diff --git a/.projen/deps.json b/.projen/deps.json index 40fa4a1..c01bb67 100644 --- a/.projen/deps.json +++ b/.projen/deps.json @@ -1,7 +1,15 @@ { "dependencies": [ { - "name": "@aws-sdk/types", + "name": "@aws-sdk/client-rds", + "type": "build" + }, + { + "name": "@aws-sdk/client-resource-groups-tagging-api", + "type": "build" + }, + { + "name": "@aws-sdk/client-sfn", "type": "build" }, { @@ -33,10 +41,6 @@ "version": "^2", "type": "build" }, - { - "name": "aws-sdk", - "type": "build" - }, { "name": "esbuild", "type": "build" @@ -129,7 +133,7 @@ }, { "name": "aws-cdk-lib", - "version": "^2.0.0", + "version": "^2.85.0", "type": "peer" }, { diff --git a/.projen/tasks.json b/.projen/tasks.json index 1ad12f4..e228969 100644 --- a/.projen/tasks.json +++ b/.projen/tasks.json @@ -504,13 +504,13 @@ "exec": "yarn upgrade npm-check-updates" }, { - "exec": "npm-check-updates --upgrade --target=minor --peer --dep=dev,peer,prod,optional --filter=@aws-sdk/types,@types/aws-lambda,@types/jest,@types/node,@typescript-eslint/eslint-plugin,@typescript-eslint/parser,aws-cdk,aws-sdk,esbuild,eslint-import-resolver-node,eslint-import-resolver-typescript,eslint-plugin-import,eslint,jest-junit,jest,jsii-diff,jsii-docgen,jsii-pacmak,npm-check-updates,projen,standard-version,ts-jest,ts-node,typescript,aws-cdk-lib,constructs" + "exec": "npm-check-updates --upgrade --target=minor --peer --dep=dev,peer,prod,optional --filter=@aws-sdk/client-rds,@aws-sdk/client-resource-groups-tagging-api,@aws-sdk/client-sfn,@types/aws-lambda,@types/jest,@types/node,@typescript-eslint/eslint-plugin,@typescript-eslint/parser,aws-cdk,esbuild,eslint-import-resolver-node,eslint-import-resolver-typescript,eslint-plugin-import,eslint,jest-junit,jest,jsii-diff,jsii-docgen,jsii-pacmak,npm-check-updates,projen,standard-version,ts-jest,ts-node,typescript,aws-cdk-lib,constructs" }, { "exec": "yarn install --check-files" }, { - "exec": "yarn upgrade @aws-sdk/types @types/aws-lambda @types/jest @types/node @typescript-eslint/eslint-plugin @typescript-eslint/parser aws-cdk aws-sdk esbuild eslint-import-resolver-node eslint-import-resolver-typescript eslint-plugin-import eslint jest-junit jest jsii-diff jsii-docgen jsii-pacmak npm-check-updates projen standard-version ts-jest ts-node typescript aws-cdk-lib constructs" + "exec": "yarn upgrade @aws-sdk/client-rds @aws-sdk/client-resource-groups-tagging-api @aws-sdk/client-sfn @types/aws-lambda @types/jest @types/node @typescript-eslint/eslint-plugin @typescript-eslint/parser aws-cdk esbuild eslint-import-resolver-node eslint-import-resolver-typescript eslint-plugin-import eslint jest-junit jest jsii-diff jsii-docgen jsii-pacmak npm-check-updates projen standard-version ts-jest ts-node typescript aws-cdk-lib constructs" }, { "exec": "npx projen" diff --git a/.projenrc.js b/.projenrc.js index 4cb9435..6cbd222 100644 --- a/.projenrc.js +++ b/.projenrc.js @@ -5,7 +5,7 @@ const project = new awscdk.AwsCdkConstructLibrary({ author: 'Amir Szekely', authorAddress: 'amir@cloudsnorkel.com', stability: Stability.EXPERIMENTAL, - cdkVersion: '2.0.0', + cdkVersion: '2.85.0', // for no more deprecated nodejs 14 in integration test defaultReleaseBranch: 'main', name: '@cloudsnorkel/cdk-rds-sanitized-snapshots', repositoryUrl: 'https://github.com/CloudSnorkel/cdk-rds-sanitized-snapshots.git', @@ -13,8 +13,9 @@ const project = new awscdk.AwsCdkConstructLibrary({ description: 'CDK construct to periodically take snapshots of RDS databases, sanitize them, and share with selected accounts.', devDeps: [ 'esbuild', // for faster NodejsFunction bundling - 'aws-sdk', - '@aws-sdk/types', + '@aws-sdk/client-resource-groups-tagging-api', + '@aws-sdk/client-rds', + '@aws-sdk/client-sfn', '@types/aws-lambda', ], deps: [ diff --git a/package.json b/package.json index 1584405..5dc5295 100644 --- a/package.json +++ b/package.json @@ -56,15 +56,16 @@ "organization": false }, "devDependencies": { - "@aws-sdk/types": "^3.433.0", - "@types/aws-lambda": "^8.10.125", + "@aws-sdk/client-rds": "^3.438.0", + "@aws-sdk/client-resource-groups-tagging-api": "^3.438.0", + "@aws-sdk/client-sfn": "^3.438.0", + "@types/aws-lambda": "^8.10.124", "@types/jest": "^27.0.0", "@types/node": "^16", "@typescript-eslint/eslint-plugin": "^6", "@typescript-eslint/parser": "^6", "aws-cdk": "^2", - "aws-cdk-lib": "2.0.0", - "aws-sdk": "^2.1483.0", + "aws-cdk-lib": "2.85.0", "constructs": "10.0.5", "esbuild": "^0.19.5", "eslint": "^8", @@ -86,7 +87,7 @@ "typescript": "^4.9.5" }, "peerDependencies": { - "aws-cdk-lib": "^2.0.0", + "aws-cdk-lib": "^2.85.0", "constructs": "^10.0.5" }, "resolutions": { diff --git a/src/delete-old.lambda.ts b/src/delete-old.lambda.ts index 22ae5fc..b904cbb 100644 --- a/src/delete-old.lambda.ts +++ b/src/delete-old.lambda.ts @@ -1,8 +1,9 @@ /* eslint-disable import/no-extraneous-dependencies */ -import * as AWS from 'aws-sdk'; +import { DeleteDBClusterSnapshotCommand, RDSClient } from '@aws-sdk/client-rds'; +import { GetResourcesCommand, ResourceGroupsTaggingAPIClient } from '@aws-sdk/client-resource-groups-tagging-api'; -const tagging = new AWS.ResourceGroupsTaggingAPI(); -const rds = new AWS.RDS(); +const tagging = new ResourceGroupsTaggingAPIClient(); +const rds = new RDSClient(); interface Input { tags: { Key: string; Value: string }[]; @@ -11,12 +12,12 @@ interface Input { } exports.handler = async function (input: Input) { - const snapshotsResponse = await tagging.getResources({ + const snapshotsResponse = await tagging.send(new GetResourcesCommand({ TagFilters: input.tags.map(f => { return { Key: f.Key, Values: [f.Value] }; }), ResourceTypeFilters: [input.resourceType], - }).promise(); + })); if (!snapshotsResponse.ResourceTagMappingList) { console.error('No snapshots found'); } @@ -37,8 +38,8 @@ exports.handler = async function (input: Input) { for (const snapshot of toDelete) { console.log(`Deleting old snapshot: ${snapshot}`); - await rds.deleteDBClusterSnapshot({ + await rds.send(new DeleteDBClusterSnapshotCommand({ DBClusterSnapshotIdentifier: snapshot, - }).promise(); + })); } -}; \ No newline at end of file +}; diff --git a/src/parameters.lambda.ts b/src/parameters.lambda.ts index 8581492..d72df19 100644 --- a/src/parameters.lambda.ts +++ b/src/parameters.lambda.ts @@ -1,8 +1,8 @@ /* eslint-disable import/no-extraneous-dependencies */ import * as crypto from 'crypto'; -import * as AWS from 'aws-sdk'; +import { DescribeDBClustersCommand, DescribeDBInstancesCommand, RDSClient } from '@aws-sdk/client-rds'; -const rds = new AWS.RDS(); +const rds = new RDSClient(); interface Input { executionId: string; @@ -70,7 +70,7 @@ exports.handler = async function (input: Input): Promise { let instanceClass: string; if (input.isCluster) { - const origDb = await rds.describeDBClusters({ DBClusterIdentifier: input.databaseIdentifier }).promise(); + const origDb = await rds.send(new DescribeDBClustersCommand({ DBClusterIdentifier: input.databaseIdentifier })); if (!origDb.DBClusters || origDb.DBClusters.length != 1) { throw new Error(`Unable to find ${input.databaseIdentifier}`); } @@ -80,7 +80,7 @@ exports.handler = async function (input: Input): Promise { throw new Error(`Database missing some required parameters: ${JSON.stringify(cluster)}`); } - const origInstances = await rds.describeDBInstances({ DBInstanceIdentifier: cluster.DBClusterMembers[0].DBInstanceIdentifier }).promise(); + const origInstances = await rds.send(new DescribeDBInstancesCommand({ DBInstanceIdentifier: cluster.DBClusterMembers[0].DBInstanceIdentifier })); if (!origInstances.DBInstances || origInstances.DBInstances.length < 