diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.assets.json new file mode 100644 index 0000000..2aab380 --- /dev/null +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.assets.json @@ -0,0 +1,19 @@ +{ + "version": "15.0.0", + "files": { + "1775a9e74905e5fb316990d4feb676dd5e22557797d13181ba6a7e402e794fe9": { + "source": { + "path": "RDS-Sanitized-Snapshotter-RDS.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "1775a9e74905e5fb316990d4feb676dd5e22557797d13181ba6a7e402e794fe9.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.template.json new file mode 100644 index 0000000..bc5dbf0 --- /dev/null +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.template.json @@ -0,0 +1,622 @@ +{ + "Resources": { + "MySQLInstanceSubnetGroup2F3554B3": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnet group for MySQL Instance database", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "MySQLInstanceSecurityGroupF67D2455": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Security group for MySQL Instance database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "MySQLInstanceSecret84563F6F": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"admin\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLInstanceSecretAttachmentD80E5663": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "MySQLInstanceSecret84563F6F" + }, + "TargetId": { + "Ref": "MySQLInstanceA2499B9D" + }, + "TargetType": "AWS::RDS::DBInstance" + } + }, + "MySQLInstanceA2499B9D": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBInstanceClass": "db.t3.small", + "AllocatedStorage": "100", + "BackupRetentionPeriod": 0, + "CopyTagsToSnapshot": true, + "DBSubnetGroupName": { + "Ref": "MySQLInstanceSubnetGroup2F3554B3" + }, + "DeleteAutomatedBackups": true, + "Engine": "mysql", + "EngineVersion": "8.0", + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLInstanceSecret84563F6F" + }, + ":SecretString:username::}}" + ] + ] + }, + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLInstanceSecret84563F6F" + }, + ":SecretString:password::}}" + ] + ] + }, + "StorageType": "gp2", + "VPCSecurityGroups": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSecurityGroupF67D2455", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLClusterSubnets30A4ABD4": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for MySQL Cluster database", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "MySQLClusterSecurityGroupBC9C8E26": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "MySQLClusterSecret06B35C31": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"admin\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLClusterSecretAttachmentE3959A60": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "MySQLClusterSecret06B35C31" + }, + "TargetId": { + "Ref": "MySQLClusterD5C73C33" + }, + "TargetType": "AWS::RDS::DBCluster" + } + }, + "MySQLClusterD5C73C33": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "Engine": "aurora-mysql", + "BackupRetentionPeriod": 1, + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-mysql5.7", + "DBSubnetGroupName": { + "Ref": "MySQLClusterSubnets30A4ABD4" + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLClusterSecret06B35C31" + }, + ":SecretString:username::}}" + ] + ] + }, + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLClusterSecret06B35C31" + }, + ":SecretString:password::}}" + ] + ] + }, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "MySQLClusterSecurityGroupBC9C8E26", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLClusterInstance1C435F94D": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBInstanceClass": "db.t3.medium", + "DBClusterIdentifier": { + "Ref": "MySQLClusterD5C73C33" + }, + "DBSubnetGroupName": { + "Ref": "MySQLClusterSubnets30A4ABD4" + }, + "Engine": "aurora-mysql" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "Key961B73FD": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "Description": "RDS sanitize test source key" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "PostgresInstanceSubnetGroup539F8609": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnet group for Postgres Instance database", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "PostgresInstanceSecurityGroup08920A2A": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Security group for Postgres Instance database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "PostgresInstanceSecret47B7DD5E": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgresInstanceSecretAttachment5B3ACFDC": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "PostgresInstanceSecret47B7DD5E" + }, + "TargetId": { + "Ref": "PostgresInstance8F00D2DD" + }, + "TargetType": "AWS::RDS::DBInstance" + } + }, + "PostgresInstance8F00D2DD": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBInstanceClass": "db.t3.small", + "AllocatedStorage": "100", + "BackupRetentionPeriod": 0, + "CopyTagsToSnapshot": true, + "DBSubnetGroupName": { + "Ref": "PostgresInstanceSubnetGroup539F8609" + }, + "DeleteAutomatedBackups": true, + "Engine": "postgres", + "EngineVersion": "10", + "KmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresInstanceSecret47B7DD5E" + }, + ":SecretString:username::}}" + ] + ] + }, + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresInstanceSecret47B7DD5E" + }, + ":SecretString:password::}}" + ] + ] + }, + "StorageEncrypted": true, + "StorageType": "gp2", + "VPCSecurityGroups": [ + { + "Fn::GetAtt": [ + "PostgresInstanceSecurityGroup08920A2A", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgresClusterSubnetsFC10D676": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for Postgres Cluster database", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "PostgresClusterSecurityGroupA7EFBA97": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "PostgresClusterSecretEB353FC9": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgresClusterSecretAttachment0D03F96A": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "PostgresClusterSecretEB353FC9" + }, + "TargetId": { + "Ref": "PostgresCluster5A5B7BE8" + }, + "TargetType": "AWS::RDS::DBCluster" + } + }, + "PostgresCluster5A5B7BE8": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "Engine": "aurora-postgresql", + "BackupRetentionPeriod": 1, + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-postgresql12", + "DBSubnetGroupName": { + "Ref": "PostgresClusterSubnetsFC10D676" + }, + "EngineVersion": "12.4", + "KmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresClusterSecretEB353FC9" + }, + ":SecretString:username::}}" + ] + ] + }, + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresClusterSecretEB353FC9" + }, + ":SecretString:password::}}" + ] + ] + }, + "Port": 5432, + "StorageEncrypted": true, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "PostgresClusterSecurityGroupA7EFBA97", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgresClusterInstance1A52CA01E": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBInstanceClass": "db.t3.medium", + "DBClusterIdentifier": { + "Ref": "PostgresCluster5A5B7BE8" + }, + "DBSubnetGroupName": { + "Ref": "PostgresClusterSubnetsFC10D676" + }, + "Engine": "aurora-postgresql", + "EngineVersion": "12.4" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Outputs": { + "ExportsOutputRefMySQLInstanceA2499B9D2BD8E026": { + "Value": { + "Ref": "MySQLInstanceA2499B9D" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + } + }, + "ExportsOutputRefMySQLClusterD5C73C3376F94030": { + "Value": { + "Ref": "MySQLClusterD5C73C33" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + } + }, + "ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9": { + "Value": { + "Ref": "PostgresInstance8F00D2DD" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + } + }, + "ExportsOutputFnGetAttKey961B73FDArn5A860C43": { + "Value": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + } + }, + "ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78": { + "Value": { + "Ref": "PostgresCluster5A5B7BE8" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.assets.json new file mode 100644 index 0000000..2909f56 --- /dev/null +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.assets.json @@ -0,0 +1,58 @@ +{ + "version": "15.0.0", + "files": { + "5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7": { + "source": { + "path": "asset.5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.lambda", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827": { + "source": { + "path": "asset.b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6": { + "source": { + "path": "asset.d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.lambda", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "17d658ef3bb9ea4c46d603253e8080f1c583bca7e2874fe7af1d36d989cacd2b": { + "source": { + "path": "RDS-Sanitized-Snapshotter-SFN.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "17d658ef3bb9ea4c46d603253e8080f1c583bca7e2874fe7af1d36d989cacd2b.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.template.json new file mode 100644 index 0000000..2a9592f --- /dev/null +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.template.json @@ -0,0 +1,6402 @@ +{ + "Resources": { + "MySQLInstanceSnapshotterSGC75DA465": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Group for communication between sanitizing job and database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "RDS-sanitized-snapshots" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "MySQLInstanceSnapshotterSGfromRDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1ALLPORTSE497E70E": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1:ALL PORTS", + "FromPort": 0, + "GroupId": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "ToPort": 65535 + } + }, + "MySQLInstanceSnapshotterSubnetgroup503CB3B3": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "MySQLInstanceSnapshottercluster86DF6015": { + "Type": "AWS::ECS::Cluster" + }, + "MySQLInstanceSnapshotterparametersServiceRole0017B602": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MySQLInstanceSnapshotterparametersServiceRoleDefaultPolicyD8BFD2E0": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MySQLInstanceSnapshotterparametersServiceRoleDefaultPolicyD8BFD2E0", + "Roles": [ + { + "Ref": "MySQLInstanceSnapshotterparametersServiceRole0017B602" + } + ] + } + }, + "MySQLInstanceSnapshotterparameters53B0A6E1": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.zip" + }, + "Role": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterparametersServiceRole0017B602", + "Arn" + ] + }, + "Description": "src/parameters.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MySQLInstanceSnapshotterparametersServiceRoleDefaultPolicyD8BFD2E0", + "MySQLInstanceSnapshotterparametersServiceRole0017B602" + ] + }, + "MySQLInstanceSnapshotterparametersLogRetention879E313F": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "MySQLInstanceSnapshotterparameters53B0A6E1" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MySQLInstanceSnapshotterwaitServiceRoleDefaultPolicyE6063975": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:mysql-instance-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MySQLInstanceSnapshotterwaitServiceRoleDefaultPolicyE6063975", + "Roles": [ + { + "Ref": "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2" + } + ] + } + }, + "MySQLInstanceSnapshotterwait17927A95": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.zip" + }, + "Role": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2", + "Arn" + ] + }, + "Description": "src/wait.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MySQLInstanceSnapshotterwaitServiceRoleDefaultPolicyE6063975", + "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2" + ] + }, + "MySQLInstanceSnapshotterwaitLogRetentionE2296216": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "MySQLInstanceSnapshotterwait17927A95" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "MySQLInstanceSnapshotterLogs55691739": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLInstanceSnapshotterMySQLTask45C5FE96": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "Essential": false, + "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLInstanceSnapshotterLogs55691739" + }, + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": false, + "SourceVolume": "config" + } + ], + "Name": "config" + }, + { + "Command": [ + "mysql", + "-e", + "SELECT 1" + ], + "DependsOn": [ + { + "Condition": "SUCCESS", + "ContainerName": "config" + } + ], + "Essential": true, + "Image": "public.ecr.aws/lts/mysql:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLInstanceSnapshotterLogs55691739" + }, + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": true, + "SourceVolume": "config" + } + ], + "Name": "mysql" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterMySQLTask5753E21D", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36", + "Arn" + ] + }, + "Volumes": [ + { + "Host": {}, + "Name": "config" + } + ] + } + }, + "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicy99EE7B1E": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterLogs55691739", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MySQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicy99EE7B1E", + "Roles": [ + { + "Ref": "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7" + } + ] + } + }, + "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "psql", + "-c", + "SELECT 1" + ], + "Essential": true, + "Image": "public.ecr.aws/lts/postgres:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLInstanceSnapshotterLogs55691739" + }, + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "Name": "postgres" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterPostreSQLTask702D64B7", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085", + "Arn" + ] + } + } + }, + "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy78800565": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterLogs55691739", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MySQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy78800565", + "Roles": [ + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33" + } + ] + } + }, + "MySQLInstanceSnapshotterDirectorRoleE2669C80": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLInstanceSnapshotterDirectorRoleDefaultPolicyF62C2EC2": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterparameters53B0A6E1", + "Arn" + ] + } + }, + { + "Action": "rds:deleteDBSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + } + }, + { + "Action": "rds:restoreDBInstanceFromDBSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "MySQLInstanceSnapshotterSubnetgroup503CB3B3" + } + ] + ] + } + ] + }, + { + "Action": "rds:modifyDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:describeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33", + "Arn" + ] + } + ] + }, + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:mysql-instance-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MySQLInstanceSnapshotterDirectorRoleDefaultPolicyF62C2EC2", + "Roles": [ + { + "Ref": "MySQLInstanceSnapshotterDirectorRoleE2669C80" + } + ] + } + }, + "MySQLInstanceSnapshotterDirector69A6B7B4": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterDirectorRoleE2669C80", + "Arn" + ] + }, + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterparameters53B0A6E1", + "Arn" + ] + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":false,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\",\"databaseKey\":\"\",\"snapshotPrefix\":\"mysql-instance-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.databaseIdentifier\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":false}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBInstanceFromDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "MySQLInstanceSnapshotterSubnetgroup503CB3B3" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Get Temporary Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbInstances[0].Endpoint.Address\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBInstances\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshottercluster86DF6015", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterMySQLTask5753E21D\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"DbSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshottercluster86DF6015", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterPostreSQLTask702D64B7\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":false}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBSnapshot\",\"Parameters\":{\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] + } + }, + "DependsOn": [ + "MySQLInstanceSnapshotterDirectorRoleDefaultPolicyF62C2EC2", + "MySQLInstanceSnapshotterDirectorRoleE2669C80" + ] + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:PutRetentionPolicy", + "logs:DeleteRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "Roles": [ + { + "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Runtime": "nodejs14.x", + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827.zip" + }, + "Role": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", + "Arn" + ] + } + }, + "DependsOn": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + ] + }, + "MySQLClusterSnapshotterSGF5188D63": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Group for communication between sanitizing job and database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "RDS-sanitized-snapshots" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "MySQLClusterSnapshotterSGfromRDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1ALLPORTS9D3E93FA": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1:ALL PORTS", + "FromPort": 0, + "GroupId": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "ToPort": 65535 + } + }, + "MySQLClusterSnapshotterSubnetgroupF2F35C6A": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "MySQLClusterSnapshottercluster9B2B4982": { + "Type": "AWS::ECS::Cluster" + }, + "MySQLClusterSnapshotterparametersServiceRole4959428F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MySQLClusterSnapshotterparametersServiceRoleDefaultPolicy9544C62B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + } + ] + ] + } + }, + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MySQLClusterSnapshotterparametersServiceRoleDefaultPolicy9544C62B", + "Roles": [ + { + "Ref": "MySQLClusterSnapshotterparametersServiceRole4959428F" + } + ] + } + }, + "MySQLClusterSnapshotterparametersAF9FF89F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.zip" + }, + "Role": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterparametersServiceRole4959428F", + "Arn" + ] + }, + "Description": "src/parameters.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MySQLClusterSnapshotterparametersServiceRoleDefaultPolicy9544C62B", + "MySQLClusterSnapshotterparametersServiceRole4959428F" + ] + }, + "MySQLClusterSnapshotterparametersLogRetention49B4A2F1": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "MySQLClusterSnapshotterparametersAF9FF89F" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "MySQLClusterSnapshotterwaitServiceRoleD1DB455D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MySQLClusterSnapshotterwaitServiceRoleDefaultPolicy9E878AF7": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:mysql-cluster-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MySQLClusterSnapshotterwaitServiceRoleDefaultPolicy9E878AF7", + "Roles": [ + { + "Ref": "MySQLClusterSnapshotterwaitServiceRoleD1DB455D" + } + ] + } + }, + "MySQLClusterSnapshotterwait73D57C6D": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.zip" + }, + "Role": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwaitServiceRoleD1DB455D", + "Arn" + ] + }, + "Description": "src/wait.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "MySQLClusterSnapshotterwaitServiceRoleDefaultPolicy9E878AF7", + "MySQLClusterSnapshotterwaitServiceRoleD1DB455D" + ] + }, + "MySQLClusterSnapshotterwaitLogRetention01D1F254": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "MySQLClusterSnapshotterwait73D57C6D" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "MySQLClusterSnapshotterLogs987A7E0A": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLClusterSnapshotterMySQLTask8414A409": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "Essential": false, + "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLClusterSnapshotterLogs987A7E0A" + }, + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": false, + "SourceVolume": "config" + } + ], + "Name": "config" + }, + { + "Command": [ + "mysql", + "-e", + "SELECT 1" + ], + "DependsOn": [ + { + "Condition": "SUCCESS", + "ContainerName": "config" + } + ], + "Essential": true, + "Image": "public.ecr.aws/lts/mysql:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLClusterSnapshotterLogs987A7E0A" + }, + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": true, + "SourceVolume": "config" + } + ], + "Name": "mysql" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterMySQLTask813891E0", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027", + "Arn" + ] + }, + "Volumes": [ + { + "Host": {}, + "Name": "config" + } + ] + } + }, + "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy109BFD8B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterLogs987A7E0A", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MySQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy109BFD8B", + "Roles": [ + { + "Ref": "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA" + } + ] + } + }, + "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLClusterSnapshotterPostreSQLTaskB18030B4": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "psql", + "-c", + "SELECT 1" + ], + "Essential": true, + "Image": "public.ecr.aws/lts/postgres:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLClusterSnapshotterLogs987A7E0A" + }, + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "Name": "postgres" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterPostreSQLTask8BE86494", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54", + "Arn" + ] + } + } + }, + "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyBFF6CA44": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterLogs987A7E0A", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MySQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyBFF6CA44", + "Roles": [ + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0" + } + ] + } + }, + "MySQLClusterSnapshotterDirectorRole6035EB89": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLClusterSnapshotterDirectorRoleDefaultPolicy78A869F9": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterparametersAF9FF89F", + "Arn" + ] + } + }, + { + "Action": "rds:deleteDBClusterSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBClusterSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + } + }, + { + "Action": "rds:restoreDBClusterFromSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "MySQLClusterSnapshotterSubnetgroupF2F35C6A" + } + ] + ] + } + ] + }, + { + "Action": "rds:modifyDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBInstance", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + }, + { + "Action": "rds:describeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0", + "Arn" + ] + } + ] + }, + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:mysql-cluster-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MySQLClusterSnapshotterDirectorRoleDefaultPolicy78A869F9", + "Roles": [ + { + "Ref": "MySQLClusterSnapshotterDirectorRole6035EB89" + } + ] + } + }, + "MySQLClusterSnapshotterDirector73A14BB0": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterDirectorRole6035EB89", + "Arn" + ] + }, + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterparametersAF9FF89F", + "Arn" + ] + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":true,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\",\"databaseKey\":\"\",\"snapshotPrefix\":\"mysql-cluster-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.databaseIdentifier\",\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":true}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBClusterFromSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"SnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "MySQLClusterSnapshotterSubnetgroupF2F35C6A" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Create Temporary Instance\":{\"Next\":\"Wait for Temporary Instance\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbInstanceId\",\"isCluster\":true}},\"Get Temporary Cluster Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbClusters[0].Endpoint\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBClusters\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshottercluster9B2B4982", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterMySQLTask813891E0\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbClusterSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshottercluster9B2B4982", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterPostreSQLTask8BE86494\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":true}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"SkipFinalSnapshot\":true}}}},{\"StartAt\":\"Temporary Database\",\"States\":{\"Temporary Database\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] + } + }, + "DependsOn": [ + "MySQLClusterSnapshotterDirectorRoleDefaultPolicy78A869F9", + "MySQLClusterSnapshotterDirectorRole6035EB89" + ] + }, + "PostgreSQLInstanceSnapshotterSG97FD02BB": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Group for communication between sanitizing job and database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "RDS-sanitized-snapshots" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "PostgreSQLInstanceSnapshotterSGfromRDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5AALLPORTSEF1B0737": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5A:ALL PORTS", + "FromPort": 0, + "GroupId": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "ToPort": 65535 + } + }, + "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "PostgreSQLInstanceSnapshottercluster067EC069": { + "Type": "AWS::ECS::Cluster" + }, + "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "PostgreSQLInstanceSnapshotterparametersServiceRoleDefaultPolicy9C4B4594": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PostgreSQLInstanceSnapshotterparametersServiceRoleDefaultPolicy9C4B4594", + "Roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterparametersA0CF862A": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.zip" + }, + "Role": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630", + "Arn" + ] + }, + "Description": "src/parameters.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "PostgreSQLInstanceSnapshotterparametersServiceRoleDefaultPolicy9C4B4594", + "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630" + ] + }, + "PostgreSQLInstanceSnapshotterparametersLogRetentionED632F48": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "PostgreSQLInstanceSnapshotterparametersA0CF862A" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "PostgreSQLInstanceSnapshotterwaitServiceRoleDefaultPolicy20C24234": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:psql-instance-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PostgreSQLInstanceSnapshotterwaitServiceRoleDefaultPolicy20C24234", + "Roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterwaitE64141BC": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.zip" + }, + "Role": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF", + "Arn" + ] + }, + "Description": "src/wait.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "PostgreSQLInstanceSnapshotterwaitServiceRoleDefaultPolicy20C24234", + "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF" + ] + }, + "PostgreSQLInstanceSnapshotterwaitLogRetentionB9508260": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "PostgreSQLInstanceSnapshotterwaitE64141BC" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "PostgreSQLInstanceSnapshotterLogsF028D514": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLInstanceSnapshotterMySQLTask53136402": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "Essential": false, + "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" + }, + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": false, + "SourceVolume": "config" + } + ], + "Name": "config" + }, + { + "Command": [ + "mysql", + "-e", + "SELECT 1" + ], + "DependsOn": [ + { + "Condition": "SUCCESS", + "ContainerName": "config" + } + ], + "Essential": true, + "Image": "public.ecr.aws/lts/mysql:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" + }, + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": true, + "SourceVolume": "config" + } + ], + "Name": "mysql" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterMySQLTask1F6F549C", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11", + "Arn" + ] + }, + "Volumes": [ + { + "Host": {}, + "Name": "config" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicyBC957120": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterLogsF028D514", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicyBC957120", + "Roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "psql", + "-c", + "SELECT 1" + ], + "Essential": true, + "Image": "public.ecr.aws/lts/postgres:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" + }, + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "Name": "postgres" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterPostreSQLTask00FF05BB", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB", + "Arn" + ] + } + } + }, + "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy9201194B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterLogsF028D514", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy9201194B", + "Roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterDirectorRole89143BB2": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLInstanceSnapshotterDirectorRoleDefaultPolicyC372C868": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterparametersA0CF862A", + "Arn" + ] + } + }, + { + "Action": "rds:deleteDBSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + } + }, + { + "Action": "rds:restoreDBInstanceFromDBSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE" + } + ] + ] + } + ] + }, + { + "Action": "rds:modifyDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:describeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB", + "Arn" + ] + } + ] + }, + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:psql-instance-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PostgreSQLInstanceSnapshotterDirectorRoleDefaultPolicyC372C868", + "Roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterDirectorRole89143BB2" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterDirector22C6400C": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterDirectorRole89143BB2", + "Arn" + ] + }, + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterparametersA0CF862A", + "Arn" + ] + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":false,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\",\"databaseKey\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + }, + "\",\"snapshotPrefix\":\"psql-instance-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.databaseIdentifier\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":false}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBInstanceFromDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Get Temporary Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbInstances[0].Endpoint.Address\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBInstances\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshottercluster067EC069", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterMySQLTask1F6F549C\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"DbSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshottercluster067EC069", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterPostreSQLTask00FF05BB\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":false}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBSnapshot\",\"Parameters\":{\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] + } + }, + "DependsOn": [ + "PostgreSQLInstanceSnapshotterDirectorRoleDefaultPolicyC372C868", + "PostgreSQLInstanceSnapshotterDirectorRole89143BB2" + ] + }, + "SnapshotKey0EDEBDF6": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "Description": "RDS sanitize test target key" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "PostgreSQLClusterSnapshotterSG7FF985A8": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Group for communication between sanitizing job and database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "RDS-sanitized-snapshots" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "PostgreSQLClusterSnapshotterSGfromRDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838ALLPORTS45F04871": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838:ALL PORTS", + "FromPort": 0, + "GroupId": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "ToPort": 65535 + } + }, + "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "PostgreSQLClusterSnapshotterclusterD066B562": { + "Type": "AWS::ECS::Cluster" + }, + "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "PostgreSQLClusterSnapshotterparametersServiceRoleDefaultPolicy82F25ECA": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + } + ] + ] + } + }, + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PostgreSQLClusterSnapshotterparametersServiceRoleDefaultPolicy82F25ECA", + "Roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28" + } + ] + } + }, + "PostgreSQLClusterSnapshotterparameters25147BEC": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.zip" + }, + "Role": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28", + "Arn" + ] + }, + "Description": "src/parameters.