys v0.25.0 + golang.org/x/term v0.24.0 gopkg.in/yaml.v3 v3.0.1 ) require ( github.com/apple/pkl-go v0.8.0 - github.com/aws/aws-sdk-go-v2/service/acm v1.28.5 - github.com/aws/aws-sdk-go-v2/service/codeartifact v1.30.4 - github.com/aws/aws-sdk-go-v2/service/kms v1.35.4 - github.com/aws/aws-sdk-go-v2/service/lightsail v1.40.4 - github.com/aws/aws-sdk-go-v2/service/rds v1.82.1 - github.com/aws/aws-sdk-go-v2/service/sagemaker v1.154.0 - github.com/aws/aws-sdk-go-v2/service/servicequotas v1.23.4 - github.com/aws/aws-sdk-go-v2/service/ssm v1.52.5 + github.com/aws/aws-lambda-go v1.47.0 + github.com/aws/aws-sdk-go-v2/service/acm v1.29.3 + github.com/aws/aws-sdk-go-v2/service/cloudfront v1.39.3 + github.com/aws/aws-sdk-go-v2/service/codeartifact v1.32.0 + github.com/aws/aws-sdk-go-v2/service/dynamodb v1.35.3 + github.com/aws/aws-sdk-go-v2/service/kms v1.36.3 + github.com/aws/aws-sdk-go-v2/service/lightsail v1.41.3 + github.com/aws/aws-sdk-go-v2/service/rds v1.86.0 + github.com/aws/aws-sdk-go-v2/service/sagemaker v1.161.1 + github.com/aws/aws-sdk-go-v2/service/servicequotas v1.24.3 + github.com/aws/aws-sdk-go-v2/service/ssm v1.54.3 github.com/fatih/color v1.17.0 + github.com/gabriel-vasile/mimetype v1.4.5 + github.com/lestrrat-go/jwx/v2 v2.1.1 github.com/manifoldco/promptui v0.9.0 github.com/mattn/go-runewidth v0.0.15 github.com/stretchr/testify v1.9.0 ) require ( - github.com/aws/aws-lambda-go v1.47.0 // indirect github.com/aws/aws-sdk-go v1.55.5 // indirect - github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.16 // indirect - github.com/aws/aws-sdk-go-v2/service/cloudfront v1.39.1 // indirect - github.com/aws/aws-sdk-go-v2/service/dynamodb v1.34.9 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.9.18 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5 // indirect + github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.18 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.9.19 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.5 // indirect github.com/goccy/go-json v0.10.3 // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/lestrrat-go/blackmagic v1.0.2 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect github.com/lestrrat-go/httprc v1.0.6 // indirect github.com/lestrrat-go/iter v1.0.2 // indirect - github.com/lestrrat-go/jwx/v2 v2.1.1 // indirect github.com/lestrrat-go/option v1.0.1 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect @@ -70,28 +70,28 @@ require ( github.com/segmentio/asm v1.2.0 // indirect github.com/vmihailenco/msgpack/v5 v5.4.1 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect - golang.org/x/crypto v0.25.0 // indirect - golang.org/x/net v0.27.0 // indirect + golang.org/x/crypto v0.27.0 // indirect + golang.org/x/net v0.29.0 // indirect ) require ( - github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.4 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12 // indirect + github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.5 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 // indirect github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.18 // indirect github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.18 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.1 // indirect - github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.20.4 - github.com/aws/aws-sdk-go-v2/service/iam v1.35.0 - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.18 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.16 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.22.5 // indirect - github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect + github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.21.3 + github.com/aws/aws-sdk-go-v2/service/iam v1.36.3 + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.20 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.18 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.23.3 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect - golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa + golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 gopkg.in/yaml.v2 v2.4.0 ) diff --git a/go.sum b/go.sum index dec270d6..8b13d340 100644 --- a/go.sum +++ b/go.sum @@ -28,6 +28,8 @@ github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3 h1:tW1/Rkad38LA15X4 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.3/go.mod h1:UbnqO+zjqk3uIt9yCACHJ9IVNhyhOCnYk8yA19SAWrM= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.4 h1:70PVAiL15/aBMh5LThwgXdSQorVr91L127ttckI9QQU= github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.4/go.mod h1:/MQxMqci8tlqDH+pjmoLu1i0tbWCUP1hhyMRuFxpQCw= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.5 h1:xDAuZTn4IMm8o1LnBZvmrL8JA1io4o3YWNXgohbf20g= +github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.5/go.mod h1:wYSv6iDS621sEFLfKvpPE2ugjTuGlAG7iROg0hLOkfc= github.com/aws/aws-sdk-go-v2/config v1.27.17 h1:L0JZN7Gh7pT6u5CJReKsLhGKparqNKui+mcpxMXjDZc= github.com/aws/aws-sdk-go-v2/config v1.27.17/go.mod h1:MzM3balLZeaafYcPz8IihAmam/aCz6niPQI0FdprxW0= github.com/aws/aws-sdk-go-v2/config v1.27.21 h1:yPX3pjGCe2hJsetlmGNB4Mngu7UPmvWPzzWCv1+boeM= @@ -38,6 +40,8 @@ github.com/aws/aws-sdk-go-v2/config v1.27.27 h1:HdqgGt1OAP0HkEDDShEl0oSYa9ZZBSOm github.com/aws/aws-sdk-go-v2/config v1.27.27/go.mod h1:MVYamCg76dFNINkZFu4n4RjDixhVr51HLj4ErWzrVwg= github.com/aws/aws-sdk-go-v2/config v1.27.28 h1:OTxWGW/91C61QlneCtnD62NLb4W616/NM1jA8LhJqbg= github.com/aws/aws-sdk-go-v2/config v1.27.28/go.mod h1:uzVRVtJSU5EFv6Fu82AoVFKozJi2ZCY6WRCXj06rbvs= +github.com/aws/aws-sdk-go-v2/config v1.27.39 h1:FCylu78eTGzW1ynHcongXK9YHtoXD5AiiUqq3YfJYjU= +github.com/aws/aws-sdk-go-v2/config v1.27.39/go.mod h1:wczj2hbyskP4LjMKBEZwPRO1shXY+GsQleab+ZXT2ik= github.com/aws/aws-sdk-go-v2/credentials v1.17.17 h1:b3Dk9uxQByS9sc6r0sc2jmxsJKO75eOcb9nNEiaUBLM= github.com/aws/aws-sdk-go-v2/credentials v1.17.17/go.mod h1:e4khg9iY08LnFK/HXQDWMf9GDaiMari7jWPnXvKAuBU= github.com/aws/aws-sdk-go-v2/credentials v1.17.21 h1:pjAqgzfgFhTv5grc7xPHtXCAaMapzmwA7aU+c/SZQGw= @@ -48,6 +52,8 @@ github.com/aws/aws-sdk-go-v2/credentials v1.17.27 h1:2raNba6gr2IfA0eqqiP2XiQ0UVO github.com/aws/aws-sdk-go-v2/credentials v1.17.27/go.mod h1:gniiwbGahQByxan6YjQUMcW4Aov6bLC3m+evgcoN4r4= github.com/aws/aws-sdk-go-v2/credentials v1.17.28 h1:m8+AHY/ND8CMHJnPoH7PJIRakWGa4gbfbxuY9TGTUXM= github.com/aws/aws-sdk-go-v2/credentials v1.17.28/go.mod h1:6TF7dSc78ehD1SL6KpRIPKMA1GyyWflIkjqg+qmf4+c= +github.com/aws/aws-sdk-go-v2/credentials v1.17.37 h1:G2aOH01yW8X373JK419THj5QVqu9vKEwxSEsGxihoW0= +github.com/aws/aws-sdk-go-v2/credentials v1.17.37/go.mod h1:0ecCjlb7htYCptRD45lXJ6aJDQac6D2NlKGpZqyTG6A= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.4 h1:0cSfTYYL9qiRcdi4Dvz+8s3JUgNR2qvbgZkXcwPEEEk= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.4/go.mod h1:Wjn5O9eS7uSi7vlPKt/v0MLTncANn9EMmoDvnzJli6o= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY= @@ -56,6 +62,8 @@ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11 h1:KreluoV8FZDEtI6Co2xuNk github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.11/go.mod h1:SeSUYBLsMYFoRvHE0Tjvn7kbxaUhl75CJi1sbfhMxkU= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12 h1:yjwoSyDZF8Jth+mUk5lSPJCkMC0lMy6FaCD51jm6ayE= github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.12/go.mod h1:fuR57fAgMk7ot3WcNQfb6rSEn+SUffl7ri+aa8uKysI= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14 h1:C/d03NAmh8C4BZXhuRNboF/DqhBkBCeDiJDcaqIT5pA= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.14/go.mod