1) { throw new Error(`Unable to find instances for ${input.databaseIdentifier}`); } @@ -96,7 +96,7 @@ exports.handler = async function (input: Input): Promise { kmsKeyId = cluster.KmsKeyId; instanceClass = instance.DBInstanceClass; } else { - const origDb = await rds.describeDBInstances({ DBInstanceIdentifier: input.databaseIdentifier }).promise(); + const origDb = await rds.send(new DescribeDBInstancesCommand({ DBInstanceIdentifier: input.databaseIdentifier })); if (!origDb.DBInstances || origDb.DBInstances.length != 1) { throw new Error(`Unable to find ${input.databaseIdentifier}`); } diff --git a/src/test-wait.lambda.ts b/src/test-wait.lambda.ts index 475302f..0089f7f 100644 --- a/src/test-wait.lambda.ts +++ b/src/test-wait.lambda.ts @@ -1,8 +1,15 @@ /* eslint-disable import/no-extraneous-dependencies */ -import * as AWS from 'aws-sdk'; - -const sfn = new AWS.StepFunctions(); -const rds = new AWS.RDS(); +import { + DeleteDBClusterSnapshotCommand, + DeleteDBSnapshotCommand, + DescribeDBClusterSnapshotsCommand, + DescribeDBSnapshotsCommand, + RDSClient, +} from '@aws-sdk/client-rds'; +import { DescribeExecutionCommand, SFNClient } from '@aws-sdk/client-sfn'; + +const sfn = new SFNClient(); +const rds = new RDSClient(); interface Input { RequestType: 'Create' | 'Update' | 'Delete'; @@ -17,7 +24,7 @@ exports.handler = async function (input: Input): Promise { console.log(input.RequestType, input.PhysicalResourceId); if (input.RequestType == 'Create' || input.RequestType == 'Update') { - const exec = await sfn.describeExecution({ executionArn: input.PhysicalResourceId }).promise(); + const exec = await sfn.send(new DescribeExecutionCommand({ executionArn: input.PhysicalResourceId })); if (exec.status == 'ABORTED' || exec.status == 'FAILED' || exec.status == 'TIMED_OUT') { throw new Error(`Step function failed with: ${exec.status}`); } @@ -31,17 +38,17 @@ exports.handler = async function (input: Input): Promise { const output = JSON.parse(exec.output); if (output.isCluster) { - const snapshots = await rds.describeDBClusterSnapshots({ DBClusterSnapshotIdentifier: output.targetSnapshotId }).promise(); + const snapshots = await rds.send(new DescribeDBClusterSnapshotsCommand({ DBClusterSnapshotIdentifier: output.targetSnapshotId })); if (!snapshots.DBClusterSnapshots || snapshots.DBClusterSnapshots.length != 1) { throw new Error(`Target cluster snapshot ${output.targetSnapshotId} does not exist`); } - await rds.deleteDBClusterSnapshot({ DBClusterSnapshotIdentifier: output.targetSnapshotId }).promise(); + await rds.send(new DeleteDBClusterSnapshotCommand({ DBClusterSnapshotIdentifier: output.targetSnapshotId })); } else { - const snapshots = await rds.describeDBSnapshots({ DBSnapshotIdentifier: output.targetSnapshotId }).promise(); + const snapshots = await rds.send(new DescribeDBSnapshotsCommand({ DBSnapshotIdentifier: output.targetSnapshotId })); if (!snapshots.DBSnapshots || snapshots.DBSnapshots.length != 1) { throw new Error(`Target instance snapshot ${output.targetSnapshotId} does not exist`); } - await rds.deleteDBSnapshot({ DBSnapshotIdentifier: output.targetSnapshotId }).promise(); + await rds.send(new DeleteDBSnapshotCommand({ DBSnapshotIdentifier: output.targetSnapshotId })); } return { IsComplete: true }; diff --git a/src/test.lambda.ts b/src/test.lambda.ts index 1af6a2d..ae39dfb 100644 --- a/src/test.lambda.ts +++ b/src/test.lambda.ts @@ -1,7 +1,7 @@ /* eslint-disable import/no-extraneous-dependencies */ -import * as AWS from 'aws-sdk'; +import { SFNClient, StartExecutionCommand } from '@aws-sdk/client-sfn'; -const sfn = new AWS.StepFunctions(); +const sfn = new SFNClient(); interface Input { RequestType: 'Create' | 'Update' | 'Delete'; @@ -17,9 +17,9 @@ interface Result { exports.handler = async function (input: Input): Promise { if (input.RequestType == 'Create' || input.RequestType == 'Update') { - const exec = await sfn.startExecution({ stateMachineArn: input.ResourceProperties.StepFunctionArn }).promise(); - return { PhysicalResourceId: exec.executionArn }; + const exec = await sfn.send(new StartExecutionCommand({ stateMachineArn: input.ResourceProperties.StepFunctionArn })); + return { PhysicalResourceId: exec.executionArn! }; } return { PhysicalResourceId: input.PhysicalResourceId }; -}; \ No newline at end of file +}; diff --git a/src/wait.lambda.ts b/src/wait.lambda.ts index c7299bd..efe8182 100644 --- a/src/wait.lambda.ts +++ b/src/wait.lambda.ts @@ -1,7 +1,13 @@ /* eslint-disable import/no-extraneous-dependencies */ -import * as AWS from 'aws-sdk'; +import { + DescribeDBClustersCommand, + DescribeDBClusterSnapshotsCommand, + DescribeDBInstancesCommand, + DescribeDBSnapshotsCommand, + RDSClient, +} from '@aws-sdk/client-rds'; -const rds = new AWS.RDS(); +const rds = new RDSClient(); interface Input { resourceType: 'snapshot' | 'cluster' | 'instance'; @@ -39,10 +45,10 @@ exports.handler = async function (input: Input) { let status: string; if (input.isCluster) { // wait for cluster snapshot - const snapshots = await rds.describeDBClusterSnapshots({ + const snapshots = await rds.send(new DescribeDBClusterSnapshotsCommand({ DBClusterIdentifier: input.databaseIdentifier, DBClusterSnapshotIdentifier: input.snapshotIdentifier, - }).promise(); + })); console.log(snapshots); @@ -53,10 +59,10 @@ exports.handler = async function (input: Input) { status = snapshots.DBClusterSnapshots[0].Status ?? ''; } else { // wait for instance snapshot - const snapshots = await rds.describeDBSnapshots({ + const snapshots = await rds.send(new DescribeDBSnapshotsCommand({ DBInstanceIdentifier: input.databaseIdentifier, DBSnapshotIdentifier: input.snapshotIdentifier, - }).promise(); + })); console.log(snapshots); @@ -74,9 +80,9 @@ exports.handler = async function (input: Input) { checkStatus(status, input.snapshotIdentifier); } else if (input.resourceType == 'cluster') { // wait for db - const dbs = await rds.describeDBClusters({ + const dbs = await rds.send(new DescribeDBClustersCommand({ DBClusterIdentifier: input.databaseIdentifier, - }).promise(); + })); console.log(dbs); @@ -92,9 +98,9 @@ exports.handler = async function (input: Input) { checkStatus(status, input.databaseIdentifier); } else if (input.resourceType == 'instance') { // wait for db - const instances = await rds.describeDBInstances({ + const instances = await rds.send(new DescribeDBInstancesCommand({ DBInstanceIdentifier: input.databaseIdentifier, - }).promise(); + })); console.log(instances); diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.assets.json index 7d2da13..c80261f 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.assets.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.assets.json @@ -1,7 +1,7 @@ { - "version": "15.0.0", + "version": "32.0.0", "files": { - "1033c183df53fe80a9c43605c9e648af74bf88fd094db5b39bff286023de0be1": { + "af64ec05b3dfb7846a43d7aebf55e6ab83ac754192e5c5e8341de0d3e5f4314c": { "source": { "path": "RDS-Sanitized-Snapshotter-RDS.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "1033c183df53fe80a9c43605c9e648af74bf88fd094db5b39bff286023de0be1.json", + "objectKey": "af64ec05b3dfb7846a43d7aebf55e6ab83ac754192e5c5e8341de0d3e5f4314c.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.template.json index 2d81612..740a5de 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.template.