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "PostgreSQLClusterSnapshotterparametersServiceRoleDefaultPolicy82F25ECA", + "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28" + ] + }, + "PostgreSQLClusterSnapshotterparametersLogRetention51777008": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "PostgreSQLClusterSnapshotterparameters25147BEC" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "PostgreSQLClusterSnapshotterwaitServiceRoleDefaultPolicyB7AEBC76": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:psql-cluster-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PostgreSQLClusterSnapshotterwaitServiceRoleDefaultPolicyB7AEBC76", + "Roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C" + } + ] + } + }, + "PostgreSQLClusterSnapshotterwait7A15A210": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.zip" + }, + "Role": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C", + "Arn" + ] + }, + "Description": "src/wait.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "PostgreSQLClusterSnapshotterwaitServiceRoleDefaultPolicyB7AEBC76", + "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C" + ] + }, + "PostgreSQLClusterSnapshotterwaitLogRetention454520B8": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "PostgreSQLClusterSnapshotterwait7A15A210" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "PostgreSQLClusterSnapshotterLogsD5C5A603": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "Essential": false, + "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" + }, + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": false, + "SourceVolume": "config" + } + ], + "Name": "config" + }, + { + "Command": [ + "mysql", + "-e", + "SELECT 1" + ], + "DependsOn": [ + { + "Condition": "SUCCESS", + "ContainerName": "config" + } + ], + "Essential": true, + "Image": "public.ecr.aws/lts/mysql:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" + }, + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": true, + "SourceVolume": "config" + } + ], + "Name": "mysql" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterMySQLTask9865F232", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904", + "Arn" + ] + }, + "Volumes": [ + { + "Host": {}, + "Name": "config" + } + ] + } + }, + "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy6066AB09": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterLogsD5C5A603", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PostgreSQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy6066AB09", + "Roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B" + } + ] + } + }, + "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "psql", + "-c", + "SELECT 1" + ], + "Essential": true, + "Image": "public.ecr.aws/lts/postgres:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" + }, + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "Name": "postgres" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterPostreSQLTask914B7835", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360", + "Arn" + ] + } + } + }, + "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyC9A9FEA1": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterLogsD5C5A603", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyC9A9FEA1", + "Roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24" + } + ] + } + }, + "PostgreSQLClusterSnapshotterDirectorRole38961E19": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLClusterSnapshotterDirectorRoleDefaultPolicy6668829B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterparameters25147BEC", + "Arn" + ] + } + }, + { + "Action": "rds:deleteDBClusterSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBClusterSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + } + }, + { + "Action": "rds:copyDBClusterSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:restoreDBClusterFromSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3" + } + ] + ] + } + ] + }, + { + "Action": "rds:modifyDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBInstance", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + }, + { + "Action": "rds:describeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24", + "Arn" + ] + } + ] + }, + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:psql-cluster-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "SnapshotKey0EDEBDF6", + "Arn" + ] + } + }, + { + "Action": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "PostgreSQLClusterSnapshotterDirectorRoleDefaultPolicy6668829B", + "Roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterDirectorRole38961E19" + } + ] + } + }, + "PostgreSQLClusterSnapshotterDirector864DA8F0": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterDirectorRole38961E19", + "Arn" + ] + }, + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterparameters25147BEC", + "Arn" + ] + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":true,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\",\"databaseKey\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + }, + "\",\"snapshotPrefix\":\"psql-cluster-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.databaseIdentifier\",\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Re-encrypt Snapshot\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":true}},\"Re-encrypt Snapshot\":{\"Next\":\"Wait for Re-encrypt\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:copyDBClusterSnapshot\",\"Parameters\":{\"SourceDBClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"TargetDBClusterSnapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"KmsKeyId\":\"", + { + "Ref": "SnapshotKey0EDEBDF6" + }, + "\",\"CopyTags\":false,\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"}]}},\"Wait for Re-encrypt\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"isCluster\":true}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBClusterFromSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"SnapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Create Temporary Instance\":{\"Next\":\"Wait for Temporary Instance\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbInstanceId\",\"isCluster\":true}},\"Get Temporary Cluster Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbClusters[0].Endpoint\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBClusters\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterclusterD066B562", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterMySQLTask9865F232\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbClusterSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterclusterD066B562", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterPostreSQLTask914B7835\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":true}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Re-encrypted Snapshot\",\"States\":{\"Re-encrypted Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempEncSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"SkipFinalSnapshot\":true}}}},{\"StartAt\":\"Temporary Database\",\"States\":{\"Temporary Database\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] + } + }, + "DependsOn": [ + "PostgreSQLClusterSnapshotterDirectorRoleDefaultPolicy6668829B", + "PostgreSQLClusterSnapshotterDirectorRole38961E19" + ] + } + }, + "Outputs": { + "ExportsOutputRefMySQLInstanceSnapshotterDirector69A6B7B421EEFD9B": { + "Value": { + "Ref": "MySQLInstanceSnapshotterDirector69A6B7B4" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLInstanceSnapshotterDirector69A6B7B421EEFD9B" + } + }, + "ExportsOutputRefMySQLClusterSnapshotterDirector73A14BB07F203611": { + "Value": { + "Ref": "MySQLClusterSnapshotterDirector73A14BB0" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLClusterSnapshotterDirector73A14BB07F203611" + } + }, + "ExportsOutputRefPostgreSQLInstanceSnapshotterDirector22C6400CD7D4E9FC": { + "Value": { + "Ref": "PostgreSQLInstanceSnapshotterDirector22C6400C" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLInstanceSnapshotterDirector22C6400CD7D4E9FC" + } + }, + "ExportsOutputRefPostgreSQLClusterSnapshotterDirector864DA8F006C62DA7": { + "Value": { + "Ref": "PostgreSQLClusterSnapshotterDirector864DA8F0" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLClusterSnapshotterDirector864DA8F006C62DA7" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.assets.json new file mode 100644 index 0000000..c53a2fe --- /dev/null +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.assets.json @@ -0,0 +1,71 @@ +{ + "version": "15.0.0", + "files": { + "3446fd82a47f49c558b2de9e42f2d88af4e265e9712bf45b83f5025d7fc27879": { + "source": { + "path": "asset.3446fd82a47f49c558b2de9e42f2d88af4e265e9712bf45b83f5025d7fc27879.lambda", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "3446fd82a47f49c558b2de9e42f2d88af4e265e9712bf45b83f5025d7fc27879.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827": { + "source": { + "path": "asset.b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "6fd57284276a7ee493422fefa53053d288e54e22ba62cc2c03e53c2590c9d28d": { + "source": { + "path": "asset.6fd57284276a7ee493422fefa53053d288e54e22ba62cc2c03e53c2590c9d28d.lambda", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "6fd57284276a7ee493422fefa53053d288e54e22ba62cc2c03e53c2590c9d28d.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c": { + "source": { + "path": "asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c", + "packaging": "zip" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + }, + "bb258c0c235df6983b581ef5f8fa23dd95cbab81e4841e2d128edd433a36235a": { + "source": { + "path": "RDS-Sanitized-Snapshotter-Test.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "bb258c0c235df6983b581ef5f8fa23dd95cbab81e4841e2d128edd433a36235a.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.template.json new file mode 100644 index 0000000..06f1e98 --- /dev/null +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.template.json @@ -0,0 +1,903 @@ +{ + "Resources": { + "TestServiceRoleCF49002B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "TestServiceRoleDefaultPolicyE51BF2AA": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "states:StartExecution", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "TestServiceRoleDefaultPolicyE51BF2AA", + "Roles": [ + { + "Ref": "TestServiceRoleCF49002B" + } + ] + } + }, + "Test7BFAF513": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "3446fd82a47f49c558b2de9e42f2d88af4e265e9712bf45b83f5025d7fc27879.zip" + }, + "Role": { + "Fn::GetAtt": [ + "TestServiceRoleCF49002B", + "Arn" + ] + }, + "Description": "src/test.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x" + }, + "DependsOn": [ + "TestServiceRoleDefaultPolicyE51BF2AA", + "TestServiceRoleCF49002B" + ] + }, + "TestLogRetention7A4CD73F": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "Test7BFAF513" + } + ] + ] + }, + "RetentionInDays": 1 + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:PutRetentionPolicy", + "logs:DeleteRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "Roles": [ + { + "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Runtime": "nodejs14.x", + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827.zip" + }, + "Role": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", + "Arn" + ] + } + }, + "DependsOn": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + ] + }, + "WaitServiceRole80F0B8D7": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "WaitServiceRoleDefaultPolicy527907DE": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeExecution", + "rds:describeDBClusterSnapshots", + "rds:DeleteDBClusterSnapshot", + "rds:DescribeDBSnapshots", + "rds:DeleteDBSnapshot" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "WaitServiceRoleDefaultPolicy527907DE", + "Roles": [ + { + "Ref": "WaitServiceRole80F0B8D7" + } + ] + } + }, + "Wait4449FB25": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "6fd57284276a7ee493422fefa53053d288e54e22ba62cc2c03e53c2590c9d28d.zip" + }, + "Role": { + "Fn::GetAtt": [ + "WaitServiceRole80F0B8D7", + "Arn" + ] + }, + "Description": "src/test-wait.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs14.x", + "Timeout": 180 + }, + "DependsOn": [ + "WaitServiceRoleDefaultPolicy527907DE", + "WaitServiceRole80F0B8D7" + ] + }, + "WaitLogRetentionD0E6D74E": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "Wait4449FB25" + } + ] + ] + }, + "RetentionInDays": 1 + } + }, + "ProviderframeworkonEventServiceRole9FF04296": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + } + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + } + }, + { + "Action": "states:StartExecution", + "Effect": "Allow", + "Resource": { + "Ref": "Providerwaiterstatemachine5D4A9DF0" + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", + "Roles": [ + { + "Ref": "ProviderframeworkonEventServiceRole9FF04296" + } + ] + } + }, + "ProviderframeworkonEvent83C1D0A7": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkonEventServiceRole9FF04296", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - onEvent (RDS-Sanitized-Snapshotter-Test/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + }, + "WAITER_STATE_MACHINE_ARN": { + "Ref": "Providerwaiterstatemachine5D4A9DF0" + } + } + }, + "Handler": "framework.onEvent", + "Runtime": "nodejs12.x", + "Timeout": 900 + }, + "DependsOn": [ + "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", + "ProviderframeworkonEventServiceRole9FF04296" + ] + }, + "ProviderframeworkonEventLogRetention74EACA97": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "ProviderframeworkonEvent83C1D0A7" + } + ] + ] + }, + "RetentionInDays": 1 + } + }, + "ProviderframeworkisCompleteServiceRoleB1087139": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + } + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", + "Roles": [ + { + "Ref": "ProviderframeworkisCompleteServiceRoleB1087139" + } + ] + } + }, + "ProviderframeworkisComplete26D7B0CB": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkisCompleteServiceRoleB1087139", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - isComplete (RDS-Sanitized-Snapshotter-Test/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + } + } + }, + "Handler": "framework.isComplete", + "Runtime": "nodejs12.x", + "Timeout": 900 + }, + "DependsOn": [ + "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", + "ProviderframeworkisCompleteServiceRoleB1087139" + ] + }, + "ProviderframeworkisCompleteLogRetentionC7DBBE41": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "ProviderframeworkisComplete26D7B0CB" + } + ] + ] + }, + "RetentionInDays": 1 + } + }, + "ProviderframeworkonTimeoutServiceRole28643D26": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + } + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", + "Roles": [ + { + "Ref": "ProviderframeworkonTimeoutServiceRole28643D26" + } + ] + } + }, + "ProviderframeworkonTimeout0B47CA38": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkonTimeoutServiceRole28643D26", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - onTimeout (RDS-Sanitized-Snapshotter-Test/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + } + } + }, + "Handler": "framework.onTimeout", + "Runtime": "nodejs12.x", + "Timeout": 900 + }, + "DependsOn": [ + "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", + "ProviderframeworkonTimeoutServiceRole28643D26" + ] + }, + "ProviderframeworkonTimeoutLogRetentionE4EB0919": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "ProviderframeworkonTimeout0B47CA38" + } + ] + ] + }, + "RetentionInDays": 1 + } + }, + "ProviderwaiterstatemachineRole0C7159F9": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ProviderframeworkisComplete26D7B0CB", + "Arn" + ] + } + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ProviderframeworkonTimeout0B47CA38", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", + "Roles": [ + { + "Ref": "ProviderwaiterstatemachineRole0C7159F9" + } + ] + } + }, + "Providerwaiterstatemachine5D4A9DF0": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"framework-isComplete-task\",\"States\":{\"framework-isComplete-task\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":5,\"MaxAttempts\":360,\"BackoffRate\":1}],\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"Next\":\"framework-onTimeout-task\"}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "ProviderframeworkisComplete26D7B0CB", + "Arn" + ] + }, + "\"},\"framework-onTimeout-task\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "ProviderframeworkonTimeout0B47CA38", + "Arn" + ] + }, + "\"}}}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "ProviderwaiterstatemachineRole0C7159F9", + "Arn" + ] + } + }, + "DependsOn": [ + "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", + "ProviderwaiterstatemachineRole0C7159F9" + ] + }, + "TestMySQLInstance": { + "Type": "AWS::CloudFormation::CustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "ProviderframeworkonEvent83C1D0A7", + "Arn" + ] + }, + "StepFunctionArn": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLInstanceSnapshotterDirector69A6B7B421EEFD9B" + }, + "AlwaysRun": 0.6847972668183793 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "TestMySQLCluster": { + "Type": "AWS::CloudFormation::CustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "ProviderframeworkonEvent83C1D0A7", + "Arn" + ] + }, + "StepFunctionArn": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLClusterSnapshotterDirector73A14BB07F203611" + }, + "AlwaysRun": 0.14812968616823485 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "TestPostgreSQLInstance": { + "Type": "AWS::CloudFormation::CustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "ProviderframeworkonEvent83C1D0A7", + "Arn" + ] + }, + "StepFunctionArn": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLInstanceSnapshotterDirector22C6400CD7D4E9FC" + }, + "AlwaysRun": 0.8329048601954834 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "TestPostgreSQLCluster": { + "Type": "AWS::CloudFormation::CustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "ProviderframeworkonEvent83C1D0A7", + "Arn" + ] + }, + "StepFunctionArn": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLClusterSnapshotterDirector864DA8F006C62DA7" + }, + "AlwaysRun": 0.33232458203896487 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.assets.json new file mode 100644 index 0000000..f40b611 --- /dev/null +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.assets.json @@ -0,0 +1,19 @@ +{ + "version": "15.0.0", + "files": { + "e1ad50fff358a4d76a975fbed49a11be9092a80929266a283050aeb617026a8a": { + "source": { + "path": "RDS-Sanitized-Snapshotter-VPC.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "e1ad50fff358a4d76a975fbed49a11be9092a80929266a283050aeb617026a8a.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.template.json new file mode 100644 index 0000000..93bc5d3 --- /dev/null +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.template.json @@ -0,0 +1,545 @@ +{ + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC" + } + ] + } + }, + "VPCPublicSubnet1SubnetB4246D30": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.0.0/19", + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableFEE4B781": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "VPCPublicSubnet1DefaultRoute91CEF279": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet1EIP6AD938E8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1NATGatewayE0556630": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet2Subnet74179F39": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.32.0/19", + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTable6F1A15F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPrivateSubnet1Subnet8BCA10E0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.64.0/19", + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableBE8A6027": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.96.0/19", + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTable0A19E10E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "SubnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "VPCIsolatedSubnet1SubnetEBD00FC6": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.128.0/19", + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1" + } + ] + } + }, + "VPCIsolatedSubnet1RouteTableEB156210": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1" + } + ] + } + }, + "VPCIsolatedSubnet1RouteTableAssociationA2D18F7C": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCIsolatedSubnet1RouteTableEB156210" + }, + "SubnetId": { + "Ref": "VPCIsolatedSubnet1SubnetEBD00FC6" + } + } + }, + "VPCIsolatedSubnet1DefaultRoute97D5523A": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCIsolatedSubnet1RouteTableEB156210" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + } + } + }, + "VPCIsolatedSubnet2Subnet4B1C8CAA": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "CidrBlock": "10.0.160.0/19", + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2" + } + ] + } + }, + "VPCIsolatedSubnet2RouteTable9B4F78DC": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2" + } + ] + } + }, + "VPCIsolatedSubnet2RouteTableAssociation7BF8E0EB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCIsolatedSubnet2RouteTable9B4F78DC" + }, + "SubnetId": { + "Ref": "VPCIsolatedSubnet2Subnet4B1C8CAA" + } + } + }, + "VPCIsolatedSubnet2DefaultRoute5D7CAC57": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCIsolatedSubnet2RouteTable9B4F78DC" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + } + } + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC" + } + ] + } + }, + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + } + }, + "Outputs": { + "ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF": { + "Value": { + "Ref": "VPCIsolatedSubnet1SubnetEBD00FC6" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + } + }, + "ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81": { + "Value": { + "Ref": "VPCIsolatedSubnet2Subnet4B1C8CAA" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + }, + "ExportsOutputRefVPCB9E5F0B4BD23A326": { + "Value": { + "Ref": "VPCB9E5F0B4" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + }, + "ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7": { + "Value": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + } + }, + "ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D": { + "Value": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/test/default.integ.snapshot/asset.3446fd82a47f49c558b2de9e42f2d88af4e265e9712bf45b83f5025d7fc27879.lambda/index.js b/test/default.integ.snapshot/asset.3446fd82a47f49c558b2de9e42f2d88af4e265e9712bf45b83f5025d7fc27879.lambda/index.js new file mode 100644 index 0000000..6aba799 --- /dev/null +++ b/test/default.integ.snapshot/asset.3446fd82a47f49c558b2de9e42f2d88af4e265e9712bf45b83f5025d7fc27879.lambda/index.js @@ -0,0 +1,27 @@ +"use strict"; +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, mod)); + +// src/test.lambda.ts +var AWS = __toESM(require("aws-sdk")); +var sfn = new AWS.StepFunctions(); +exports.handler = async function(input) { + if (input.RequestType == "Create" || input.RequestType == "Update") { + const exec = await sfn.startExecution({ stateMachineArn: input.ResourceProperties.StepFunctionArn }).promise(); + return { PhysicalResourceId: exec.executionArn }; + } + return { PhysicalResourceId: input.PhysicalResourceId }; +}; diff --git a/test/default.integ.snapshot/asset.5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.lambda/index.js b/test/default.integ.snapshot/asset.5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.lambda/index.js new file mode 100644 index 0000000..828a808 --- /dev/null +++ b/test/default.integ.snapshot/asset.5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.lambda/index.js @@ -0,0 +1,125 @@ +"use strict"; +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, mod)); + +// src/parameters.lambda.ts +var crypto = __toESM(require("crypto")); +var AWS = __toESM(require("aws-sdk")); +var rds = new AWS.RDS(); +function getDockerImage(engine) { + if (engine.match(/(^aurora$|mysql|mariadb)/)) { + return "mysql"; + } else if (engine.match(/postgres/)) { + return "postgres"; + } else { + throw new Error(`"${engine}" is not a supported database engine`); + } +} +function confirmLength(name, value) { + let error; + if (value.length > 63) { + error = "is too long"; + } + if (!value.charAt(0).match(/[a-z]/i)) { + error = "does not start with a letter"; + } + if (value.indexOf("--") >= 0) { + error = "contains two consecutive hyphens"; + } + if (error) { + throw new Error(`"${name}" ${error}. Try adjusting 'tempPrefix' and/or 'snapshotPrefix'. Current value: ${value}`); + } +} +exports.handler = async function(input) { + var _a, _b; + let port; + let user; + let engine; + let kmsKeyId; + let instanceClass; + if (input.isCluster) { + const origDb = await rds.describeDBClusters({ DBClusterIdentifier: input.databaseIdentifier }).promise(); + if (!origDb.DBClusters || origDb.DBClusters.length != 1) { + throw new Error(`Unable to find ${input.databaseIdentifier}`); + } + const cluster = origDb.DBClusters[0]; + if (!cluster.Port || !cluster.MasterUsername || !cluster.DBClusterMembers) { + throw new Error(`Database missing some required parameters: ${JSON.stringify(cluster)}`); + } + const origInstances = await rds.describeDBInstances({ DBInstanceIdentifier: cluster.DBClusterMembers[0].DBInstanceIdentifier }).promise(); + if (!origInstances.DBInstances || origInstances.DBInstances.length < 1) { + throw new Error(`Unable to find instances for ${input.databaseIdentifier}`); + } + const instance = origInstances.DBInstances[0]; + if (!instance.DBInstanceClass) { + throw new Error(`Database instance missing class: ${JSON.stringify(instance)}`); + } + port = cluster.Port; + user = cluster.MasterUsername; + engine = cluster.Engine; + kmsKeyId = cluster.KmsKeyId; + instanceClass = instance.DBInstanceClass; + } else { + const origDb = await rds.describeDBInstances({ DBInstanceIdentifier: input.databaseIdentifier }).promise(); + if (!origDb.DBInstances || origDb.DBInstances.length != 1) { + throw new Error(`Unable to find ${input.databaseIdentifier}`); + } + const instance = origDb.DBInstances[0]; + if (!((_a = instance.Endpoint) == null ? void 0 : _a.Address) || !((_b = instance.Endpoint) == null ? void 0 : _b.Port) || !instance.MasterUsername) { + throw new Error(`Database missing some required parameters: ${JSON.stringify(instance)}`); + } + port = instance.Endpoint.Port; + user = instance.MasterUsername; + engine = instance.Engine; + kmsKeyId = instance.KmsKeyId; + instanceClass = instance.DBInstanceClass ?? "db.m5.large"; + } + if (input.databaseKey && input.databaseKey !== "") { + if (input.databaseKey !