h1:7I0Ju7p9mCIdlrfS+JCgqcYD0VXz/N4yozsox+0o078= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.8 h1:RnLB7p6aaFMRfyQkD6ckxR7myCC9SABIqSz4czYUUbU= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.8/go.mod h1:XH7dQJd+56wEbP1I4e4Duo+QhSMxNArE8VP7NuUOTeM= github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw= @@ -92,6 +100,8 @@ github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15 h1:Z5r7SycxmSllHYmaAZPpmN8GviD github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.15/go.mod h1:CetW7bDE00QoGEmPUoZuRog07SGVAUVW6LFpNP0YfIg= github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.16 h1:mimdLQkIX1zr8GIPY1ZtALdBQGxcASiBd2MOp8m/dMc= github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.16/go.mod h1:YHk6owoSwrIsok+cAH9PENCOGoH5PU2EllX4vLtSrsY= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.18 h1:OWYvKL53l1rbsUmW7bQyJVsYU/Ii3bbAAQIIFNbM0Tk= +github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.18/go.mod h1:CUx0G1v3wG6l01tUB+j7Y8kclA8NSqK4ef0YG79a4cg= github.com/aws/aws-sdk-go-v2/service/acm v1.26.1 h1:W4o6dIMmPWjl55ZE2ycdBvE1Q/KOLFqCzVNHeLTyrlM= github.com/aws/aws-sdk-go-v2/service/acm v1.26.1/go.mod h1:89Ze+u79IkUA44zjubmbg1HDPSGp1SI1JuuUUiJOzAU= github.com/aws/aws-sdk-go-v2/service/acm v1.27.1 h1:EMnuoQ/WR4/VNE8QmFrXq4u0BZH2Xhc9Yr41xZlths0= @@ -100,6 +110,8 @@ github.com/aws/aws-sdk-go-v2/service/acm v1.28.4 h1:wiW1Y6/1lysA0eJZRq0I53YYKuV9 github.com/aws/aws-sdk-go-v2/service/acm v1.28.4/go.mod h1:bzjymHHRhexkSMIvUHMpKydo9U82bmqQ5ru0IzYM8m8= github.com/aws/aws-sdk-go-v2/service/acm v1.28.5 h1:yJriRQs3d0ZI59mAyCdCyM/l/oJ9wnWbDhADZlbfoYs= github.com/aws/aws-sdk-go-v2/service/acm v1.28.5/go.mod h1:AI/FWryd1egUbYqCtEexDQqp9KTU9wr6uMYMhI5k/C0= +github.com/aws/aws-sdk-go-v2/service/acm v1.29.3 h1:EpXx6a8u5ZnhBuUr9yj8sEQv67jYkC8/TuRvS8TG248= +github.com/aws/aws-sdk-go-v2/service/acm v1.29.3/go.mod h1:pyj5IBRLA+w27gR7KJY/4lSWoP4XOsyOVsXKAMvWE3s= github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.9.1 h1:8Ct21/s9kXoryJD2WwDgRc1G4sCELVYNl0/DK6QZnYM= github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.9.1/go.mod h1:rvgvxI+uusKEiUNDcASdNpmfhKlYtReLKmYM0VjFIYM= github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.10.1 h1:IvYkZ/7XXbEaTGCL3XA5YcZ97ts0iZMkyah0XaKj5Zo= @@ -110,6 +122,8 @@ github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.15.0 h1:wQd0mjGuP3ihFXyxf github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.15.0/go.mod h1:G/STzijpkhEbwc7qAYGfTw4AxHJQWfX8PsV1RsCNQbM= github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.15.1 h1:Xb5d44UWp+oHJMu6Aza2RG0iSDcOCc2L5fTh2wq80OE= github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.15.1/go.mod h1:uI45a6i3xUAkx/xFegQ1SNnClz9OrfOixs96ZH4rca8= +github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.17.3 h1:PtP2Zzf3uy94EsVOW+tB7gNt63fFZEHuS9IRWg5q250= +github.com/aws/aws-sdk-go-v2/service/bedrockruntime v1.17.3/go.mod h1:4zuvYEUJm0Vq8tb3gcb2sl04A9I1AA5DKAefbYPA4VM= github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.18.9 h1:Wp1QFv8uyNpwPXSI/a6TRkIR0CiT+Fa60s5vVTsFdXM= github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.18.9/go.mod h1:pFrHzOZRN/EfWL7ygk9ELdQHqRGERgOgP03OLIOlQV4= github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.19.1 h1:xje03QCAf/8b1Ntsx/QR4oTn0tMIshVT/OUAilcwcO0= @@ -118,6 +132,8 @@ github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.20.3 h1:QdoWu2A7sOU7g38Uj1d github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.20.3/go.mod h1:AOsjRDzfgBXF2xsVqwoirlk69ZzSzZIiZdxMyqTih6k= github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.20.4 h1:DXrXltI9XfD8ND/MZSfKJQ3et4f/4FBKn6Hv5frCeJ4= github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.20.4/go.mod h1:r6W6g2+YsfTBfuvxRLvCf6xxlQRSoNTdRDGFX7noKu0= +github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.21.3 h1:IFtYl/PxIbuaVfWthDc7XbrGcAwluxtOzun7l+O2Quk= +github.com/aws/aws-sdk-go-v2/service/cloudcontrol v1.21.3/go.mod h1:m76qmFtlykPrPIMM4wpE3nTukLjkq7bt412UVaQbp1M= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.51.2 h1:FBc+xcfqpBzYl6WWIBk3AB9d/oc6r2sn/mYPnuORCFI= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.51.2/go.mod h1:qadtdULA3L3WyTz7ybmu46Motr8ckS+zGZS+4oXLxH0= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.52.1 h1:Ts+mCjOtt8o2k2vnWnX/0sE0eSmEVWBvfJkNrNMQlAo= @@ -126,8 +142,12 @@ github.com/aws/aws-sdk-go-v2/service/cloudformation v1.53.3 h1:mIpL+FXa+2U6oc85b github.com/aws/aws-sdk-go-v2/service/cloudformation v1.53.3/go.mod h1:lcQ7+K0Q9x0ozhjBwDfBkuY8qexSP/QXLgp0jj+/NZg= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.53.4 h1:QbMAN9s6cmAxQMTAbLmHj0a5mhwoZTL0eo91UaYLG4E= github.com/aws/aws-sdk-go-v2/service/cloudformation v1.53.4/go.mod h1:y45SdA9v+dLlweaqwAQMoFeXqdRvgwevafa2X8iTqZQ= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.54.3 h1:kVbtKOK6sNCqPsXE/7xN93pD090XETITuBNHrrPQsvk= +github.com/aws/aws-sdk-go-v2/service/cloudformation v1.54.3/go.mod h1:85xWVAzH8I6dCauQy7j1nt8CbSELPzGQj45chIZ/qMA= github.com/aws/aws-sdk-go-v2/service/cloudfront v1.39.1 h1:lqvJTJSmVt5vz8rVvQXyfJE0tSU6yOIbj4nV6jSK0sw= github.com/aws/aws-sdk-go-v2/service/cloudfront v1.39.1/go.mod h1:cShu4+4PIZJ5nvMI+NEcItwVjMxQV0SGMYMMOLN5FME= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.39.3 h1:aQZZ0TyYuZVAWBWoTsL4QxLIak/IgBq+7w7Y7Udv6yE= +github.com/aws/aws-sdk-go-v2/service/cloudfront v1.39.3/go.mod h1:cShu4+4PIZJ5nvMI+NEcItwVjMxQV0SGMYMMOLN5FME= github.com/aws/aws-sdk-go-v2/service/codeartifact v1.27.5 h1:vrPOyJJ4Ph445jYq+1jFEpgmZhwHe9WX2V4OylzOV9M= github.com/aws/aws-sdk-go-v2/service/codeartifact v1.27.5/go.mod h1:Jk7hUaInLPjpZc1NzwB0gNYghUJLm9AvwfKuAsGq4A0= github.com/aws/aws-sdk-go-v2/service/codeartifact v1.28.1 h1:1OfXVziIGFVm5FHvDkWogdHUkXlZZwqe/0LCbxnmfYA= @@ -136,8 +156,12 @@ github.com/aws/aws-sdk-go-v2/service/codeartifact v1.30.3 h1:9eAjfGKFWduKyCR94Qi github.com/aws/aws-sdk-go-v2/service/codeartifact v1.30.3/go.mod h1:AdirH4VV5v1ik2pOOU0WdEdojBBgzTdECBrOQl0ojOc= github.com/aws/aws-sdk-go-v2/service/codeartifact v1.30.4 h1:zqbJalPHJqn9NBns+i9eHUpt5OERttgDrzAoAsQqE04= github.com/aws/aws-sdk-go-v2/service/codeartifact v1.30.4/go.mod h1:oYja70TBh+q04+TN5OB8yj7Y9/k65xa3VxliP4ag3e4= +github.com/aws/aws-sdk-go-v2/service/codeartifact v1.32.0 h1:ir0X7Amjo+dd1mCvBhEMS/rKKzJUCFLbV0SWkMdqHo4= +github.com/aws/aws-sdk-go-v2/service/codeartifact v1.32.0/go.mod h1:7QKOwF4gC/ELkHuKTnVr/zGuQpJgdcIfFO3ph9TZbS8= github.com/aws/aws-sdk-go-v2/service/dynamodb v1.34.9 h1:jbqgtdKfAXebx2/l2UhDEe/jmmCIhaCO3HFK71M7VzM= github.com/aws/aws-sdk-go-v2/service/dynamodb v1.34.9/go.mod h1:N3YdUYxyxhiuAelUgCpSVBuBI1klobJxZrDtL+olu10= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.35.3 h1:X4iS+RcIKHkAMQz47nDt/nHxZUCKdnfgw940yluJ29Q= +github.com/aws/aws-sdk-go-v2/service/dynamodb v1.35.3/go.mod h1:k5XW8MoMxsNZ20RJmsokakvENUwQyjv69R9GqrI4xdQ= github.com/aws/aws-sdk-go-v2/service/ec2 v1.163.0 h1:gwthjSMr5tW2fYBJNt3LQGgtkREvv5IcuaWRjeo1fh0= github.com/aws/aws-sdk-go-v2/service/ec2 v1.163.0/go.mod h1:eu3DWRK5GBq4hjCr7nAbnQiHSan5RJ6ue3qQVp5PJs0= github.com/aws/aws-sdk-go-v2/service/ec2 v1.165.1 h1:LkSnU1c9JKJyXYcwpWgQGuwctwv3pDenMUgH2CmLd1A= @@ -148,6 +172,8 @@ github.com/aws/aws-sdk-go-v2/service/ec2 v1.173.0 h1:ta62lid9JkIpKZtZZXSj6rP2AqY github.com/aws/aws-sdk-go-v2/service/ec2 v1.173.0/go.mod h1:o6QDjdVKpP5EF0dp/VlvqckzuSDATr1rLdHt3A5m0YY= github.com/aws/aws-sdk-go-v2/service/ec2 v1.175.1 