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-RDS.template.json @@ -1,622 +1,622 @@ { - "Resources": { - "MySQLInstanceSubnetGroup2F3554B3": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnet group for MySQL Instance database", - "SubnetIds": [ - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - } - ] - } + "Resources": { + "MySQLInstanceSubnetGroup2F3554B3": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnet group for MySQL Instance database", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "MySQLInstanceSecurityGroupF67D2455": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Security group for MySQL Instance database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "MySQLInstanceSecret84563F6F": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "MySQLInstanceSecurityGroupF67D2455": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Security group for MySQL Instance database", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" - } - } + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"admin\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLInstanceSecretAttachmentD80E5663": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "MySQLInstanceSecret84563F6F" }, - "MySQLInstanceSecret84563F6F": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] - ] - }, - "GenerateSecretString": { - "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"admin\"}" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "TargetId": { + "Ref": "MySQLInstanceA2499B9D" }, - "MySQLInstanceSecretAttachmentD80E5663": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "MySQLInstanceSecret84563F6F" - }, - "TargetId": { - "Ref": "MySQLInstanceA2499B9D" - }, - "TargetType": "AWS::RDS::DBInstance" - } + "TargetType": "AWS::RDS::DBInstance" + } + }, + "MySQLInstanceA2499B9D": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "AllocatedStorage": "100", + "BackupRetentionPeriod": 0, + "CopyTagsToSnapshot": true, + "DBInstanceClass": "db.t3.small", + "DBSubnetGroupName": { + "Ref": "MySQLInstanceSubnetGroup2F3554B3" }, - "MySQLInstanceA2499B9D": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBInstanceClass": "db.t3.small", - "AllocatedStorage": "100", - "BackupRetentionPeriod": 0, - "CopyTagsToSnapshot": true, - "DBSubnetGroupName": { - "Ref": "MySQLInstanceSubnetGroup2F3554B3" - }, - "DeleteAutomatedBackups": true, - "Engine": "mysql", - "EngineVersion": "8.0", - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "MySQLInstanceSecret84563F6F" - }, - ":SecretString:username::}}" - ] - ] - }, - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "MySQLInstanceSecret84563F6F" - }, - ":SecretString:password::}}" - ] - ] - }, - "StorageType": "gp2", - "VPCSecurityGroups": [ - { - "Fn::GetAtt": [ - "MySQLInstanceSecurityGroupF67D2455", - "GroupId" - ] - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "DeleteAutomatedBackups": true, + "Engine": "mysql", + "EngineVersion": "8.0", + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLInstanceSecret84563F6F" + }, + ":SecretString:username::}}" + ] + ] }, - "MySQLClusterSubnets30A4ABD4": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnets for MySQL Cluster database", - "SubnetIds": [ - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - } - ] - } + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLInstanceSecret84563F6F" + }, + ":SecretString:password::}}" + ] + ] }, - "MySQLClusterSecurityGroupBC9C8E26": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "RDS security group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" - } - } + "StorageType": "gp2", + "VPCSecurityGroups": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSecurityGroupF67D2455", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLClusterSubnets30A4ABD4": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for MySQL Cluster database", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "MySQLClusterSecurityGroupBC9C8E26": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "MySQLClusterSecret06B35C31": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "MySQLClusterSecret06B35C31": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] - ] - }, - "GenerateSecretString": { - "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"admin\"}" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"admin\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLClusterSecretAttachmentE3959A60": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "MySQLClusterSecret06B35C31" }, - "MySQLClusterSecretAttachmentE3959A60": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "MySQLClusterSecret06B35C31" - }, - "TargetId": { - "Ref": "MySQLClusterD5C73C33" - }, - "TargetType": "AWS::RDS::DBCluster" - } + "TargetId": { + "Ref": "MySQLClusterD5C73C33" }, - "MySQLClusterD5C73C33": { - "Type": "AWS::RDS::DBCluster", - "Properties": { - "Engine": "aurora-mysql", - "BackupRetentionPeriod": 1, - "CopyTagsToSnapshot": true, - "DBClusterParameterGroupName": "default.aurora-mysql5.7", - "DBSubnetGroupName": { - "Ref": "MySQLClusterSubnets30A4ABD4" - }, - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "MySQLClusterSecret06B35C31" - }, - ":SecretString:username::}}" - ] - ] - }, - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "MySQLClusterSecret06B35C31" - }, - ":SecretString:password::}}" - ] - ] - }, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": [ - "MySQLClusterSecurityGroupBC9C8E26", - "GroupId" - ] - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "TargetType": "AWS::RDS::DBCluster" + } + }, + "MySQLClusterD5C73C33": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "BackupRetentionPeriod": 1, + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-mysql8.0", + "DBSubnetGroupName": { + "Ref": "MySQLClusterSubnets30A4ABD4" }, - "MySQLClusterInstance1C435F94D": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBInstanceClass": "db.t3.medium", - "DBClusterIdentifier": { - "Ref": "MySQLClusterD5C73C33" - }, - "DBSubnetGroupName": { - "Ref": "MySQLClusterSubnets30A4ABD4" - }, - "Engine": "aurora-mysql" - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "Engine": "aurora-mysql", + "EngineVersion": "8.0.mysql_aurora.3.05.0", + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLClusterSecret06B35C31" + }, + ":SecretString:username::}}" + ] + ] }, - "Key961B73FD": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "Description": "RDS sanitize test source key" - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "MySQLClusterSecret06B35C31" + }, + ":SecretString:password::}}" + ] + ] }, - "PostgresInstanceSubnetGroup539F8609": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnet group for Postgres Instance database", - "SubnetIds": [ - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - } - ] - } + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "MySQLClusterSecurityGroupBC9C8E26", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLClusterInstance1C435F94D": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "MySQLClusterD5C73C33" }, - "PostgresInstanceSecurityGroup08920A2A": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Security group for Postgres Instance database", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" - } - } + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "MySQLClusterSubnets30A4ABD4" }, - "PostgresInstanceSecret47B7DD5E": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] + "Engine": "aurora-mysql" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "Key961B73FD": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" ] - }, - "GenerateSecretString": { - "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"postgres\"}" + ] } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "PostgresInstanceSecretAttachment5B3ACFDC": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "PostgresInstanceSecret47B7DD5E" - }, - "TargetId": { - "Ref": "PostgresInstance8F00D2DD" - }, - "TargetType": "AWS::RDS::DBInstance" + }, + "Resource": "*" } + ], + "Version": "2012-10-17" }, - "PostgresInstance8F00D2DD": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBInstanceClass": "db.t3.small", - "AllocatedStorage": "100", - "BackupRetentionPeriod": 