== kmsKeyId) { + throw new Error(`Database key (${kmsKeyId}) doesn't match databaseKey parameter (${input.databaseKey})`); + } + } + const timestamp = new Date(); + const snapshotSuffix = `-${timestamp.getUTCFullYear()}${timestamp.getUTCMonth().toString().padStart(2, "0")}${timestamp.getUTCDay().toString().padStart(2, "0")}${timestamp.getUTCHours().toString().padStart(2, "0")}${timestamp.getUTCMinutes().toString().padStart(2, "0")}`; + const targetSnapshotId = `${input.snapshotPrefix}${snapshotSuffix}`; + const tempSuffix = crypto.randomBytes(8).toString("hex"); + const result = { + databaseIdentifier: input.databaseIdentifier, + isCluster: input.isCluster, + engine: engine ?? "unknown", + tempSnapshotId: `${input.tempPrefix}-${tempSuffix}`, + tempEncSnapshotId: `${input.tempPrefix}-enc-${tempSuffix}`, + tempDbId: `${input.tempPrefix}-${tempSuffix}`, + tempDbInstanceId: `${input.tempPrefix}-inst-${tempSuffix}`, + tempDbInstanceClass: instanceClass, + targetSnapshotId, + dockerImage: getDockerImage(engine ?? ""), + tempDb: { + host: { + endpoint: "NOT KNOWN YET" + }, + port: port.toString(), + user, + password: crypto.randomBytes(16).toString("hex") + } + }; + confirmLength("tempSnapshotId", result.tempSnapshotId); + confirmLength("tempEncSnapshotId", result.tempEncSnapshotId); + confirmLength("tempDbId", result.tempDbId); + confirmLength("tempDbInstanceId", result.tempDbInstanceId); + confirmLength("targetSnapshotId", result.targetSnapshotId); + return result; +}; diff --git a/test/default.integ.snapshot/asset.6fd57284276a7ee493422fefa53053d288e54e22ba62cc2c03e53c2590c9d28d.lambda/index.js b/test/default.integ.snapshot/asset.6fd57284276a7ee493422fefa53053d288e54e22ba62cc2c03e53c2590c9d28d.lambda/index.js new file mode 100644 index 0000000..6951f51 --- /dev/null +++ b/test/default.integ.snapshot/asset.6fd57284276a7ee493422fefa53053d288e54e22ba62cc2c03e53c2590c9d28d.lambda/index.js @@ -0,0 +1,52 @@ +"use strict"; +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, mod)); + +// src/test-wait.lambda.ts +var AWS = __toESM(require("aws-sdk")); +var sfn = new AWS.StepFunctions(); +var rds = new AWS.RDS(); +exports.handler = async function(input) { + console.log(input.RequestType, input.PhysicalResourceId); + if (input.RequestType == "Create" || input.RequestType == "Update") { + const exec = await sfn.describeExecution({ executionArn: input.PhysicalResourceId }).promise(); + if (exec.status == "ABORTED" || exec.status == "FAILED" || exec.status == "TIMED_OUT") { + throw new Error(`Step function failed with: ${exec.status}`); + } + if (exec.status == "RUNNING") { + return { IsComplete: false }; + } + if (!exec.output) { + throw new Error("No output?"); + } + const output = JSON.parse(exec.output); + if (output.isCluster) { + const snapshots = await rds.describeDBClusterSnapshots({ DBClusterSnapshotIdentifier: output.targetSnapshotId }).promise(); + if (!snapshots.DBClusterSnapshots || snapshots.DBClusterSnapshots.length != 1) { + throw new Error(`Target cluster snapshot ${output.targetSnapshotId} does not exist`); + } + await rds.deleteDBClusterSnapshot({ DBClusterSnapshotIdentifier: output.targetSnapshotId }).promise(); + } else { + const snapshots = await rds.describeDBSnapshots({ DBSnapshotIdentifier: output.targetSnapshotId }).promise(); + if (!snapshots.DBSnapshots || snapshots.DBSnapshots.length != 1) { + throw new Error(`Target instance snapshot ${output.targetSnapshotId} does not exist`); + } + await rds.deleteDBSnapshot({ DBSnapshotIdentifier: output.targetSnapshotId }).promise(); + } + return { IsComplete: true }; + } + return { IsComplete: true }; +}; diff --git a/test/default.integ.snapshot/asset.b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827/index.d.ts b/test/default.integ.snapshot/asset.b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827/index.d.ts new file mode 100644 index 0000000..9bbf585 --- /dev/null +++ b/test/default.integ.snapshot/asset.b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827/index.d.ts @@ -0,0 +1 @@ +export declare function handler(event: AWSLambda.CloudFormationCustomResourceEvent, context: AWSLambda.Context): Promise; diff --git a/test/default.integ.snapshot/asset.b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827/index.js b/test/default.integ.snapshot/asset.b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827/index.js new file mode 100644 index 0000000..dabed6a --- /dev/null +++ b/test/default.integ.snapshot/asset.b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827/index.js @@ -0,0 +1,152 @@ +"use strict"; +/* eslint-disable no-console */ +Object.defineProperty(exports, "__esModule", { value: true }); +exports.handler = void 0; +// eslint-disable-next-line import/no-extraneous-dependencies +const AWS = require("aws-sdk"); +/** + * Creates a log group and doesn't throw if it exists. + * + * @param logGroupName the name of the log group to create. + * @param region to create the log group in + * @param options CloudWatch API SDK options. + */ +async function createLogGroupSafe(logGroupName, region, options) { + var _a; + // If we set the log retention for a lambda, then due to the async nature of + // Lambda logging there could be a race condition when the same log group is + // already being created by the lambda execution. This can sometime result in + // an error "OperationAbortedException: A conflicting operation is currently + // in progress...Please try again." + // To avoid an error, we do as requested and try again. + let retryCount = (options === null || options === void 0 ? void 0 : options.maxRetries) == undefined ? 10 : options.maxRetries; + const delay = ((_a = options === null || options === void 0 ? void 0 : options.retryOptions) === null || _a === void 0 ? void 0 : _a.base) == undefined ? 10 : options.retryOptions.base; + do { + try { + const cloudwatchlogs = new AWS.CloudWatchLogs({ apiVersion: '2014-03-28', region, ...options }); + await cloudwatchlogs.createLogGroup({ logGroupName }).promise(); + return; + } + catch (error) { + if (error.code === 'ResourceAlreadyExistsException') { + // The log group is already created by the lambda execution + return; + } + if (error.code === 'OperationAbortedException') { + if (retryCount > 0) { + retryCount--; + await new Promise(resolve => setTimeout(resolve, delay)); + continue; + } + else { + // The log group is still being created by another execution but we are out of retries + throw new Error('Out of attempts to create a logGroup'); + } + } + // Any other error + console.error(error); + throw error; + } + } while (true); // exit happens on retry count check +} +/** + * Puts or deletes a retention policy on a log group. + * + * @param logGroupName the name of the log group to create + * @param region the region of the log group + * @param options CloudWatch API SDK options. + * @param retentionInDays the number of days to retain the log events in the specified log group. + */ +async function setRetentionPolicy(logGroupName, region, options, retentionInDays) { + const cloudwatchlogs = new AWS.CloudWatchLogs({ apiVersion: '2014-03-28', region, ...options }); + if (!retentionInDays) { + await cloudwatchlogs.deleteRetentionPolicy({ logGroupName }).promise(); + } + else { + await cloudwatchlogs.putRetentionPolicy({ logGroupName, retentionInDays }).promise(); + } +} +async function handler(event, context) { + try { + console.log(JSON.stringify(event)); + // The target log group + const logGroupName = event.ResourceProperties.LogGroupName; + // The region of the target log group + const logGroupRegion = event.ResourceProperties.LogGroupRegion; + // Parse to AWS SDK retry options + const retryOptions = parseRetryOptions(event.ResourceProperties.SdkRetry); + if (event.RequestType === 'Create' || event.RequestType === 'Update') { + // Act on the target log group + await createLogGroupSafe(logGroupName, logGroupRegion, retryOptions); + await setRetentionPolicy(logGroupName, logGroupRegion, retryOptions, parseInt(event.ResourceProperties.RetentionInDays, 10)); + if (event.RequestType === 'Create') { + // Set a retention policy of 1 day on the logs of this very function. + // Due to the async nature of the log group creation, the log group for this function might + // still be not created yet at this point. Therefore we attempt to create it. + // In case it is being created, createLogGroupSafe will handle the conflic. + const region = process.env.AWS_REGION; + await createLogGroupSafe(`/aws/lambda/${context.functionName}`, region, retryOptions); + // If createLogGroupSafe fails, the log group is not created even after multiple attempts + // In this case we have nothing to set the retention policy on but an exception will skip + // the next line. + await setRetentionPolicy(`/aws/lambda/${context.functionName}`, region, retryOptions, 1); + } + } + await respond('SUCCESS', 'OK', logGroupName); + } + catch (e) { + console.log(e); + await respond('FAILED', e.message, event.ResourceProperties.LogGroupName); + } + function respond(responseStatus, reason, physicalResourceId) { + const responseBody = JSON.stringify({ + Status: responseStatus, + Reason: reason, + PhysicalResourceId: physicalResourceId, + StackId: event.StackId, + RequestId: event.RequestId, + LogicalResourceId: event.LogicalResourceId, + Data: { + // Add log group name as part of the response so that it's available via Fn::GetAtt + LogGroupName: event.ResourceProperties.LogGroupName, + }, + }); + console.log('Responding', responseBody); + // eslint-disable-next-line @typescript-eslint/no-require-imports + const parsedUrl = require('url').parse(event.ResponseURL); + const requestOptions = { + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { 'content-type': '', 'content-length': responseBody.length }, + }; + return new Promise((resolve, reject) => { + try { + // eslint-disable-next-line @typescript-eslint/no-require-imports + const request = require('https').request(requestOptions, resolve); + request.on('error', reject); + request.write(responseBody); + request.end(); + } + catch (e) { + reject(e); + } + }); + } + function parseRetryOptions(rawOptions) { + const retryOptions = {}; + if (rawOptions) { + if (rawOptions.maxRetries) { + retryOptions.maxRetries = parseInt(rawOptions.maxRetries, 10); + } + if (rawOptions.base) { + retryOptions.retryOptions = { + base: parseInt(rawOptions.base, 10), + }; + } + } + return retryOptions; + } +} +exports.handler = handler; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsK0JBQStCOzs7QUFFL0IsNkRBQTZEO0FBQzdELCtCQUErQjtBQVMvQjs7Ozs7O0dBTUc7QUFDSCxLQUFLLFVBQVUsa0JBQWtCLENBQUMsWUFBb0IsRUFBRSxNQUFlLEVBQUUsT0FBeUI7O0lBQ2hHLDRFQUE0RTtJQUM1RSw0RUFBNEU7SUFDNUUsNkVBQTZFO0lBQzdFLDRFQUE0RTtJQUM1RSxtQ0FBbUM7SUFDbkMsdURBQXVEO0lBQ3ZELElBQUksVUFBVSxHQUFHLENBQUEsT0FBTyxhQUFQLE9BQU8sdUJBQVAsT0FBTyxDQUFFLFVBQVUsS0FBSSxTQUFTLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQztJQUM1RSxNQUFNLEtBQUssR0FBRyxPQUFBLE9BQU8sYUFBUCxPQUFPLHVCQUFQLE9BQU8sQ0FBRSxZQUFZLDBDQUFFLElBQUksS0FBSSxTQUFTLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUM7SUFDeEYsR0FBRztRQUNELElBQUk7WUFDRixNQUFNLGNBQWMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxjQUFjLENBQUMsRUFBRSxVQUFVLEVBQUUsWUFBWSxFQUFFLE1BQU0sRUFBRSxHQUFHLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDaEcsTUFBTSxjQUFjLENBQUMsY0FBYyxDQUFDLEVBQUUsWUFBWSxFQUFFLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNoRSxPQUFPO1NBQ1I7UUFBQyxPQUFPLEtBQUssRUFBRTtZQUNkLElBQUksS0FBSyxDQUFDLElBQUksS0FBSyxnQ0FBZ0MsRUFBRTtnQkFDbkQsMkRBQTJEO2dCQUMzRCxPQUFPO2FBQ1I7WUFDRCxJQUFJLEtBQUssQ0FBQyxJQUFJLEtBQUssMkJBQTJCLEVBQUU7Z0JBQzlDLElBQUksVUFBVSxHQUFHLENBQUMsRUFBRTtvQkFDbEIsVUFBVSxFQUFFLENBQUM7b0JBQ2IsTUFBTSxJQUFJLE9BQU8sQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxPQUFPLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQztvQkFDekQsU0FBUztpQkFDVjtxQkFBTTtvQkFDTCxzRkFBc0Y7b0JBQ3RGLE1BQU0sSUFBSSxLQUFLLENBQUMsc0NBQXNDLENBQUMsQ0FBQztpQkFDekQ7YUFDRjtZQUNELGtCQUFrQjtZQUNsQixPQUFPLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBQ3JCLE1BQU0sS0FBSyxDQUFDO1NBQ2I7S0FDRixRQUFRLElBQUksRUFBRSxDQUFDLG9DQUFvQztBQUN0RCxDQUFDO0FBRUQ7Ozs7Ozs7R0FPRztBQUNILEtBQUssVUFBVSxrQkFBa0IsQ0FBQyxZQUFvQixFQUFFLE1BQWUsRUFBRSxPQUF5QixFQUFFLGVBQXdCO0lBQzFILE1BQU0sY0FBYyxHQUFHLElBQUksR0FBRyxDQUFDLGNBQWMsQ0FBQyxFQUFFLFVBQVUsRUFBRSxZQUFZLEVBQUUsTUFBTSxFQUFFLEdBQUcsT0FBTyxFQUFFLENBQUMsQ0FBQztJQUNoRyxJQUFJLENBQUMsZUFBZSxFQUFFO1FBQ3BCLE1BQU0sY0FBYyxDQUFDLHFCQUFxQixDQUFDLEVBQUUsWUFBWSxFQUFFLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztLQUN4RTtTQUFNO1FBQ0wsTUFBTSxjQUFjLENBQUMsa0JBQWtCLENBQUMsRUFBRSxZQUFZLEVBQUUsZUFBZSxFQUFFLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztLQUN0RjtBQUNILENBQUM7QUFFTSxLQUFLLFVBQVUsT0FBTyxDQUFDLEtBQWtELEVBQUUsT0FBMEI7SUFDMUcsSUFBSTtRQUNGLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO1FBRW5DLHVCQUF1QjtRQUN2QixNQUFNLFlBQVksR0FBRyxLQUFLLENBQUMsa0JBQWtCLENBQUMsWUFBWSxDQUFDO1FBRTNELHFDQUFxQztRQUNyQyxNQUFNLGNBQWMsR0FBRyxLQUFLLENBQUMsa0JBQWtCLENBQUMsY0FBYyxDQUFDO1FBRS9ELGlDQUFpQztRQUNqQyxNQUFNLFlBQVksR0FBRyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFMUUsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRTtZQUNwRSw4QkFBOEI7WUFDOUIsTUFBTSxrQkFBa0IsQ0FBQyxZQUFZLEVBQUUsY0FBYyxFQUFFLFlBQVksQ0FBQyxDQUFDO1lBQ3JFLE1BQU0sa0JBQWtCLENBQUMsWUFBWSxFQUFFLGNBQWMsRUFBRSxZQUFZLEVBQUUsUUFBUSxDQUFDLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxlQUFlLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQztZQUU3SCxJQUFJLEtBQUssQ0FBQyxXQUFXLEtBQUssUUFBUSxFQUFFO2dCQUNsQyxxRUFBcUU7Z0JBQ3JFLDJGQUEyRjtnQkFDM0YsNkVBQTZFO2dCQUM3RSwyRUFBMkU7Z0JBQzNFLE1BQU0sTUFBTSxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDO2dCQUN0QyxNQUFNLGtCQUFrQixDQUFDLGVBQWUsT0FBTyxDQUFDLFlBQVksRUFBRSxFQUFFLE1BQU0sRUFBRSxZQUFZLENBQUMsQ0FBQztnQkFDdEYseUZBQXlGO2dCQUN6Rix5RkFBeUY7Z0JBQ3pGLGlCQUFpQjtnQkFDakIsTUFBTSxrQkFBa0IsQ0FBQyxlQUFlLE9BQU8sQ0FBQyxZQUFZLEVBQUUsRUFBRSxNQUFNLEVBQUUsWUFBWSxFQUFFLENBQUMsQ0FBQyxDQUFDO2FBQzFGO1NBQ0Y7UUFFRCxNQUFNLE9BQU8sQ0FBQyxTQUFTLEVBQUUsSUFBSSxFQUFFLFlBQVksQ0FBQyxDQUFDO0tBQzlDO0lBQUMsT0FBTyxDQUFDLEVBQUU7UUFDVixPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBRWYsTUFBTSxPQUFPLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQyxPQUFPLEVBQUUsS0FBSyxDQUFDLGtCQUFrQixDQUFDLFlBQVksQ0FBQyxDQUFDO0tBQzNFO0lBRUQsU0FBUyxPQUFPLENBQUMsY0FBc0IsRUFBRSxNQUFjLEVBQUUsa0JBQTBCO1FBQ2pGLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUM7WUFDbEMsTUFBTSxFQUFFLGNBQWM7WUFDdEIsTUFBTSxFQUFFLE1BQU07WUFDZCxrQkFBa0IsRUFBRSxrQkFBa0I7WUFDdEMsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO1lBQ3RCLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUztZQUMxQixpQkFBaUIsRUFBRSxLQUFLLENBQUMsaUJBQWlCO1lBQzFDLElBQUksRUFBRTtnQkFDSixtRkFBbUY7Z0JBQ25GLFlBQVksRUFBRSxLQUFLLENBQUMsa0JBQWtCLENBQUMsWUFBWTthQUNwRDtTQUNGLENBQUMsQ0FBQztRQUVILE9BQU8sQ0FBQyxHQUFHLENBQUMsWUFBWSxFQUFFLFlBQVksQ0FBQyxDQUFDO1FBRXhDLGlFQUFpRTtRQUNqRSxNQUFNLFNBQVMsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMxRCxNQUFNLGNBQWMsR0FBRztZQUNyQixRQUFRLEVBQUUsU0FBUyxDQUFDLFFBQVE7WUFDNUIsSUFBSSxFQUFFLFNBQVMsQ0FBQyxJQUFJO1lBQ3BCLE1BQU0sRUFBRSxLQUFLO1lBQ2IsT0FBTyxFQUFFLEVBQUUsY0FBYyxFQUFFLEVBQUUsRUFBRSxnQkFBZ0IsRUFBRSxZQUFZLENBQUMsTUFBTSxFQUFFO1NBQ3ZFLENBQUM7UUFFRixPQUFPLElBQUksT0FBTyxDQUFDLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFO1lBQ3JDLElBQUk7Z0JBQ0YsaUVBQWlFO2dCQUNqRSxNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUMsT0FBTyxDQUFDLGNBQWMsRUFBRSxPQUFPLENBQUMsQ0FBQztnQkFDbEUsT0FBTyxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsTUFBTSxDQUFDLENBQUM7Z0JBQzVCLE9BQU8sQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7Z0JBQzVCLE9BQU8sQ0FBQyxHQUFHLEVBQUUsQ0FBQzthQUNmO1lBQUMsT0FBTyxDQUFDLEVBQUU7Z0JBQ1YsTUFBTSxDQUFDLENBQUMsQ0FBQyxDQUFDO2FBQ1g7UUFDSCxDQUFDLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxTQUFTLGlCQUFpQixDQUFDLFVBQWU7UUFDeEMsTUFBTSxZQUFZLEdBQW9CLEVBQUUsQ0FBQztRQUN6QyxJQUFJLFVBQVUsRUFBRTtZQUNkLElBQUksVUFBVSxDQUFDLFVBQVUsRUFBRTtnQkFDekIsWUFBWSxDQUFDLFVBQVUsR0FBRyxRQUFRLENBQUMsVUFBVSxDQUFDLFVBQVUsRUFBRSxFQUFFLENBQUMsQ0FBQzthQUMvRDtZQUNELElBQUksVUFBVSxDQUFDLElBQUksRUFBRTtnQkFDbkIsWUFBWSxDQUFDLFlBQVksR0FBRztvQkFDMUIsSUFBSSxFQUFFLFFBQVEsQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQztpQkFDcEMsQ0FBQzthQUNIO1NBQ0Y7UUFDRCxPQUFPLFlBQVksQ0FBQztJQUN0QixDQUFDO0FBQ0gsQ0FBQztBQTNGRCwwQkEyRkMiLCJzb3VyY2VzQ29udGVudCI6WyIvKiBlc2xpbnQtZGlzYWJsZSBuby1jb25zb2xlICovXG5cbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCAqIGFzIEFXUyBmcm9tICdhd3Mtc2RrJztcbi8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBpbXBvcnQvbm8tZXh0cmFuZW91cy1kZXBlbmRlbmNpZXNcbmltcG9ydCB0eXBlIHsgUmV0cnlEZWxheU9wdGlvbnMgfSBmcm9tICdhd3Mtc2RrL2xpYi9jb25maWctYmFzZSc7XG5cbmludGVyZmFjZSBTZGtSZXRyeU9wdGlvbnMge1xuICBtYXhSZXRyaWVzPzogbnVtYmVyO1xuICByZXRyeU9wdGlvbnM/OiBSZXRyeURlbGF5T3B0aW9ucztcbn1cblxuLyoqXG4gKiBDcmVhdGVzIGEgbG9nIGdyb3VwIGFuZCBkb2Vzbid0IHRocm93IGlmIGl0IGV4aXN0cy5cbiAqXG4gKiBAcGFyYW0gbG9nR3JvdXBOYW1lIHRoZSBuYW1lIG9mIHRoZSBsb2cgZ3JvdXAgdG8gY3JlYXRlLlxuICogQHBhcmFtIHJlZ2lvbiB0byBjcmVhdGUgdGhlIGxvZyBncm91cCBpblxuICogQHBhcmFtIG9wdGlvbnMgQ2xvdWRXYXRjaCBBUEkgU0RLIG9wdGlvbnMuXG4gKi9cbmFzeW5jIGZ1bmN0aW9uIGNyZWF0ZUxvZ0dyb3VwU2FmZShsb2dHcm91cE5hbWU6IHN0cmluZywgcmVnaW9uPzogc3RyaW5nLCBvcHRpb25zPzogU2RrUmV0cnlPcHRpb25zKSB7XG4gIC8vIElmIHdlIHNldCB0aGUgbG9nIHJldGVudGlvbiBmb3IgYSBsYW1iZGEsIHRoZW4gZHVlIHRvIHRoZSBhc3luYyBuYXR1cmUgb2ZcbiAgLy8gTGFtYmRhIGxvZ2dpbmcgdGhlcmUgY291bGQgYmUgYSByYWNlIGNvbmRpdGlvbiB3aGVuIHRoZSBzYW1lIGxvZyBncm91cCBpc1xuICAvLyBhbHJlYWR5IGJlaW5nIGNyZWF0ZWQgYnkgdGhlIGxhbWJkYSBleGVjdXRpb24uIFRoaXMgY2FuIHNvbWV0aW1lIHJlc3VsdCBpblxuICAvLyBhbiBlcnJvciBcIk9wZXJhdGlvbkFib3J0ZWRFeGNlcHRpb246IEEgY29uZmxpY3Rpbmcgb3BlcmF0aW9uIGlzIGN1cnJlbnRseVxuICAvLyBpbiBwcm9ncmVzcy4uLlBsZWFzZSB0cnkgYWdhaW4uXCJcbiAgLy8gVG8gYXZvaWQgYW4gZXJyb3IsIHdlIGRvIGFzIHJlcXVlc3RlZCBhbmQgdHJ5IGFnYWluLlxuICBsZXQgcmV0cnlDb3VudCA9IG9wdGlvbnM/Lm1heFJldHJpZXMgPT0gdW5kZWZpbmVkID8gMTAgOiBvcHRpb25zLm1heFJldHJpZXM7XG4gIGNvbnN0IGRlbGF5ID0gb3B0aW9ucz8ucmV0cnlPcHRpb25zPy5iYXNlID09IHVuZGVmaW5lZCA/IDEwIDogb3B0aW9ucy5yZXRyeU9wdGlvbnMuYmFzZTtcbiAgZG8ge1xuICAgIHRyeSB7XG4gICAgICBjb25zdCBjbG91ZHdhdGNobG9ncyA9IG5ldyBBV1MuQ2xvdWRXYXRjaExvZ3MoeyBhcGlWZXJzaW9uOiAnMjAxNC0wMy0yOCcsIHJlZ2lvbiwgLi4ub3B0aW9ucyB9KTtcbiAgICAgIGF3YWl0IGNsb3Vkd2F0Y2hsb2dzLmNyZWF0ZUxvZ0dyb3VwKHsgbG9nR3JvdXBOYW1lIH0pLnByb21pc2UoKTtcbiAgICAgIHJldHVybjtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgaWYgKGVycm9yLmNvZGUgPT09ICdSZXNvdXJjZUFscmVhZHlFeGlzdHNFeGNlcHRpb24nKSB7XG4gICAgICAgIC8vIFRoZSBsb2cgZ3JvdXAgaXMgYWxyZWFkeSBjcmVhdGVkIGJ5IHRoZSBsYW1iZGEgZXhlY3V0aW9uXG4gICAgICAgIHJldHVybjtcbiAgICAgIH1cbiAgICAgIGlmIChlcnJvci5jb2RlID09PSAnT3BlcmF0aW9uQWJvcnRlZEV4Y2VwdGlvbicpIHtcbiAgICAgICAgaWYgKHJldHJ5Q291bnQgPiAwKSB7XG4gICAgICAgICAgcmV0cnlDb3VudC0tO1xuICAgICAgICAgIGF3YWl0IG5ldyBQcm9taXNlKHJlc29sdmUgPT4gc2V0VGltZW91dChyZXNvbHZlLCBkZWxheSkpO1xuICAgICAgICAgIGNvbnRpbnVlO1xuICAgICAgICB9IGVsc2Uge1xuICAgICAgICAgIC8vIFRoZSBsb2cgZ3JvdXAgaXMgc3RpbGwgYmVpbmcgY3JlYXRlZCBieSBhbm90aGVyIGV4ZWN1dGlvbiBidXQgd2UgYXJlIG91dCBvZiByZXRyaWVzXG4gICAgICAgICAgdGhyb3cgbmV3IEVycm9yKCdPdXQgb2YgYXR0ZW1wdHMgdG8gY3JlYXRlIGEgbG9nR3JvdXAnKTtcbiAgICAgICAgfVxuICAgICAgfVxuICAgICAgLy8gQW55IG90aGVyIGVycm9yXG4gICAgICBjb25zb2xlLmVycm9yKGVycm9yKTtcbiAgICAgIHRocm93IGVycm9yO1xuICAgIH1cbiAgfSB3aGlsZSAodHJ1ZSk7IC8vIGV4aXQgaGFwcGVucyBvbiByZXRyeSBjb3VudCBjaGVja1xufVxuXG4vKipcbiAqIFB1dHMgb3IgZGVsZXRlcyBhIHJldGVudGlvbiBwb2xpY3kgb24gYSBsb2cgZ3JvdXAuXG4gKlxuICogQHBhcmFtIGxvZ0dyb3VwTmFtZSB0aGUgbmFtZSBvZiB0aGUgbG9nIGdyb3VwIHRvIGNyZWF0ZVxuICogQHBhcmFtIHJlZ2lvbiB0aGUgcmVnaW9uIG9mIHRoZSBsb2cgZ3JvdXBcbiAqIEBwYXJhbSBvcHRpb25zIENsb3VkV2F0Y2ggQVBJIFNESyBvcHRpb25zLlxuICogQHBhcmFtIHJldGVudGlvbkluRGF5cyB0aGUgbnVtYmVyIG9mIGRheXMgdG8gcmV0YWluIHRoZSBsb2cgZXZlbnRzIGluIHRoZSBzcGVjaWZpZWQgbG9nIGdyb3VwLlxuICovXG5hc3luYyBmdW5jdGlvbiBzZXRSZXRlbnRpb25Qb2xpY3kobG9nR3JvdXBOYW1lOiBzdHJpbmcsIHJlZ2lvbj86IHN0cmluZywgb3B0aW9ucz86IFNka1JldHJ5T3B0aW9ucywgcmV0ZW50aW9uSW5EYXlzPzogbnVtYmVyKSB7XG4gIGNvbnN0IGNsb3Vkd2F0Y2hsb2dzID0gbmV3IEFXUy5DbG91ZFdhdGNoTG9ncyh7IGFwaVZlcnNpb246ICcyMDE0LTAzLTI4JywgcmVnaW9uLCAuLi5vcHRpb25zIH0pO1xuICBpZiAoIXJldGVudGlvbkluRGF5cykge1xuICAgIGF3YWl0IGNsb3Vkd2F0Y2hsb2dzLmRlbGV0ZVJldGVudGlvblBvbGljeSh7IGxvZ0dyb3VwTmFtZSB9KS5wcm9taXNlKCk7XG4gIH0gZWxzZSB7XG4gICAgYXdhaXQgY2xvdWR3YXRjaGxvZ3MucHV0UmV0ZW50aW9uUG9saWN5KHsgbG9nR3JvdXBOYW1lLCByZXRlbnRpb25JbkRheXMgfSkucHJvbWlzZSgpO1xuICB9XG59XG5cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBoYW5kbGVyKGV2ZW50OiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50LCBjb250ZXh0OiBBV1NMYW1iZGEuQ29udGV4dCkge1xuICB0cnkge1xuICAgIGNvbnNvbGUubG9nKEpTT04uc3RyaW5naWZ5KGV2ZW50KSk7XG5cbiAgICAvLyBUaGUgdGFyZ2V0IGxvZyBncm91cFxuICAgIGNvbnN0IGxvZ0dyb3VwTmFtZSA9IGV2ZW50LlJlc291cmNlUHJvcGVydGllcy5Mb2dHcm91cE5hbWU7XG5cbiAgICAvLyBUaGUgcmVnaW9uIG9mIHRoZSB0YXJnZXQgbG9nIGdyb3VwXG4gICAgY29uc3QgbG9nR3JvdXBSZWdpb24gPSBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuTG9nR3JvdXBSZWdpb247XG5cbiAgICAvLyBQYXJzZSB0byBBV1MgU0RLIHJldHJ5IG9wdGlvbnNcbiAgICBjb25zdCByZXRyeU9wdGlvbnMgPSBwYXJzZVJldHJ5T3B0aW9ucyhldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuU2RrUmV0cnkpO1xuXG4gICAgaWYgKGV2ZW50LlJlcXVlc3RUeXBlID09PSAnQ3JlYXRlJyB8fCBldmVudC5SZXF1ZXN0VHlwZSA9PT0gJ1VwZGF0ZScpIHtcbiAgICAgIC8vIEFjdCBvbiB0aGUgdGFyZ2V0IGxvZyBncm91cFxuICAgICAgYXdhaXQgY3JlYXRlTG9nR3JvdXBTYWZlKGxvZ0dyb3VwTmFtZSwgbG9nR3JvdXBSZWdpb24sIHJldHJ5T3B0aW9ucyk7XG4gICAgICBhd2FpdCBzZXRSZXRlbnRpb25Qb2xpY3kobG9nR3JvdXBOYW1lLCBsb2dHcm91cFJlZ2lvbiwgcmV0cnlPcHRpb25zLCBwYXJzZUludChldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuUmV0ZW50aW9uSW5EYXlzLCAxMCkpO1xuXG4gICAgICBpZiAoZXZlbnQuUmVxdWVzdFR5cGUgPT09ICdDcmVhdGUnKSB7XG4gICAgICAgIC8vIFNldCBhIHJldGVudGlvbiBwb2xpY3kgb2YgMSBkYXkgb24gdGhlIGxvZ3Mgb2YgdGhpcyB2ZXJ5IGZ1bmN0aW9uLlxuICAgICAgICAvLyBEdWUgdG8gdGhlIGFzeW5jIG5hdHVyZSBvZiB0aGUgbG9nIGdyb3VwIGNyZWF0aW9uLCB0aGUgbG9nIGdyb3VwIGZvciB0aGlzIGZ1bmN0aW9uIG1pZ2h0XG4gICAgICAgIC8vIHN0aWxsIGJlIG5vdCBjcmVhdGVkIHlldCBhdCB0aGlzIHBvaW50LiBUaGVyZWZvcmUgd2UgYXR0ZW1wdCB0byBjcmVhdGUgaXQuXG4gICAgICAgIC8vIEluIGNhc2UgaXQgaXMgYmVpbmcgY3JlYXRlZCwgY3JlYXRlTG9nR3JvdXBTYWZlIHdpbGwgaGFuZGxlIHRoZSBjb25mbGljLlxuICAgICAgICBjb25zdCByZWdpb24gPSBwcm9jZXNzLmVudi5BV1NfUkVHSU9OO1xuICAgICAgICBhd2FpdCBjcmVhdGVMb2dHcm91cFNhZmUoYC9hd3MvbGFtYmRhLyR7Y29udGV4dC5mdW5jdGlvbk5hbWV9YCwgcmVnaW9uLCByZXRyeU9wdGlvbnMpO1xuICAgICAgICAvLyBJZiBjcmVhdGVMb2dHcm91cFNhZmUgZmFpbHMsIHRoZSBsb2cgZ3JvdXAgaXMgbm90IGNyZWF0ZWQgZXZlbiBhZnRlciBtdWx0aXBsZSBhdHRlbXB0c1xuICAgICAgICAvLyBJbiB0aGlzIGNhc2Ugd2UgaGF2ZSBub3RoaW5nIHRvIHNldCB0aGUgcmV0ZW50aW9uIHBvbGljeSBvbiBidXQgYW4gZXhjZXB0aW9uIHdpbGwgc2tpcFxuICAgICAgICAvLyB0aGUgbmV4dCBsaW5lLlxuICAgICAgICBhd2FpdCBzZXRSZXRlbnRpb25Qb2xpY3koYC9hd3MvbGFtYmRhLyR7Y29udGV4dC5mdW5jdGlvbk5hbWV9YCwgcmVnaW9uLCByZXRyeU9wdGlvbnMsIDEpO1xuICAgICAgfVxuICAgIH1cblxuICAgIGF3YWl0IHJlc3BvbmQoJ1NVQ0NFU1MnLCAnT0snLCBsb2dHcm91cE5hbWUpO1xuICB9IGNhdGNoIChlKSB7XG4gICAgY29uc29sZS5sb2coZSk7XG5cbiAgICBhd2FpdCByZXNwb25kKCdGQUlMRUQnLCBlLm1lc3NhZ2UsIGV2ZW50LlJlc291cmNlUHJvcGVydGllcy5Mb2dHcm91cE5hbWUpO1xuICB9XG5cbiAgZnVuY3Rpb24gcmVzcG9uZChyZXNwb25zZVN0YXR1czogc3RyaW5nLCByZWFzb246IHN0cmluZywgcGh5c2ljYWxSZXNvdXJjZUlkOiBzdHJpbmcpIHtcbiAgICBjb25zdCByZXNwb25zZUJvZHkgPSBKU09OLnN0cmluZ2lmeSh7XG4gICAgICBTdGF0dXM6IHJlc3BvbnNlU3RhdHVzLFxuICAgICAgUmVhc29uOiByZWFzb24sXG4gICAgICBQaHlzaWNhbFJlc291cmNlSWQ6IHBoeXNpY2FsUmVzb3VyY2VJZCxcbiAgICAgIFN0YWNrSWQ6IGV2ZW50LlN0YWNrSWQsXG4gICAgICBSZXF1ZXN0SWQ6IGV2ZW50LlJlcXVlc3RJZCxcbiAgICAgIExvZ2ljYWxSZXNvdXJjZUlkOiBldmVudC5Mb2dpY2FsUmVzb3VyY2VJZCxcbiAgICAgIERhdGE6IHtcbiAgICAgICAgLy8gQWRkIGxvZyBncm91cCBuYW1lIGFzIHBhcnQgb2YgdGhlIHJlc3BvbnNlIHNvIHRoYXQgaXQncyBhdmFpbGFibGUgdmlhIEZuOjpHZXRBdHRcbiAgICAgICAgTG9nR3JvdXBOYW1lOiBldmVudC5SZXNvdXJjZVByb3BlcnRpZXMuTG9nR3JvdXBOYW1lLFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIGNvbnNvbGUubG9nKCdSZXNwb25kaW5nJywgcmVzcG9uc2VCb2R5KTtcblxuICAgIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tcmVxdWlyZS1pbXBvcnRzXG4gICAgY29uc3QgcGFyc2VkVXJsID0gcmVxdWlyZSgndXJsJykucGFyc2UoZXZlbnQuUmVzcG9uc2VVUkwpO1xuICAgIGNvbnN0IHJlcXVlc3RPcHRpb25zID0ge1xuICAgICAgaG9zdG5hbWU6IHBhcnNlZFVybC5ob3N0bmFtZSxcbiAgICAgIHBhdGg6IHBhcnNlZFVybC5wYXRoLFxuICAgICAgbWV0aG9kOiAnUFVUJyxcbiAgICAgIGhlYWRlcnM6IHsgJ2NvbnRlbnQtdHlwZSc6ICcnLCAnY29udGVudC1sZW5ndGgnOiByZXNwb25zZUJvZHkubGVuZ3RoIH0sXG4gICAgfTtcblxuICAgIHJldHVybiBuZXcgUHJvbWlzZSgocmVzb2x2ZSwgcmVqZWN0KSA9PiB7XG4gICAgICB0cnkge1xuICAgICAgICAvLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLXJlcXVpcmUtaW1wb3J0c1xuICAgICAgICBjb25zdCByZXF1ZXN0ID0gcmVxdWlyZSgnaHR0cHMnKS5yZXF1ZXN0KHJlcXVlc3RPcHRpb25zLCByZXNvbHZlKTtcbiAgICAgICAgcmVxdWVzdC5vbignZXJyb3InLCByZWplY3QpO1xuICAgICAgICByZXF1ZXN0LndyaXRlKHJlc3BvbnNlQm9keSk7XG4gICAgICAgIHJlcXVlc3QuZW5kKCk7XG4gICAgICB9IGNhdGNoIChlKSB7XG4gICAgICAgIHJlamVjdChlKTtcbiAgICAgIH1cbiAgICB9KTtcbiAgfVxuXG4gIGZ1bmN0aW9uIHBhcnNlUmV0cnlPcHRpb25zKHJhd09wdGlvbnM6IGFueSk6IFNka1JldHJ5T3B0aW9ucyB7XG4gICAgY29uc3QgcmV0cnlPcHRpb25zOiBTZGtSZXRyeU9wdGlvbnMgPSB7fTtcbiAgICBpZiAocmF3T3B0aW9ucykge1xuICAgICAgaWYgKHJhd09wdGlvbnMubWF4UmV0cmllcykge1xuICAgICAgICByZXRyeU9wdGlvbnMubWF4UmV0cmllcyA9IHBhcnNlSW50KHJhd09wdGlvbnMubWF4UmV0cmllcywgMTApO1xuICAgICAgfVxuICAgICAgaWYgKHJhd09wdGlvbnMuYmFzZSkge1xuICAgICAgICByZXRyeU9wdGlvbnMucmV0cnlPcHRpb25zID0ge1xuICAgICAgICAgIGJhc2U6IHBhcnNlSW50KHJhd09wdGlvbnMuYmFzZSwgMTApLFxuICAgICAgICB9O1xuICAgICAgfVxuICAgIH1cbiAgICByZXR1cm4gcmV0cnlPcHRpb25zO1xuICB9XG59XG4iXX0= \ No newline at end of file diff --git a/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/cfn-response.d.ts b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/cfn-response.d.ts new file mode 100644 index 0000000..44d46c5 --- /dev/null +++ b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/cfn-response.d.ts @@ -0,0 +1,19 @@ +export declare const CREATE_FAILED_PHYSICAL_ID_MARKER = "AWSCDK::CustomResourceProviderFramework::CREATE_FAILED"; +export declare const MISSING_PHYSICAL_ID_MARKER = "AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID"; +export interface CloudFormationResponseOptions { + readonly reason?: string; + readonly noEcho?: boolean; +} +export interface CloudFormationEventContext { + StackId: string; + RequestId: string; + PhysicalResourceId?: string; + LogicalResourceId: string; + ResponseURL: string; + Data?: any; +} +export declare function submitResponse(status: 'SUCCESS' | 'FAILED', event: CloudFormationEventContext, options?: CloudFormationResponseOptions): Promise; +export declare let includeStackTraces: boolean; +export declare function safeHandler(block: (event: any) => Promise): (event: any) => Promise; +export declare class Retry extends Error { +} diff --git a/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/cfn-response.js b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/cfn-response.js new file mode 100644 index 0000000..63bdaab --- /dev/null +++ b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/cfn-response.js @@ -0,0 +1,83 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.Retry = exports.safeHandler = exports.includeStackTraces = exports.submitResponse = exports.MISSING_PHYSICAL_ID_MARKER = exports.CREATE_FAILED_PHYSICAL_ID_MARKER = void 0; +/* eslint-disable max-len */ +/* eslint-disable no-console */ +const url = require("url"); +const outbound_1 = require("./outbound"); +const util_1 = require("./util"); +exports.CREATE_FAILED_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::CREATE_FAILED'; +exports.MISSING_PHYSICAL_ID_MARKER = 'AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID'; +async function submitResponse(status, event, options = {}) { + const json = { + Status: status, + Reason: options.reason || status, + StackId: event.StackId, + RequestId: event.RequestId, + PhysicalResourceId: event.PhysicalResourceId || exports.MISSING_PHYSICAL_ID_MARKER, + LogicalResourceId: event.LogicalResourceId, + NoEcho: options.noEcho, + Data: event.Data, + }; + util_1.log('submit response to cloudformation', json); + const responseBody = JSON.stringify(json); + const parsedUrl = url.parse(event.ResponseURL); + await outbound_1.httpRequest({ + hostname: parsedUrl.hostname, + path: parsedUrl.path, + method: 'PUT', + headers: { + 'content-type': '', + 'content-length': responseBody.length, + }, + }, responseBody); +} +exports.submitResponse = submitResponse; +exports.includeStackTraces = true; // for unit tests +function safeHandler(block) { + return async (event) => { + // ignore DELETE event when the physical resource ID is the marker that + // indicates that this DELETE is a subsequent DELETE to a failed CREATE + // operation. + if (event.RequestType === 'Delete' && event.PhysicalResourceId === exports.CREATE_FAILED_PHYSICAL_ID_MARKER) { + util_1.log('ignoring DELETE event caused by a failed CREATE event'); + await submitResponse('SUCCESS', event); + return; + } + try { + await block(event); + } + catch (e) { + // tell waiter state machine to retry + if (e instanceof Retry) { + util_1.log('retry requested by handler'); + throw e; + } + if (!event.PhysicalResourceId) { + // special case: if CREATE fails, which usually implies, we usually don't + // have a physical resource id. in this case, the subsequent DELETE + // operation does not have any meaning, and will likely fail as well. to + // address this, we use a marker so the provider framework can simply + // ignore the subsequent DELETE. + if (event.RequestType === 'Create') { + util_1.log('CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored'); + event.PhysicalResourceId = exports.CREATE_FAILED_PHYSICAL_ID_MARKER; + } + else { + // otherwise, if PhysicalResourceId is not specified, something is + // terribly wrong because all other events should have an ID. + util_1.