h1:7B5ppg4i5N2B6t+aH77WLbAu8sD98MLlzruWzq5scyY= github.com/aws/aws-sdk-go-v2/service/ec2 v1.175.1/go.mod h1:ISODge3zgdwOEa4Ou6WM9PKbxJWJ15DYKnr2bfmCAIA= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.179.2 h1:rGBv2N0zWvNTKnxOfbBH4mNM8WMdDNkaxdqtz152G40= +github.com/aws/aws-sdk-go-v2/service/ec2 v1.179.2/go.mod h1:W6sNzs5T4VpZn1Vy+FMKw8s24vt5k6zPJXcNOK0asBo= github.com/aws/aws-sdk-go-v2/service/iam v1.32.5 h1:G2judWqHbm2bDrmJPj9W0nD3Pv8+WzhY+fAAEQMpLf4= github.com/aws/aws-sdk-go-v2/service/iam v1.32.5/go.mod h1:RorjhuicJ7tEwun17BEeD//1JiPdvxPv15KOa9BKxS8= github.com/aws/aws-sdk-go-v2/service/iam v1.33.1 h1:0dcMo3330L9LIckl+4iujMoq0AdR8LMK0TtgrjHUi6M= @@ -156,12 +182,16 @@ github.com/aws/aws-sdk-go-v2/service/iam v1.34.3 h1:p4L/tixJ3JUIxCteMGT6oMlqCbEv github.com/aws/aws-sdk-go-v2/service/iam v1.34.3/go.mod h1:rfOWxxwdecWvSC9C2/8K/foW3Blf+aKnIIPP9kQ2DPE= github.com/aws/aws-sdk-go-v2/service/iam v1.35.0 h1:xIjTizH74aMNQBjp9D5cvjRZmOYtnrpjOGU3xkVqrjk= github.com/aws/aws-sdk-go-v2/service/iam v1.35.0/go.mod h1:IdHqqRLKgxYR4IY7Omd7SuV4SJzJ8seF+U5PW+mvtP4= +github.com/aws/aws-sdk-go-v2/service/iam v1.36.3 h1:dV9iimLEHKYAz2qTi+tGAD9QCnAG2pLD7HUEHB7m4mI= +github.com/aws/aws-sdk-go-v2/service/iam v1.36.3/go.mod h1:HSvujsK8xeEHMIB18oMXjSfqaN9cVqpo/MtHJIksQRk= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3 h1:dT3MqvGhSoaIhRseqw2I0yH81l7wiR2vjs57O51EAm8= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.3/go.mod h1:GlAeCkHwugxdHaueRr4nhPuY+WW+gR8UjlcqzPr1SPI= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4 h1:KypMCbLPPHEmf9DgMGw51jMj77VfGPAN2Kv4cfhlfgI= github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.4/go.mod h1:Vz1JQXliGcQktFTN/LN6uGppAIRoLBR2bMvIMP0gOjc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5 h1:QFASJGfT8wMXtuP3D5CRmMjARHv9ZmzFUMJznHDOY3w= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.5/go.mod h1:QdZ3OmoIjSX+8D1OPAzPxDfjXASbBMDsz9qvtyIhtik= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.10 h1:pkYC5zTOSPXEYJj56b2SOik9AL432i5MT1YVTQbKOK0= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.10/go.mod h1:/WNsBOlKWZCG3PMh2aSp8vkyyT/clpMZqOtrnIKqGfk= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.14 h1:oWccitSnByVU74rQRHac4gLfDqjB6Z1YQGOY/dXKedI= @@ -170,8 +200,12 @@ github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17 h1:YPYe6ZmvUfDDDE github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.17/go.mod h1:oBtcnYua/CgzCWYN7NZ5j7PotFDaFSUjCYVTtfyn7vw= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.18 h1:GckUnpm4EJOAio1c8o25a+b3lVfwVzC9gnSBqiiNmZM= github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.18/go.mod h1:Br6+bxfG33Dk3ynmkhsW2Z/t9D4+lRqdLDNCKi85w0U= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.20 h1:rTWjG6AvWekO2B1LHeM3ktU7MqyX9rzWQ7hgzneZW7E= +github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.3.20/go.mod h1:RGW2DDpVc8hu6Y6yG8G5CHVmVOAn1oV8rNKOHRJyswg= github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.9.18 h1:GACdEPdpBE59I7pbfvu0/Mw1wzstlP3QtPHklUxybFE= github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.9.18/go.mod h1:K+xV06+Wni4TSaOOJ1Y35e5tYOCUBYbebLKmJQQa8yY= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.9.19 h1:dOxqOlOEa2e2heC/74+ZzcJOa27+F1aXFZpYgY/4QfA= +github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.9.19/go.mod h1:aV6U1beLFvk3qAgognjS3wnGGoDId8hlPEiBsLHXVZE= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.10 h1:7kZqP7akv0enu6ykJhb9OYlw16oOrSy+Epus8o/VqMY= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.10/go.mod h1:gYVF3nM1ApfTRDj9pvdhootBb8WbiIejuqn4w8ruMes= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk= @@ -180,6 +214,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17 h1:HGErhhrx github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.17/go.mod h1:RkZEx4l0EHYDJpWppMJ3nD9wZJAa8/0lq9aVC+r2UII= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18 h1:tJ5RnkHCiSH0jyd6gROjlJtNwov0eGYNz8s8nFcR0jQ= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.18/go.mod h1:++NHzT+nAF7ZPrHPsA+ENvsXkOO8wEu+C6RXltAG4/c= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20 h1:Xbwbmk44URTiHNx6PNo0ujDE6ERlsCKJD3u1zfnzAPg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.20/go.mod h1:oAfOFzUB14ltPZj1rWwRc3d/6OgD76R8KlvU3EqM9Fg= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.8 h1:iQNXVs1vtaq+y9M90M4ZIVNORje0qXTscqHLqoOnFS0= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.8/go.mod h1:yUQPRlWqGG0lfNsmjbRWKVwgilfBtZTOFSLEYALlAig= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.12 h1:tzha+v1SCEBpXWEuw6B/+jm4h5z8hZbTpXz0zRZqTnw= @@ -188,6 +224,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15 h1:246A4lSTXWJw/ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.15/go.mod h1:haVfg3761/WF7YPuJOER2MP0k4UAXyHaLclKXB6usDg= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.16 h1:jg16PhLPUiHIj8zYIW6bqzeQSuHVEiWnGA0Brz5Xv2I= github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.16/go.mod h1:Uyk1zE1VVdsHSU7096h/rwnXDzOzYQVl+FNPhPw7ShY= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.18 h1:eb+tFOIl9ZsUe2259/BKPeniKuz4/02zZFH/i4Nf8Rg= +github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.17.18/go.mod h1:GVCC2IJNJTmdlyEsSmofEy7EfJncP7DNnXDzRjJ5Keg= github.com/aws/aws-sdk-go-v2/service/kms v1.32.2 h1:WuwRxTSPc+E4dwDRmxh4TILJsnYoqm41KTb11pRkzBA= github.com/aws/aws-sdk-go-v2/service/kms v1.32.2/go.mod h1:qEy625xFxrw6hA+eOAD030wmLERPa7LNCArh+gAC+8o= github.com/aws/aws-sdk-go-v2/service/kms v1.34.1 h1:VsKBn6WADI3Nn3WjBMzeRww9WHXeVLi7zyuSrqjRCBQ= @@ -196,6 +234,8 @@ github.com/aws/aws-sdk-go-v2/service/kms v1.35.3 h1:UPTdlTOwWUX49fVi7cymEN6hDqCw github.com/aws/aws-sdk-go-v2/service/kms v1.35.3/go.mod h1:gjDP16zn+WWalyaUqwCCioQ8gU8lzttCCc9jYsiQI/8= github.com/aws/aws-sdk-go-v2/service/kms v1.35.4 h1:mG1MH6yPwT5gNEeBrhig3FHc4mK0QaZOXsmQUbphP6Y= github.com/aws/aws-sdk-go-v2/service/kms v1.35.4/go.mod h1:A5CS0VRmxxj2YKYLCY08l/Zzbd01m6JZn0WzxgT1OCA= +github.com/aws/aws-sdk-go-v2/service/kms v1.36.3 h1:iHi6lC6LfW6SNvB2bixmlOW3WMyWFrHZCWX+P+CCxMk= +github.com/aws/aws-sdk-go-v2/service/kms v1.36.3/go.mod h1:OHmlX4+o0XIlJAQGAHPIy0N9yZcYS/vNG+T7geSNcFw= github.com/aws/aws-sdk-go-v2/service/lightsail v1.38.2 h1:4w4lsdD8PTa5JuAmOodlcJUh79Fexq/ISWAFjRePSKU= github.com/aws/aws-sdk-go-v2/service/lightsail v1.38.2/go.mod h1:UdEU45WZi2j7BCKUT++AUSUgl/gSuyoVzCowpbdRbwI= github.com/aws/aws-sdk-go-v2/service/lightsail v1.39.1 h1:OIdINTNLFOqm7t91ew7+CgcIkvDCCTuK4rBuREBAC2Q= @@ -204,6 +244,8 @@ github.com/aws/aws-sdk-go-v2/service/lightsail v1.40.3 h1:dy4sbyGy7BS4c0KaPZwg1P github.com/aws/aws-sdk-go-v2/service/lightsail v1.40.3/go.mod h1:EMgqMhof+RuaYvQavxKC0ZWvP7yB4B4NJhP+dbm13u0= github.com/aws/aws-sdk-go-v2/service/lightsail v1.40.4 h1:nR4GnokNdp25C6Z6xvXz5VqmzIhp4+aWMcM4w5FhlJ4= github.com/aws/aws-sdk-go-v2/service/lightsail v1.40.4/go.mod h1:w/6Ddm5GNEn0uLR6Wc35MGTvUXKDz8uNEMRrrdDB2ps= +github.com/aws/aws-sdk-go-v2/service/lightsail v1.41.3 h1:4aA0MaOMfvaYlPoPNFqG3hR0sdZdcwJmrWE3GdVKBg4= +github.com/aws/aws-sdk-go-v2/service/lightsail v1.41.3/go.mod h1:HM7L3Ylzj/7ZYVNchhnCZaPj8veuI38ICccD2nZI2EQ= github.com/aws/aws-sdk-go-v2/service/rds v1.79.5 h1:vCMSFBiXtrr6fhNnGs1d2pw+/wJek0l2kZrS0cjtybs= github.com/aws/aws-sdk-go-v2/service/rds v1.79.5/go.mod h1:esGFn2z+QNa/XcjHevnddtp3RiFQ9/pzHbjl0rgYqDE= github.com/aws/aws-sdk-go-v2/service/rds v1.80.1 h1:o0DyV3AWeuAwrBVeoW/kCZJi4oGCBHPS3E5Ppmc3fLE= @@ -216,6 +258,8 @@ github.com/aws/aws-sdk-go-v2/service/rds v1.82.0 h1:+1qRsLNukmvIDNBjz5Osqy4dvIBL