0, - "CopyTagsToSnapshot": true, - "DBSubnetGroupName": { - "Ref": "PostgresInstanceSubnetGroup539F8609" - }, - "DeleteAutomatedBackups": true, - "Engine": "postgres", - "EngineVersion": "10", - "KmsKeyId": { - "Fn::GetAtt": [ - "Key961B73FD", - "Arn" - ] - }, - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "PostgresInstanceSecret47B7DD5E" - }, - ":SecretString:username::}}" - ] - ] - }, - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "PostgresInstanceSecret47B7DD5E" - }, - ":SecretString:password::}}" - ] - ] - }, - "StorageEncrypted": true, - "StorageType": "gp2", - "VPCSecurityGroups": [ - { - "Fn::GetAtt": [ - "PostgresInstanceSecurityGroup08920A2A", - "GroupId" - ] - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "Description": "RDS sanitize test source key" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "PostgresInstanceSubnetGroup539F8609": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnet group for Postgres Instance database", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "PostgresInstanceSecurityGroup08920A2A": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Security group for Postgres Instance database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "PostgresInstanceSecret47B7DD5E": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "PostgresClusterSubnetsFC10D676": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Subnets for Postgres Cluster database", - "SubnetIds": [ - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - } - ] - } + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgresInstanceSecretAttachment5B3ACFDC": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "PostgresInstanceSecret47B7DD5E" }, - "PostgresClusterSecurityGroupA7EFBA97": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "RDS security group", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "VpcId": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" - } - } + "TargetId": { + "Ref": "PostgresInstance8F00D2DD" }, - "PostgresClusterSecretEB353FC9": { - "Type": "AWS::SecretsManager::Secret", - "Properties": { - "Description": { - "Fn::Join": [ - "", - [ - "Generated by the CDK for stack: ", - { - "Ref": "AWS::StackName" - } - ] - ] - }, - "GenerateSecretString": { - "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", - "GenerateStringKey": "password", - "PasswordLength": 30, - "SecretStringTemplate": "{\"username\":\"postgres\"}" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "TargetType": "AWS::RDS::DBInstance" + } + }, + "PostgresInstance8F00D2DD": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "AllocatedStorage": "100", + "BackupRetentionPeriod": 0, + "CopyTagsToSnapshot": true, + "DBInstanceClass": "db.t3.small", + "DBSubnetGroupName": { + "Ref": "PostgresInstanceSubnetGroup539F8609" }, - "PostgresClusterSecretAttachment0D03F96A": { - "Type": "AWS::SecretsManager::SecretTargetAttachment", - "Properties": { - "SecretId": { - "Ref": "PostgresClusterSecretEB353FC9" - }, - "TargetId": { - "Ref": "PostgresCluster5A5B7BE8" - }, - "TargetType": "AWS::RDS::DBCluster" - } + "DeleteAutomatedBackups": true, + "Engine": "postgres", + "EngineVersion": "13", + "KmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] }, - "PostgresCluster5A5B7BE8": { - "Type": "AWS::RDS::DBCluster", - "Properties": { - "Engine": "aurora-postgresql", - "BackupRetentionPeriod": 1, - "CopyTagsToSnapshot": true, - "DBClusterParameterGroupName": "default.aurora-postgresql12", - "DBSubnetGroupName": { - "Ref": "PostgresClusterSubnetsFC10D676" - }, - "EngineVersion": "12.8", - "KmsKeyId": { - "Fn::GetAtt": [ - "Key961B73FD", - "Arn" - ] - }, - "MasterUsername": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "PostgresClusterSecretEB353FC9" - }, - ":SecretString:username::}}" - ] - ] - }, - "MasterUserPassword": { - "Fn::Join": [ - "", - [ - "{{resolve:secretsmanager:", - { - "Ref": "PostgresClusterSecretEB353FC9" - }, - ":SecretString:password::}}" - ] - ] - }, - "Port": 5432, - "StorageEncrypted": true, - "VpcSecurityGroupIds": [ - { - "Fn::GetAtt": [ - "PostgresClusterSecurityGroupA7EFBA97", - "GroupId" - ] - } - ] - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresInstanceSecret47B7DD5E" + }, + ":SecretString:username::}}" + ] + ] }, - "PostgresClusterInstance1A52CA01E": { - "Type": "AWS::RDS::DBInstance", - "Properties": { - "DBInstanceClass": "db.t3.medium", - "DBClusterIdentifier": { - "Ref": "PostgresCluster5A5B7BE8" - }, - "DBSubnetGroupName": { - "Ref": "PostgresClusterSubnetsFC10D676" - }, - "Engine": "aurora-postgresql", - "EngineVersion": "12.8" - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresInstanceSecret47B7DD5E" + }, + ":SecretString:password::}}" + ] + ] + }, + "StorageEncrypted": true, + "StorageType": "gp2", + "VPCSecurityGroups": [ + { + "Fn::GetAtt": [ + "PostgresInstanceSecurityGroup08920A2A", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgresClusterSubnetsFC10D676": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Subnets for Postgres Cluster database", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + ] + } + }, + "PostgresClusterSecurityGroupA7EFBA97": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "RDS security group", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" } + } }, - "Outputs": { - "ExportsOutputRefMySQLInstanceA2499B9D2BD8E026": { - "Value": { - "Ref": "MySQLInstanceA2499B9D" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" - } + "PostgresClusterSecretEB353FC9": { + "Type": "AWS::SecretsManager::Secret", + "Properties": { + "Description": { + "Fn::Join": [ + "", + [ + "Generated by the CDK for stack: ", + { + "Ref": "AWS::StackName" + } + ] + ] }, - "ExportsOutputRefMySQLClusterD5C73C3376F94030": { - "Value": { - "Ref": "MySQLClusterD5C73C33" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" - } + "GenerateSecretString": { + "ExcludeCharacters": " %+~`#$&*()|[]{}:;<>?!'/@\"\\", + "GenerateStringKey": "password", + "PasswordLength": 30, + "SecretStringTemplate": "{\"username\":\"postgres\"}" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgresClusterSecretAttachment0D03F96A": { + "Type": "AWS::SecretsManager::SecretTargetAttachment", + "Properties": { + "SecretId": { + "Ref": "PostgresClusterSecretEB353FC9" }, - "ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9": { - "Value": { - "Ref": "PostgresInstance8F00D2DD" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" - } + "TargetId": { + "Ref": "PostgresCluster5A5B7BE8" }, - "ExportsOutputFnGetAttKey961B73FDArn5A860C43": { - "Value": { - "Fn::GetAtt": [ - "Key961B73FD", - "Arn" - ] - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" - } + "TargetType": "AWS::RDS::DBCluster" + } + }, + "PostgresCluster5A5B7BE8": { + "Type": "AWS::RDS::DBCluster", + "Properties": { + "BackupRetentionPeriod": 1, + "CopyTagsToSnapshot": true, + "DBClusterParameterGroupName": "default.aurora-postgresql13", + "DBSubnetGroupName": { + "Ref": "PostgresClusterSubnetsFC10D676" }, - "ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78": { - "Value": { - "Ref": "PostgresCluster5A5B7BE8" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" - } - } + "Engine": "aurora-postgresql", + "EngineVersion": "13.4", + "KmsKeyId": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "MasterUsername": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresClusterSecretEB353FC9" + }, + ":SecretString:username::}}" + ] + ] + }, + "MasterUserPassword": { + "Fn::Join": [ + "", + [ + "{{resolve:secretsmanager:", + { + "Ref": "PostgresClusterSecretEB353FC9" + }, + ":SecretString:password::}}" + ] + ] + }, + "Port": 5432, + "StorageEncrypted": true, + "VpcSecurityGroupIds": [ + { + "Fn::GetAtt": [ + "PostgresClusterSecurityGroupA7EFBA97", + "GroupId" + ] + } + ] + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } + "PostgresClusterInstance1A52CA01E": { + "Type": "AWS::RDS::DBInstance", + "Properties": { + "DBClusterIdentifier": { + "Ref": "PostgresCluster5A5B7BE8" + }, + "DBInstanceClass": "db.t3.medium", + "DBSubnetGroupName": { + "Ref": "PostgresClusterSubnetsFC10D676" + }, + "Engine": "aurora-postgresql" + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Outputs": { + "ExportsOutputRefMySQLInstanceA2499B9D2BD8E026": { + "Value": { + "Ref": "MySQLInstanceA2499B9D" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + } }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } + "ExportsOutputRefMySQLClusterD5C73C3376F94030": { + "Value": { + "Ref": "MySQLClusterD5C73C33" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + } + }, + "ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9": { + "Value": { + "Ref": "PostgresInstance8F00D2DD" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + } + }, + "ExportsOutputFnGetAttKey961B73FDArn5A860C43": { + "Value": { + "Fn::GetAtt": [ + "Key961B73FD", + "Arn" + ] + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + } + }, + "ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78": { + "Value": { + "Ref": "PostgresCluster5A5B7BE8" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } + ] } + } } \ No newline at end of file diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.assets.json index 8ce70e1..640cd3a 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.assets.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.assets.json @@ -1,46 +1,46 @@ { - "version": "15.0.0", + "version": "32.0.0", "files": { - "7dedf603050cc97a3f7e06b2e58606f2fef08c81e52acb5e616dd3c0643b2cb0": { + "73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6": { "source": { - "path": "asset.7dedf603050cc97a3f7e06b2e58606f2fef08c81e52acb5e616dd3c0643b2cb0.lambda", + "path": "asset.73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6.lambda", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "7dedf603050cc97a3f7e06b2e58606f2fef08c81e52acb5e616dd3c0643b2cb0.zip", + "objectKey": "73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827": { + "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8": { "source": { - "path": "asset.b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827", + "path": "asset.5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827.zip", + "objectKey": "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "48d5a2396486c7e05d39c2b9e7a2dc2b28448934920dbf75dd9744865ba2ddc7": { + "66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f": { "source": { - "path": "asset.48d5a2396486c7e05d39c2b9e7a2dc2b28448934920dbf75dd9744865ba2ddc7.lambda", + "path": "asset.66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f.lambda", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "48d5a2396486c7e05d39c2b9e7a2dc2b28448934920dbf75dd9744865ba2ddc7.zip", + "objectKey": "66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "a61aed8b2dbeec4155801cc0cc1881af07a81b78ac41874fde826682e0e846c1": { + "7d74686d0b98ac6b3b825758d2771a5b033384795420ce805eeb2e185865742f": { "source": { "path": "RDS-Sanitized-Snapshotter-SFN.template.json", "packaging": "file" @@ -48,7 +48,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "a61aed8b2dbeec4155801cc0cc1881af07a81b78ac41874fde826682e0e846c1.json", + "objectKey": "7d74686d0b98ac6b3b825758d2771a5b033384795420ce805eeb2e185865742f.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.template.json index 264daee..f09a5b1 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.template.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-SFN.template.json @@ -1,6402 +1,6738 @@ { - "Resources": { - "MySQLInstanceSnapshotterSGC75DA465": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Group for communication between sanitizing job and database", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "RDS-sanitized-snapshots" - } - ], - "VpcId": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" - } - } + "Resources": { + "MySQLInstanceSnapshotterSGC75DA465": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Group for communication between sanitizing job and database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "RDS-sanitized-snapshots" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "MySQLInstanceSnapshotterSGfromRDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1ALLPORTSE497E70E": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1:ALL PORTS", + "FromPort": 0, + "GroupId": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] }, - "MySQLInstanceSnapshotterSGfromRDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1ALLPORTSE497E70E": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterSG69AE57C1:ALL PORTS", - "FromPort": 0, - "GroupId": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterSGC75DA465", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterSGC75DA465", - "GroupId" - ] - }, - "ToPort": 65535 + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "ToPort": 65535 + } + }, + "MySQLInstanceSnapshotterSubnetgroup503CB3B3": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "MySQLInstanceSnapshottercluster86DF6015": { + "Type": "AWS::ECS::Cluster" + }, + "MySQLInstanceSnapshotterparametersServiceRole0017B602": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "MySQLInstanceSnapshotterSubnetgroup503CB3B3": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", - "SubnetIds": [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MySQLInstanceSnapshotterparametersServiceRoleDefaultPolicyD8BFD2E0": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + "Ref": "AWS::AccountId" }, + ":db:", { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" } + ] ] + } } + ], + "Version": "2012-10-17" }, - "MySQLInstanceSnapshottercluster86DF6015": { - "Type": "AWS::ECS::Cluster" + "PolicyName": "MySQLInstanceSnapshotterparametersServiceRoleDefaultPolicyD8BFD2E0", + "Roles": [ + { + "Ref": "MySQLInstanceSnapshotterparametersServiceRole0017B602" + } + ] + } + }, + "MySQLInstanceSnapshotterparameters53B0A6E1": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6.zip" }, - "MySQLInstanceSnapshotterparametersServiceRole0017B602": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } + "Role": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterparametersServiceRole0017B602", + "Arn" + ] }, - "MySQLInstanceSnapshotterparametersServiceRoleDefaultPolicyD8BFD2E0": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "rds:DescribeDBInstances", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" - } - ] - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "MySQLInstanceSnapshotterparametersServiceRoleDefaultPolicyD8BFD2E0", - "Roles": [ - { - "Ref": "MySQLInstanceSnapshotterparametersServiceRole0017B602" - } - ] + "Description": "src/parameters.