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(event)}`); + } + } + // this is an actual error, fail the activity altogether and exist. + await submitResponse('FAILED', event, { + reason: exports.includeStackTraces ? e.stack : e.message, + }); + } + }; +} +exports.safeHandler = safeHandler; +class Retry extends Error { +} +exports.Retry = Retry; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2ZuLXJlc3BvbnNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY2ZuLXJlc3BvbnNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDRCQUE0QjtBQUM1QiwrQkFBK0I7QUFDL0IsMkJBQTJCO0FBQzNCLHlDQUF5QztBQUN6QyxpQ0FBNkI7QUFFaEIsUUFBQSxnQ0FBZ0MsR0FBRyx3REFBd0QsQ0FBQztBQUM1RixRQUFBLDBCQUEwQixHQUFHLDhEQUE4RCxDQUFDO0FBZ0JsRyxLQUFLLFVBQVUsY0FBYyxDQUFDLE1BQTRCLEVBQUUsS0FBaUMsRUFBRSxVQUF5QyxFQUFHO0lBQ2hKLE1BQU0sSUFBSSxHQUFtRDtRQUMzRCxNQUFNLEVBQUUsTUFBTTtRQUNkLE1BQU0sRUFBRSxPQUFPLENBQUMsTUFBTSxJQUFJLE1BQU07UUFDaEMsT0FBTyxFQUFFLEtBQUssQ0FBQyxPQUFPO1FBQ3RCLFNBQVMsRUFBRSxLQUFLLENBQUMsU0FBUztRQUMxQixrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCLElBQUksa0NBQTBCO1FBQzFFLGlCQUFpQixFQUFFLEtBQUssQ0FBQyxpQkFBaUI7UUFDMUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxNQUFNO1FBQ3RCLElBQUksRUFBRSxLQUFLLENBQUMsSUFBSTtLQUNqQixDQUFDO0lBRUYsVUFBRyxDQUFDLG1DQUFtQyxFQUFFLElBQUksQ0FBQyxDQUFDO0lBRS9DLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFMUMsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDL0MsTUFBTSxzQkFBVyxDQUFDO1FBQ2hCLFFBQVEsRUFBRSxTQUFTLENBQUMsUUFBUTtRQUM1QixJQUFJLEVBQUUsU0FBUyxDQUFDLElBQUk7UUFDcEIsTUFBTSxFQUFFLEtBQUs7UUFDYixPQUFPLEVBQUU7WUFDUCxjQUFjLEVBQUUsRUFBRTtZQUNsQixnQkFBZ0IsRUFBRSxZQUFZLENBQUMsTUFBTTtTQUN0QztLQUNGLEVBQUUsWUFBWSxDQUFDLENBQUM7QUFDbkIsQ0FBQztBQTFCRCx3Q0EwQkM7QUFFVSxRQUFBLGtCQUFrQixHQUFHLElBQUksQ0FBQyxDQUFDLGlCQUFpQjtBQUV2RCxTQUFnQixXQUFXLENBQUMsS0FBb0M7SUFDOUQsT0FBTyxLQUFLLEVBQUUsS0FBVSxFQUFFLEVBQUU7UUFFMUIsdUVBQXVFO1FBQ3ZFLHVFQUF1RTtRQUN2RSxhQUFhO1FBQ2IsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxLQUFLLENBQUMsa0JBQWtCLEtBQUssd0NBQWdDLEVBQUU7WUFDbkcsVUFBRyxDQUFDLHVEQUF1RCxDQUFDLENBQUM7WUFDN0QsTUFBTSxjQUFjLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO1lBQ3ZDLE9BQU87U0FDUjtRQUVELElBQUk7WUFDRixNQUFNLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztTQUNwQjtRQUFDLE9BQU8sQ0FBQyxFQUFFO1lBQ1YscUNBQXFDO1lBQ3JDLElBQUksQ0FBQyxZQUFZLEtBQUssRUFBRTtnQkFDdEIsVUFBRyxDQUFDLDRCQUE0QixDQUFDLENBQUM7Z0JBQ2xDLE1BQU0sQ0FBQyxDQUFDO2FBQ1Q7WUFFRCxJQUFJLENBQUMsS0FBSyxDQUFDLGtCQUFrQixFQUFFO2dCQUM3Qix5RUFBeUU7Z0JBQ3pFLG1FQUFtRTtnQkFDbkUsd0VBQXdFO2dCQUN4RSxxRUFBcUU7Z0JBQ3JFLGdDQUFnQztnQkFDaEMsSUFBSSxLQUFLLENBQUMsV0FBVyxLQUFLLFFBQVEsRUFBRTtvQkFDbEMsVUFBRyxDQUFDLDRHQUE0RyxDQUFDLENBQUM7b0JBQ2xILEtBQUssQ0FBQyxrQkFBa0IsR0FBRyx3Q0FBZ0MsQ0FBQztpQkFDN0Q7cUJBQU07b0JBQ0wsa0VBQWtFO29CQUNsRSw2REFBNkQ7b0JBQzdELFVBQUcsQ0FBQyw2REFBNkQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUM7aUJBQzNGO2FBQ0Y7WUFFRCxtRUFBbUU7WUFDbkUsTUFBTSxjQUFjLENBQUMsUUFBUSxFQUFFLEtBQUssRUFBRTtnQkFDcEMsTUFBTSxFQUFFLDBCQUFrQixDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTzthQUNqRCxDQUFDLENBQUM7U0FDSjtJQUNILENBQUMsQ0FBQztBQUNKLENBQUM7QUEzQ0Qsa0NBMkNDO0FBRUQsTUFBYSxLQUFNLFNBQVEsS0FBSztDQUFJO0FBQXBDLHNCQUFvQyIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIG1heC1sZW4gKi9cbi8qIGVzbGludC1kaXNhYmxlIG5vLWNvbnNvbGUgKi9cbmltcG9ydCAqIGFzIHVybCBmcm9tICd1cmwnO1xuaW1wb3J0IHsgaHR0cFJlcXVlc3QgfSBmcm9tICcuL291dGJvdW5kJztcbmltcG9ydCB7IGxvZyB9IGZyb20gJy4vdXRpbCc7XG5cbmV4cG9ydCBjb25zdCBDUkVBVEVfRkFJTEVEX1BIWVNJQ0FMX0lEX01BUktFUiA9ICdBV1NDREs6OkN1c3RvbVJlc291cmNlUHJvdmlkZXJGcmFtZXdvcms6OkNSRUFURV9GQUlMRUQnO1xuZXhwb3J0IGNvbnN0IE1JU1NJTkdfUEhZU0lDQUxfSURfTUFSS0VSID0gJ0FXU0NESzo6Q3VzdG9tUmVzb3VyY2VQcm92aWRlckZyYW1ld29yazo6TUlTU0lOR19QSFlTSUNBTF9JRCc7XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ2xvdWRGb3JtYXRpb25SZXNwb25zZU9wdGlvbnMge1xuICByZWFkb25seSByZWFzb24/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IG5vRWNobz86IGJvb2xlYW47XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ2xvdWRGb3JtYXRpb25FdmVudENvbnRleHQge1xuICBTdGFja0lkOiBzdHJpbmc7XG4gIFJlcXVlc3RJZDogc3RyaW5nO1xuICBQaHlzaWNhbFJlc291cmNlSWQ/OiBzdHJpbmc7XG4gIExvZ2ljYWxSZXNvdXJjZUlkOiBzdHJpbmc7XG4gIFJlc3BvbnNlVVJMOiBzdHJpbmc7XG4gIERhdGE/OiBhbnlcbn1cblxuZXhwb3J0IGFzeW5jIGZ1bmN0aW9uIHN1Ym1pdFJlc3BvbnNlKHN0YXR1czogJ1NVQ0NFU1MnIHwgJ0ZBSUxFRCcsIGV2ZW50OiBDbG91ZEZvcm1hdGlvbkV2ZW50Q29udGV4dCwgb3B0aW9uczogQ2xvdWRGb3JtYXRpb25SZXNwb25zZU9wdGlvbnMgPSB7IH0pIHtcbiAgY29uc3QganNvbjogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VSZXNwb25zZSA9IHtcbiAgICBTdGF0dXM6IHN0YXR1cyxcbiAgICBSZWFzb246IG9wdGlvbnMucmVhc29uIHx8IHN0YXR1cyxcbiAgICBTdGFja0lkOiBldmVudC5TdGFja0lkLFxuICAgIFJlcXVlc3RJZDogZXZlbnQuUmVxdWVzdElkLFxuICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkIHx8IE1JU1NJTkdfUEhZU0lDQUxfSURfTUFSS0VSLFxuICAgIExvZ2ljYWxSZXNvdXJjZUlkOiBldmVudC5Mb2dpY2FsUmVzb3VyY2VJZCxcbiAgICBOb0VjaG86IG9wdGlvbnMubm9FY2hvLFxuICAgIERhdGE6IGV2ZW50LkRhdGEsXG4gIH07XG5cbiAgbG9nKCdzdWJtaXQgcmVzcG9uc2UgdG8gY2xvdWRmb3JtYXRpb24nLCBqc29uKTtcblxuICBjb25zdCByZXNwb25zZUJvZHkgPSBKU09OLnN0cmluZ2lmeShqc29uKTtcblxuICBjb25zdCBwYXJzZWRVcmwgPSB1cmwucGFyc2UoZXZlbnQuUmVzcG9uc2VVUkwpO1xuICBhd2FpdCBodHRwUmVxdWVzdCh7XG4gICAgaG9zdG5hbWU6IHBhcnNlZFVybC5ob3N0bmFtZSxcbiAgICBwYXRoOiBwYXJzZWRVcmwucGF0aCxcbiAgICBtZXRob2Q6ICdQVVQnLFxuICAgIGhlYWRlcnM6IHtcbiAgICAgICdjb250ZW50LXR5cGUnOiAnJyxcbiAgICAgICdjb250ZW50LWxlbmd0aCc6IHJlc3BvbnNlQm9keS5sZW5ndGgsXG4gICAgfSxcbiAgfSwgcmVzcG9uc2VCb2R5KTtcbn1cblxuZXhwb3J0IGxldCBpbmNsdWRlU3RhY2tUcmFjZXMgPSB0cnVlOyAvLyBmb3IgdW5pdCB0ZXN0c1xuXG5leHBvcnQgZnVuY3Rpb24gc2FmZUhhbmRsZXIoYmxvY2s6IChldmVudDogYW55KSA9PiBQcm9taXNlPHZvaWQ+KSB7XG4gIHJldHVybiBhc3luYyAoZXZlbnQ6IGFueSkgPT4ge1xuXG4gICAgLy8gaWdub3JlIERFTEVURSBldmVudCB3aGVuIHRoZSBwaHlzaWNhbCByZXNvdXJjZSBJRCBpcyB0aGUgbWFya2VyIHRoYXRcbiAgICAvLyBpbmRpY2F0ZXMgdGhhdCB0aGlzIERFTEVURSBpcyBhIHN1YnNlcXVlbnQgREVMRVRFIHRvIGEgZmFpbGVkIENSRUFURVxuICAgIC8vIG9wZXJhdGlvbi5cbiAgICBpZiAoZXZlbnQuUmVxdWVzdFR5cGUgPT09ICdEZWxldGUnICYmIGV2ZW50LlBoeXNpY2FsUmVzb3VyY2VJZCA9PT0gQ1JFQVRFX0ZBSUxFRF9QSFlTSUNBTF9JRF9NQVJLRVIpIHtcbiAgICAgIGxvZygnaWdub3JpbmcgREVMRVRFIGV2ZW50IGNhdXNlZCBieSBhIGZhaWxlZCBDUkVBVEUgZXZlbnQnKTtcbiAgICAgIGF3YWl0IHN1Ym1pdFJlc3BvbnNlKCdTVUNDRVNTJywgZXZlbnQpO1xuICAgICAgcmV0dXJuO1xuICAgIH1cblxuICAgIHRyeSB7XG4gICAgICBhd2FpdCBibG9jayhldmVudCk7XG4gICAgfSBjYXRjaCAoZSkge1xuICAgICAgLy8gdGVsbCB3YWl0ZXIgc3RhdGUgbWFjaGluZSB0byByZXRyeVxuICAgICAgaWYgKGUgaW5zdGFuY2VvZiBSZXRyeSkge1xuICAgICAgICBsb2coJ3JldHJ5IHJlcXVlc3RlZCBieSBoYW5kbGVyJyk7XG4gICAgICAgIHRocm93IGU7XG4gICAgICB9XG5cbiAgICAgIGlmICghZXZlbnQuUGh5c2ljYWxSZXNvdXJjZUlkKSB7XG4gICAgICAgIC8vIHNwZWNpYWwgY2FzZTogaWYgQ1JFQVRFIGZhaWxzLCB3aGljaCB1c3VhbGx5IGltcGxpZXMsIHdlIHVzdWFsbHkgZG9uJ3RcbiAgICAgICAgLy8gaGF2ZSBhIHBoeXNpY2FsIHJlc291cmNlIGlkLiBpbiB0aGlzIGNhc2UsIHRoZSBzdWJzZXF1ZW50IERFTEVURVxuICAgICAgICAvLyBvcGVyYXRpb24gZG9lcyBub3QgaGF2ZSBhbnkgbWVhbmluZywgYW5kIHdpbGwgbGlrZWx5IGZhaWwgYXMgd2VsbC4gdG9cbiAgICAgICAgLy8gYWRkcmVzcyB0aGlzLCB3ZSB1c2UgYSBtYXJrZXIgc28gdGhlIHByb3ZpZGVyIGZyYW1ld29yayBjYW4gc2ltcGx5XG4gICAgICAgIC8vIGlnbm9yZSB0aGUgc3Vic2VxdWVudCBERUxFVEUuXG4gICAgICAgIGlmIChldmVudC5SZXF1ZXN0VHlwZSA9PT0gJ0NyZWF0ZScpIHtcbiAgICAgICAgICBsb2coJ0NSRUFURSBmYWlsZWQsIHJlc3BvbmRpbmcgd2l0aCBhIG1hcmtlciBwaHlzaWNhbCByZXNvdXJjZSBpZCBzbyB0aGF0IHRoZSBzdWJzZXF1ZW50IERFTEVURSB3aWxsIGJlIGlnbm9yZWQnKTtcbiAgICAgICAgICBldmVudC5QaHlzaWNhbFJlc291cmNlSWQgPSBDUkVBVEVfRkFJTEVEX1BIWVNJQ0FMX0lEX01BUktFUjtcbiAgICAgICAgfSBlbHNlIHtcbiAgICAgICAgICAvLyBvdGhlcndpc2UsIGlmIFBoeXNpY2FsUmVzb3VyY2VJZCBpcyBub3Qgc3BlY2lmaWVkLCBzb21ldGhpbmcgaXNcbiAgICAgICAgICAvLyB0ZXJyaWJseSB3cm9uZyBiZWNhdXNlIGFsbCBvdGhlciBldmVudHMgc2hvdWxkIGhhdmUgYW4gSUQuXG4gICAgICAgICAgbG9nKGBFUlJPUjogTWFsZm9ybWVkIGV2ZW50LiBcIlBoeXNpY2FsUmVzb3VyY2VJZFwiIGlzIHJlcXVpcmVkOiAke0pTT04uc3RyaW5naWZ5KGV2ZW50KX1gKTtcbiAgICAgICAgfVxuICAgICAgfVxuXG4gICAgICAvLyB0aGlzIGlzIGFuIGFjdHVhbCBlcnJvciwgZmFpbCB0aGUgYWN0aXZpdHkgYWx0b2dldGhlciBhbmQgZXhpc3QuXG4gICAgICBhd2FpdCBzdWJtaXRSZXNwb25zZSgnRkFJTEVEJywgZXZlbnQsIHtcbiAgICAgICAgcmVhc29uOiBpbmNsdWRlU3RhY2tUcmFjZXMgPyBlLnN0YWNrIDogZS5tZXNzYWdlLFxuICAgICAgfSk7XG4gICAgfVxuICB9O1xufVxuXG5leHBvcnQgY2xhc3MgUmV0cnkgZXh0ZW5kcyBFcnJvciB7IH1cbiJdfQ== \ No newline at end of file diff --git a/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/consts.d.ts b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/consts.d.ts new file mode 100644 index 0000000..0a59925 --- /dev/null +++ b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/consts.d.ts @@ -0,0 +1,6 @@ +export declare const USER_ON_EVENT_FUNCTION_ARN_ENV = "USER_ON_EVENT_FUNCTION_ARN"; +export declare const USER_IS_COMPLETE_FUNCTION_ARN_ENV = "USER_IS_COMPLETE_FUNCTION_ARN"; +export declare const WAITER_STATE_MACHINE_ARN_ENV = "WAITER_STATE_MACHINE_ARN"; +export declare const FRAMEWORK_ON_EVENT_HANDLER_NAME = "onEvent"; +export declare const FRAMEWORK_IS_COMPLETE_HANDLER_NAME = "isComplete"; +export declare const FRAMEWORK_ON_TIMEOUT_HANDLER_NAME = "onTimeout"; diff --git a/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/consts.js b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/consts.js new file mode 100644 index 0000000..31faa07 --- /dev/null +++ b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/consts.js @@ -0,0 +1,10 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME = exports.FRAMEWORK_IS_COMPLETE_HANDLER_NAME = exports.FRAMEWORK_ON_EVENT_HANDLER_NAME = exports.WAITER_STATE_MACHINE_ARN_ENV = exports.USER_IS_COMPLETE_FUNCTION_ARN_ENV = exports.USER_ON_EVENT_FUNCTION_ARN_ENV = void 0; +exports.USER_ON_EVENT_FUNCTION_ARN_ENV = 'USER_ON_EVENT_FUNCTION_ARN'; +exports.USER_IS_COMPLETE_FUNCTION_ARN_ENV = 'USER_IS_COMPLETE_FUNCTION_ARN'; +exports.WAITER_STATE_MACHINE_ARN_ENV = 'WAITER_STATE_MACHINE_ARN'; +exports.FRAMEWORK_ON_EVENT_HANDLER_NAME = 'onEvent'; +exports.FRAMEWORK_IS_COMPLETE_HANDLER_NAME = 'isComplete'; +exports.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME = 'onTimeout'; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uc3RzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiY29uc3RzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFhLFFBQUEsOEJBQThCLEdBQUcsNEJBQTRCLENBQUM7QUFDOUQsUUFBQSxpQ0FBaUMsR0FBRywrQkFBK0IsQ0FBQztBQUNwRSxRQUFBLDRCQUE0QixHQUFHLDBCQUEwQixDQUFDO0FBRTFELFFBQUEsK0JBQStCLEdBQUcsU0FBUyxDQUFDO0FBQzVDLFFBQUEsa0NBQWtDLEdBQUcsWUFBWSxDQUFDO0FBQ2xELFFBQUEsaUNBQWlDLEdBQUcsV0FBVyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiZXhwb3J0IGNvbnN0IFVTRVJfT05fRVZFTlRfRlVOQ1RJT05fQVJOX0VOViA9ICdVU0VSX09OX0VWRU5UX0ZVTkNUSU9OX0FSTic7XG5leHBvcnQgY29uc3QgVVNFUl9JU19DT01QTEVURV9GVU5DVElPTl9BUk5fRU5WID0gJ1VTRVJfSVNfQ09NUExFVEVfRlVOQ1RJT05fQVJOJztcbmV4cG9ydCBjb25zdCBXQUlURVJfU1RBVEVfTUFDSElORV9BUk5fRU5WID0gJ1dBSVRFUl9TVEFURV9NQUNISU5FX0FSTic7XG5cbmV4cG9ydCBjb25zdCBGUkFNRVdPUktfT05fRVZFTlRfSEFORExFUl9OQU1FID0gJ29uRXZlbnQnO1xuZXhwb3J0IGNvbnN0IEZSQU1FV09SS19JU19DT01QTEVURV9IQU5ETEVSX05BTUUgPSAnaXNDb21wbGV0ZSc7XG5leHBvcnQgY29uc3QgRlJBTUVXT1JLX09OX1RJTUVPVVRfSEFORExFUl9OQU1FID0gJ29uVGltZW91dCc7XG4iXX0= \ No newline at end of file diff --git a/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/framework.d.ts b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/framework.d.ts new file mode 100644 index 0000000..99b5fd8 --- /dev/null +++ b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/framework.d.ts @@ -0,0 +1,8 @@ +import * as consts from './consts'; +declare const _default: { + onEvent: (event: any) => Promise; + isComplete: (event: any) => Promise; + onTimeout: typeof onTimeout; +}; +export = _default; +declare function onTimeout(timeoutEvent: any): Promise; diff --git a/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/framework.js b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/framework.js new file mode 100644 index 0000000..149ec85 --- /dev/null +++ b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/framework.js @@ -0,0 +1,163 @@ +"use strict"; +const cfnResponse = require("./cfn-response"); +const consts = require("./consts"); +const outbound_1 = require("./outbound"); +const util_1 = require("./util"); +/** + * The main runtime entrypoint of the async custom resource lambda function. + * + * Any lifecycle event changes to the custom resources will invoke this handler, which will, in turn, + * interact with the user-defined `onEvent` and `isComplete` handlers. + * + * This function will always succeed. If an error occurs + * + * @param cfnRequest The cloudformation custom resource event. + */ +async function onEvent(cfnRequest) { + util_1.log('onEventHandler', cfnRequest); + cfnRequest.ResourceProperties = cfnRequest.ResourceProperties || {}; + const onEventResult = await invokeUserFunction(consts.USER_ON_EVENT_FUNCTION_ARN_ENV, cfnRequest); + util_1.log('onEvent returned:', onEventResult); + // merge the request and the result from onEvent to form the complete resource event + // this also performs validation. + const resourceEvent = createResponseEvent(cfnRequest, onEventResult); + util_1.log('event:', onEventResult); + // determine if this is an async provider based on whether we have an isComplete handler defined. + // if it is not defined, then we are basically ready to return a positive response. + if (!process.env[consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV]) { + return cfnResponse.submitResponse('SUCCESS', resourceEvent); + } + // ok, we are not complete, so kick off the waiter workflow + const waiter = { + stateMachineArn: util_1.getEnv(consts.WAITER_STATE_MACHINE_ARN_ENV), + name: resourceEvent.RequestId, + input: JSON.stringify(resourceEvent), + }; + util_1.log('starting waiter', waiter); + // kick off waiter state machine + await outbound_1.startExecution(waiter); +} +// invoked a few times until `complete` is true or until it times out. +async function isComplete(event) { + util_1.log('isComplete', event); + const isCompleteResult = await invokeUserFunction(consts.USER_IS_COMPLETE_FUNCTION_ARN_ENV, event); + util_1.log('user isComplete returned:', isCompleteResult); + // if we are not complete, reeturn false, and don't send a response back. + if (!isCompleteResult.IsComplete) { + if (isCompleteResult.Data && Object.keys(isCompleteResult.Data).length > 0) { + throw new Error('"Data" is not allowed if "IsComplete" is "False"'); + } + throw new cfnResponse.Retry(JSON.stringify(event)); + } + const response = { + ...event, + Data: { + ...event.Data, + ...isCompleteResult.Data, + }, + }; + await cfnResponse.submitResponse('SUCCESS', response); +} +// invoked when completion retries are exhaused. +async function onTimeout(timeoutEvent) { + util_1.log('timeoutHandler', timeoutEvent); + const isCompleteRequest = JSON.parse(JSON.parse(timeoutEvent.Cause).errorMessage); + await cfnResponse.submitResponse('FAILED', isCompleteRequest, { + reason: 'Operation timed out', + }); +} +async function invokeUserFunction(functionArnEnv, payload) { + const functionArn = util_1.getEnv(functionArnEnv); + util_1.log(`executing user function ${functionArn} with payload`, payload); + // transient errors such as timeouts, throttling errors (429), and other + // errors that aren't caused by a bad request (500 series) are retried + // automatically by the JavaScript SDK. + const resp = await outbound_1.invokeFunction({ + FunctionName: functionArn, + Payload: JSON.stringify(payload), + }); + util_1.log('user function response:', resp, typeof (resp)); + const jsonPayload = parseJsonPayload(resp.Payload); + if (resp.FunctionError) { + util_1.log('user function threw an error:', resp.FunctionError); + const errorMessage = jsonPayload.errorMessage || 'error'; + // parse function name from arn + // arn:${Partition}:lambda:${Region}:${Account}:function:${FunctionName} + const arn = functionArn.split(':'); + const functionName = arn[arn.length - 1]; + // append a reference to the log group. + const message = [ + errorMessage, + '', + `Logs: /aws/lambda/${functionName}`, + '', + ].join('\n'); + const e = new Error(message); + // the output that goes to CFN is what's in `stack`, not the error message. + // if we have a remote trace, construct a nice message with log group information + if (jsonPayload.trace) { + // skip first trace line because it's the message + e.stack = [message, ...jsonPayload.trace.slice(1)].join('\n'); + } + throw e; + } + return jsonPayload; +} +function parseJsonPayload(payload) { + if (!payload) { + return {}; + } + const text = payload.toString(); + try { + return JSON.parse(text); + } + catch (e) { + throw new Error(`return values from user-handlers must be JSON objects. got: "${text}"`); + } +} +function createResponseEvent(cfnRequest, onEventResult) { + // + // validate that onEventResult always includes a PhysicalResourceId + onEventResult = onEventResult || {}; + // if physical ID is not returned, we have some defaults for you based + // on the request type. + const physicalResourceId = onEventResult.PhysicalResourceId || defaultPhysicalResourceId(cfnRequest); + // if we are in DELETE and physical ID was changed, it's an error. + if (cfnRequest.RequestType === 'Delete' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + throw new Error(`DELETE: cannot change the physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}" during deletion`); + } + // if we are in UPDATE and physical ID was changed, it's a replacement (just log) + if (cfnRequest.RequestType === 'Update' && physicalResourceId !== cfnRequest.PhysicalResourceId) { + util_1.log(`UPDATE: changing physical resource ID from "${cfnRequest.PhysicalResourceId}" to "${onEventResult.PhysicalResourceId}"`); + } + // merge request event and result event (result prevails). + return { + ...cfnRequest, + ...onEventResult, + PhysicalResourceId: physicalResourceId, + }; +} +/** + * Calculates the default physical resource ID based in case user handler did + * not return a PhysicalResourceId. + * + * For "CREATE", it uses the RequestId. + * For "UPDATE" and "DELETE" and returns the current PhysicalResourceId (the one provided in `event`). + */ +function defaultPhysicalResourceId(req) { + switch (req.RequestType) { + case 'Create': + return req.RequestId; + case 'Update': + case 'Delete': + return req.PhysicalResourceId; + default: + throw new Error(`Invalid "RequestType" in request "${JSON.stringify(req)}"`); + } +} +module.exports = { + [consts.FRAMEWORK_ON_EVENT_HANDLER_NAME]: cfnResponse.safeHandler(onEvent), + [consts.FRAMEWORK_IS_COMPLETE_HANDLER_NAME]: cfnResponse.safeHandler(isComplete), + [consts.FRAMEWORK_ON_TIMEOUT_HANDLER_NAME]: onTimeout, +}; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZnJhbWV3b3JrLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiZnJhbWV3b3JrLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFHQSw4Q0FBOEM7QUFDOUMsbUNBQW1DO0FBQ25DLHlDQUE0RDtBQUM1RCxpQ0FBcUM7QUFTckM7Ozs7Ozs7OztHQVNHO0FBQ0gsS0FBSyxVQUFVLE9BQU8sQ0FBQyxVQUF1RDtJQUM1RSxVQUFHLENBQUMsZ0JBQWdCLEVBQUUsVUFBVSxDQUFDLENBQUM7SUFFbEMsVUFBVSxDQUFDLGtCQUFrQixHQUFHLFVBQVUsQ0FBQyxrQkFBa0IsSUFBSSxFQUFHLENBQUM7SUFFckUsTUFBTSxhQUFhLEdBQUcsTUFBTSxrQkFBa0IsQ0FBQyxNQUFNLENBQUMsOEJBQThCLEVBQUUsVUFBVSxDQUFvQixDQUFDO0lBQ3JILFVBQUcsQ0FBQyxtQkFBbUIsRUFBRSxhQUFhLENBQUMsQ0FBQztJQUV4QyxvRkFBb0Y7SUFDcEYsaUNBQWlDO0lBQ2pDLE1BQU0sYUFBYSxHQUFHLG1CQUFtQixDQUFDLFVBQVUsRUFBRSxhQUFhLENBQUMsQ0FBQztJQUNyRSxVQUFHLENBQUMsUUFBUSxFQUFFLGFBQWEsQ0FBQyxDQUFDO0lBRTdCLGlHQUFpRztJQUNqRyxtRkFBbUY7SUFDbkYsSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLGlDQUFpQyxDQUFDLEVBQUU7UUFDMUQsT0FBTyxXQUFXLENBQUMsY0FBYyxDQUFDLFNBQVMsRUFBRSxhQUFhLENBQUMsQ0FBQztLQUM3RDtJQUVELDJEQUEyRDtJQUMzRCxNQUFNLE1BQU0sR0FBRztRQUNiLGVBQWUsRUFBRSxhQUFNLENBQUMsTUFBTSxDQUFDLDRCQUE0QixDQUFDO1FBQzVELElBQUksRUFBRSxhQUFhLENBQUMsU0FBUztRQUM3QixLQUFLLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxhQUFhLENBQUM7S0FDckMsQ0FBQztJQUVGLFVBQUcsQ0FBQyxpQkFBaUIsRUFBRSxNQUFNLENBQUMsQ0FBQztJQUUvQixnQ0FBZ0M7SUFDaEMsTUFBTSx5QkFBYyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0FBQy9CLENBQUM7QUFFRCxzRUFBc0U7QUFDdEUsS0FBSyxVQUFVLFVBQVUsQ0FBQyxLQUFrRDtJQUMxRSxVQUFHLENBQUMsWUFBWSxFQUFFLEtBQUssQ0FBQyxDQUFDO0lBRXpCLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxrQkFBa0IsQ0FBQyxNQUFNLENBQUMsaUNBQWlDLEVBQUUsS0FBSyxDQUF1QixDQUFDO0lBQ3pILFVBQUcsQ0FBQywyQkFBMkIsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO0lBRW5ELHlFQUF5RTtJQUN6RSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsVUFBVSxFQUFFO1FBQ2hDLElBQUksZ0JBQWdCLENBQUMsSUFBSSxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRTtZQUMxRSxNQUFNLElBQUksS0FBSyxDQUFDLGtEQUFrRCxDQUFDLENBQUM7U0FDckU7UUFFRCxNQUFNLElBQUksV0FBVyxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7S0FDcEQ7SUFFRCxNQUFNLFFBQVEsR0FBRztRQUNmLEdBQUcsS0FBSztRQUNSLElBQUksRUFBRTtZQUNKLEdBQUcsS0FBSyxDQUFDLElBQUk7WUFDYixHQUFHLGdCQUFnQixDQUFDLElBQUk7U0FDekI7S0FDRixDQUFDO0lBRUYsTUFBTSxXQUFXLENBQUMsY0FBYyxDQUFDLFNBQVMsRUFBRSxRQUFRLENBQUMsQ0FBQztBQUN4RCxDQUFDO0FBRUQsZ0RBQWdEO0FBQ2hELEtBQUssVUFBVSxTQUFTLENBQUMsWUFBaUI7SUFDeEMsVUFBRyxDQUFDLGdCQUFnQixFQUFFLFlBQVksQ0FBQyxDQUFDO0lBRXBDLE1BQU0saUJBQWlCLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxLQUFLLENBQUMsQ0FBQyxZQUFZLENBQWdELENBQUM7SUFDakksTUFBTSxXQUFXLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSxpQkFBaUIsRUFBRTtRQUM1RCxNQUFNLEVBQUUscUJBQXFCO0tBQzlCLENBQUMsQ0FBQztBQUNMLENBQUM7QUFFRCxLQUFLLFVBQVUsa0JBQWtCLENBQUMsY0FBc0IsRUFBRSxPQUFZO0lBQ3BFLE1BQU0sV0FBVyxHQUFHLGFBQU0sQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUMzQyxVQUFHLENBQUMsMkJBQTJCLFdBQVcsZUFBZSxFQUFFLE9BQU8sQ0FBQyxDQUFDO0lBRXBFLHdFQUF3RTtJQUN4RSxzRUFBc0U7SUFDdEUsdUNBQXVDO0lBQ3ZDLE1BQU0sSUFBSSxHQUFHLE1BQU0seUJBQWMsQ0FBQztRQUNoQyxZQUFZLEVBQUUsV0FBVztRQUN6QixPQUFPLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUM7S0FDakMsQ0FBQyxDQUFDO0lBRUgsVUFBRyxDQUFDLHlCQUF5QixFQUFFLElBQUksRUFBRSxPQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztJQUVuRCxNQUFNLFdBQVcsR0FBRyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDbkQsSUFBSSxJQUFJLENBQUMsYUFBYSxFQUFFO1FBQ3RCLFVBQUcsQ0FBQywrQkFBK0IsRUFBRSxJQUFJLENBQUMsYUFBYSxDQUFDLENBQUM7UUFFekQsTUFBTSxZQUFZLEdBQUcsV0FBVyxDQUFDLFlBQVksSUFBSSxPQUFPLENBQUM7UUFFekQsK0JBQStCO1FBQy9CLHdFQUF3RTtRQUN4RSxNQUFNLEdBQUcsR0FBRyxXQUFXLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ25DLE1BQU0sWUFBWSxHQUFHLEdBQUcsQ0FBQyxHQUFHLENBQUMsTUFBTSxHQUFHLENBQUMsQ0FBQyxDQUFDO1FBRXpDLHVDQUF1QztRQUN2QyxNQUFNLE9BQU8sR0FBRztZQUNkLFlBQVk7WUFDWixFQUFFO1lBQ0YscUJBQXFCLFlBQVksRUFBRTtZQUNuQyxFQUFFO1NBQ0gsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7UUFFYixNQUFNLENBQUMsR0FBRyxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUU3QiwyRUFBMkU7UUFDM0UsaUZBQWlGO1FBQ2pGLElBQUksV0FBVyxDQUFDLEtBQUssRUFBRTtZQUNyQixpREFBaUQ7WUFDakQsQ0FBQyxDQUFDLEtBQUssR0FBRyxDQUFDLE9BQU8sRUFBRSxHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1NBQy9EO1FBRUQsTUFBTSxDQUFDLENBQUM7S0FDVDtJQUVELE9BQU8sV0FBVyxDQUFDO0FBQ3JCLENBQUM7QUFFRCxTQUFTLGdCQUFnQixDQUFDLE9BQVk7SUFDcEMsSUFBSSxDQUFDLE9BQU8sRUFBRTtRQUFFLE9BQU8sRUFBRyxDQUFDO0tBQUU7SUFDN0IsTUFBTSxJQUFJLEdBQUcsT0FBTyxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBQ2hDLElBQUk7UUFDRixPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7S0FDekI7SUFBQyxPQUFPLENBQUMsRUFBRTtRQUNWLE1BQU0sSUFBSSxLQUFLLENBQUMsZ0VBQWdFLElBQUksR0FBRyxDQUFDLENBQUM7S0FDMUY7QUFDSCxDQUFDO0FBRUQsU0FBUyxtQkFBbUIsQ0FBQyxVQUF1RCxFQUFFLGFBQThCO0lBQ2xILEVBQUU7SUFDRixtRUFBbUU7SUFFbkUsYUFBYSxHQUFHLGFBQWEsSUFBSSxFQUFHLENBQUM7SUFFckMsc0VBQXNFO0lBQ3RFLHVCQUF1QjtJQUN2QixNQUFNLGtCQUFrQixHQUFHLGFBQWEsQ0FBQyxrQkFBa0IsSUFBSSx5QkFBeUIsQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUVyRyxrRUFBa0U7SUFDbEUsSUFBSSxVQUFVLENBQUMsV0FBVyxLQUFLLFFBQVEsSUFBSSxrQkFBa0IsS0FBSyxVQUFVLENBQUMsa0JBQWtCLEVBQUU7UUFDL0YsTUFBTSxJQUFJLEtBQUssQ0FBQyx3REFBd0QsVUFBVSxDQUFDLGtCQUFrQixTQUFTLGFBQWEsQ0FBQyxrQkFBa0IsbUJBQW1CLENBQUMsQ0FBQztLQUNwSztJQUVELGlGQUFpRjtJQUNqRixJQUFJLFVBQVUsQ0FBQyxXQUFXLEtBQUssUUFBUSxJQUFJLGtCQUFrQixLQUFLLFVBQVUsQ0FBQyxrQkFBa0IsRUFBRTtRQUMvRixVQUFHLENBQUMsK0NBQStDLFVBQVUsQ0FBQyxrQkFBa0IsU0FBUyxhQUFhLENBQUMsa0JBQWtCLEdBQUcsQ0FBQyxDQUFDO0tBQy9IO0lBRUQsMERBQTBEO0lBQzFELE9BQU87UUFDTCxHQUFHLFVBQVU7UUFDYixHQUFHLGFBQWE7UUFDaEIsa0JBQWtCLEVBQUUsa0JBQWtCO0tBQ3ZDLENBQUM7QUFDSixDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsU0FBUyx5QkFBeUIsQ0FBQyxHQUFnRDtJQUNqRixRQUFRLEdBQUcsQ0FBQyxXQUFXLEVBQUU7UUFDdkIsS0FBSyxRQUFRO1lBQ1gsT0FBTyxHQUFHLENBQUMsU0FBUyxDQUFDO1FBRXZCLEtBQUssUUFBUSxDQUFDO1FBQ2QsS0FBSyxRQUFRO1lBQ1gsT0FBTyxHQUFHLENBQUMsa0JBQWtCLENBQUM7UUFFaEM7WUFDRSxNQUFNLElBQUksS0FBSyxDQUFDLHFDQUFxQyxJQUFJLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztLQUNoRjtBQUNILENBQUM7QUE5TEQsaUJBQVM7SUFDUCxDQUFDLE1BQU0sQ0FBQywrQkFBK0IsQ0FBQyxFQUFFLFdBQVcsQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDO0lBQzFFLENBQUMsTUFBTSxDQUFDLGtDQUFrQyxDQUFDLEVBQUUsV0FBVyxDQUFDLFdBQVcsQ0FBQyxVQUFVLENBQUM7SUFDaEYsQ0FBQyxNQUFNLENBQUMsaUNBQWlDLENBQUMsRUFBRSxTQUFTO0NBQ3RELENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKiBlc2xpbnQtZGlzYWJsZSBtYXgtbGVuICovXG4vKiBlc2xpbnQtZGlzYWJsZSBuby1jb25zb2xlICovXG5pbXBvcnQgeyBJc0NvbXBsZXRlUmVzcG9uc2UsIE9uRXZlbnRSZXNwb25zZSB9IGZyb20gJy4uL3R5cGVzJztcbmltcG9ydCAqIGFzIGNmblJlc3BvbnNlIGZyb20gJy4vY2ZuLXJlc3BvbnNlJztcbmltcG9ydCAqIGFzIGNvbnN0cyBmcm9tICcuL2NvbnN0cyc7XG5pbXBvcnQgeyBpbnZva2VGdW5jdGlvbiwgc3RhcnRFeGVjdXRpb24gfSBmcm9tICcuL291dGJvdW5kJztcbmltcG9ydCB7IGdldEVudiwgbG9nIH0gZnJvbSAnLi91dGlsJztcblxuLy8gdXNlIGNvbnN0cyBmb3IgaGFuZGxlciBuYW1lcyB0byBjb21waWxlci1lbmZvcmNlIHRoZSBjb3VwbGluZyB3aXRoIGNvbnN0cnVjdGlvbiBjb2RlLlxuZXhwb3J0ID0ge1xuICBbY29uc3RzLkZSQU1FV09SS19PTl9FVkVOVF9IQU5ETEVSX05BTUVdOiBjZm5SZXNwb25zZS5zYWZlSGFuZGxlcihvbkV2ZW50KSxcbiAgW2NvbnN0cy5GUkFNRVdPUktfSVNfQ09NUExFVEVfSEFORExFUl9OQU1FXTogY2ZuUmVzcG9uc2Uuc2FmZUhhbmRsZXIoaXNDb21wbGV0ZSksXG4gIFtjb25zdHMuRlJBTUVXT1JLX09OX1RJTUVPVVRfSEFORExFUl9OQU1FXTogb25UaW1lb3V0LFxufTtcblxuLyoqXG4gKiBUaGUgbWFpbiBydW50aW1lIGVudHJ5cG9pbnQgb2YgdGhlIGFzeW5jIGN1c3RvbSByZXNvdXJjZSBsYW1iZGEgZnVuY3Rpb24uXG4gKlxuICogQW55IGxpZmVjeWNsZSBldmVudCBjaGFuZ2VzIHRvIHRoZSBjdXN0b20gcmVzb3VyY2VzIHdpbGwgaW52b2tlIHRoaXMgaGFuZGxlciwgd2hpY2ggd2lsbCwgaW4gdHVybixcbiAqIGludGVyYWN0IHdpdGggdGhlIHVzZXItZGVmaW5lZCBgb25FdmVudGAgYW5kIGBpc0NvbXBsZXRlYCBoYW5kbGVycy5cbiAqXG4gKiBUaGlzIGZ1bmN0aW9uIHdpbGwgYWx3YXlzIHN1Y2NlZWQuIElmIGFuIGVycm9yIG9jY3Vyc1xuICpcbiAqIEBwYXJhbSBjZm5SZXF1ZXN0IFRoZSBjbG91ZGZvcm1hdGlvbiBjdXN0b20gcmVzb3VyY2UgZXZlbnQuXG4gKi9cbmFzeW5jIGZ1bmN0aW9uIG9uRXZlbnQoY2ZuUmVxdWVzdDogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCkge1xuICBsb2coJ29uRXZlbnRIYW5kbGVyJywgY2ZuUmVxdWVzdCk7XG5cbiAgY2ZuUmVxdWVzdC5SZXNvdXJjZVByb3BlcnRpZXMgPSBjZm5SZXF1ZXN0LlJlc291cmNlUHJvcGVydGllcyB8fCB7IH07XG5cbiAgY29uc3Qgb25FdmVudFJlc3VsdCA9IGF3YWl0IGludm9rZVVzZXJGdW5jdGlvbihjb25zdHMuVVNFUl9PTl9FVkVOVF9GVU5DVElPTl9BUk5fRU5WLCBjZm5SZXF1ZXN0KSBhcyBPbkV2ZW50UmVzcG9uc2U7XG4gIGxvZygnb25FdmVudCByZXR1cm5lZDonLCBvbkV2ZW50UmVzdWx0KTtcblxuICAvLyBtZXJnZSB0aGUgcmVxdWVzdCBhbmQgdGhlIHJlc3VsdCBmcm9tIG9uRXZlbnQgdG8gZm9ybSB0aGUgY29tcGxldGUgcmVzb3VyY2UgZXZlbnRcbiAgLy8gdGhpcyBhbHNvIHBlcmZvcm1zIHZhbGlkYXRpb24uXG4gIGNvbnN0IHJlc291cmNlRXZlbnQgPSBjcmVhdGVSZXNwb25zZUV2ZW50KGNmblJlcXVlc3QsIG9uRXZlbnRSZXN1bHQpO1xuICBsb2coJ2V2ZW50OicsIG9uRXZlbnRSZXN1bHQpO1xuXG4gIC8vIGRldGVybWluZSBpZiB0aGlzIGlzIGFuIGFzeW5jIHByb3ZpZGVyIGJhc2VkIG9uIHdoZXRoZXIgd2UgaGF2ZSBhbiBpc0NvbXBsZXRlIGhhbmRsZXIgZGVmaW5lZC5cbiAgLy8gaWYgaXQgaXMgbm90IGRlZmluZWQsIHRoZW4gd2UgYXJlIGJhc2ljYWxseSByZWFkeSB0byByZXR1cm4gYSBwb3NpdGl2ZSByZXNwb25zZS5cbiAgaWYgKCFwcm9jZXNzLmVudltjb25zdHMuVVNFUl9JU19DT01QTEVURV9GVU5DVElPTl9BUk5fRU5WXSkge1xuICAgIHJldHVybiBjZm5SZXNwb25zZS5zdWJtaXRSZXNwb25zZSgnU1VDQ0VTUycsIHJlc291cmNlRXZlbnQpO1xuICB9XG5cbiAgLy8gb2ssIHdlIGFyZSBub3QgY29tcGxldGUsIHNvIGtpY2sgb2ZmIHRoZSB3YWl0ZXIgd29ya2Zsb3dcbiAgY29uc3Qgd2FpdGVyID0ge1xuICAgIHN0YXRlTWFjaGluZUFybjogZ2V0RW52KGNvbnN0cy5XQUlURVJfU1RBVEVfTUFDSElORV9BUk5fRU5WKSxcbiAgICBuYW1lOiByZXNvdXJjZUV2ZW50LlJlcXVlc3RJZCxcbiAgICBpbnB1dDogSlNPTi5zdHJpbmdpZnkocmVzb3VyY2VFdmVudCksXG4gIH07XG5cbiAgbG9nKCdzdGFydGluZyB3YWl0ZXInLCB3YWl0ZXIpO1xuXG4gIC8vIGtpY2sgb2ZmIHdhaXRlciBzdGF0ZSBtYWNoaW5lXG4gIGF3YWl0IHN0YXJ0RXhlY3V0aW9uKHdhaXRlcik7XG59XG5cbi8vIGludm9rZWQgYSBmZXcgdGltZXMgdW50aWwgYGNvbXBsZXRlYCBpcyB0cnVlIG9yIHVudGlsIGl0IHRpbWVzIG91dC5cbmFzeW5jIGZ1bmN0aW9uIGlzQ29tcGxldGUoZXZlbnQ6IEFXU0NES0FzeW5jQ3VzdG9tUmVzb3VyY2UuSXNDb21wbGV0ZVJlcXVlc3QpIHtcbiAgbG9nKCdpc0NvbXBsZXRlJywgZXZlbnQpO1xuXG4gIGNvbnN0IGlzQ29tcGxldGVSZXN1bHQgPSBhd2FpdCBpbnZva2VVc2VyRnVuY3Rpb24oY29uc3RzLlVTRVJfSVNfQ09NUExFVEVfRlVOQ1RJT05fQVJOX0VOViwgZXZlbnQpIGFzIElzQ29tcGxldGVSZXNwb25zZTtcbiAgbG9nKCd1c2VyIGlzQ29tcGxldGUgcmV0dXJuZWQ6JywgaXNDb21wbGV0ZVJlc3VsdCk7XG5cbiAgLy8gaWYgd2UgYXJlIG5vdCBjb21wbGV0ZSwgcmVldHVybiBmYWxzZSwgYW5kIGRvbid0IHNlbmQgYSByZXNwb25zZSBiYWNrLlxuICBpZiAoIWlzQ29tcGxldGVSZXN1bHQuSXNDb21wbGV0ZSkge1xuICAgIGlmIChpc0NvbXBsZXRlUmVzdWx0LkRhdGEgJiYgT2JqZWN0LmtleXMoaXNDb21wbGV0ZVJlc3VsdC5EYXRhKS5sZW5ndGggPiAwKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoJ1wiRGF0YVwiIGlzIG5vdCBhbGxvd2VkIGlmIFwiSXNDb21wbGV0ZVwiIGlzIFwiRmFsc2VcIicpO1xuICAgIH1cblxuICAgIHRocm93IG5ldyBjZm5SZXNwb25zZS5SZXRyeShKU09OLnN0cmluZ2lmeShldmVudCkpO1xuICB9XG5cbiAgY29uc3QgcmVzcG9uc2UgPSB7XG4gICAgLi4uZXZlbnQsXG4gICAgRGF0YToge1xuICAgICAgLi4uZXZlbnQuRGF0YSxcbiAgICAgIC4uLmlzQ29tcGxldGVSZXN1bHQuRGF0YSxcbiAgICB9LFxuICB9O1xuXG4gIGF3YWl0IGNmblJlc3BvbnNlLnN1Ym1pdFJlc3BvbnNlKCdTVUNDRVNTJywgcmVzcG9uc2UpO1xufVxuXG4vLyBpbnZva2VkIHdoZW4gY29tcGxldGlvbiByZXRyaWVzIGFyZSBleGhhdXNlZC5cbmFzeW5jIGZ1bmN0aW9uIG9uVGltZW91dCh0aW1lb3V0RXZlbnQ6IGFueSkge1xuICBsb2coJ3RpbWVvdXRIYW5kbGVyJywgdGltZW91dEV2ZW50KTtcblxuICBjb25zdCBpc0NvbXBsZXRlUmVxdWVzdCA9IEpTT04ucGFyc2UoSlNPTi5wYXJzZSh0aW1lb3V0RXZlbnQuQ2F1c2UpLmVycm9yTWVzc2FnZSkgYXMgQVdTQ0RLQXN5bmNDdXN0b21SZXNvdXJjZS5Jc0NvbXBsZXRlUmVxdWVzdDtcbiAgYXdhaXQgY2ZuUmVzcG9uc2Uuc3VibWl0UmVzcG9uc2UoJ0ZBSUxFRCcsIGlzQ29tcGxldGVSZXF1ZXN0LCB7XG4gICAgcmVhc29uOiAnT3BlcmF0aW9uIHRpbWVkIG91dCcsXG4gIH0pO1xufVxuXG5hc3luYyBmdW5jdGlvbiBpbnZva2VVc2VyRnVuY3Rpb24oZnVuY3Rpb25Bcm5FbnY6IHN0cmluZywgcGF5bG9hZDogYW55KSB7XG4gIGNvbnN0IGZ1bmN0aW9uQXJuID0gZ2V0RW52KGZ1bmN0aW9uQXJuRW52KTtcbiAgbG9nKGBleGVjdXRpbmcgdXNlciBmdW5jdGlvbiAke2Z1bmN0aW9uQXJufSB3aXRoIHBheWxvYWRgLCBwYXlsb2FkKTtcblxuICAvLyB0cmFuc2llbnQgZXJyb3JzIHN1Y2ggYXMgdGltZW91dHMsIHRocm90dGxpbmcgZXJyb3JzICg0MjkpLCBhbmQgb3RoZXJcbiAgLy8gZXJyb3JzIHRoYXQgYXJlbid0IGNhdXNlZCBieSBhIGJhZCByZXF1ZXN0ICg1MDAgc2VyaWVzKSBhcmUgcmV0cmllZFxuICAvLyBhdXRvbWF0aWNhbGx5IGJ5IHRoZSBKYXZhU2NyaXB0IFNESy5cbiAgY29uc3QgcmVzcCA9IGF3YWl0IGludm9rZUZ1bmN0aW9uKHtcbiAgICBGdW5jdGlvbk5hbWU6IGZ1bmN0aW9uQXJuLFxuICAgIFBheWxvYWQ6IEpTT04uc3RyaW5naWZ5KHBheWxvYWQpLFxuICB9KTtcblxuICBsb2coJ3VzZXIgZnVuY3Rpb24gcmVzcG9uc2U6JywgcmVzcCwgdHlwZW9mKHJlc3ApKTtcblxuICBjb25zdCBqc29uUGF5bG9hZCA9IHBhcnNlSnNvblBheWxvYWQocmVzcC5QYXlsb2FkKTtcbiAgaWYgKHJlc3AuRnVuY3Rpb25FcnJvcikge1xuICAgIGxvZygndXNlciBmdW5jdGlvbiB0aHJldyBhbiBlcnJvcjonLCByZXNwLkZ1bmN0aW9uRXJyb3IpO1xuXG4gICAgY29uc3QgZXJyb3JNZXNzYWdlID0ganNvblBheWxvYWQuZXJyb3JNZXNzYWdlIHx8ICdlcnJvcic7XG5cbiAgICAvLyBwYXJzZSBmdW5jdGlvbiBuYW1lIGZyb20gYXJuXG4gICAgLy8gYXJuOiR7UGFydGl0aW9ufTpsYW1iZGE6JHtSZWdpb259OiR7QWNjb3VudH06ZnVuY3Rpb246JHtGdW5jdGlvbk5hbWV9XG4gICAgY29uc3QgYXJuID0gZnVuY3Rpb25Bcm4uc3BsaXQoJzonKTtcbiAgICBjb25zdCBmdW5jdGlvbk5hbWUgPSBhcm5bYXJuLmxlbmd0aCAtIDFdO1xuXG4gICAgLy8gYXBwZW5kIGEgcmVmZXJlbmNlIHRvIHRoZSBsb2cgZ3JvdXAuXG4gICAgY29uc3QgbWVzc2FnZSA9IFtcbiAgICAgIGVycm9yTWVzc2FnZSxcbiAgICAgICcnLFxuICAgICAgYExvZ3M6IC9hd3MvbGFtYmRhLyR7ZnVuY3Rpb25OYW1lfWAsIC8vIGNsb3Vkd2F0Y2ggbG9nIGdyb3VwXG4gICAgICAnJyxcbiAgICBdLmpvaW4oJ1xcbicpO1xuXG4gICAgY29uc3QgZSA9IG5ldyBFcnJvcihtZXNzYWdlKTtcblxuICAgIC8vIHRoZSBvdXRwdXQgdGhhdCBnb2VzIHRvIENGTiBpcyB3aGF0J3MgaW4gYHN0YWNrYCwgbm90IHRoZSBlcnJvciBtZXNzYWdlLlxuICAgIC8vIGlmIHdlIGhhdmUgYSByZW1vdGUgdHJhY2UsIGNvbnN0cnVjdCBhIG5pY2UgbWVzc2FnZSB3aXRoIGxvZyBncm91cCBpbmZvcm1hdGlvblxuICAgIGlmIChqc29uUGF5bG9hZC50cmFjZSkge1xuICAgICAgLy8gc2tpcCBmaXJzdCB0cmFjZSBsaW5lIGJlY2F1c2UgaXQncyB0aGUgbWVzc2FnZVxuICAgICAgZS5zdGFjayA9IFttZXNzYWdlLCAuLi5qc29uUGF5bG9hZC50cmFjZS5zbGljZSgxKV0uam9pbignXFxuJyk7XG4gICAgfVxuXG4gICAgdGhyb3cgZTtcbiAgfVxuXG4gIHJldHVybiBqc29uUGF5bG9hZDtcbn1cblxuZnVuY3Rpb24gcGFyc2VKc29uUGF5bG9hZChwYXlsb2FkOiBhbnkpOiBhbnkge1xuICBpZiAoIXBheWxvYWQpIHsgcmV0dXJuIHsgfTsgfVxuICBjb25zdCB0ZXh0ID0gcGF5bG9hZC50b1N0cmluZygpO1xuICB0cnkge1xuICAgIHJldHVybiBKU09OLnBhcnNlKHRleHQpO1xuICB9IGNhdGNoIChlKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKGByZXR1cm4gdmFsdWVzIGZyb20gdXNlci1oYW5kbGVycyBtdXN0IGJlIEpTT04gb2JqZWN0cy4gZ290OiBcIiR7dGV4dH1cImApO1xuICB9XG59XG5cbmZ1bmN0aW9uIGNyZWF0ZVJlc3BvbnNlRXZlbnQoY2ZuUmVxdWVzdDogQVdTTGFtYmRhLkNsb3VkRm9ybWF0aW9uQ3VzdG9tUmVzb3VyY2VFdmVudCwgb25FdmVudFJlc3VsdDogT25FdmVudFJlc3BvbnNlKTogQVdTQ0RLQXN5bmNDdXN0b21SZXNvdXJjZS5Jc0NvbXBsZXRlUmVxdWVzdCB7XG4gIC8vXG4gIC8vIHZhbGlkYXRlIHRoYXQgb25FdmVudFJlc3VsdCBhbHdheXMgaW5jbHVkZXMgYSBQaHlzaWNhbFJlc291cmNlSWRcblxuICBvbkV2ZW50UmVzdWx0ID0gb25FdmVudFJlc3VsdCB8fCB7IH07XG5cbiAgLy8gaWYgcGh5c2ljYWwgSUQgaXMgbm90IHJldHVybmVkLCB3ZSBoYXZlIHNvbWUgZGVmYXVsdHMgZm9yIHlvdSBiYXNlZFxuICAvLyBvbiB0aGUgcmVxdWVzdCB0eXBlLlxuICBjb25zdCBwaHlzaWNhbFJlc291cmNlSWQgPSBvbkV2ZW50UmVzdWx0LlBoeXNpY2FsUmVzb3VyY2VJZCB8fCBkZWZhdWx0UGh5c2ljYWxSZXNvdXJjZUlkKGNmblJlcXVlc3QpO1xuXG4gIC8vIGlmIHdlIGFyZSBpbiBERUxFVEUgYW5kIHBoeXNpY2FsIElEIHdhcyBjaGFuZ2VkLCBpdCdzIGFuIGVycm9yLlxuICBpZiAoY2ZuUmVxdWVzdC5SZXF1ZXN0VHlwZSA9PT0gJ0RlbGV0ZScgJiYgcGh5c2ljYWxSZXNvdXJjZUlkICE9PSBjZm5SZXF1ZXN0LlBoeXNpY2FsUmVzb3VyY2VJZCkge1xuICAgIHRocm93IG5ldyBFcnJvcihgREVMRVRFOiBjYW5ub3QgY2hhbmdlIHRoZSBwaHlzaWNhbCByZXNvdXJjZSBJRCBmcm9tIFwiJHtjZm5SZXF1ZXN0LlBoeXNpY2FsUmVzb3VyY2VJZH1cIiB0byBcIiR7b25FdmVudFJlc3VsdC5QaHlzaWNhbFJlc291cmNlSWR9XCIgZHVyaW5nIGRlbGV0aW9uYCk7XG4gIH1cblxuICAvLyBpZiB3ZSBhcmUgaW4gVVBEQVRFIGFuZCBwaHlzaWNhbCBJRCB3YXMgY2hhbmdlZCwgaXQncyBhIHJlcGxhY2VtZW50IChqdXN0IGxvZylcbiAgaWYgKGNmblJlcXVlc3QuUmVxdWVzdFR5cGUgPT09ICdVcGRhdGUnICYmIHBoeXNpY2FsUmVzb3VyY2VJZCAhPT0gY2ZuUmVxdWVzdC5QaHlzaWNhbFJlc291cmNlSWQpIHtcbiAgICBsb2coYFVQREFURTogY2hhbmdpbmcgcGh5c2ljYWwgcmVzb3VyY2UgSUQgZnJvbSBcIiR7Y2ZuUmVxdWVzdC5QaHlzaWNhbFJlc291cmNlSWR9XCIgdG8gXCIke29uRXZlbnRSZXN1bHQuUGh5c2ljYWxSZXNvdXJjZUlkfVwiYCk7XG4gIH1cblxuICAvLyBtZXJnZSByZXF1ZXN0IGV2ZW50IGFuZCByZXN1bHQgZXZlbnQgKHJlc3VsdCBwcmV2YWlscykuXG4gIHJldHVybiB7XG4gICAgLi4uY2ZuUmVxdWVzdCxcbiAgICAuLi5vbkV2ZW50UmVzdWx0LFxuICAgIFBoeXNpY2FsUmVzb3VyY2VJZDogcGh5c2ljYWxSZXNvdXJjZUlkLFxuICB9O1xufVxuXG4vKipcbiAqIENhbGN1bGF0ZXMgdGhlIGRlZmF1bHQgcGh5c2ljYWwgcmVzb3VyY2UgSUQgYmFzZWQgaW4gY2FzZSB1c2VyIGhhbmRsZXIgZGlkXG4gKiBub3QgcmV0dXJuIGEgUGh5c2ljYWxSZXNvdXJjZUlkLlxuICpcbiAqIEZvciBcIkNSRUFURVwiLCBpdCB1c2VzIHRoZSBSZXF1ZXN0SWQuXG4gKiBGb3IgXCJVUERBVEVcIiBhbmQgXCJERUxFVEVcIiBhbmQgcmV0dXJucyB0aGUgY3VycmVudCBQaHlzaWNhbFJlc291cmNlSWQgKHRoZSBvbmUgcHJvdmlkZWQgaW4gYGV2ZW50YCkuXG4gKi9cbmZ1bmN0aW9uIGRlZmF1bHRQaHlzaWNhbFJlc291cmNlSWQocmVxOiBBV1NMYW1iZGEuQ2xvdWRGb3JtYXRpb25DdXN0b21SZXNvdXJjZUV2ZW50KTogc3RyaW5nIHtcbiAgc3dpdGNoIChyZXEuUmVxdWVzdFR5cGUpIHtcbiAgICBjYXNlICdDcmVhdGUnOlxuICAgICAgcmV0dXJuIHJlcS5SZXF1ZXN0SWQ7XG5cbiAgICBjYXNlICdVcGRhdGUnOlxuICAgIGNhc2UgJ0RlbGV0ZSc6XG4gICAgICByZXR1cm4gcmVxLlBoeXNpY2FsUmVzb3VyY2VJZDtcblxuICAgIGRlZmF1bHQ6XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoYEludmFsaWQgXCJSZXF1ZXN0VHlwZVwiIGluIHJlcXVlc3QgXCIke0pTT04uc3RyaW5naWZ5KHJlcSl9XCJgKTtcbiAgfVxufVxuIl19 \ No newline at end of file diff --git a/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/outbound.d.ts b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/outbound.d.ts new file mode 100644 index 0000000..f9571d8 --- /dev/null +++ b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/outbound.d.ts @@ -0,0 +1,10 @@ +/// +import * as https from 'https'; +import * as AWS from 'aws-sdk'; +declare function defaultHttpRequest(options: https.RequestOptions, responseBody: string): Promise; +declare function defaultStartExecution(req: AWS.StepFunctions.StartExecutionInput): Promise; +declare function defaultInvokeFunction(req: AWS.Lambda.InvocationRequest): Promise; +export declare let startExecution: typeof defaultStartExecution; +export declare let invokeFunction: typeof defaultInvokeFunction; +export declare let httpRequest: typeof defaultHttpRequest; +export {}; diff --git a/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/outbound.js