github.com/aws/aws-sdk-go-v2/service/rds v1.82.0/go.mod h1:j27FNXhbbHXC3ExFsJkoxq2Y+4dQypf8KFX1IkgwVvM= github.com/aws/aws-sdk-go-v2/service/rds v1.82.1 h1:4s+9AtQQGB5n0xMm0xRbIQOFoi6rrggMlFt8WwHcDvs= github.com/aws/aws-sdk-go-v2/service/rds v1.82.1/go.mod h1:hfUZhydujCniydsJdzZ9bwzX6nUvbfnhhYQeFNREC2I= +github.com/aws/aws-sdk-go-v2/service/rds v1.86.0 h1:XIlc5PiPNJROSs8R4p50IKavXSqjuhIJ0C3JL0KJ2KQ= +github.com/aws/aws-sdk-go-v2/service/rds v1.86.0/go.mod h1:lhiPj6RvoJHWG2STp+k5az55YqGgFLBzkKYdYHgUh9g= github.com/aws/aws-sdk-go-v2/service/s3 v1.54.4 h1:4p9SCdZBO0PdEXLTF2fcQuxOEkEiqPQpK824cP2VKRo= github.com/aws/aws-sdk-go-v2/service/s3 v1.54.4/go.mod h1:oSkRFuHVWmUY4Ssk16ErGzBqvYEbvORJFzFXzWhTB2s= github.com/aws/aws-sdk-go-v2/service/s3 v1.56.1 h1:wsg9Z/vNnCmxWikfGIoOlnExtEU459cR+2d+iDJ8elo= @@ -226,12 +270,16 @@ github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3 h1:hT8ZAZRIfqBqHbzKTII+CIiY8G2oC github.com/aws/aws-sdk-go-v2/service/s3 v1.58.3/go.mod h1:Lcxzg5rojyVPU/0eFwLtcyTaek/6Mtic5B1gJo7e/zE= github.com/aws/aws-sdk-go-v2/service/s3 v1.60.0 h1:2QXGJvG19QwqXUvgcdoCOZPyLuvZf8LiXPCN4P53TdI= github.com/aws/aws-sdk-go-v2/service/s3 v1.60.0/go.mod h1:BSPI0EfnYUuNHPS0uqIo5VrRwzie+Fp+YhQOUs16sKI= +github.com/aws/aws-sdk-go-v2/service/s3 v1.63.3 h1:3zt8qqznMuAZWDTDpcwv9Xr11M/lVj2FsRR7oYBt0OA= +github.com/aws/aws-sdk-go-v2/service/s3 v1.63.3/go.mod h1:NLTqRLe3pUNu3nTEHI6XlHLKYmc8fbHUdMxAB6+s41Q= github.com/aws/aws-sdk-go-v2/service/sagemaker v1.151.0 h1:zH7b/d8vOrOWdgluKEux2TAECYKhprH2eMztkpak/mI= github.com/aws/aws-sdk-go-v2/service/sagemaker v1.151.0/go.mod h1:lDmK3DHWV6Y6hpzeUAaXq4w+ks6fFYXdkjavIe8STCE= github.com/aws/aws-sdk-go-v2/service/sagemaker v1.152.0 h1:y3jRrFbGve0omxt5gDStki51bjYJ6gxhtXr7VFagVv4= github.com/aws/aws-sdk-go-v2/service/sagemaker v1.152.0/go.mod h1:lDmK3DHWV6Y6hpzeUAaXq4w+ks6fFYXdkjavIe8STCE= github.com/aws/aws-sdk-go-v2/service/sagemaker v1.154.0 h1:NDEbY45I7YFiSAW055YdE6fFoxmudl+jK/8qe//Bduk= github.com/aws/aws-sdk-go-v2/service/sagemaker v1.154.0/go.mod h1:tn9CZCzeX7NC+qhWtnsN7GUzXG64/QUqjxeZZetzjpo= +github.com/aws/aws-sdk-go-v2/service/sagemaker v1.161.1 h1:YS9lbicBMTMFNH2IczY0KvsukyWvvcEjos8sk/VPLQY= +github.com/aws/aws-sdk-go-v2/service/sagemaker v1.161.1/go.mod h1:Tbr4Z2D/vjAaeWeAlwKLUTwEabATR12YTXcW9HFoSpA= github.com/aws/aws-sdk-go-v2/service/servicequotas v1.21.9 h1:3o5zcwZYvte3CeaYpLaWafwCSkJpclPXI5KSH+lXB90= github.com/aws/aws-sdk-go-v2/service/servicequotas v1.21.9/go.mod h1:QZpGkzlec0TPr8CA2Td5zRUJBC5+104ib0MusH5UVfI= github.com/aws/aws-sdk-go-v2/service/servicequotas v1.22.1 h1:QsHvqtdy0mGzpg/A+1lZX1ilf05Vuh2rSBzNJ3f3T1I= @@ -240,6 +288,8 @@ github.com/aws/aws-sdk-go-v2/service/servicequotas v1.23.3 h1:J6R7Mo3nDY9BmmG4V9 github.com/aws/aws-sdk-go-v2/service/servicequotas v1.23.3/go.mod h1:be52Ycqv581QoIOZzHfZFWlJLcGAI2M/ItUSlx7lLp0= github.com/aws/aws-sdk-go-v2/service/servicequotas v1.23.4 h1:d2hcQdhIWKhLfifd/FvgSs6gQvFke885SotzqvUf0Bw= github.com/aws/aws-sdk-go-v2/service/servicequotas v1.23.4/go.mod h1:tMgth4UXYC4ExLwX/9STbRJCiP0vz3Ih3ei8iUHh76w= +github.com/aws/aws-sdk-go-v2/service/servicequotas v1.24.3 h1:FYIhlz8W1L3pbiMGv4/M56iEVUM9CvTBWsIxvCMDyio= +github.com/aws/aws-sdk-go-v2/service/servicequotas v1.24.3/go.mod h1:GV6dseffRFXPRe2qmY5I6Mkypkoqm+AyH23nwSQbyF0= github.com/aws/aws-sdk-go-v2/service/ssm v1.50.5 h1:k4IdBvCLRuKW2RyOMdeuNAIX2rRp682M0Y78TdwFY1Q= github.com/aws/aws-sdk-go-v2/service/ssm v1.50.5/go.mod h1:zBEScRRmXJYBoXrmdPFUuU+KDrg3+M/91gqyG7Vf3JU= github.com/aws/aws-sdk-go-v2/service/ssm v1.51.1 h1:MuFdaoXYgw4CPsiSa2G/T5CGOuSk90lb/eSTa+lRp9I= @@ -248,6 +298,8 @@ github.com/aws/aws-sdk-go-v2/service/ssm v1.52.3 h1:iu53lwRKbZOGCVUH09g3J0xU8A+b github.com/aws/aws-sdk-go-v2/service/ssm v1.52.3/go.mod h1:v7NIzEFIHBiicOMaMTuEmbnzGnqW0d+6ulNALul6fYE= github.com/aws/aws-sdk-go-v2/service/ssm v1.52.5 h1:eY1n+pyBbgqRBRnpVUg0QguAGMWVLQp2n+SfjjOJuQI= github.com/aws/aws-sdk-go-v2/service/ssm v1.52.5/go.mod h1:Bw2YSeqq/I4VyVs9JSfdT9ArqyAbQkJEwj13AVm0heg= +github.com/aws/aws-sdk-go-v2/service/ssm v1.54.3 h1:Ctzev3ppcc46m2FgrLEZhsHMEr1G1lrJcd9Cmoy/QJk= +github.com/aws/aws-sdk-go-v2/service/ssm v1.54.3/go.mod h1:qs3TBNpFEnVubl0WL3jruj7NJMF1RCAPEPQ1f+fLTBE= github.com/aws/aws-sdk-go-v2/service/sso v1.20.10 h1:ItKVmFwbyb/ZnCWf+nu3XBVmUirpO9eGEQd7urnBA0s= github.com/aws/aws-sdk-go-v2/service/sso v1.20.10/go.mod h1:5XKooCTi9VB/xZmJDvh7uZ+v3uQ7QdX6diOyhvPA+/w= github.com/aws/aws-sdk-go-v2/service/sso v1.21.1 h1:sd0BsnAvLH8gsp2e3cbaIr+9D7T1xugueQ7V/zUAsS4= @@ -258,6 +310,8 @@ github.com/aws/aws-sdk-go-v2/service/sso v1.22.4 h1:BXx0ZIxvrJdSgSvKTZ+yRBeSqqgP github.com/aws/aws-sdk-go-v2/service/sso v1.22.4/go.mod h1:ooyCOXjvJEsUw7x+ZDHeISPMhtwI3ZCB7ggFMcFfWLU= github.com/aws/aws-sdk-go-v2/service/sso v1.22.5 h1:zCsFCKvbj25i7p1u94imVoO447I/sFv8qq+lGJhRN0c= github.com/aws/aws-sdk-go-v2/service/sso v1.22.5/go.mod h1:ZeDX1SnKsVlejeuz41GiajjZpRSWR7/42q/EyA/QEiM= +github.com/aws/aws-sdk-go-v2/service/sso v1.23.3 h1:rs4JCczF805+FDv2tRhZ1NU0RB2H6ryAvsWPanAr72Y= +github.com/aws/aws-sdk-go-v2/service/sso v1.23.3/go.mod h1:XRlMvmad0ZNL+75C5FYdMvbbLkd6qiqz6foR1nA1PXY= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.4 h1:QMSCYDg3Iyls0KZc/dk3JtS2c1lFfqbmYO10qBPPkJk= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.4/go.mod h1:MZ/PVYU/mRbmSF6WK3ybCYHjA2mig8utVokDEVLDgE0= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.25.1 h1:1uEFNNskK/I1KoZ9Q8wJxMz5V9jyBlsiaNrM7vA3YUQ= @@ -266,6 +320,8 @@ github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4 h1:yiwVzJW2ZxZTurVbYWA7QOrA github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.4/go.mod h1:0oxfLkpz3rQ/CHlx5hB7H69YUpFiI1tql6Q6Ne+1bCw= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5 h1:SKvPgvdvmiTWoi0GAJ7AsJfOz3ngVkD/ERbs5pUnHNI= github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.5/go.mod h1:20sz31hv/WsPa3HhU3hfrIet2kxM4Pe0r20eBZ20Tac= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.3 h1:S7EPdMVZod8BGKQQPTBK+FcX9g7bKR7c4+HxWqHP7Vg= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.27.3/go.mod h1:FnvDM4sfa+isJ3kDXIzAB9GAwVSzFzSy97uZ3IsHo4E= github.com/aws/aws-sdk-go-v2/service/sts v1.28.11 h1:HYS0csS7UJxdYRoG+bGgUYrSwVnV3/ece/wHm90TApM= github.com/aws/aws-sdk-go-v2/service/sts v1.28.11/go.mod h1:QXnthRM35zI92048MMwfFChjFmoufTdhtHmouwNfhhU= github.com/aws/aws-sdk-go-v2/service/sts v1.29.1 h1:myX5CxqXE0QMZNja6FA1/FSE3Vu1rVmeUmpJMMzeZg0= @@ -274,6 +330,8 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.30.3 h1:ZsDKRLXGWHk8WdtyYMoGNO7bTudr github.com/aws/aws-sdk-go-v2/service/sts v1.30.3/go.mod h1:zwySh8fpFyXp9yOr/KVzxOl8SRqgf/IDw5aUt9UKFcQ= github.com/aws/aws-sdk-go-v2/service/sts v1.30.4 h1:iAckBT2OeEK/kBDyN/jDtpEExhjeeA/Im2q4X0rJZT8= github.com/aws/aws-sdk-go-v2/service/sts v1.30.4/go.mod h1:vmSqFK+BVIwVpDAGZB3CoCXHzurt4qBE8lf+I/kRTh0= +github.com/aws/aws-sdk-go-v2/service/sts v1.31.3 h1:VzudTFrDCIDakXtemR7l6Qzt2+JYsVqo2MxBPt5k8T8= +github.com/aws/aws-sdk-go-v2/service/sts v1.31.3/go.mod h1:yMWe0F+XG0DkRZK5ODZhG7BEFYhLXi2dqGsv6tX0cgI= github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/aws/smithy-go v1.20.3 h1:ryHwveWzPV5BIof6fyDvor6V3iUL7nTfiTKXHiW05nE= @@ -294,6 +352,8 @@ github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc= +github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -372,6 +432,8 @@ github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavM github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= @@ -382,8 +444,12 @@ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI= golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -396,12 +462,16 @@ golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/internal/cmd/build/tmpl/modules/bucket.yaml b/internal/cmd/build/tmpl/modules/bucket.yaml index 47b2aa43..eb3b05fe 100644 --- a/internal/cmd/build/tmpl/modules/bucket.yaml +++ b/internal/cmd/build/tmpl/modules/bucket.yaml @@ -18,6 +18,7 @@ Parameters: EmptyOnDelete: Type: Boolean Description: If true, the contents of all buckets will be permanently deleted when the stack is deleted. + Default: false Resources: diff --git a/internal/cmd/build/tmpl/webapp/webapp.yaml b/internal/cmd/build/tmpl/webapp/webapp.yaml index b2118433..963cc822 100644 --- a/internal/cmd/build/tmpl/webapp/webapp.yaml +++ b/internal/cmd/build/tmpl/webapp/webapp.yaml @@ -38,6 +38,14 @@ Resources: TestTable: Type: AWS::DynamoDB::Table + Metadata: + checkov: + skip: + - id: CKV_AWS_119 + guard: + SuppressedRules: + - DYNAMODB_TABLE_MUST_BE_ENCRYPTED + - DYNAMODB_TABLE_ENCRYPTED_KMS Properties: BillingMode: PAY_PER_REQUEST TableName: !Sub ${AppName}-test @@ -47,6 +55,8 @@ Resources: KeySchema: - AttributeName: id KeyType: HASH + PointInTimeRecoverySpecification: + PointInTimeRecoveryEnabled: true SiteOriginAccessControl: Type: AWS::CloudFront::OriginAccessControl @@ -129,6 +139,18 @@ Resources: Name: AWSManagedRulesCommonRuleSet ExcludedRules: - Name: NoUserAgent_HEADER + - Name: AWS-AWSManagedRulesKnownBadInputsRuleSet + VisibilityConfig: + SampledRequestsEnabled: true + CloudWatchMetricsEnabled: true + MetricName: MetricForAMRKBI + Priority: 1 + Statement: + ManagedRuleGroupStatement: + VendorName: AWS + Name: AWSManagedRulesKnownBadInputsRuleSet + OverrideAction: + None: {} SiteContentLogBucket: Type: AWS::S3::Bucket @@ -619,6 +641,18 @@ Resources: TestResourceHandler: Type: AWS::Lambda::Function + Metadata: + checkov: + skip: + - id: CKV_AWS_117 + - id: CKV_AWS_116 + - id: CKV_AWS_173 + - id: CKV_AWS_115 + guard: + SuppressedRules: + - LAMBDA_INSIDE_VPC + - LAMBDA_CONCURRENCY_CHECK + - LAMBDA_DLQ_CHECK Properties: Handler: bootstrap FunctionName: !Sub ${AppName}-test-handler @@ -696,6 +730,18 @@ Resources: JwtResourceHandler: Type: AWS::Lambda::Function + Metadata: + checkov: + skip: + - id: CKV_AWS_117 + - id: CKV_AWS_116 + - id: CKV_AWS_173 + - id: CKV_AWS_115 + guard: + SuppressedRules: + - LAMBDA_INSIDE_VPC + - LAMBDA_CONCURRENCY_CHECK + - LAMBDA_DLQ_CHECK Properties: Handler: bootstrap FunctionName: !Sub ${AppName}-jwt-handler @@ -764,6 +810,11 @@ Resources: JwtResourceGet: Type: AWS::ApiGateway::Method + Metadata: + checkov: + skip: + - id: CKV_AWS_59 + comment: THe JWT handler has to be unauthenticated Properties: HttpMethod: GET ResourceId: !Ref JwtResourceResource @@ -794,6 +845,12 @@ Resources: RestApiStage: Type: AWS::ApiGateway::Stage + Metadata: + checkov: + skip: + - id: CKV_AWS_120 + - id: CKV_AWS_73 + - id: CKV_AWS_76 Properties: RestApiId: !Ref RestApi DeploymentId: !Ref RestApiDeployment diff --git a/scripts/integ.sh b/scripts/integ.sh index e43f7881..bb5477fd 100755 --- a/scripts/integ.sh +++ b/scripts/integ.sh @@ -38,9 +38,9 @@ set -eoux pipefail ./rain --profile rain build AWS::S3::Bucket ./rain --profile rain build -l -./rain --profile rain fmt test/templates/fmtfindinmap.yaml -./rain --profile rain fmt test/templates/fmtmultiwithgt.yaml -./rain --profile rain fmt test/templates/fmtziplinesok.yaml +./rain fmt test/templates/fmtfindinmap.yaml +./rain fmt test/templates/fmtmultiwithgt.yaml +./rain fmt test/templates/fmtziplinesok.yaml ./rain --profile rain pkg cft/pkg/tmpl/s3-props-template.yaml ./rain --profile rain pkg cft/pkg/tmpl/embed-template.yaml @@ -52,8 +52,8 @@ set -eoux pipefail ./internal/cmd/build/tmpl/scripts/validate.sh # Make sure pkl generation works -./rain --profile rain fmt test/templates/success.template --pkl -./rain --profile rain fmt test/templates/success.template --pkl --pkl-basic -./rain --profile rain fmt test/templates/condition-stringlike.yaml --pkl > test/pkl/condition-stringlike.pkl +./rain fmt test/templates/success.template --pkl +./rain fmt test/templates/success.template --pkl --pkl-basic +./rain fmt test/templates/condition-stringlike.yaml --pkl > test/pkl/condition-stringlike.pkl pkl eval --project-dir test/pkl test/pkl/condition-stringlike.pkl -f yaml diff --git a/test/templates/build/bucket/bucket.yaml b/test/templates/build/bucket/bucket.yaml index 2769151e..c32b7d62 100644 --- a/test/templates/build/bucket/bucket.yaml +++ b/test/templates/build/bucket/bucket.yaml @@ -49,6 +49,9 @@ Resources: SuppressedRules: - S3_BUCKET_LOGGING_ENABLED - S3_BUCKET_REPLICATION_ENABLED + Rain: + Content: RAIN_NO_CONTENT + EmptyOnDelete: false ObjectStorageBucket: Type: AWS::S3::Bucket @@ -79,9 +82,8 @@ Resources: SuppressedRules: - S3_BUCKET_DEFAULT_LOCK_ENABLED Rain: - Content: - Path: !Ref Content - Zip: false + Content: !Ref Content + EmptyOnDelete: false ObjectStorageReplicaBucket: Type: AWS::S3::Bucket @@ -110,6 +112,9 @@ Resources: - S3_BUCKET_DEFAULT_LOCK_ENABLED - S3_BUCKET_REPLICATION_ENABLED - S3_BUCKET_LOGGING_ENABLED + Rain: + Content: RAIN_NO_CONTENT + EmptyOnDelete: false ObjectStorageReplicationPolicy: Type: AWS::IAM::RolePolicy diff --git a/test/templates/build/bucket/website.yaml b/test/templates/build/bucket/website.yaml index 926d31fd..52c7332a 100644 --- a/test/templates/build/bucket/website.yaml +++ b/test/templates/build/bucket/website.yaml @@ -104,6 +104,9 @@ Resources: SuppressedRules: - S3_BUCKET_LOGGING_ENABLED - S3_BUCKET_REPLICATION_ENABLED + Rain: + Content: RAIN_NO_CONTENT + EmptyOnDelete: false ContentBucket: Type: AWS::S3::Bucket @@ -134,9 +137,8 @@ Resources: SuppressedRules: - S3_BUCKET_DEFAULT_LOCK_ENABLED Rain: - Content: - Path: !Ref Content - Zip: false + Content: !Ref Content + EmptyOnDelete: false ContentReplicaBucket: Type: AWS::S3::Bucket @@ -165,6 +167,9 @@ Resources: - S3_BUCKET_DEFAULT_LOCK_ENABLED - S3_BUCKET_REPLICATION_ENABLED - S3_BUCKET_LOGGING_ENABLED + Rain: + Content: RAIN_NO_CONTENT + EmptyOnDelete: false ContentReplicationPolicy: Type: AWS::IAM::RolePolicy @@ -325,6 +330,9 @@ Resources: SuppressedRules: - S3_BUCKET_LOGGING_ENABLED - S3_BUCKET_REPLICATION_ENABLED + Rain: + Content: RAIN_NO_CONTENT + EmptyOnDelete: false CloudFrontLogsBucket: Type: AWS::S3::Bucket @@ -355,9 +363,8 @@ Resources: SuppressedRules: - S3_BUCKET_DEFAULT_LOCK_ENABLED Rain: - Content: - Path: RAIN_NO_CONTENT - Zip: false + Content: RAIN_NO_CONTENT + EmptyOnDelete: false CloudFrontLogsReplicaBucket: Type: AWS::S3::Bucket @@ -386,6 +393,9 @@ Resources: - S3_BUCKET_DEFAULT_LOCK_ENABLED - S3_BUCKET_REPLICATION_ENABLED - S3_BUCKET_LOGGING_ENABLED + Rain: + Content: RAIN_NO_CONTENT + EmptyOnDelete: false CloudFrontLogsReplicationPolicy: Type: AWS::IAM::RolePolicy diff --git a/test/templates/build/webapp/webapp.yaml b/test/templates/build/webapp/webapp.yaml new file mode 100644 index 00000000..5abdfada --- /dev/null +++ b/test/templates/build/webapp/webapp.yaml @@ -0,0 +1,886 @@ +Description: Creates a web application with a static website using S3 and CloudFront, an API Gateway REST API, and a DynamoDB table, with Cognito authentication. Apache-2.0 License. Adapt this template to your needs and thoruoughly test it before introducing it in a production environment. **WARNING** This template will create resources in your account that may incur billing charges. + +Parameters: + AppName: + Type: String + Description: This name is used as a prefix for resource names + Default: rain-webapp-sample + + LambdaCodeS3Bucket: + Type: String + Description: The bucket where your lambda handler is + Default: rain-artifacts-207567786752-us-east-1 + + LambdaCodeS3Key: + Type: String + Description: The object key for your lambda handler + Default: 512113b95e9fc6345b2e19a43350af82aaa815011120288f16b1f281d5efdc95 + +Resources: + TestResourceHandlerPolicy: + Type: AWS::IAM::RolePolicy + Properties: + PolicyDocument: + Statement: + - Action: + - dynamodb:BatchGetItem + - dynamodb:GetItem + - dynamodb:Query + - dynamodb:Scan + - dynamodb:BatchWriteItem + - dynamodb:PutItem + - dynamodb:UpdateItem + Effect: Allow + Resource: + - !GetAtt TestTable.Arn + PolicyName: handler-policy + RoleName: !Ref TestResourceHandlerRole + + TestTable: + Type: AWS::DynamoDB::Table + Metadata: + checkov: + skip: + - id: CKV_AWS_119 + guard: + SuppressedRules: + - DYNAMODB_TABLE_MUST_BE_ENCRYPTED + - DYNAMODB_TABLE_ENCRYPTED_KMS + Properties: + BillingMode: PAY_PER_REQUEST + TableName: !Sub ${AppName}-test + AttributeDefinitions: + - AttributeName: id + AttributeType: S + KeySchema: + - AttributeName: id + KeyType: HASH + PointInTimeRecoverySpecification: + PointInTimeRecoveryEnabled: true + + SiteOriginAccessControl: + Type: AWS::CloudFront::OriginAccessControl + Properties: + OriginAccessControlConfig: + Name: !Join + - "" + - - !Ref AppName + - !Select + - 2 + - !Split + - / + - !Ref AWS::StackId + OriginAccessControlOriginType: s3 + SigningBehavior: always + SigningProtocol: sigv4 + + SiteDistribution: + Type: AWS::CloudFront::Distribution + Properties: + DistributionConfig: + DefaultCacheBehavior: + CachePolicyId: 658327ea-f89d-4fab-a63d-7e88639e58f6 + Compress: true + TargetOriginId: !Sub ${AppName}-origin-1 + ViewerProtocolPolicy: redirect-to-https + DefaultRootObject: index.html + Enabled: true + HttpVersion: http2 + IPV6Enabled: true + Logging: + Bucket: !GetAtt SiteCloudFrontLogsBucket.RegionalDomainName + Origins: + - DomainName: !GetAtt SiteContentBucket.RegionalDomainName + Id: !Sub ${AppName}-origin-1 + OriginAccessControlId: !GetAtt SiteOriginAccessControl.Id + S3OriginConfig: + OriginAccessIdentity: "" + ViewerCertificate: + CloudFrontDefaultCertificate: true + WebACLId: !GetAtt SiteWebACL.Arn + Metadata: + checkov: + skip: + - id: CKV_AWS_174 + comment: Using the default cloudfront certificate with no aliases + guard: + SuppressedRules: + - CLOUDFRONT_CUSTOM_SSL_CERTIFICATE + - CLOUDFRONT_ORIGIN_FAILOVER_ENABLED + - CLOUDFRONT_SNI_ENABLED + + SiteWebACL: + Type: AWS::WAFv2::WebACL + Properties: + Name: !Sub ${AppName}-WebACLWithAMR + Scope: CLOUDFRONT + Description: Web ACL with AWS Managed Rules + DefaultAction: + Allow: {} + VisibilityConfig: + SampledRequestsEnabled: true + CloudWatchMetricsEnabled: true + MetricName: MetricForWebACLWithAMR + Tags: + - Key: Name + Value: !Ref AppName + Rules: + - Name: AWS-AWSManagedRulesCommonRuleSet + Priority: 0 + OverrideAction: + None: {} + VisibilityConfig: + SampledRequestsEnabled: true + CloudWatchMetricsEnabled: true + MetricName: MetricForAMRCRS + Statement: + ManagedRuleGroupStatement: + VendorName: AWS + Name: AWSManagedRulesCommonRuleSet + ExcludedRules: + - Name: NoUserAgent_HEADER + - Name: AWS-AWSManagedRulesKnownBadInputsRuleSet + VisibilityConfig: + SampledRequestsEnabled: true + CloudWatchMetricsEnabled: true + MetricName: MetricForAMRKBI + Priority: 1 + Statement: + ManagedRuleGroupStatement: + VendorName: AWS + Name: AWSManagedRulesKnownBadInputsRuleSet + OverrideAction: + None: {} + + SiteContentLogBucket: + Type: AWS::S3::Bucket + Properties: + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + BucketName: !Sub ${AppName}-content-logs-${AWS::Region}-${AWS::AccountId} + ObjectLockConfiguration: + ObjectLockEnabled: Enabled + Rule: + DefaultRetention: + Mode: COMPLIANCE + Years: 1 + ObjectLockEnabled: true + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true + VersioningConfiguration: + Status: Enabled + Metadata: + Comment: This bucket records access logs for the main bucket + checkov: + skip: + - comment: This is the log bucket + id: CKV_AWS_18 + guard: + SuppressedRules: + - S3_BUCKET_LOGGING_ENABLED + - S3_BUCKET_REPLICATION_ENABLED + + SiteContentBucket: + Type: AWS::S3::Bucket + Properties: + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + BucketName: !Sub ${AppName}-content-${AWS::Region}-${AWS::AccountId} + LoggingConfiguration: + DestinationBucketName: !Ref SiteContentLogBucket + ObjectLockEnabled: false + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true + ReplicationConfiguration: + Role: !GetAtt SiteContentReplicationRole.Arn + Rules: + - Destination: + Bucket: !GetAtt SiteContentReplicaBucket.Arn + Status: Enabled + VersioningConfiguration: + Status: Enabled + Metadata: + guard: + SuppressedRules: + - S3_BUCKET_DEFAULT_LOCK_ENABLED + + SiteContentReplicaBucket: + Type: AWS::S3::Bucket + Properties: + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + BucketName: !Sub ${AppName}-content-replicas-${AWS::Region}-${AWS::AccountId} + ObjectLockEnabled: false + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true + VersioningConfiguration: + Status: Enabled + Metadata: + Comment: This bucket is used as a target for replicas from the main bucket + checkov: + skip: + - comment: This is the replica bucket + id: CKV_AWS_18 + guard: + SuppressedRules: + - S3_BUCKET_DEFAULT_LOCK_ENABLED + - S3_BUCKET_REPLICATION_ENABLED + - S3_BUCKET_LOGGING_ENABLED + + SiteContentReplicationPolicy: + Type: AWS::IAM::RolePolicy + Properties: + PolicyDocument: + Statement: + - Action: + - s3:GetReplicationConfiguration + - s3:ListBucket + Effect: Allow + Resource: !Sub arn:${AWS::Partition}:s3:::${AppName}-content-${AWS::Region}-${AWS::AccountId} + - Action: + - s3:GetObjectVersionForReplication + - s3:GetObjectVersionAcl + - s3:GetObjectVersionTagging + Effect: Allow + Resource: !Sub arn:${AWS::Partition}:s3:::${AppName}-content-${AWS::Region}-${AWS::AccountId}/* + - Action: + - s3:ReplicateObject + - s3:ReplicateDelete + - s3:ReplicationTags + Effect: Allow + Resource: !Sub arn:${AWS::Partition}:s3:::${AppName}-content-replicas-${AWS::Region}-${AWS::AccountId}/* + Version: "2012-10-17" + PolicyName: bucket-replication-policy + RoleName: !Ref SiteContentReplicationRole + + SiteContentReplicationRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Statement: + - Action: + - sts:AssumeRole + Effect: Allow + Principal: + Service: + - s3.amazonaws.com + Version: "2012-10-17" + Path: / + + SiteContentLogBucketAccessPolicy: + Type: AWS::S3::BucketPolicy + Properties: + Bucket: !Sub ${AppName}-content-logs-${AWS::Region}-${AWS::AccountId} + PolicyDocument: + Statement: + - Action: s3:* + Condition: + Bool: + aws:SecureTransport: false + Effect: Deny + Principal: + AWS: '*' + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-content-logs-${AWS::Region}-${AWS::AccountId} + - !Sub arn:${AWS::Partition}:s3:::${AppName}-content-logs-${AWS::Region}-${AWS::AccountId}/* + - Action: s3:PutObject + Condition: + ArnLike: + aws:SourceArn: !Sub arn:${AWS::Partition}:s3:::${AppName}-content-logs-${AWS::Region}-${AWS::AccountId} + StringEquals: + aws:SourceAccount: !Ref AWS::AccountId + Effect: Allow + Principal: + Service: logging.s3.amazonaws.com + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-content-logs-${AWS::Region}-${AWS::AccountId}/* + Version: "2012-10-17" + + SiteContentBucketAccessPolicy: + Type: AWS::S3::BucketPolicy + Properties: + Bucket: !Sub ${AppName}-content-${AWS::Region}-${AWS::AccountId} + PolicyDocument: + Statement: + - Action: s3:GetObject + Effect: Allow + Resource: !Sub arn:${AWS::Partition}:s3:::${AppName}-content-${AWS::Region}-${AWS::AccountId}/* + Principal: + Service: cloudfront.amazonaws.com + Condition: + StringEquals: + AWS:SourceArn: !Sub arn:aws:cloudfront::${AWS::AccountId}:distribution/${SiteDistribution.Id} + - Action: s3:* + Condition: + Bool: + aws:SecureTransport: false + Effect: Deny + Principal: + AWS: '*' + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-content-${AWS::Region}-${AWS::AccountId} + - !Sub arn:${AWS::Partition}:s3:::${AppName}-content-${AWS::Region}-${AWS::AccountId}/* + - Action: s3:PutObject + Condition: + ArnLike: + aws:SourceArn: !Sub arn:${AWS::Partition}:s3:::${AppName}-content-${AWS::Region}-${AWS::AccountId} + StringEquals: + aws:SourceAccount: !Ref AWS::AccountId + Effect: Allow + Principal: + Service: logging.s3.amazonaws.com + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-content-${AWS::Region}-${AWS::AccountId}/* + Version: "2012-10-17" + + SiteContentReplicaBucketAccessPolicy: + Type: AWS::S3::BucketPolicy + Properties: + Bucket: !Sub ${AppName}-content-replicas-${AWS::Region}-${AWS::AccountId} + PolicyDocument: + Statement: + - Action: s3:* + Condition: + Bool: + aws:SecureTransport: false + Effect: Deny + Principal: + AWS: '*' + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-content-replicas-${AWS::Region}-${AWS::AccountId} + - !Sub arn:${AWS::Partition}:s3:::${AppName}-content-replicas-${AWS::Region}-${AWS::AccountId}/* + - Action: s3:PutObject + Condition: + ArnLike: + aws:SourceArn: !Sub arn:${AWS::Partition}:s3:::${AppName}-content-replicas-${AWS::Region}-${AWS::AccountId} + StringEquals: + aws:SourceAccount: !Ref AWS::AccountId + Effect: Allow + Principal: + Service: logging.s3.amazonaws.com + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-content-replicas-${AWS::Region}-${AWS::AccountId}/* + Version: "2012-10-17" + + SiteCloudFrontLogsLogBucket: + Type: AWS::S3::Bucket + Properties: + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + BucketName: !Sub ${AppName}-cflogs-logs-${AWS::Region}-${AWS::AccountId} + ObjectLockConfiguration: + ObjectLockEnabled: Enabled + Rule: + DefaultRetention: + Mode: COMPLIANCE + Years: 1 + ObjectLockEnabled: true + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true + VersioningConfiguration: + Status: Enabled + Metadata: + Comment: This bucket records access logs for the main bucket + checkov: + skip: + - comment: This is the log bucket + id: CKV_AWS_18 + guard: + SuppressedRules: + - S3_BUCKET_LOGGING_ENABLED + - S3_BUCKET_REPLICATION_ENABLED + + SiteCloudFrontLogsBucket: + Type: AWS::S3::Bucket + Properties: + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + BucketName: !Sub ${AppName}-cflogs-${AWS::Region}-${AWS::AccountId} + LoggingConfiguration: + DestinationBucketName: !Ref SiteCloudFrontLogsLogBucket + ObjectLockEnabled: false + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true + ReplicationConfiguration: + Role: !GetAtt SiteCloudFrontLogsReplicationRole.Arn + Rules: + - Destination: + Bucket: !GetAtt SiteCloudFrontLogsReplicaBucket.Arn + Status: Enabled + VersioningConfiguration: + Status: Enabled + OwnershipControls: + Rules: + - ObjectOwnership: BucketOwnerPreferred + Metadata: + guard: + SuppressedRules: + - S3_BUCKET_DEFAULT_LOCK_ENABLED + + SiteCloudFrontLogsReplicaBucket: + Type: AWS::S3::Bucket + Properties: + BucketEncryption: + ServerSideEncryptionConfiguration: + - ServerSideEncryptionByDefault: + SSEAlgorithm: AES256 + BucketName: !Sub ${AppName}-cflogs-replicas-${AWS::Region}-${AWS::AccountId} + ObjectLockEnabled: false + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true + VersioningConfiguration: + Status: Enabled + Metadata: + Comment: This bucket is used as a target for replicas from the main bucket + checkov: + skip: + - comment: This is the replica bucket + id: CKV_AWS_18 + guard: + SuppressedRules: + - S3_BUCKET_DEFAULT_LOCK_ENABLED + - S3_BUCKET_REPLICATION_ENABLED + - S3_BUCKET_LOGGING_ENABLED + + SiteCloudFrontLogsReplicationPolicy: + Type: AWS::IAM::RolePolicy + Properties: + PolicyDocument: + Statement: + - Action: + - s3:GetReplicationConfiguration + - s3:ListBucket + Effect: Allow + Resource: !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-${AWS::Region}-${AWS::AccountId} + - Action: + - s3:GetObjectVersionForReplication + - s3:GetObjectVersionAcl + - s3:GetObjectVersionTagging + Effect: Allow + Resource: !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-${AWS::Region}-${AWS::AccountId}/* + - Action: + - s3:ReplicateObject + - s3:ReplicateDelete + - s3:ReplicationTags + Effect: Allow + Resource: !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-replicas-${AWS::Region}-${AWS::AccountId}/* + Version: "2012-10-17" + PolicyName: bucket-replication-policy + RoleName: !Ref SiteCloudFrontLogsReplicationRole + + SiteCloudFrontLogsReplicationRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Statement: + - Action: + - sts:AssumeRole + Effect: Allow + Principal: + Service: + - s3.amazonaws.com + Version: "2012-10-17" + Path: / + + SiteCloudFrontLogsLogBucketAccessPolicy: + Type: AWS::S3::BucketPolicy + Properties: + Bucket: !Sub ${AppName}-cflogs-logs-${AWS::Region}-${AWS::AccountId} + PolicyDocument: + Statement: + - Action: s3:* + Condition: + Bool: + aws:SecureTransport: false + Effect: Deny + Principal: + AWS: '*' + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-logs-${AWS::Region}-${AWS::AccountId} + - !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-logs-${AWS::Region}-${AWS::AccountId}/* + - Action: s3:PutObject + Condition: + ArnLike: + aws:SourceArn: !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-logs-${AWS::Region}-${AWS::AccountId} + StringEquals: + aws:SourceAccount: !Ref AWS::AccountId + Effect: Allow + Principal: + Service: logging.s3.amazonaws.com + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-logs-${AWS::Region}-${AWS::AccountId}/* + Version: "2012-10-17" + + SiteCloudFrontLogsBucketAccessPolicy: + Type: AWS::S3::BucketPolicy + Properties: + Bucket: !Sub ${AppName}-cflogs-${AWS::Region}-${AWS::AccountId} + PolicyDocument: + Statement: + - Action: s3:* + Condition: + Bool: + aws:SecureTransport: false + Effect: Deny + Principal: + AWS: '*' + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-${AWS::Region}-${AWS::AccountId} + - !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-${AWS::Region}-${AWS::AccountId}/* + - Action: s3:PutObject + Condition: + ArnLike: + aws:SourceArn: !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-${AWS::Region}-${AWS::AccountId} + StringEquals: + aws:SourceAccount: !Ref AWS::AccountId + Effect: Allow + Principal: + Service: logging.s3.amazonaws.com + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-${AWS::Region}-${AWS::AccountId}/* + Version: "2012-10-17" + + SiteCloudFrontLogsReplicaBucketAccessPolicy: + Type: AWS::S3::BucketPolicy + Properties: + Bucket: !Sub ${AppName}-cflogs-replicas-${AWS::Region}-${AWS::AccountId} + PolicyDocument: + Statement: + - Action: s3:* + Condition: + Bool: + aws:SecureTransport: false + Effect: Deny + Principal: + AWS: '*' + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-replicas-${AWS::Region}-${AWS::AccountId} + - !