b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/outbound.js new file mode 100644 index 0000000..70203dc --- /dev/null +++ b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/outbound.js @@ -0,0 +1,45 @@ +"use strict"; +Object.defineProperty(exports, "__esModule", { value: true }); +exports.httpRequest = exports.invokeFunction = exports.startExecution = void 0; +/* istanbul ignore file */ +const https = require("https"); +// eslint-disable-next-line import/no-extraneous-dependencies +const AWS = require("aws-sdk"); +const FRAMEWORK_HANDLER_TIMEOUT = 900000; // 15 minutes +// In order to honor the overall maximum timeout set for the target process, +// the default 2 minutes from AWS SDK has to be overriden: +// https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Config.html#httpOptions-property +const awsSdkConfig = { + httpOptions: { timeout: FRAMEWORK_HANDLER_TIMEOUT }, +}; +async function defaultHttpRequest(options, responseBody) { + return new Promise((resolve, reject) => { + try { + const request = https.request(options, resolve); + request.on('error', reject); + request.write(responseBody); + request.end(); + } + catch (e) { + reject(e); + } + }); +} +let sfn; +let lambda; +async function defaultStartExecution(req) { + if (!sfn) { + sfn = new AWS.StepFunctions(awsSdkConfig); + } + return sfn.startExecution(req).promise(); +} +async function defaultInvokeFunction(req) { + if (!lambda) { + lambda = new AWS.Lambda(awsSdkConfig); + } + return lambda.invoke(req).promise(); +} +exports.startExecution = defaultStartExecution; +exports.invokeFunction = defaultInvokeFunction; +exports.httpRequest = defaultHttpRequest; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib3V0Ym91bmQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJvdXRib3VuZC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSwwQkFBMEI7QUFDMUIsK0JBQStCO0FBQy9CLDZEQUE2RDtBQUM3RCwrQkFBK0I7QUFJL0IsTUFBTSx5QkFBeUIsR0FBRyxNQUFNLENBQUMsQ0FBQyxhQUFhO0FBRXZELDRFQUE0RTtBQUM1RSwwREFBMEQ7QUFDMUQsMkZBQTJGO0FBQzNGLE1BQU0sWUFBWSxHQUF5QjtJQUN6QyxXQUFXLEVBQUUsRUFBRSxPQUFPLEVBQUUseUJBQXlCLEVBQUU7Q0FDcEQsQ0FBQztBQUVGLEtBQUssVUFBVSxrQkFBa0IsQ0FBQyxPQUE2QixFQUFFLFlBQW9CO0lBQ25GLE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLEVBQUU7UUFDckMsSUFBSTtZQUNGLE1BQU0sT0FBTyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1lBQ2hELE9BQU8sQ0FBQyxFQUFFLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQzVCLE9BQU8sQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7WUFDNUIsT0FBTyxDQUFDLEdBQUcsRUFBRSxDQUFDO1NBQ2Y7UUFBQyxPQUFPLENBQUMsRUFBRTtZQUNWLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUNYO0lBQ0gsQ0FBQyxDQUFDLENBQUM7QUFDTCxDQUFDO0FBRUQsSUFBSSxHQUFzQixDQUFDO0FBQzNCLElBQUksTUFBa0IsQ0FBQztBQUV2QixLQUFLLFVBQVUscUJBQXFCLENBQUMsR0FBMEM7SUFDN0UsSUFBSSxDQUFDLEdBQUcsRUFBRTtRQUNSLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxhQUFhLENBQUMsWUFBWSxDQUFDLENBQUM7S0FDM0M7SUFFRCxPQUFPLEdBQUcsQ0FBQyxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7QUFDM0MsQ0FBQztBQUVELEtBQUssVUFBVSxxQkFBcUIsQ0FBQyxHQUFpQztJQUNwRSxJQUFJLENBQUMsTUFBTSxFQUFFO1FBQ1gsTUFBTSxHQUFHLElBQUksR0FBRyxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztLQUN2QztJQUVELE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FBQztBQUN0QyxDQUFDO0FBRVUsUUFBQSxjQUFjLEdBQUcscUJBQXFCLENBQUM7QUFDdkMsUUFBQSxjQUFjLEdBQUcscUJBQXFCLENBQUM7QUFDdkMsUUFBQSxXQUFXLEdBQUcsa0JBQWtCLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKiBpc3RhbmJ1bCBpZ25vcmUgZmlsZSAqL1xuaW1wb3J0ICogYXMgaHR0cHMgZnJvbSAnaHR0cHMnO1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0ICogYXMgQVdTIGZyb20gJ2F3cy1zZGsnO1xuLy8gZXNsaW50LWRpc2FibGUtbmV4dC1saW5lIGltcG9ydC9uby1leHRyYW5lb3VzLWRlcGVuZGVuY2llc1xuaW1wb3J0IHR5cGUgeyBDb25maWd1cmF0aW9uT3B0aW9ucyB9IGZyb20gJ2F3cy1zZGsvbGliL2NvbmZpZy1iYXNlJztcblxuY29uc3QgRlJBTUVXT1JLX0hBTkRMRVJfVElNRU9VVCA9IDkwMDAwMDsgLy8gMTUgbWludXRlc1xuXG4vLyBJbiBvcmRlciB0byBob25vciB0aGUgb3ZlcmFsbCBtYXhpbXVtIHRpbWVvdXQgc2V0IGZvciB0aGUgdGFyZ2V0IHByb2Nlc3MsXG4vLyB0aGUgZGVmYXVsdCAyIG1pbnV0ZXMgZnJvbSBBV1MgU0RLIGhhcyB0byBiZSBvdmVycmlkZW46XG4vLyBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy9sYXRlc3QvQVdTL0NvbmZpZy5odG1sI2h0dHBPcHRpb25zLXByb3BlcnR5XG5jb25zdCBhd3NTZGtDb25maWc6IENvbmZpZ3VyYXRpb25PcHRpb25zID0ge1xuICBodHRwT3B0aW9uczogeyB0aW1lb3V0OiBGUkFNRVdPUktfSEFORExFUl9USU1FT1VUIH0sXG59O1xuXG5hc3luYyBmdW5jdGlvbiBkZWZhdWx0SHR0cFJlcXVlc3Qob3B0aW9uczogaHR0cHMuUmVxdWVzdE9wdGlvbnMsIHJlc3BvbnNlQm9keTogc3RyaW5nKSB7XG4gIHJldHVybiBuZXcgUHJvbWlzZSgocmVzb2x2ZSwgcmVqZWN0KSA9PiB7XG4gICAgdHJ5IHtcbiAgICAgIGNvbnN0IHJlcXVlc3QgPSBodHRwcy5yZXF1ZXN0KG9wdGlvbnMsIHJlc29sdmUpO1xuICAgICAgcmVxdWVzdC5vbignZXJyb3InLCByZWplY3QpO1xuICAgICAgcmVxdWVzdC53cml0ZShyZXNwb25zZUJvZHkpO1xuICAgICAgcmVxdWVzdC5lbmQoKTtcbiAgICB9IGNhdGNoIChlKSB7XG4gICAgICByZWplY3QoZSk7XG4gICAgfVxuICB9KTtcbn1cblxubGV0IHNmbjogQVdTLlN0ZXBGdW5jdGlvbnM7XG5sZXQgbGFtYmRhOiBBV1MuTGFtYmRhO1xuXG5hc3luYyBmdW5jdGlvbiBkZWZhdWx0U3RhcnRFeGVjdXRpb24ocmVxOiBBV1MuU3RlcEZ1bmN0aW9ucy5TdGFydEV4ZWN1dGlvbklucHV0KTogUHJvbWlzZTxBV1MuU3RlcEZ1bmN0aW9ucy5TdGFydEV4ZWN1dGlvbk91dHB1dD4ge1xuICBpZiAoIXNmbikge1xuICAgIHNmbiA9IG5ldyBBV1MuU3RlcEZ1bmN0aW9ucyhhd3NTZGtDb25maWcpO1xuICB9XG5cbiAgcmV0dXJuIHNmbi5zdGFydEV4ZWN1dGlvbihyZXEpLnByb21pc2UoKTtcbn1cblxuYXN5bmMgZnVuY3Rpb24gZGVmYXVsdEludm9rZUZ1bmN0aW9uKHJlcTogQVdTLkxhbWJkYS5JbnZvY2F0aW9uUmVxdWVzdCk6IFByb21pc2U8QVdTLkxhbWJkYS5JbnZvY2F0aW9uUmVzcG9uc2U+IHtcbiAgaWYgKCFsYW1iZGEpIHtcbiAgICBsYW1iZGEgPSBuZXcgQVdTLkxhbWJkYShhd3NTZGtDb25maWcpO1xuICB9XG5cbiAgcmV0dXJuIGxhbWJkYS5pbnZva2UocmVxKS5wcm9taXNlKCk7XG59XG5cbmV4cG9ydCBsZXQgc3RhcnRFeGVjdXRpb24gPSBkZWZhdWx0U3RhcnRFeGVjdXRpb247XG5leHBvcnQgbGV0IGludm9rZUZ1bmN0aW9uID0gZGVmYXVsdEludm9rZUZ1bmN0aW9uO1xuZXhwb3J0IGxldCBodHRwUmVxdWVzdCA9IGRlZmF1bHRIdHRwUmVxdWVzdDtcbiJdfQ== \ No newline at end of file diff --git a/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/util.d.ts b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/util.d.ts new file mode 100644 index 0000000..c03a562 --- /dev/null +++ b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/util.d.ts @@ -0,0 +1,2 @@ +export declare function getEnv(name: string): string; +export declare function log(title: any, ...args: any[]): void; diff --git a/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/util.js b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/util.js new file mode 100644 index 0000000..ee4c6e9 --- /dev/null +++ b/test/default.integ.snapshot/asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c/util.js @@ -0,0 +1,17 @@ +"use strict"; +/* eslint-disable no-console */ +Object.defineProperty(exports, "__esModule", { value: true }); +exports.log = exports.getEnv = void 0; +function getEnv(name) { + const value = process.env[name]; + if (!value) { + throw new Error(`The environment variable "${name}" is not defined`); + } + return value; +} +exports.getEnv = getEnv; +function log(title, ...args) { + console.log('[provider-framework]', title, ...args.map(x => typeof (x) === 'object' ? JSON.stringify(x, undefined, 2) : x)); +} +exports.log = log; +//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInV0aWwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLCtCQUErQjs7O0FBRS9CLFNBQWdCLE1BQU0sQ0FBQyxJQUFZO0lBQ2pDLE1BQU0sS0FBSyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDaEMsSUFBSSxDQUFDLEtBQUssRUFBRTtRQUNWLE1BQU0sSUFBSSxLQUFLLENBQUMsNkJBQTZCLElBQUksa0JBQWtCLENBQUMsQ0FBQztLQUN0RTtJQUNELE9BQU8sS0FBSyxDQUFDO0FBQ2YsQ0FBQztBQU5ELHdCQU1DO0FBRUQsU0FBZ0IsR0FBRyxDQUFDLEtBQVUsRUFBRSxHQUFHLElBQVc7SUFDNUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxzQkFBc0IsRUFBRSxLQUFLLEVBQUUsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsT0FBTSxDQUFDLENBQUMsQ0FBQyxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0FBQzdILENBQUM7QUFGRCxrQkFFQyIsInNvdXJjZXNDb250ZW50IjpbIi8qIGVzbGludC1kaXNhYmxlIG5vLWNvbnNvbGUgKi9cblxuZXhwb3J0IGZ1bmN0aW9uIGdldEVudihuYW1lOiBzdHJpbmcpOiBzdHJpbmcge1xuICBjb25zdCB2YWx1ZSA9IHByb2Nlc3MuZW52W25hbWVdO1xuICBpZiAoIXZhbHVlKSB7XG4gICAgdGhyb3cgbmV3IEVycm9yKGBUaGUgZW52aXJvbm1lbnQgdmFyaWFibGUgXCIke25hbWV9XCIgaXMgbm90IGRlZmluZWRgKTtcbiAgfVxuICByZXR1cm4gdmFsdWU7XG59XG5cbmV4cG9ydCBmdW5jdGlvbiBsb2codGl0bGU6IGFueSwgLi4uYXJnczogYW55W10pIHtcbiAgY29uc29sZS5sb2coJ1twcm92aWRlci1mcmFtZXdvcmtdJywgdGl0bGUsIC4uLmFyZ3MubWFwKHggPT4gdHlwZW9mKHgpID09PSAnb2JqZWN0JyA/IEpTT04uc3RyaW5naWZ5KHgsIHVuZGVmaW5lZCwgMikgOiB4KSk7XG59XG4iXX0= \ No newline at end of file diff --git a/test/default.integ.snapshot/asset.d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.lambda/index.js b/test/default.integ.snapshot/asset.d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.lambda/index.js new file mode 100644 index 0000000..d7088de --- /dev/null +++ b/test/default.integ.snapshot/asset.d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.lambda/index.js @@ -0,0 +1,96 @@ +"use strict"; +var __create = Object.create; +var __defProp = Object.defineProperty; +var __getOwnPropDesc = Object.getOwnPropertyDescriptor; +var __getOwnPropNames = Object.getOwnPropertyNames; +var __getProtoOf = Object.getPrototypeOf; +var __hasOwnProp = Object.prototype.hasOwnProperty; +var __copyProps = (to, from, except, desc) => { + if (from && typeof from === "object" || typeof from === "function") { + for (let key of __getOwnPropNames(from)) + if (!__hasOwnProp.call(to, key) && key !== except) + __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable }); + } + return to; +}; +var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target, mod)); + +// src/wait.lambda.ts +var AWS = __toESM(require("aws-sdk")); +var rds = new AWS.RDS(); +var NotReady = class extends Error { + constructor() { + super("Not ready"); + this.name = "NotReady"; + } +}; +function checkStatus(status, source) { + for (const badStatus of ["stop", "delet", "fail", "incompatible", "inaccessible", "error"]) { + if (status.indexOf(badStatus) >= 0) { + throw new Error(`Invalid status ${status} for ${source}`); + } + } + throw new NotReady(); +} +function empty(obj) { + return obj === void 0 || obj === null || Object.keys(obj).length == 0; +} +exports.handler = async function(input) { + console.log(input); + if (input.resourceType == "snapshot" && input.snapshotIdentifier) { + let status; + if (input.isCluster) { + const snapshots = await rds.describeDBClusterSnapshots({ + DBClusterIdentifier: input.databaseIdentifier, + DBClusterSnapshotIdentifier: input.snapshotIdentifier + }).promise(); + console.log(snapshots); + if (!snapshots.DBClusterSnapshots || snapshots.DBClusterSnapshots.length != 1) { + throw new Error(`Unable to find snapshot ${input.snapshotIdentifier} of ${input.databaseIdentifier}`); + } + status = snapshots.DBClusterSnapshots[0].Status ?? ""; + } else { + const snapshots = await rds.describeDBSnapshots({ + DBInstanceIdentifier: input.databaseIdentifier, + DBSnapshotIdentifier: input.snapshotIdentifier + }).promise(); + console.log(snapshots); + if (!snapshots.DBSnapshots || snapshots.DBSnapshots.length != 1) { + throw new Error(`Unable to find snapshot ${input.snapshotIdentifier} of ${input.databaseIdentifier}`); + } + status = snapshots.DBSnapshots[0].Status ?? ""; + } + if (status == "available") { + return; + } + checkStatus(status, input.snapshotIdentifier); + } else if (input.resourceType == "cluster") { + const dbs = await rds.describeDBClusters({ + DBClusterIdentifier: input.databaseIdentifier + }).promise(); + console.log(dbs); + if (!dbs.DBClusters || dbs.DBClusters.length != 1) { + throw new Error(`Unable to find db clsuter ${input.databaseIdentifier}`); + } + const status = dbs.DBClusters[0].Status ?? ""; + if (status == "available" && empty(dbs.DBClusters[0].PendingModifiedValues)) { + return; + } + checkStatus(status, input.databaseIdentifier); + } else if (input.resourceType == "instance") { + const instances = await rds.describeDBInstances({ + DBInstanceIdentifier: input.databaseIdentifier + }).promise(); + console.log(instances); + if (!instances.DBInstances || instances.DBInstances.length != 1) { + throw new Error(`Unable to find db instance ${input.databaseIdentifier}`); + } + const status = instances.DBInstances[0].DBInstanceStatus ?? ""; + if (status == "available" && empty(instances.DBInstances[0].PendingModifiedValues)) { + return; + } + checkStatus(status, input.databaseIdentifier); + } else { + throw new Error("Bad parameters"); + } +}; diff --git a/test/default.integ.snapshot/manifest.json b/test/default.integ.snapshot/manifest.json new file mode 100644 index 0000000..ba2278c --- /dev/null +++ b/test/default.integ.snapshot/manifest.json @@ -0,0 +1,1347 @@ +{ + "version": "15.0.0", + "artifacts": { + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } + }, + "RDS-Sanitized-Snapshotter-VPC.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "RDS-Sanitized-Snapshotter-VPC.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "RDS-Sanitized-Snapshotter-VPC": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "RDS-Sanitized-Snapshotter-VPC.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/e1ad50fff358a4d76a975fbed49a11be9092a80929266a283050aeb617026a8a.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "RDS-Sanitized-Snapshotter-VPC.assets" + ] + }, + "dependencies": [ + "RDS-Sanitized-Snapshotter-VPC.assets" + ], + "metadata": { + "/RDS-Sanitized-Snapshotter-VPC/VPC/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCB9E5F0B4" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1SubnetB4246D30" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableFEE4B781" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1RouteTableAssociation0B0896DC" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1DefaultRoute91CEF279" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/EIP": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1EIP6AD938E8" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/NATGateway": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet1NATGatewayE0556630" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2Subnet74179F39" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTable6F1A15F1" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2RouteTableAssociation5A808732" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPublicSubnet2DefaultRouteB7481BBA" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1Subnet8BCA10E0" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableBE8A6027" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet1RouteTableAssociation347902D1" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTable0A19E10E" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCPrivateSubnet2RouteTableAssociation0C73D413" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIsolatedSubnet1SubnetEBD00FC6" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIsolatedSubnet1RouteTableEB156210" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIsolatedSubnet1RouteTableAssociationA2D18F7C" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIsolatedSubnet1DefaultRoute97D5523A" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2/Subnet": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIsolatedSubnet2Subnet4B1C8CAA" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2/RouteTable": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIsolatedSubnet2RouteTable9B4F78DC" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2/RouteTableAssociation": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIsolatedSubnet2RouteTableAssociation7BF8E0EB" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2/DefaultRoute": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIsolatedSubnet2DefaultRoute5D7CAC57" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/IGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCIGWB7E252D3" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/VPC/VPCGW": [ + { + "type": "aws:cdk:logicalId", + "data": "VPCVPCGW99B986DC" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/Exports/Output{\"Ref\":\"VPCIsolatedSubnet1SubnetEBD00FC6\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/Exports/Output{\"Ref\":\"VPCIsolatedSubnet2Subnet4B1C8CAA\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/Exports/Output{\"Ref\":\"VPCB9E5F0B4\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefVPCB9E5F0B4BD23A326" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/Exports/Output{\"Ref\":\"VPCPrivateSubnet1Subnet8BCA10E0\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/Exports/Output{\"Ref\":\"VPCPrivateSubnet2SubnetCFCDAA7A\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/RDS-Sanitized-Snapshotter-VPC/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "RDS-Sanitized-Snapshotter-VPC" + }, + "RDS-Sanitized-Snapshotter-RDS.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "RDS-Sanitized-Snapshotter-RDS.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "RDS-Sanitized-Snapshotter-RDS": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "RDS-Sanitized-Snapshotter-RDS.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/1775a9e74905e5fb316990d4feb676dd5e22557797d13181ba6a7e402e794fe9.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "RDS-Sanitized-Snapshotter-RDS.assets" + ] + }, + "dependencies": [ + "RDS-Sanitized-Snapshotter-VPC", + "RDS-Sanitized-Snapshotter-RDS.assets" + ], + "metadata": { + "/RDS-Sanitized-Snapshotter-RDS/MySQL Instance/SubnetGroup/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSubnetGroup2F3554B3" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/MySQL Instance/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSecurityGroupF67D2455" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/MySQL Instance/Secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSecret84563F6F" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/MySQL Instance/Secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSecretAttachmentD80E5663" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/MySQL Instance/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceA2499B9D" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Subnets/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSubnets30A4ABD4" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSecurityGroupBC9C8E26" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSecret06B35C31" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSecretAttachmentE3959A60" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterD5C73C33" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Instance1": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterInstance1C435F94D" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Key961B73FD" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Postgres Instance/SubnetGroup/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgresInstanceSubnetGroup539F8609" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Postgres Instance/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgresInstanceSecurityGroup08920A2A" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Postgres Instance/Secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgresInstanceSecret47B7DD5E" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Postgres Instance/Secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgresInstanceSecretAttachment5B3ACFDC" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Postgres Instance/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgresInstance8F00D2DD" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Subnets/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgresClusterSubnetsFC10D676" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/SecurityGroup/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgresClusterSecurityGroupA7EFBA97" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Secret/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgresClusterSecretEB353FC9" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Secret/Attachment/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgresClusterSecretAttachment0D03F96A" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgresCluster5A5B7BE8" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Instance1": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgresClusterInstance1A52CA01E" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Exports/Output{\"Ref\":\"MySQLInstanceA2499B9D\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Exports/Output{\"Ref\":\"MySQLClusterD5C73C33\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefMySQLClusterD5C73C3376F94030" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Exports/Output{\"Ref\":\"PostgresInstance8F00D2DD\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Exports/Output{\"Fn::GetAtt\":[\"Key961B73FD\",\"Arn\"]}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputFnGetAttKey961B73FDArn5A860C43" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/Exports/Output{\"Ref\":\"PostgresCluster5A5B7BE8\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/RDS-Sanitized-Snapshotter-RDS/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "RDS-Sanitized-Snapshotter-RDS" + }, + "RDS-Sanitized-Snapshotter-SFN.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "RDS-Sanitized-Snapshotter-SFN.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "RDS-Sanitized-Snapshotter-SFN": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "RDS-Sanitized-Snapshotter-SFN.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/17d658ef3bb9ea4c46d603253e8080f1c583bca7e2874fe7af1d36d989cacd2b.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "RDS-Sanitized-Snapshotter-SFN.assets" + ] + }, + "dependencies": [ + "RDS-Sanitized-Snapshotter-VPC", + "RDS-Sanitized-Snapshotter-RDS", + "RDS-Sanitized-Snapshotter-SFN.assets" + ], + "metadata": { + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/SG/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterSGC75DA465" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/SG/from RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1:ALL PORTS": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterSGfromRDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1ALLPORTSE497E70E" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Subnet group/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterSubnetgroup503CB3B3" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/cluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshottercluster86DF6015" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterparametersServiceRole0017B602" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterparametersServiceRoleDefaultPolicyD8BFD2E0" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterparameters53B0A6E1" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterparametersLogRetention879E313F" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterwaitServiceRoleDefaultPolicyE6063975" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterwait17927A95" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterwaitLogRetentionE2296216" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Logs/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterLogs55691739" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicy99EE7B1E" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy78800565" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Director/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterDirectorRoleE2669C80" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Director/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterDirectorRoleDefaultPolicyF62C2EC2" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Director/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLInstanceSnapshotterDirector69A6B7B4" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/SG/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterSGF5188D63" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/SG/from RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1:ALL PORTS": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterSGfromRDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1ALLPORTS9D3E93FA" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Subnet group/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterSubnetgroupF2F35C6A" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/cluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshottercluster9B2B4982" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterparametersServiceRole4959428F" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterparametersServiceRoleDefaultPolicy9544C62B" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterparametersAF9FF89F" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterparametersLogRetention49B4A2F1" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterwaitServiceRoleD1DB455D" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterwaitServiceRoleDefaultPolicy9E878AF7" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterwait73D57C6D" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterwaitLogRetention01D1F254" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Logs/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterLogs987A7E0A" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy109BFD8B" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyBFF6CA44" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Director/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterDirectorRole6035EB89" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Director/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterDirectorRoleDefaultPolicy78A869F9" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Director/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "MySQLClusterSnapshotterDirector73A14BB0" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/SG/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterSG97FD02BB" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/SG/from RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5A:ALL PORTS": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterSGfromRDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5AALLPORTSEF1B0737" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Subnet group/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/cluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshottercluster067EC069" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterparametersServiceRoleDefaultPolicy9C4B4594" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterparametersA0CF862A" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterparametersLogRetentionED632F48" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterwaitServiceRoleDefaultPolicy20C24234" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterwaitE64141BC" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterwaitLogRetentionB9508260" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Logs/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterLogsF028D514" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicyBC957120" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy9201194B" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Director/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterDirectorRole89143BB2" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Director/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterDirectorRoleDefaultPolicyC372C868" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Director/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLInstanceSnapshotterDirector22C6400C" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/Snapshot Key/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "SnapshotKey0EDEBDF6" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/SG/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterSG7FF985A8" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/SG/from RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838:ALL PORTS": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterSGfromRDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838ALLPORTS45F04871" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Subnet group/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/cluster/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterclusterD066B562" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterparametersServiceRoleDefaultPolicy82F25ECA" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterparameters25147BEC" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterparametersLogRetention51777008" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterwaitServiceRoleDefaultPolicyB7AEBC76" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterwait7A15A210" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterwaitLogRetention454520B8" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Logs/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterLogsD5C5A603" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy6066AB09" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/TaskRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/ExecutionRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyC9A9FEA1" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Director/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterDirectorRole38961E19" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Director/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterDirectorRoleDefaultPolicy6668829B" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Director/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "PostgreSQLClusterSnapshotterDirector864DA8F0" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/Exports/Output{\"Ref\":\"MySQLInstanceSnapshotterDirector69A6B7B4\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefMySQLInstanceSnapshotterDirector69A6B7B421EEFD9B" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/Exports/Output{\"Ref\":\"MySQLClusterSnapshotterDirector73A14BB0\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefMySQLClusterSnapshotterDirector73A14BB07F203611" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/Exports/Output{\"Ref\":\"PostgreSQLInstanceSnapshotterDirector22C6400C\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefPostgreSQLInstanceSnapshotterDirector22C6400CD7D4E9FC" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/Exports/Output{\"Ref\":\"PostgreSQLClusterSnapshotterDirector864DA8F0\"}": [ + { + "type": "aws:cdk:logicalId", + "data": "ExportsOutputRefPostgreSQLClusterSnapshotterDirector864DA8F006C62DA7" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/RDS-Sanitized-Snapshotter-SFN/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "RDS-Sanitized-Snapshotter-SFN" + }, + "RDS-Sanitized-Snapshotter-Test.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "RDS-Sanitized-Snapshotter-Test.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "RDS-Sanitized-Snapshotter-Test": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "RDS-Sanitized-Snapshotter-Test.template.json", + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/bb258c0c235df6983b581ef5f8fa23dd95cbab81e4841e2d128edd433a36235a.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "RDS-Sanitized-Snapshotter-Test.assets" + ] + }, + "dependencies": [ + "RDS-Sanitized-Snapshotter-SFN", + "RDS-Sanitized-Snapshotter-Test.assets" + ], + "metadata": { + "/RDS-Sanitized-Snapshotter-Test/Test/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestServiceRoleCF49002B" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Test/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestServiceRoleDefaultPolicyE51BF2AA" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Test/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Test7BFAF513" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Test/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "TestLogRetention7A4CD73F" + } + ], + "/RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ], + "/RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB" + } + ], + "/RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Wait/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "WaitServiceRole80F0B8D7" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Wait/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "WaitServiceRoleDefaultPolicy527907DE" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Wait/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Wait4449FB25" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Wait/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "WaitLogRetentionD0E6D74E" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonEventServiceRole9FF04296" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonEvent83C1D0A7" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonEventLogRetention74EACA97" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkisCompleteServiceRoleB1087139" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkisComplete26D7B0CB" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkisCompleteLogRetentionC7DBBE41" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/ServiceRole/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonTimeoutServiceRole28643D26" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonTimeout0B47CA38" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/LogRetention/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderframeworkonTimeoutLogRetentionE4EB0919" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/waiter-state-machine/Role/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderwaiterstatemachineRole0C7159F9" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/waiter-state-machine/Role/DefaultPolicy/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Provider/waiter-state-machine/Resource": [ + { + "type": "aws:cdk:logicalId", + "data": "Providerwaiterstatemachine5D4A9DF0" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Test MySQL Instance/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "TestMySQLInstance" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Test MySQL Cluster/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "TestMySQLCluster" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Test PostgreSQL Instance/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "TestPostgreSQLInstance" + } + ], + "/RDS-Sanitized-Snapshotter-Test/Test PostgreSQL Cluster/Default": [ + { + "type": "aws:cdk:logicalId", + "data": "TestPostgreSQLCluster" + } + ], + "/RDS-Sanitized-Snapshotter-Test/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/RDS-Sanitized-Snapshotter-Test/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "RDS-Sanitized-Snapshotter-Test" + } + } +} \ No newline at end of file diff --git a/test/default.integ.snapshot/tree.json b/test/default.integ.snapshot/tree.json new file mode 100644 index 0000000..8264a22 --- /dev/null +++ b/test/default.integ.snapshot/tree.json @@ -0,0 +1,12300 @@ +{ + "version": "tree-0.1", + "tree": { + "id": "App", + "path": "", + "children": { + "Tree": { + "id": "Tree", + "path": "Tree", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + }, + "RDS-Sanitized-Snapshotter-VPC": { + "id": "RDS-Sanitized-Snapshotter-VPC", + "path": "RDS-Sanitized-Snapshotter-VPC", + "children": { + "VPC": { + "id": "VPC", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPC", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/16", + "enableDnsHostnames": true, + "enableDnsSupport": true, + "instanceTenancy": "default", + "tags": [ + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPC", + "version": "2.0.0" + } + }, + "PublicSubnet1": { + "id": "PublicSubnet1", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.0.0/19", + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "2.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "2.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "2.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "2.0.0" + } + }, + "EIP": { + "id": "EIP", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/EIP", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::EIP", + "aws:cdk:cloudformation:props": { + "domain": "vpc", + "tags": [ + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnEIP", + "version": "2.0.0" + } + }, + "NATGateway": { + "id": "NATGateway", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1/NATGateway", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::NatGateway", + "aws:cdk:cloudformation:props": { + "subnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + }, + "allocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] + }, + "tags": [ + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnNatGateway", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "2.0.0" + } + }, + "PublicSubnet2": { + "id": "PublicSubnet2", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.32.0/19", + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "mapPublicIpOnLaunch": true, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Public" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Public" + }, + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "2.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "2.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "subnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "2.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" + }, + "destinationCidrBlock": "0.0.0.0/0", + "gatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PublicSubnet", + "version": "2.0.0" + } + }, + "PrivateSubnet1": { + "id": "PrivateSubnet1", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.64.0/19", + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Isolated" + }, + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "2.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "2.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "2.0.0" + } + }, + "PrivateSubnet2": { + "id": "PrivateSubnet2", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.96.0/19", + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Private" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Isolated" + }, + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "2.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "2.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" + }, + "subnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "2.0.0" + } + }, + "IsolatedSubnet1": { + "id": "IsolatedSubnet1", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1", + "children": { + "Subnet": { + "id": "Subnet", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.128.0/19", + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" + } + ] + }, + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Isolated" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "2.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "2.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCIsolatedSubnet1RouteTableEB156210" + }, + "subnetId": { + "Ref": "VPCIsolatedSubnet1SubnetEBD00FC6" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "2.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCIsolatedSubnet1RouteTableEB156210" + }, + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "2.0.0" + } + }, + "IsolatedSubnet2": { + "id": "IsolatedSubnet2", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2", + "children": { + "Subnet": { + "id": "Subnet", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2/Subnet", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Subnet", + "aws:cdk:cloudformation:props": { + "cidrBlock": "10.0.160.0/19", + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "availabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" + } + ] + }, + "mapPublicIpOnLaunch": false, + "tags": [ + { + "key": "aws-cdk:subnet-name", + "value": "Isolated" + }, + { + "key": "aws-cdk:subnet-type", + "value": "Private" + }, + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnet", + "version": "2.0.0" + } + }, + "Acl": { + "id": "Acl", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2/Acl", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + }, + "RouteTable": { + "id": "RouteTable", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2/RouteTable", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::RouteTable", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "tags": [ + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRouteTable", + "version": "2.0.0" + } + }, + "RouteTableAssociation": { + "id": "RouteTableAssociation", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2/RouteTableAssociation", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SubnetRouteTableAssociation", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCIsolatedSubnet2RouteTable9B4F78DC" + }, + "subnetId": { + "Ref": "VPCIsolatedSubnet2Subnet4B1C8CAA" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSubnetRouteTableAssociation", + "version": "2.0.0" + } + }, + "DefaultRoute": { + "id": "DefaultRoute", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2/DefaultRoute", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::Route", + "aws:cdk:cloudformation:props": { + "routeTableId": { + "Ref": "VPCIsolatedSubnet2RouteTable9B4F78DC" + }, + "destinationCidrBlock": "0.0.0.0/0", + "natGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnRoute", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.PrivateSubnet", + "version": "2.0.0" + } + }, + "IGW": { + "id": "IGW", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/IGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::InternetGateway", + "aws:cdk:cloudformation:props": { + "tags": [ + { + "key": "Name", + "value": "RDS-Sanitized-Snapshotter-VPC/VPC" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnInternetGateway", + "version": "2.0.0" + } + }, + "VPCGW": { + "id": "VPCGW", + "path": "RDS-Sanitized-Snapshotter-VPC/VPC/VPCGW", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::VPCGatewayAttachment", + "aws:cdk:cloudformation:props": { + "vpcId": { + "Ref": "VPCB9E5F0B4" + }, + "internetGatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnVPCGatewayAttachment", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.Vpc", + "version": "2.0.0" + } + }, + "Exports": { + "id": "Exports", + "path": "RDS-Sanitized-Snapshotter-VPC/Exports", + "children": { + "Output{\"Ref\":\"VPCIsolatedSubnet1SubnetEBD00FC6\"}": { + "id": "Output{\"Ref\":\"VPCIsolatedSubnet1SubnetEBD00FC6\"}", + "path": "RDS-Sanitized-Snapshotter-VPC/Exports/Output{\"Ref\":\"VPCIsolatedSubnet1SubnetEBD00FC6\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + }, + "Output{\"Ref\":\"VPCIsolatedSubnet2Subnet4B1C8CAA\"}": { + "id": "Output{\"Ref\":\"VPCIsolatedSubnet2Subnet4B1C8CAA\"}", + "path": "RDS-Sanitized-Snapshotter-VPC/Exports/Output{\"Ref\":\"VPCIsolatedSubnet2Subnet4B1C8CAA\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + }, + "Output{\"Ref\":\"VPCB9E5F0B4\"}": { + "id": "Output{\"Ref\":\"VPCB9E5F0B4\"}", + "path": "RDS-Sanitized-Snapshotter-VPC/Exports/Output{\"Ref\":\"VPCB9E5F0B4\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + }, + "Output{\"Ref\":\"VPCPrivateSubnet1Subnet8BCA10E0\"}": { + "id": "Output{\"Ref\":\"VPCPrivateSubnet1Subnet8BCA10E0\"}", + "path": "RDS-Sanitized-Snapshotter-VPC/Exports/Output{\"Ref\":\"VPCPrivateSubnet1Subnet8BCA10E0\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + }, + "Output{\"Ref\":\"VPCPrivateSubnet2SubnetCFCDAA7A\"}": { + "id": "Output{\"Ref\":\"VPCPrivateSubnet2SubnetCFCDAA7A\"}", + "path": "RDS-Sanitized-Snapshotter-VPC/Exports/Output{\"Ref\":\"VPCPrivateSubnet2SubnetCFCDAA7A\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "2.0.0" + } + }, + "RDS-Sanitized-Snapshotter-RDS": { + "id": "RDS-Sanitized-Snapshotter-RDS", + "path": "RDS-Sanitized-Snapshotter-RDS", + "children": { + "MySQL Instance": { + "id": "MySQL Instance", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Instance", + "children": { + "SubnetGroup": { + "id": "SubnetGroup", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Instance/SubnetGroup", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Instance/SubnetGroup/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Subnet group for MySQL Instance database", + "subnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", + "version": "2.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Instance/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Instance/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Security group for MySQL Instance database", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "2.0.0" + } + }, + "Secret": { + "id": "Secret", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Instance/Secret", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Instance/Secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"admin\"}", + "generateStringKey": "password", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", + "version": "2.0.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Instance/Secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Instance/Secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "MySQLInstanceSecret84563F6F" + }, + "targetId": { + "Ref": "MySQLInstanceA2499B9D" + }, + "targetType": "AWS::RDS::DBInstance" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Instance/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbInstanceClass": "db.t3.small", + "allocatedStorage": "100", + "backupRetentionPeriod": 0, + "copyTagsToSnapshot": true, + "dbSubnetGroupName": { + "Ref": "MySQLInstanceSubnetGroup2F3554B3" + }, + "deleteAutomatedBackups": true, + "engine": "mysql", + "engineVersion": "8.0", + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLInstanceSecret84563F6F" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLInstanceSecret84563F6F" + }, + ":SecretString:password::}}" + ] + ] + }, + "storageType": "gp2", + "vpcSecurityGroups": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSecurityGroupF67D2455", + "GroupId" + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseInstance", + "version": "2.0.0" + } + }, + "MySQL Cluster": { + "id": "MySQL Cluster", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster", + "children": { + "Subnets": { + "id": "Subnets", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Subnets", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Subnets/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Subnets for MySQL Cluster database", + "subnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", + "version": "2.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "RDS security group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "2.0.0" + } + }, + "AuroraMySqlDatabaseClusterEngineDefaultParameterGroup": { + "id": "AuroraMySqlDatabaseClusterEngineDefaultParameterGroup", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/AuroraMySqlDatabaseClusterEngineDefaultParameterGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + }, + "Secret": { + "id": "Secret", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Secret", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"admin\"}", + "generateStringKey": "password", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", + "version": "2.0.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "MySQLClusterSecret06B35C31" + }, + "targetId": { + "Ref": "MySQLClusterD5C73C33" + }, + "targetType": "AWS::RDS::DBCluster" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", + "aws:cdk:cloudformation:props": { + "engine": "aurora-mysql", + "backupRetentionPeriod": 1, + "copyTagsToSnapshot": true, + "dbClusterParameterGroupName": "default.aurora-mysql5.7", + "dbSubnetGroupName": { + "Ref": "MySQLClusterSubnets30A4ABD4" + }, + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLClusterSecret06B35C31" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLClusterSecret06B35C31" + }, + ":SecretString:password::}}" + ] + ] + }, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "MySQLClusterSecurityGroupBC9C8E26", + "GroupId" + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBCluster", + "version": "2.0.0" + } + }, + "Instance1": { + "id": "Instance1", + "path": "RDS-Sanitized-Snapshotter-RDS/MySQL Cluster/Instance1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbInstanceClass": "db.t3.medium", + "dbClusterIdentifier": { + "Ref": "MySQLClusterD5C73C33" + }, + "dbSubnetGroupName": { + "Ref": "MySQLClusterSubnets30A4ABD4" + }, + "engine": "aurora-mysql" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseCluster", + "version": "2.0.0" + } + }, + "Key": { + "id": "Key", + "path": "RDS-Sanitized-Snapshotter-RDS/Key", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "description": "RDS sanitize test source key" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "2.0.0" + } + }, + "Postgres Instance": { + "id": "Postgres Instance", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Instance", + "children": { + "SubnetGroup": { + "id": "SubnetGroup", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Instance/SubnetGroup", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Instance/SubnetGroup/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Subnet group for Postgres Instance database", + "subnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", + "version": "2.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Instance/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Instance/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Security group for Postgres Instance database", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "2.0.0" + } + }, + "Secret": { + "id": "Secret", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Instance/Secret", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Instance/Secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"postgres\"}", + "generateStringKey": "password", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", + "version": "2.0.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Instance/Secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Instance/Secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "PostgresInstanceSecret47B7DD5E" + }, + "targetId": { + "Ref": "PostgresInstance8F00D2DD" + }, + "targetType": "AWS::RDS::DBInstance" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Instance/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbInstanceClass": "db.t3.small", + "allocatedStorage": "100", + "backupRetentionPeriod": 0, + "copyTagsToSnapshot": true, + "dbSubnetGroupName": { + "Ref": "PostgresInstanceSubnetGroup539F8609" + }, + "deleteAutomatedBackups": true, + "engine": "postgres", + "engineVersion": "10", + "kmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresInstanceSecret47B7DD5E" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresInstanceSecret47B7DD5E" + }, + ":SecretString:password::}}" + ] + ] + }, + "storageEncrypted": true, + "storageType": "gp2", + "vpcSecurityGroups": [ + { + "Fn::GetAtt": [ + "PostgresInstanceSecurityGroup08920A2A", + "GroupId" + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseInstance", + "version": "2.0.0" + } + }, + "Postgres Cluster": { + "id": "Postgres Cluster", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster", + "children": { + "Subnets": { + "id": "Subnets", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Subnets", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Subnets/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Subnets for Postgres Cluster database", + "subnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", + "version": "2.0.0" + } + }, + "SecurityGroup": { + "id": "SecurityGroup", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/SecurityGroup", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/SecurityGroup/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "RDS security group", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "vpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "2.0.0" + } + }, + "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup": { + "id": "AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/AuroraPostgreSqlDatabaseClusterEngineDefaultParameterGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + }, + "Secret": { + "id": "Secret", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Secret", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Secret/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::Secret", + "aws:cdk:cloudformation:props": { + "description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] + }, + "generateSecretString": { + "passwordLength": 30, + "secretStringTemplate": "{\"username\":\"postgres\"}", + "generateStringKey": "password", + "excludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecret", + "version": "2.0.0" + } + }, + "Attachment": { + "id": "Attachment", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Secret/Attachment", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Secret/Attachment/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::SecretsManager::SecretTargetAttachment", + "aws:cdk:cloudformation:props": { + "secretId": { + "Ref": "PostgresClusterSecretEB353FC9" + }, + "targetId": { + "Ref": "PostgresCluster5A5B7BE8" + }, + "targetType": "AWS::RDS::DBCluster" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.CfnSecretTargetAttachment", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_secretsmanager.SecretTargetAttachment", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseSecret", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBCluster", + "aws:cdk:cloudformation:props": { + "engine": "aurora-postgresql", + "backupRetentionPeriod": 1, + "copyTagsToSnapshot": true, + "dbClusterParameterGroupName": "default.aurora-postgresql12", + "dbSubnetGroupName": { + "Ref": "PostgresClusterSubnetsFC10D676" + }, + "engineVersion": "12.4", + "kmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "masterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresClusterSecretEB353FC9" + }, + ":SecretString:username::}}" + ] + ] + }, + "masterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresClusterSecretEB353FC9" + }, + ":SecretString:password::}}" + ] + ] + }, + "port": 5432, + "storageEncrypted": true, + "vpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "PostgresClusterSecurityGroupA7EFBA97", + "GroupId" + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBCluster", + "version": "2.0.0" + } + }, + "Instance1": { + "id": "Instance1", + "path": "RDS-Sanitized-Snapshotter-RDS/Postgres Cluster/Instance1", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBInstance", + "aws:cdk:cloudformation:props": { + "dbInstanceClass": "db.t3.medium", + "dbClusterIdentifier": { + "Ref": "PostgresCluster5A5B7BE8" + }, + "dbSubnetGroupName": { + "Ref": "PostgresClusterSubnetsFC10D676" + }, + "engine": "aurora-postgresql", + "engineVersion": "12.4" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBInstance", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.DatabaseCluster", + "version": "2.0.0" + } + }, + "Exports": { + "id": "Exports", + "path": "RDS-Sanitized-Snapshotter-RDS/Exports", + "children": { + "Output{\"Ref\":\"MySQLInstanceA2499B9D\"}": { + "id": "Output{\"Ref\":\"MySQLInstanceA2499B9D\"}", + "path": "RDS-Sanitized-Snapshotter-RDS/Exports/Output{\"Ref\":\"MySQLInstanceA2499B9D\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + }, + "Output{\"Ref\":\"MySQLClusterD5C73C33\"}": { + "id": "Output{\"Ref\":\"MySQLClusterD5C73C33\"}", + "path": "RDS-Sanitized-Snapshotter-RDS/Exports/Output{\"Ref\":\"MySQLClusterD5C73C33\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + }, + "Output{\"Ref\":\"PostgresInstance8F00D2DD\"}": { + "id": "Output{\"Ref\":\"PostgresInstance8F00D2DD\"}", + "path": "RDS-Sanitized-Snapshotter-RDS/Exports/Output{\"Ref\":\"PostgresInstance8F00D2DD\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + }, + "Output{\"Fn::GetAtt\":[\"Key961B73FD\",\"Arn\"]}": { + "id": "Output{\"Fn::GetAtt\":[\"Key961B73FD\",\"Arn\"]}", + "path": "RDS-Sanitized-Snapshotter-RDS/Exports/Output{\"Fn::GetAtt\":[\"Key961B73FD\",\"Arn\"]}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + }, + "Output{\"Ref\":\"PostgresCluster5A5B7BE8\"}": { + "id": "Output{\"Ref\":\"PostgresCluster5A5B7BE8\"}", + "path": "RDS-Sanitized-Snapshotter-RDS/Exports/Output{\"Ref\":\"PostgresCluster5A5B7BE8\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "2.0.0" + } + }, + "RDS-Sanitized-Snapshotter-SFN": { + "id": "RDS-Sanitized-Snapshotter-SFN", + "path": "RDS-Sanitized-Snapshotter-SFN", + "children": { + "MySQL Instance Snapshotter": { + "id": "MySQL Instance Snapshotter", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter", + "children": { + "SG": { + "id": "SG", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/SG", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/SG/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Group for communication between sanitizing job and database", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "RDS-sanitized-snapshots" + } + ], + "vpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "2.0.0" + } + }, + "from RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1:ALL PORTS": { + "id": "from RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1:ALL PORTS", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/SG/from RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1:ALL PORTS", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "ipProtocol": "tcp", + "description": "from RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1:ALL PORTS", + "fromPort": 0, + "groupId": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "toPort": 65535 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "2.0.0" + } + }, + "Subnet group": { + "id": "Subnet group", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Subnet group", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Subnet group/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "subnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", + "version": "2.0.0" + } + }, + "cluster": { + "id": "cluster", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/cluster", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/cluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Cluster", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnCluster", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Cluster", + "version": "2.0.0" + } + }, + "parameters": { + "id": "parameters", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "MySQLInstanceSnapshotterparametersServiceRoleDefaultPolicyD8BFD2E0", + "roles": [ + { + "Ref": "MySQLInstanceSnapshotterparametersServiceRole0017B602" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.zip" + }, + "role": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterparametersServiceRole0017B602", + "Arn" + ] + }, + "description": "src/parameters.lambda.ts", + "environment": { + "variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/parameters/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "Get Parameters": { + "id": "Get Parameters", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Get Parameters", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Error Catcher": { + "id": "Error Catcher", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Error Catcher", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Parallel", + "version": "2.0.0" + } + }, + "Create Temporary Snapshot": { + "id": "Create Temporary Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Create Temporary Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "wait": { + "id": "wait", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:mysql-instance-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "MySQLInstanceSnapshotterwaitServiceRoleDefaultPolicyE6063975", + "roles": [ + { + "Ref": "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.zip" + }, + "role": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2", + "Arn" + ] + }, + "description": "src/wait.lambda.ts", + "environment": { + "variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/wait/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "Wait for Snapshot": { + "id": "Wait for Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Wait for Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Create Temporary Database": { + "id": "Create Temporary Database", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Create Temporary Database", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Temporary Database": { + "id": "Wait for Temporary Database", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Wait for Temporary Database", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Set Temporary Password": { + "id": "Set Temporary Password", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Set Temporary Password", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Temporary Password": { + "id": "Wait for Temporary Password", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Wait for Temporary Password", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Get Temporary Endpoint": { + "id": "Get Temporary Endpoint", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Get Temporary Endpoint", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Logs": { + "id": "Logs", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Logs", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Logs/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 30 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "2.0.0" + } + }, + "MySQL Task": { + "id": "MySQL Task", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/TaskRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "essential": false, + "image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "mountPoints": [ + { + "containerPath": "/root", + "readOnly": false, + "sourceVolume": "config" + } + ], + "name": "config", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "MySQLInstanceSnapshotterLogs55691739" + }, + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + }, + { + "command": [ + "mysql", + "-e", + "SELECT 1" + ], + "dependsOn": [ + { + "containerName": "config", + "condition": "SUCCESS" + } + ], + "essential": true, + "image": "public.ecr.aws/lts/mysql:latest", + "mountPoints": [ + { + "containerPath": "/root", + "readOnly": true, + "sourceVolume": "config" + } + ], + "name": "mysql", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "MySQLInstanceSnapshotterLogs55691739" + }, + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + } + ], + "cpu": "256", + "executionRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7", + "Arn" + ] + }, + "family": "RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterMySQLTask5753E21D", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36", + "Arn" + ] + }, + "volumes": [ + { + "host": {}, + "name": "config" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "2.0.0" + } + }, + "config": { + "id": "config", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/config", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/ExecutionRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterLogs55691739", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "MySQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicy99EE7B1E", + "roles": [ + { + "Ref": "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "mysql": { + "id": "mysql", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/MySQL Task/mysql", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", + "version": "2.0.0" + } + }, + "PostreSQL Task": { + "id": "PostreSQL Task", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/TaskRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "command": [ + "psql", + "-c", + "SELECT 1" + ], + "essential": true, + "image": "public.ecr.aws/lts/postgres:latest", + "name": "postgres", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "MySQLInstanceSnapshotterLogs55691739" + }, + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + } + ], + "cpu": "256", + "executionRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33", + "Arn" + ] + }, + "family": "RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterPostreSQLTask702D64B7", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "2.0.0" + } + }, + "postgres": { + "id": "postgres", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/postgres", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/ExecutionRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterLogs55691739", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "MySQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy78800565", + "roles": [ + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", + "version": "2.0.0" + } + }, + "Sanitize": { + "id": "Sanitize", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Sanitize", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Choice", + "version": "2.0.0" + } + }, + "Sanitize MySQL": { + "id": "Sanitize MySQL", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Sanitize MySQL", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTask", + "version": "2.0.0" + } + }, + "Sanitize Postgres": { + "id": "Sanitize Postgres", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Sanitize Postgres", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTask", + "version": "2.0.0" + } + }, + "Create Final Snapshot": { + "id": "Create Final Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Create Final Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Final Snapshot": { + "id": "Wait for Final Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Wait for Final Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Cleanup": { + "id": "Cleanup", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Cleanup", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Parallel", + "version": "2.0.0" + } + }, + "Temporary Snapshot": { + "id": "Temporary Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Temporary Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Temporary Database Instance": { + "id": "Temporary Database Instance", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Temporary Database Instance", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Director": { + "id": "Director", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Director", + "children": { + "Role": { + "id": "Role", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Director/Role", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Director/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Director/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Director/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterparameters53B0A6E1", + "Arn" + ] + } + }, + { + "Action": "rds:deleteDBSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + } + }, + { + "Action": "rds:restoreDBInstanceFromDBSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "MySQLInstanceSnapshotterSubnetgroup503CB3B3" + } + ] + ] + } + ] + }, + { + "Action": "rds:modifyDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:describeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33", + "Arn" + ] + } + ] + }, + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:mysql-instance-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "MySQLInstanceSnapshotterDirectorRoleDefaultPolicyF62C2EC2", + "roles": [ + { + "Ref": "MySQLInstanceSnapshotterDirectorRoleE2669C80" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Instance Snapshotter/Director/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::StepFunctions::StateMachine", + "aws:cdk:cloudformation:props": { + "roleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterDirectorRoleE2669C80", + "Arn" + ] + }, + "definitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterparameters53B0A6E1", + "Arn" + ] + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":false,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\",\"databaseKey\":\"\",\"snapshotPrefix\":\"mysql-instance-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.databaseIdentifier\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":false}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBInstanceFromDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "MySQLInstanceSnapshotterSubnetgroup503CB3B3" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Get Temporary Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbInstances[0].Endpoint.Address\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBInstances\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshottercluster86DF6015", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterMySQLTask5753E21D\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"DbSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshottercluster86DF6015", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterPostreSQLTask702D64B7\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":false}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBSnapshot\",\"Parameters\":{\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.CfnStateMachine", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.StateMachine", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a": { + "id": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a", + "path": "RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a", + "children": { + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:PutRetentionPolicy", + "logs:DeleteRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "roles": [ + { + "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + }, + "MySQL Cluster Snapshotter": { + "id": "MySQL Cluster Snapshotter", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter", + "children": { + "SG": { + "id": "SG", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/SG", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/SG/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Group for communication between sanitizing job and database", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "RDS-sanitized-snapshots" + } + ], + "vpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "2.0.0" + } + }, + "from RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1:ALL PORTS": { + "id": "from RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1:ALL PORTS", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/SG/from RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1:ALL PORTS", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "ipProtocol": "tcp", + "description": "from RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1:ALL PORTS", + "fromPort": 0, + "groupId": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "toPort": 65535 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "2.0.0" + } + }, + "Subnet group": { + "id": "Subnet group", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Subnet group", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Subnet group/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "subnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", + "version": "2.0.0" + } + }, + "cluster": { + "id": "cluster", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/cluster", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/cluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Cluster", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnCluster", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Cluster", + "version": "2.0.0" + } + }, + "parameters": { + "id": "parameters", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + } + ] + ] + } + }, + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "MySQLClusterSnapshotterparametersServiceRoleDefaultPolicy9544C62B", + "roles": [ + { + "Ref": "MySQLClusterSnapshotterparametersServiceRole4959428F" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.zip" + }, + "role": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterparametersServiceRole4959428F", + "Arn" + ] + }, + "description": "src/parameters.lambda.ts", + "environment": { + "variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/parameters/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "Get Parameters": { + "id": "Get Parameters", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Get Parameters", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Error Catcher": { + "id": "Error Catcher", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Error Catcher", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Parallel", + "version": "2.0.0" + } + }, + "Create Temporary Snapshot": { + "id": "Create Temporary Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Create Temporary Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "wait": { + "id": "wait", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:mysql-cluster-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "MySQLClusterSnapshotterwaitServiceRoleDefaultPolicy9E878AF7", + "roles": [ + { + "Ref": "MySQLClusterSnapshotterwaitServiceRoleD1DB455D" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.zip" + }, + "role": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwaitServiceRoleD1DB455D", + "Arn" + ] + }, + "description": "src/wait.lambda.ts", + "environment": { + "variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/wait/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "Wait for Snapshot": { + "id": "Wait for Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Wait for Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Create Temporary Database": { + "id": "Create Temporary Database", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Create Temporary Database", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Temporary Database": { + "id": "Wait for Temporary Database", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Wait for Temporary Database", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Set Temporary Password": { + "id": "Set Temporary Password", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Set Temporary Password", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Temporary Password": { + "id": "Wait for Temporary Password", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Wait for Temporary Password", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Create Temporary Instance": { + "id": "Create Temporary Instance", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Create Temporary Instance", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Temporary Instance": { + "id": "Wait for Temporary Instance", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Wait for Temporary Instance", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Get Temporary Cluster Endpoint": { + "id": "Get Temporary Cluster Endpoint", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Get Temporary Cluster Endpoint", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Logs": { + "id": "Logs", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Logs", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Logs/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 30 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "2.0.0" + } + }, + "MySQL Task": { + "id": "MySQL Task", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/TaskRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "essential": false, + "image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "mountPoints": [ + { + "containerPath": "/root", + "readOnly": false, + "sourceVolume": "config" + } + ], + "name": "config", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "MySQLClusterSnapshotterLogs987A7E0A" + }, + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + }, + { + "command": [ + "mysql", + "-e", + "SELECT 1" + ], + "dependsOn": [ + { + "containerName": "config", + "condition": "SUCCESS" + } + ], + "essential": true, + "image": "public.ecr.aws/lts/mysql:latest", + "mountPoints": [ + { + "containerPath": "/root", + "readOnly": true, + "sourceVolume": "config" + } + ], + "name": "mysql", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "MySQLClusterSnapshotterLogs987A7E0A" + }, + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + } + ], + "cpu": "256", + "executionRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA", + "Arn" + ] + }, + "family": "RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterMySQLTask813891E0", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027", + "Arn" + ] + }, + "volumes": [ + { + "host": {}, + "name": "config" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "2.0.0" + } + }, + "config": { + "id": "config", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/config", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/ExecutionRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterLogs987A7E0A", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "MySQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy109BFD8B", + "roles": [ + { + "Ref": "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "mysql": { + "id": "mysql", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/MySQL Task/mysql", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", + "version": "2.0.0" + } + }, + "PostreSQL Task": { + "id": "PostreSQL Task", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/TaskRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "command": [ + "psql", + "-c", + "SELECT 1" + ], + "essential": true, + "image": "public.ecr.aws/lts/postgres:latest", + "name": "postgres", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "MySQLClusterSnapshotterLogs987A7E0A" + }, + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + } + ], + "cpu": "256", + "executionRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0", + "Arn" + ] + }, + "family": "RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterPostreSQLTask8BE86494", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "2.0.0" + } + }, + "postgres": { + "id": "postgres", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/postgres", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/ExecutionRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterLogs987A7E0A", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "MySQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyBFF6CA44", + "roles": [ + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", + "version": "2.0.0" + } + }, + "Sanitize": { + "id": "Sanitize", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Sanitize", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Choice", + "version": "2.0.0" + } + }, + "Sanitize MySQL": { + "id": "Sanitize MySQL", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Sanitize MySQL", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTask", + "version": "2.0.0" + } + }, + "Sanitize Postgres": { + "id": "Sanitize Postgres", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Sanitize Postgres", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTask", + "version": "2.0.0" + } + }, + "Create Final Snapshot": { + "id": "Create Final Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Create Final Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Final Snapshot": { + "id": "Wait for Final Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Wait for Final Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Cleanup": { + "id": "Cleanup", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Cleanup", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Parallel", + "version": "2.0.0" + } + }, + "Temporary Snapshot": { + "id": "Temporary Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Temporary Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Temporary Database Instance": { + "id": "Temporary Database Instance", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Temporary Database Instance", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Temporary Database": { + "id": "Temporary Database", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Temporary Database", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Director": { + "id": "Director", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Director", + "children": { + "Role": { + "id": "Role", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Director/Role", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Director/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Director/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Director/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterparametersAF9FF89F", + "Arn" + ] + } + }, + { + "Action": "rds:deleteDBClusterSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBClusterSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + } + }, + { + "Action": "rds:restoreDBClusterFromSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "MySQLClusterSnapshotterSubnetgroupF2F35C6A" + } + ] + ] + } + ] + }, + { + "Action": "rds:modifyDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBInstance", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + }, + { + "Action": "rds:describeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0", + "Arn" + ] + } + ] + }, + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:mysql-cluster-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "MySQLClusterSnapshotterDirectorRoleDefaultPolicy78A869F9", + "roles": [ + { + "Ref": "MySQLClusterSnapshotterDirectorRole6035EB89" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/MySQL Cluster Snapshotter/Director/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::StepFunctions::StateMachine", + "aws:cdk:cloudformation:props": { + "roleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterDirectorRole6035EB89", + "Arn" + ] + }, + "definitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterparametersAF9FF89F", + "Arn" + ] + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":true,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\",\"databaseKey\":\"\",\"snapshotPrefix\":\"mysql-cluster-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.databaseIdentifier\",\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":true}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBClusterFromSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"SnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "MySQLClusterSnapshotterSubnetgroupF2F35C6A" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Create Temporary Instance\":{\"Next\":\"Wait for Temporary Instance\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbInstanceId\",\"isCluster\":true}},\"Get Temporary Cluster Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbClusters[0].Endpoint\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBClusters\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshottercluster9B2B4982", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterMySQLTask813891E0\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbClusterSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshottercluster9B2B4982", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterPostreSQLTask8BE86494\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":true}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"SkipFinalSnapshot\":true}}}},{\"StartAt\":\"Temporary Database\",\"States\":{\"Temporary Database\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.CfnStateMachine", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.StateMachine", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + }, + "PostgreSQL Instance Snapshotter": { + "id": "PostgreSQL Instance Snapshotter", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter", + "children": { + "SG": { + "id": "SG", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/SG", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/SG/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Group for communication between sanitizing job and database", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "RDS-sanitized-snapshots" + } + ], + "vpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "2.0.0" + } + }, + "from RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5A:ALL PORTS": { + "id": "from RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5A:ALL PORTS", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/SG/from RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5A:ALL PORTS", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "ipProtocol": "tcp", + "description": "from RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5A:ALL PORTS", + "fromPort": 0, + "groupId": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "toPort": 65535 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "2.0.0" + } + }, + "Subnet group": { + "id": "Subnet group", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Subnet group", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Subnet group/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "subnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", + "version": "2.0.0" + } + }, + "cluster": { + "id": "cluster", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/cluster", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/cluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Cluster", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnCluster", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Cluster", + "version": "2.0.0" + } + }, + "parameters": { + "id": "parameters", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + } + ] + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "PostgreSQLInstanceSnapshotterparametersServiceRoleDefaultPolicy9C4B4594", + "roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.zip" + }, + "role": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630", + "Arn" + ] + }, + "description": "src/parameters.lambda.ts", + "environment": { + "variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/parameters/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "Get Parameters": { + "id": "Get Parameters", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Get Parameters", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Error Catcher": { + "id": "Error Catcher", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Error Catcher", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Parallel", + "version": "2.0.0" + } + }, + "Create Temporary Snapshot": { + "id": "Create Temporary Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Create Temporary Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "wait": { + "id": "wait", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:psql-instance-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "PostgreSQLInstanceSnapshotterwaitServiceRoleDefaultPolicy20C24234", + "roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.zip" + }, + "role": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF", + "Arn" + ] + }, + "description": "src/wait.lambda.ts", + "environment": { + "variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/wait/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "Wait for Snapshot": { + "id": "Wait for Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Wait for Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Create Temporary Database": { + "id": "Create Temporary Database", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Create Temporary Database", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Temporary Database": { + "id": "Wait for Temporary Database", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Wait for Temporary Database", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Set Temporary Password": { + "id": "Set Temporary Password", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Set Temporary Password", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Temporary Password": { + "id": "Wait for Temporary Password", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Wait for Temporary Password", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Get Temporary Endpoint": { + "id": "Get Temporary Endpoint", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Get Temporary Endpoint", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Logs": { + "id": "Logs", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Logs", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Logs/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 30 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "2.0.0" + } + }, + "MySQL Task": { + "id": "MySQL Task", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/TaskRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "essential": false, + "image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "mountPoints": [ + { + "containerPath": "/root", + "readOnly": false, + "sourceVolume": "config" + } + ], + "name": "config", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" + }, + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + }, + { + "command": [ + "mysql", + "-e", + "SELECT 1" + ], + "dependsOn": [ + { + "containerName": "config", + "condition": "SUCCESS" + } + ], + "essential": true, + "image": "public.ecr.aws/lts/mysql:latest", + "mountPoints": [ + { + "containerPath": "/root", + "readOnly": true, + "sourceVolume": "config" + } + ], + "name": "mysql", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" + }, + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + } + ], + "cpu": "256", + "executionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF", + "Arn" + ] + }, + "family": "RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterMySQLTask1F6F549C", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11", + "Arn" + ] + }, + "volumes": [ + { + "host": {}, + "name": "config" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "2.0.0" + } + }, + "config": { + "id": "config", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/config", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/ExecutionRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterLogsF028D514", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicyBC957120", + "roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "mysql": { + "id": "mysql", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/MySQL Task/mysql", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", + "version": "2.0.0" + } + }, + "PostreSQL Task": { + "id": "PostreSQL Task", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/TaskRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "command": [ + "psql", + "-c", + "SELECT 1" + ], + "essential": true, + "image": "public.ecr.aws/lts/postgres:latest", + "name": "postgres", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" + }, + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + } + ], + "cpu": "256", + "executionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB", + "Arn" + ] + }, + "family": "RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterPostreSQLTask00FF05BB", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "2.0.0" + } + }, + "postgres": { + "id": "postgres", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/postgres", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/ExecutionRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterLogsF028D514", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy9201194B", + "roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", + "version": "2.0.0" + } + }, + "Sanitize": { + "id": "Sanitize", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Sanitize", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Choice", + "version": "2.0.0" + } + }, + "Sanitize MySQL": { + "id": "Sanitize MySQL", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Sanitize MySQL", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTask", + "version": "2.0.0" + } + }, + "Sanitize Postgres": { + "id": "Sanitize Postgres", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Sanitize Postgres", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTask", + "version": "2.0.0" + } + }, + "Create Final Snapshot": { + "id": "Create Final Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Create Final Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Final Snapshot": { + "id": "Wait for Final Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Wait for Final Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Cleanup": { + "id": "Cleanup", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Cleanup", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Parallel", + "version": "2.0.0" + } + }, + "Temporary Snapshot": { + "id": "Temporary Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Temporary Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Temporary Database Instance": { + "id": "Temporary Database Instance", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Temporary Database Instance", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Director": { + "id": "Director", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Director", + "children": { + "Role": { + "id": "Role", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Director/Role", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Director/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Director/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Director/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterparametersA0CF862A", + "Arn" + ] + } + }, + { + "Action": "rds:deleteDBSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + } + }, + { + "Action": "rds:restoreDBInstanceFromDBSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE" + } + ] + ] + } + ] + }, + { + "Action": "rds:modifyDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:describeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB", + "Arn" + ] + } + ] + }, + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:psql-instance-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "PostgreSQLInstanceSnapshotterDirectorRoleDefaultPolicyC372C868", + "roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterDirectorRole89143BB2" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Instance Snapshotter/Director/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::StepFunctions::StateMachine", + "aws:cdk:cloudformation:props": { + "roleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterDirectorRole89143BB2", + "Arn" + ] + }, + "definitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterparametersA0CF862A", + "Arn" + ] + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":false,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\",\"databaseKey\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + }, + "\",\"snapshotPrefix\":\"psql-instance-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.databaseIdentifier\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":false}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBInstanceFromDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Get Temporary Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbInstances[0].Endpoint.Address\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBInstances\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshottercluster067EC069", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterMySQLTask1F6F549C\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"DbSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshottercluster067EC069", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterPostreSQLTask00FF05BB\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":false}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBSnapshot\",\"Parameters\":{\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.CfnStateMachine", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.StateMachine", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + }, + "Snapshot Key": { + "id": "Snapshot Key", + "path": "RDS-Sanitized-Snapshotter-SFN/Snapshot Key", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/Snapshot Key/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::KMS::Key", + "aws:cdk:cloudformation:props": { + "keyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] + } + }, + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "description": "RDS sanitize test target key" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.CfnKey", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_kms.Key", + "version": "2.0.0" + } + }, + "PostgreSQL Cluster Snapshotter": { + "id": "PostgreSQL Cluster Snapshotter", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter", + "children": { + "SG": { + "id": "SG", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/SG", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/SG/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroup", + "aws:cdk:cloudformation:props": { + "groupDescription": "Group for communication between sanitizing job and database", + "securityGroupEgress": [ + { + "cidrIp": "0.0.0.0/0", + "description": "Allow all outbound traffic by default", + "ipProtocol": "-1" + } + ], + "tags": [ + { + "key": "Name", + "value": "RDS-sanitized-snapshots" + } + ], + "vpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroup", + "version": "2.0.0" + } + }, + "from RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838:ALL PORTS": { + "id": "from RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838:ALL PORTS", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/SG/from RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838:ALL PORTS", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::EC2::SecurityGroupIngress", + "aws:cdk:cloudformation:props": { + "ipProtocol": "tcp", + "description": "from RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838:ALL PORTS", + "fromPort": 0, + "groupId": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "sourceSecurityGroupId": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "toPort": 65535 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.CfnSecurityGroupIngress", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ec2.SecurityGroup", + "version": "2.0.0" + } + }, + "Subnet group": { + "id": "Subnet group", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Subnet group", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Subnet group/Default", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::RDS::DBSubnetGroup", + "aws:cdk:cloudformation:props": { + "dbSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "subnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.CfnDBSubnetGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_rds.SubnetGroup", + "version": "2.0.0" + } + }, + "cluster": { + "id": "cluster", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/cluster", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/cluster/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::Cluster", + "aws:cdk:cloudformation:props": {} + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnCluster", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.Cluster", + "version": "2.0.0" + } + }, + "parameters": { + "id": "parameters", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + } + ] + ] + } + }, + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "PostgreSQLClusterSnapshotterparametersServiceRoleDefaultPolicy82F25ECA", + "roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "5e08a52964205c51dc15c1078422e25f19c4e3cc9f4439bfdd0c465678fdaea7.zip" + }, + "role": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28", + "Arn" + ] + }, + "description": "src/parameters.lambda.ts", + "environment": { + "variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/parameters/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "Get Parameters": { + "id": "Get Parameters", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Get Parameters", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Error Catcher": { + "id": "Error Catcher", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Error Catcher", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Parallel", + "version": "2.0.0" + } + }, + "Create Temporary Snapshot": { + "id": "Create Temporary Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Create Temporary Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "wait": { + "id": "wait", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + } + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:psql-cluster-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + } + ], + "Version": "2012-10-17" + }, + "policyName": "PostgreSQLClusterSnapshotterwaitServiceRoleDefaultPolicyB7AEBC76", + "roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "d4509ed940a08b266940fe72858be370baed562318b4cb7d3e710fd42a5ecad6.zip" + }, + "role": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C", + "Arn" + ] + }, + "description": "src/wait.lambda.ts", + "environment": { + "variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/wait/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "Wait for Snapshot": { + "id": "Wait for Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Wait for Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Re-encrypt Snapshot": { + "id": "Re-encrypt Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Re-encrypt Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Re-encrypt": { + "id": "Wait for Re-encrypt", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Wait for Re-encrypt", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Create Temporary Database": { + "id": "Create Temporary Database", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Create Temporary Database", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Temporary Database": { + "id": "Wait for Temporary Database", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Wait for Temporary Database", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Set Temporary Password": { + "id": "Set Temporary Password", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Set Temporary Password", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Temporary Password": { + "id": "Wait for Temporary Password", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Wait for Temporary Password", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Create Temporary Instance": { + "id": "Create Temporary Instance", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Create Temporary Instance", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Temporary Instance": { + "id": "Wait for Temporary Instance", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Wait for Temporary Instance", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Get Temporary Cluster Endpoint": { + "id": "Get Temporary Cluster Endpoint", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Get Temporary Cluster Endpoint", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Logs": { + "id": "Logs", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Logs", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Logs/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Logs::LogGroup", + "aws:cdk:cloudformation:props": { + "retentionInDays": 30 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.CfnLogGroup", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogGroup", + "version": "2.0.0" + } + }, + "MySQL Task": { + "id": "MySQL Task", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/TaskRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "essential": false, + "image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "mountPoints": [ + { + "containerPath": "/root", + "readOnly": false, + "sourceVolume": "config" + } + ], + "name": "config", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" + }, + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + }, + { + "command": [ + "mysql", + "-e", + "SELECT 1" + ], + "dependsOn": [ + { + "containerName": "config", + "condition": "SUCCESS" + } + ], + "essential": true, + "image": "public.ecr.aws/lts/mysql:latest", + "mountPoints": [ + { + "containerPath": "/root", + "readOnly": true, + "sourceVolume": "config" + } + ], + "name": "mysql", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" + }, + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + } + ], + "cpu": "256", + "executionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B", + "Arn" + ] + }, + "family": "RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterMySQLTask9865F232", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904", + "Arn" + ] + }, + "volumes": [ + { + "host": {}, + "name": "config" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "2.0.0" + } + }, + "config": { + "id": "config", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/config", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/ExecutionRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterLogsD5C5A603", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "PostgreSQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy6066AB09", + "roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "mysql": { + "id": "mysql", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/MySQL Task/mysql", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", + "version": "2.0.0" + } + }, + "PostreSQL Task": { + "id": "PostreSQL Task", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task", + "children": { + "TaskRole": { + "id": "TaskRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/TaskRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/TaskRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::ECS::TaskDefinition", + "aws:cdk:cloudformation:props": { + "containerDefinitions": [ + { + "command": [ + "psql", + "-c", + "SELECT 1" + ], + "essential": true, + "image": "public.ecr.aws/lts/postgres:latest", + "name": "postgres", + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-group": { + "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" + }, + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + } + } + ], + "cpu": "256", + "executionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24", + "Arn" + ] + }, + "family": "RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterPostreSQLTask914B7835", + "memory": "512", + "networkMode": "awsvpc", + "requiresCompatibilities": [ + "FARGATE" + ], + "taskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360", + "Arn" + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.CfnTaskDefinition", + "version": "2.0.0" + } + }, + "postgres": { + "id": "postgres", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/postgres", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.ContainerDefinition", + "version": "2.0.0" + } + }, + "ExecutionRole": { + "id": "ExecutionRole", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/ExecutionRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/ExecutionRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/PostreSQL Task/ExecutionRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterLogsD5C5A603", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyC9A9FEA1", + "roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_ecs.FargateTaskDefinition", + "version": "2.0.0" + } + }, + "Sanitize": { + "id": "Sanitize", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Sanitize", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Choice", + "version": "2.0.0" + } + }, + "Sanitize MySQL": { + "id": "Sanitize MySQL", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Sanitize MySQL", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTask", + "version": "2.0.0" + } + }, + "Sanitize Postgres": { + "id": "Sanitize Postgres", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Sanitize Postgres", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.EcsRunTask", + "version": "2.0.0" + } + }, + "Create Final Snapshot": { + "id": "Create Final Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Create Final Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Wait for Final Snapshot": { + "id": "Wait for Final Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Wait for Final Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.LambdaInvoke", + "version": "2.0.0" + } + }, + "Cleanup": { + "id": "Cleanup", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Cleanup", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.Parallel", + "version": "2.0.0" + } + }, + "Temporary Snapshot": { + "id": "Temporary Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Temporary Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Re-encrypted Snapshot": { + "id": "Re-encrypted Snapshot", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Re-encrypted Snapshot", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Temporary Database Instance": { + "id": "Temporary Database Instance", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Temporary Database Instance", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Temporary Database": { + "id": "Temporary Database", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Temporary Database", + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions_tasks.CallAwsService", + "version": "2.0.0" + } + }, + "Director": { + "id": "Director", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Director", + "children": { + "Role": { + "id": "Role", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Director/Role", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Director/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Director/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Director/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterparameters25147BEC", + "Arn" + ] + } + }, + { + "Action": "rds:deleteDBClusterSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBClusterSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + } + }, + { + "Action": "rds:copyDBClusterSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:restoreDBClusterFromSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3" + } + ] + ] + } + ] + }, + { + "Action": "rds:modifyDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBInstance", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] + }, + { + "Action": "rds:describeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] + } + ] + } + ] + } + ] + } + ] + ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24", + "Arn" + ] + } + ] + }, + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:psql-cluster-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + ] + }, + { + "Action": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "SnapshotKey0EDEBDF6", + "Arn" + ] + } + }, + { + "Action": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "PostgreSQLClusterSnapshotterDirectorRoleDefaultPolicy6668829B", + "roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterDirectorRole38961E19" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-SFN/PostgreSQL Cluster Snapshotter/Director/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::StepFunctions::StateMachine", + "aws:cdk:cloudformation:props": { + "roleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterDirectorRole38961E19", + "Arn" + ] + }, + "definitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterparameters25147BEC", + "Arn" + ] + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":true,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\",\"databaseKey\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + }, + "\",\"snapshotPrefix\":\"psql-cluster-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.databaseIdentifier\",\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Re-encrypt Snapshot\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":true}},\"Re-encrypt Snapshot\":{\"Next\":\"Wait for Re-encrypt\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:copyDBClusterSnapshot\",\"Parameters\":{\"SourceDBClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"TargetDBClusterSnapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"KmsKeyId\":\"", + { + "Ref": "SnapshotKey0EDEBDF6" + }, + "\",\"CopyTags\":false,\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"}]}},\"Wait for Re-encrypt\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"isCluster\":true}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBClusterFromSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"SnapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Create Temporary Instance\":{\"Next\":\"Wait for Temporary Instance\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbInstanceId\",\"isCluster\":true}},\"Get Temporary Cluster Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbClusters[0].Endpoint\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBClusters\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterclusterD066B562", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterMySQLTask9865F232\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbClusterSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterclusterD066B562", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterPostreSQLTask914B7835\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":true}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Re-encrypted Snapshot\",\"States\":{\"Re-encrypted Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempEncSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"SkipFinalSnapshot\":true}}}},{\"StartAt\":\"Temporary Database\",\"States\":{\"Temporary Database\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.CfnStateMachine", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_stepfunctions.StateMachine", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + }, + "Exports": { + "id": "Exports", + "path": "RDS-Sanitized-Snapshotter-SFN/Exports", + "children": { + "Output{\"Ref\":\"MySQLInstanceSnapshotterDirector69A6B7B4\"}": { + "id": "Output{\"Ref\":\"MySQLInstanceSnapshotterDirector69A6B7B4\"}", + "path": "RDS-Sanitized-Snapshotter-SFN/Exports/Output{\"Ref\":\"MySQLInstanceSnapshotterDirector69A6B7B4\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + }, + "Output{\"Ref\":\"MySQLClusterSnapshotterDirector73A14BB0\"}": { + "id": "Output{\"Ref\":\"MySQLClusterSnapshotterDirector73A14BB0\"}", + "path": "RDS-Sanitized-Snapshotter-SFN/Exports/Output{\"Ref\":\"MySQLClusterSnapshotterDirector73A14BB0\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + }, + "Output{\"Ref\":\"PostgreSQLInstanceSnapshotterDirector22C6400C\"}": { + "id": "Output{\"Ref\":\"PostgreSQLInstanceSnapshotterDirector22C6400C\"}", + "path": "RDS-Sanitized-Snapshotter-SFN/Exports/Output{\"Ref\":\"PostgreSQLInstanceSnapshotterDirector22C6400C\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + }, + "Output{\"Ref\":\"PostgreSQLClusterSnapshotterDirector864DA8F0\"}": { + "id": "Output{\"Ref\":\"PostgreSQLClusterSnapshotterDirector864DA8F0\"}", + "path": "RDS-Sanitized-Snapshotter-SFN/Exports/Output{\"Ref\":\"PostgreSQLClusterSnapshotterDirector864DA8F0\"}", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnOutput", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "2.0.0" + } + }, + "RDS-Sanitized-Snapshotter-Test": { + "id": "RDS-Sanitized-Snapshotter-Test", + "path": "RDS-Sanitized-Snapshotter-Test", + "children": { + "Test": { + "id": "Test", + "path": "RDS-Sanitized-Snapshotter-Test/Test", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-Test/Test/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Test/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-Test/Test/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Test/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "states:StartExecution", + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "TestServiceRoleDefaultPolicyE51BF2AA", + "roles": [ + { + "Ref": "TestServiceRoleCF49002B" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-Test/Test/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-Test/Test/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-Test/Test/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-Test/Test/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Test/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "3446fd82a47f49c558b2de9e42f2d88af4e265e9712bf45b83f5025d7fc27879.zip" + }, + "role": { + "Fn::GetAtt": [ + "TestServiceRoleCF49002B", + "Arn" + ] + }, + "description": "src/test.lambda.ts", + "environment": { + "variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "handler": "index.handler", + "runtime": "nodejs14.x" + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-Test/Test/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Test/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-Test/Test/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a": { + "id": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a", + "path": "RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a", + "children": { + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "logs:PutRetentionPolicy", + "logs:DeleteRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "roles": [ + { + "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8a/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + }, + "Wait": { + "id": "Wait", + "path": "RDS-Sanitized-Snapshotter-Test/Wait", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeExecution", + "rds:describeDBClusterSnapshots", + "rds:DeleteDBClusterSnapshot", + "rds:DescribeDBSnapshots", + "rds:DeleteDBSnapshot" + ], + "Effect": "Allow", + "Resource": "*" + } + ], + "Version": "2012-10-17" + }, + "policyName": "WaitServiceRoleDefaultPolicy527907DE", + "roles": [ + { + "Ref": "WaitServiceRole80F0B8D7" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "6fd57284276a7ee493422fefa53053d288e54e22ba62cc2c03e53c2590c9d28d.zip" + }, + "role": { + "Fn::GetAtt": [ + "WaitServiceRole80F0B8D7", + "Arn" + ] + }, + "description": "src/test-wait.lambda.ts", + "environment": { + "variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "handler": "index.handler", + "runtime": "nodejs14.x", + "timeout": 180 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-Test/Wait/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "Provider": { + "id": "Provider", + "path": "RDS-Sanitized-Snapshotter-Test/Provider", + "children": { + "framework-onEvent": { + "id": "framework-onEvent", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + } + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + } + }, + { + "Action": "states:StartExecution", + "Effect": "Allow", + "Resource": { + "Ref": "Providerwaiterstatemachine5D4A9DF0" + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", + "roles": [ + { + "Ref": "ProviderframeworkonEventServiceRole9FF04296" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip" + }, + "role": { + "Fn::GetAtt": [ + "ProviderframeworkonEventServiceRole9FF04296", + "Arn" + ] + }, + "description": "AWS CDK resource provider framework - onEvent (RDS-Sanitized-Snapshotter-Test/Provider)", + "environment": { + "variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + }, + "WAITER_STATE_MACHINE_ARN": { + "Ref": "Providerwaiterstatemachine5D4A9DF0" + } + } + }, + "handler": "framework.onEvent", + "runtime": "nodejs12.x", + "timeout": 900 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onEvent/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "framework-isComplete": { + "id": "framework-isComplete", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + } + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", + "roles": [ + { + "Ref": "ProviderframeworkisCompleteServiceRoleB1087139" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip" + }, + "role": { + "Fn::GetAtt": [ + "ProviderframeworkisCompleteServiceRoleB1087139", + "Arn" + ] + }, + "description": "AWS CDK resource provider framework - isComplete (RDS-Sanitized-Snapshotter-Test/Provider)", + "environment": { + "variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + } + } + }, + "handler": "framework.isComplete", + "runtime": "nodejs12.x", + "timeout": 900 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-isComplete/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "framework-onTimeout": { + "id": "framework-onTimeout", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout", + "children": { + "ServiceRole": { + "id": "ServiceRole", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/ServiceRole", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/ServiceRole/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "managedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/ServiceRole/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/ServiceRole/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + } + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", + "roles": [ + { + "Ref": "ProviderframeworkonTimeoutServiceRole28643D26" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Code": { + "id": "Code", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/Code", + "children": { + "Stage": { + "id": "Stage", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/Code/Stage", + "constructInfo": { + "fqn": "aws-cdk-lib.AssetStaging", + "version": "2.0.0" + } + }, + "AssetBucket": { + "id": "AssetBucket", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/Code/AssetBucket", + "children": { + "Notifications": { + "id": "Notifications", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/Code/AssetBucket/Notifications", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3.BucketBase", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_s3_assets.Asset", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::Lambda::Function", + "aws:cdk:cloudformation:props": { + "code": { + "s3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "s3Key": "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip" + }, + "role": { + "Fn::GetAtt": [ + "ProviderframeworkonTimeoutServiceRole28643D26", + "Arn" + ] + }, + "description": "AWS CDK resource provider framework - onTimeout (RDS-Sanitized-Snapshotter-Test/Provider)", + "environment": { + "variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + } + } + }, + "handler": "framework.onTimeout", + "runtime": "nodejs12.x", + "timeout": 900 + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.CfnFunction", + "version": "2.0.0" + } + }, + "LogRetention": { + "id": "LogRetention", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/LogRetention", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/LogRetention/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_logs.LogRetention", + "version": "2.0.0" + } + }, + "LogGroup": { + "id": "LogGroup", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/framework-onTimeout/LogGroup", + "constructInfo": { + "fqn": "aws-cdk-lib.Resource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_lambda.Function", + "version": "2.0.0" + } + }, + "waiter-state-machine": { + "id": "waiter-state-machine", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/waiter-state-machine", + "children": { + "Role": { + "id": "Role", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/waiter-state-machine/Role", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/waiter-state-machine/Role/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Role", + "aws:cdk:cloudformation:props": { + "assumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "states.", + { + "Ref": "AWS::Region" + }, + ".amazonaws.com" + ] + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnRole", + "version": "2.0.0" + } + }, + "DefaultPolicy": { + "id": "DefaultPolicy", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/waiter-state-machine/Role/DefaultPolicy", + "children": { + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/waiter-state-machine/Role/DefaultPolicy/Resource", + "attributes": { + "aws:cdk:cloudformation:type": "AWS::IAM::Policy", + "aws:cdk:cloudformation:props": { + "policyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ProviderframeworkisComplete26D7B0CB", + "Arn" + ] + } + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "ProviderframeworkonTimeout0B47CA38", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "policyName": "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", + "roles": [ + { + "Ref": "ProviderwaiterstatemachineRole0C7159F9" + } + ] + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.CfnPolicy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Policy", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.aws_iam.Role", + "version": "2.0.0" + } + }, + "Resource": { + "id": "Resource", + "path": "RDS-Sanitized-Snapshotter-Test/Provider/waiter-state-machine/Resource", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.0.5" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.custom_resources.Provider", + "version": "2.0.0" + } + }, + "Test MySQL Instance": { + "id": "Test MySQL Instance", + "path": "RDS-Sanitized-Snapshotter-Test/Test MySQL Instance", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-Test/Test MySQL Instance/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "2.0.0" + } + }, + "Test MySQL Cluster": { + "id": "Test MySQL Cluster", + "path": "RDS-Sanitized-Snapshotter-Test/Test MySQL Cluster", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-Test/Test MySQL Cluster/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "2.0.0" + } + }, + "Test PostgreSQL Instance": { + "id": "Test PostgreSQL Instance", + "path": "RDS-Sanitized-Snapshotter-Test/Test PostgreSQL Instance", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-Test/Test PostgreSQL Instance/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "2.0.0" + } + }, + "Test PostgreSQL Cluster": { + "id": "Test PostgreSQL Cluster", + "path": "RDS-Sanitized-Snapshotter-Test/Test PostgreSQL Cluster", + "children": { + "Default": { + "id": "Default", + "path": "RDS-Sanitized-Snapshotter-Test/Test PostgreSQL Cluster/Default", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.CustomResource", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "2.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.App", + "version": "2.0.0" + } + } +} \ No newline at end of file