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-replicas-${AWS::Region}-${AWS::AccountId}/* + - Action: s3:PutObject + Condition: + ArnLike: + aws:SourceArn: !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-replicas-${AWS::Region}-${AWS::AccountId} + StringEquals: + aws:SourceAccount: !Ref AWS::AccountId + Effect: Allow + Principal: + Service: logging.s3.amazonaws.com + Resource: + - !Sub arn:${AWS::Partition}:s3:::${AppName}-cflogs-replicas-${AWS::Region}-${AWS::AccountId}/* + Version: "2012-10-17" + + CognitoUserPool: + Type: AWS::Cognito::UserPool + Properties: + UserPoolName: !Ref AppName + AdminCreateUserConfig: + AllowAdminCreateUserOnly: true + AutoVerifiedAttributes: + - email + Schema: + - Name: email + Required: true + - Name: given_name + Required: true + - Name: family_name + Required: true + DependsOn: + - SiteDistribution + + CognitoDomain: + Type: AWS::Cognito::UserPoolDomain + Properties: + Domain: !Ref AppName + UserPoolId: !Ref CognitoUserPool + + CognitoClient: + Type: AWS::Cognito::UserPoolClient + Properties: + ClientName: !Ref AppName + GenerateSecret: false + UserPoolId: !Ref CognitoUserPool + CallbackURLs: + - !Sub https://${SiteDistribution.DomainName}/index.html + AllowedOAuthFlows: + - code + AllowedOAuthFlowsUserPoolClient: true + AllowedOAuthScopes: + - phone + - email + - openid + SupportedIdentityProviders: + - COGNITO + + TestResourceHandler: + Type: AWS::Lambda::Function + Metadata: + checkov: + skip: + - id: CKV_AWS_117 + - id: CKV_AWS_116 + - id: CKV_AWS_173 + - id: CKV_AWS_115 + guard: + SuppressedRules: + - LAMBDA_INSIDE_VPC + - LAMBDA_CONCURRENCY_CHECK + - LAMBDA_DLQ_CHECK + Properties: + Handler: bootstrap + FunctionName: !Sub ${AppName}-test-handler + Runtime: provided.al2023 + Code: + S3Bucket: !Ref LambdaCodeS3Bucket + S3Key: !Ref LambdaCodeS3Key + Role: !GetAtt TestResourceHandlerRole.Arn + Environment: + Variables: + TABLE_NAME: !Ref TestTable + + TestResourceHandlerRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Principal: + Service: + - lambda.amazonaws.com + Action: + - sts:AssumeRole + ManagedPolicyArns: + - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole + + TestResourceResource: + Type: AWS::ApiGateway::Resource + Properties: + ParentId: !Sub ${RestApi.RootResourceId} + PathPart: test + RestApiId: !Ref RestApi + + TestResourcePermission: + Type: AWS::Lambda::Permission + Properties: + Action: lambda:InvokeFunction + FunctionName: !GetAtt TestResourceHandler.Arn + Principal: apigateway.amazonaws.com + SourceArn: !Sub arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${RestApi}/*/*/* + + TestResourceRootPermission: + Type: AWS::Lambda::Permission + Properties: + Action: lambda:InvokeFunction + FunctionName: !GetAtt TestResourceHandler.Arn + Principal: apigateway.amazonaws.com + SourceArn: !Sub arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${RestApi}/*/*/ + + TestResourceOptions: + Type: AWS::ApiGateway::Method + Properties: + HttpMethod: OPTIONS + ResourceId: !Ref TestResourceResource + RestApiId: !Ref RestApi + AuthorizationType: NONE + Integration: + IntegrationHttpMethod: POST + Type: AWS_PROXY + Uri: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${TestResourceHandler.Arn}/invocations + + TestResourceGet: + Type: AWS::ApiGateway::Method + Properties: + HttpMethod: GET + ResourceId: !Ref TestResourceResource + RestApiId: !Ref RestApi + AuthorizationType: COGNITO_USER_POOLS + AuthorizerId: !Ref RestApiAuthorizer + Integration: + IntegrationHttpMethod: POST + Type: AWS_PROXY + Uri: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${TestResourceHandler.Arn}/invocations + + JwtResourceHandler: + Type: AWS::Lambda::Function + Metadata: + checkov: + skip: + - id: CKV_AWS_117 + - id: CKV_AWS_116 + - id: CKV_AWS_173 + - id: CKV_AWS_115 + guard: + SuppressedRules: + - LAMBDA_INSIDE_VPC + - LAMBDA_CONCURRENCY_CHECK + - LAMBDA_DLQ_CHECK + Properties: + Handler: bootstrap + FunctionName: !Sub ${AppName}-jwt-handler + Runtime: provided.al2023 + Code: + S3Bucket: rain-artifacts-207567786752-us-east-1 + S3Key: 15d7c92b571beed29cf6c012a96022482eee1df1b477ad528ddc03a4be52c076 + Role: !GetAtt JwtResourceHandlerRole.Arn + Environment: + Variables: + COGNITO_REGION: us-east-1 + COGNITO_POOL_ID: !Ref CognitoUserPool + COGNITO_REDIRECT_URI: !Sub https://${SiteDistribution.DomainName}/index.html + COGNITO_DOMAIN_PREFIX: !Ref AppName + COGNITO_APP_CLIENT_ID: !Ref CognitoClient + + JwtResourceHandlerRole: + Type: AWS::IAM::Role + Properties: + AssumeRolePolicyDocument: + Version: "2012-10-17" + Statement: + - Effect: Allow + Principal: + Service: + - lambda.amazonaws.com + Action: + - sts:AssumeRole + ManagedPolicyArns: + - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole + + JwtResourceResource: + Type: AWS::ApiGateway::Resource + Properties: + ParentId: !Sub ${RestApi.RootResourceId} + PathPart: jwt + RestApiId: !Ref RestApi + + JwtResourcePermission: + Type: AWS::Lambda::Permission + Properties: + Action: lambda:InvokeFunction + FunctionName: !GetAtt JwtResourceHandler.Arn + Principal: apigateway.amazonaws.com + SourceArn: !Sub arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${RestApi}/*/*/* + + JwtResourceRootPermission: + Type: AWS::Lambda::Permission + Properties: + Action: lambda:InvokeFunction + FunctionName: !GetAtt JwtResourceHandler.Arn + Principal: apigateway.amazonaws.com + SourceArn: !Sub arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${RestApi}/*/*/ + + JwtResourceOptions: + Type: AWS::ApiGateway::Method + Properties: + HttpMethod: OPTIONS + ResourceId: !Ref JwtResourceResource + RestApiId: !Ref RestApi + AuthorizationType: NONE + Integration: + IntegrationHttpMethod: POST + Type: AWS_PROXY + Uri: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${JwtResourceHandler.Arn}/invocations + + JwtResourceGet: + Type: AWS::ApiGateway::Method + Metadata: + checkov: + skip: + - id: CKV_AWS_59 + comment: THe JWT handler has to be unauthenticated + Properties: + HttpMethod: GET + ResourceId: !Ref JwtResourceResource + RestApiId: !Ref RestApi + AuthorizationType: NONE + AuthorizerId: AWS::NoValue + Integration: + IntegrationHttpMethod: POST + Type: AWS_PROXY + Uri: !Sub arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${JwtResourceHandler.Arn}/invocations + + RestApi: + Type: AWS::ApiGateway::RestApi + Properties: + Name: !Ref AppName + + RestApiDeployment: + Type: AWS::ApiGateway::Deployment + Properties: + RestApiId: !Ref RestApi + Metadata: + Version: 2 + DependsOn: + - TestResourceGet + - TestResourceOptions + - JwtResourceGet + - JwtResourceOptions + + RestApiStage: + Type: AWS::ApiGateway::Stage + Metadata: + checkov: + skip: + - id: CKV_AWS_120 + - id: CKV_AWS_73 + - id: CKV_AWS_76 + Properties: + RestApiId: !Ref RestApi + DeploymentId: !Ref RestApiDeployment + StageName: prod + + RestApiAuthorizer: + Type: AWS::ApiGateway::Authorizer + Properties: + IdentitySource: method.request.header.authorization + Name: CognitoApiAuthorizer + ProviderARNs: + - !GetAtt CognitoUserPool.Arn + RestApiId: !Ref RestApi + Type: COGNITO_USER_POOLS + +Outputs: + SiteURL: + Value: !Sub https://${SiteDistribution.DomainName} + + RedirectURI: + Value: !Sub https://${SiteDistribution.DomainName}/index.html + + AppName: + Value: !Ref AppName + + RestApiInvokeURL: + Value: !Sub https://${RestApi}.execute-api.${AWS::Region}.amazonaws.com/${RestApiStage} + + AppClientId: + Value: !Ref CognitoClient + + CognitoDomainPrefix: + Value: !Ref AppName