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "MySQLInstanceSnapshotterparametersServiceRoleDefaultPolicyD8BFD2E0", + "MySQLInstanceSnapshotterparametersServiceRole0017B602" + ] + }, + "MySQLInstanceSnapshotterparametersLogRetention879E313F": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "MySQLInstanceSnapshotterparameters53B0A6E1" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "MySQLInstanceSnapshotterparameters53B0A6E1": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "7dedf603050cc97a3f7e06b2e58606f2fef08c81e52acb5e616dd3c0643b2cb0.zip" + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "Role": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterparametersServiceRole0017B602", - "Arn" + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MySQLInstanceSnapshotterwaitServiceRoleDefaultPolicyE6063975": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + } ] + ] }, - "Description": "src/parameters.lambda.ts", - "Environment": { - "Variables": { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" - } + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + } + ] + ] }, - "Handler": "index.handler", - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "MySQLInstanceSnapshotterparametersServiceRoleDefaultPolicyD8BFD2E0", - "MySQLInstanceSnapshotterparametersServiceRole0017B602" - ] - }, - "MySQLInstanceSnapshotterparametersLogRetention879E313F": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "MySQLInstanceSnapshotterparameters53B0A6E1" - } - ] + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" ] + ] }, - "RetentionInDays": 30 + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:mysql-instance-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] } + ], + "Version": "2012-10-17" }, - "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "PolicyName": "MySQLInstanceSnapshotterwaitServiceRoleDefaultPolicyE6063975", + "Roles": [ + { + "Ref": "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2" + } + ] + } + }, + "MySQLInstanceSnapshotterwait17927A95": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f.zip" + }, + "Role": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2", + "Arn" + ] + }, + "Description": "src/wait.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "MySQLInstanceSnapshotterwaitServiceRoleDefaultPolicyE6063975", + "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2" + ] + }, + "MySQLInstanceSnapshotterwaitLogRetentionE2296216": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "MySQLInstanceSnapshotterwait17927A95" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "MySQLInstanceSnapshotterLogs55691739": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLInstanceSnapshotterMySQLTask45C5FE96": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "Essential": false, + "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLInstanceSnapshotterLogs55691739" }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": false, + "SourceVolume": "config" + } + ], + "Name": "config" + }, + { + "Command": [ + "mysql", + "-e", + "SELECT 1" + ], + "DependsOn": [ + { + "Condition": "SUCCESS", + "ContainerName": "config" + } + ], + "Essential": true, + "Image": "public.ecr.aws/lts/mysql:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLInstanceSnapshotterLogs55691739" + }, + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": true, + "SourceVolume": "config" + } + ], + "Name": "mysql" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterMySQLTask5753E21D", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36", + "Arn" + ] + }, + "Volumes": [ + { + "Host": {}, + "Name": "config" + } + ] + } + }, + "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicy99EE7B1E": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterLogs55691739", + "Arn" ] + } } + ], + "Version": "2012-10-17" }, - "MySQLInstanceSnapshotterwaitServiceRoleDefaultPolicyE6063975": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "rds:DescribeDBClusters", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBSnapshots", - "rds:DescribeDBInstances" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" - } - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" - } - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:mysql-instance-snapshot-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" + "PolicyName": "MySQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicy99EE7B1E", + "Roles": [ + { + "Ref": "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7" + } + ] + } + }, + "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "psql", + "-c", + "SELECT 1" + ], + "Essential": true, + "Image": "public.ecr.aws/lts/postgres:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLInstanceSnapshotterLogs55691739" }, - "PolicyName": "MySQLInstanceSnapshotterwaitServiceRoleDefaultPolicyE6063975", - "Roles": [ - { - "Ref": "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2" - } + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "Name": "postgres" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterPostreSQLTask702D64B7", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085", + "Arn" + ] + } + } + }, + "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy78800565": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterLogs55691739", + "Arn" ] + } } + ], + "Version": "2012-10-17" }, - "MySQLInstanceSnapshotterwait17927A95": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + "PolicyName": "MySQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy78800565", + "Roles": [ + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33" + } + ] + } + }, + "MySQLInstanceSnapshotterDirectorRoleE2669C80": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::FindInMap": [ + "ServiceprincipalMap", + { + "Ref": "AWS::Region" }, - "S3Key": "48d5a2396486c7e05d39c2b9e7a2dc2b28448934920dbf75dd9744865ba2ddc7.zip" + "states" + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLInstanceSnapshotterDirectorRoleDefaultPolicyF62C2EC2": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterparameters53B0A6E1", + "Arn" + ] }, - "Role": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2", - "Arn" + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterparameters53B0A6E1", + "Arn" + ] + }, + ":*" ] + ] + } + ] + }, + { + "Action": "rds:deleteDBSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] }, - "Description": "src/wait.lambda.ts", - "Environment": { - "Variables": { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" - } - }, - "Handler": "index.handler", - "Runtime": "nodejs18.x" + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + ":*" + ] + ] + } + ] }, - "DependsOn": [ - "MySQLInstanceSnapshotterwaitServiceRoleDefaultPolicyE6063975", - "MySQLInstanceSnapshotterwaitServiceRole21AAE4F2" - ] - }, - "MySQLInstanceSnapshotterwaitLogRetentionE2296216": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" + { + "Action": "rds:restoreDBInstanceFromDBSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "MySQLInstanceSnapshotterwait17927A95" - } - ] + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" ] + ] }, - "RetentionInDays": 30 - } - }, - "MySQLInstanceSnapshotterLogs55691739": { - "Type": "AWS::Logs::LogGroup", - "Properties": { - "RetentionInDays": 30 + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "MySQLInstanceSnapshotterSubnetgroup503CB3B3" + } + ] + ] + } + ] }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + { + "Action": "rds:modifyDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:describeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" } + ] } - ], - "Version": "2012-10-17" - } - } - }, - "MySQLInstanceSnapshotterMySQLTask45C5FE96": { - "Type": "AWS::ECS::TaskDefinition", - "Properties": { - "ContainerDefinitions": [ - { - "Command": [ - "bash", - "-c", - "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" - ], - "Essential": false, - "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "MySQLInstanceSnapshotterLogs55691739" - }, - "awslogs-stream-prefix": "mysql-config", - "awslogs-region": { - "Ref": "AWS::Region" - } + ] + }, + ":", + { + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" } - }, - "MountPoints": [ + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, + { + "Fn::Split": [ + ":", { - "ContainerPath": "/root", - "ReadOnly": false, - "SourceVolume": "config" + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" } - ], - "Name": "config" + ] + } + ] }, + ":", { - "Command": [ - "mysql", - "-e", - "SELECT 1" - ], - "DependsOn": [ + "Fn::Select": [ + 4, + { + "Fn::Split": [ + ":", { - "Condition": "SUCCESS", - "ContainerName": "config" + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" } - ], - "Essential": true, - "Image": "public.ecr.aws/lts/mysql:latest", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "MySQLInstanceSnapshotterLogs55691739" - }, - "awslogs-stream-prefix": "mysql-sanitize", - "awslogs-region": { - "Ref": "AWS::Region" + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] } + ] } - }, - "MountPoints": [ + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", { - "ContainerPath": "/root", - "ReadOnly": true, - "SourceVolume": "config" + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" + } + ] + } + ] } - ], - "Name": "mysql" + ] + } + ] } - ], - "Cpu": "256", - "ExecutionRoleArn": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7", - "Arn" - ] - }, - "Family": "RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterMySQLTask5753E21D", - "Memory": "512", - "NetworkMode": "awsvpc", - "RequiresCompatibilities": [ - "FARGATE" - ], - "TaskRoleArn": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36", - "Arn" - ] + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36", + "Arn" + ] }, - "Volumes": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", { - "Host": {}, - "Name": "config" - } + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] ] - } - }, - "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" } + ] } - ], - "Version": "2012-10-17" - } - } - }, - "MySQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicy99EE7B1E": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ + ] + }, + ":", + { + "Fn::Select": [ + 2, { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterLogs55691739", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" } + ] } - ], - "Version": "2012-10-17" - }, - "PolicyName": "MySQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicy99EE7B1E", - "Roles": [ + ] + }, + ":", { - "Ref": "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7" - } - ] - } - }, - "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF": { - "Type": "AWS::ECS::TaskDefinition", - "Properties": { - "ContainerDefinitions": [ - { - "Command": [ - "psql", - "-c", - "SELECT 1" - ], - "Essential": true, - "Image": "public.ecr.aws/lts/postgres:latest", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "MySQLInstanceSnapshotterLogs55691739" - }, - "awslogs-stream-prefix": "psql-sanitize", - "awslogs-region": { - "Ref": "AWS::Region" - } - } - }, - "Name": "postgres" - } - ], - "Cpu": "256", - "ExecutionRoleArn": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33", - "Arn" - ] - }, - "Family": "RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterPostreSQLTask702D64B7", - "Memory": "512", - "NetworkMode": "awsvpc", - "RequiresCompatibilities": [ - "FARGATE" - ], - "TaskRoleArn": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085", - "Arn" - ] - } - } - }, - "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "MySQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy78800565": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ + "Fn::Select": [ + 3, { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterLogs55691739", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" } + ] } - ], - "Version": "2012-10-17" - }, - "PolicyName": "MySQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy78800565", - "Roles": [ + ] + }, + ":", { - "Ref": "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33" - } - ] - } - }, - "MySQLInstanceSnapshotterDirectorRoleE2669C80": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + "Fn::Select": [ + 4, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "states.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" } + ] } - ], - "Version": "2012-10-17" - } - } - }, - "MySQLInstanceSnapshotterDirectorRoleDefaultPolicyF62C2EC2": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterparameters53B0A6E1", - "Arn" - ] - } - }, - { - "Action": "rds:deleteDBSnapshot", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:sanitize-*" - ] - ] - } - }, - { - "Action": "rds:deleteDBInstance", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - } - }, - { - "Action": "rds:createDBSnapshot", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterwait17927A95", - "Arn" - ] - } - }, + ] + }, + ":", + { + "Fn::Select": [ + 0, { - "Action": "rds:restoreDBInstanceFromDBSnapshot", - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:sanitize-*" - ] - ] - }, + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":subgrp:", - { - "Ref": "MySQLInstanceSnapshotterSubnetgroup503CB3B3" - } - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] } - ] - }, - { - "Action": "rds:modifyDBInstance", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - } - }, - { - "Action": "rds:describeDBInstances", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] + ] } - }, - { - "Action": "ecs:RunTask", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 2, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" - } - ] - } - ] - } - ] - } - ] - }, - "/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterMySQLTask45C5FE96" - } - ] - } - ] - } - ] - } - ] - } - ] - ] - } - }, - { - "Action": [ - "ecs:StopTask", - "ecs:DescribeTasks" - ], - "Effect": "Allow", - "Resource": "*" - }, + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterMySQLTaskTaskRoleBFA1FB36", - "Arn" - ] - }, + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterMySQLTaskExecutionRole1DD381B7", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" + } + ] } - ] - }, - { - "Action": [ - "events:PutTargets", - "events:PutRule", - "events:DescribeRule" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":events:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":rule/StepFunctionsGetEventsForECSTaskRule" - ] - ] - } - }, - { - "Action": "ecs:RunTask", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 2, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" - } - ] - } - ] - } - ] - } - ] - }, - "/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLInstanceSnapshotterPostreSQLTaskFAABAACF" - } - ] - } - ] - } - ] - } - ] - } - ] - ] + ] } - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33", - "Arn" - ] - } - ] - }, - { - "Action": "rds:AddTagsToResource", - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:mysql-instance-snapshot-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - } - ] + ] } - ], - "Version": "2012-10-17" - }, - "PolicyName": "MySQLInstanceSnapshotterDirectorRoleDefaultPolicyF62C2EC2", - "Roles": [ - { - "Ref": "MySQLInstanceSnapshotterDirectorRoleE2669C80" + ] } + ] ] - } - }, - "MySQLInstanceSnapshotterDirector69A6B7B4": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterDirectorRoleE2669C80", - "Arn" + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskTaskRole82DDF085", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterPostreSQLTaskExecutionRole78969E33", + "Arn" + ] + } + ] + }, + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" ] + ] }, - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterparameters53B0A6E1", - "Arn" - ] - }, - "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":false,\"databaseIdentifier\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" - }, - "\",\"databaseKey\":\"\",\"snapshotPrefix\":\"mysql-instance-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.databaseIdentifier\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" - }, - "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterwait17927A95", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":false}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:restoreDBInstanceFromDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterSGC75DA465", - "GroupId" - ] - }, - "\"],\"DbSubnetGroupName\":\"", - { - "Ref": "MySQLInstanceSnapshotterSubnetgroup503CB3B3" - }, - "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" - }, - "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterwait17927A95", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterwait17927A95", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Get Temporary Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbInstances[0].Endpoint.Address\"},\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:describeDBInstances\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshottercluster86DF6015", - "Arn" - ] - }, - "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterMySQLTask5753E21D\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - "\",\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - }, - "\"],\"SecurityGroups\":[\"", - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterSGC75DA465", - "GroupId" - ] - }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"MYSQL_DATABASE\",\"Value\":\"\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"DbSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" - }, - "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshottercluster86DF6015", - "Arn" - ] - }, - "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterPostreSQLTask702D64B7\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - "\",\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - }, - "\"],\"SecurityGroups\":[\"", - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterSGC75DA465", - "GroupId" - ] - }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "MySQLInstanceSnapshotterwait17927A95", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":false}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:deleteDBSnapshot\",\"Parameters\":{\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" - ] + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:mysql-instance-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] } - }, - "DependsOn": [ - "MySQLInstanceSnapshotterDirectorRoleDefaultPolicyF62C2EC2", - "MySQLInstanceSnapshotterDirectorRoleE2669C80" - ] + ] + } + ], + "Version": "2012-10-17" }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } + "PolicyName": "MySQLInstanceSnapshotterDirectorRoleDefaultPolicyF62C2EC2", + "Roles": [ + { + "Ref": "MySQLInstanceSnapshotterDirectorRoleE2669C80" + } + ] + } + }, + "MySQLInstanceSnapshotterDirector69A6B7B4": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterDirectorRoleE2669C80", + "Arn" + ] + }, + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterparameters53B0A6E1", + "Arn" + ] + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":false,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\",\"databaseKey\":\"\",\"snapshotPrefix\":\"mysql-instance-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.databaseIdentifier\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":false}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBInstanceFromDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "MySQLInstanceSnapshotterSubnetgroup503CB3B3" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Get Temporary Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbInstances[0].Endpoint.Address\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBInstances\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshottercluster86DF6015", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterMySQLTask5753E21D\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"MYSQL_DATABASE\",\"Value\":\"\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"DbSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLInstanceA2499B9D2BD8E026" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshottercluster86DF6015", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLInstanceSnapshotterPostreSQLTask702D64B7\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterSGC75DA465", + "GroupId" ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLInstanceSnapshotterwait17927A95", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":false}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBSnapshot\",\"Parameters\":{\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] + } + }, + "DependsOn": [ + "MySQLInstanceSnapshotterDirectorRoleDefaultPolicyF62C2EC2", + "MySQLInstanceSnapshotterDirectorRoleE2669C80" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:PutRetentionPolicy", - "logs:DeleteRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", - "Roles": [ - { - "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" - } - ] + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:PutRetentionPolicy", + "logs:DeleteRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "*" } + ], + "Version": "2012-10-17" }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Runtime": "nodejs14.x", - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827.zip" - }, - "Role": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", - "Arn" - ] - } + "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "Roles": [ + { + "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Runtime": { + "Fn::FindInMap": [ + "DefaultCrNodeVersionMap", + { + "Ref": "AWS::Region" }, - "DependsOn": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" - ] + "value" + ] }, - "MySQLClusterSnapshotterSGF5188D63": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Group for communication between sanitizing job and database", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "RDS-sanitized-snapshots" - } - ], - "VpcId": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" - } - } + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8.zip" }, - "MySQLClusterSnapshotterSGfromRDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1ALLPORTS9D3E93FA": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1:ALL PORTS", - "FromPort": 0, - "GroupId": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterSGF5188D63", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterSGF5188D63", - "GroupId" - ] - }, - "ToPort": 65535 + "Role": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", + "Arn" + ] + } + }, + "DependsOn": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + ] + }, + "MySQLClusterSnapshotterSGF5188D63": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Group for communication between sanitizing job and database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "RDS-sanitized-snapshots" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "MySQLClusterSnapshotterSGfromRDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1ALLPORTS9D3E93FA": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterSG88C422B1:ALL PORTS", + "FromPort": 0, + "GroupId": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "ToPort": 65535 + } + }, + "MySQLClusterSnapshotterSubnetgroupF2F35C6A": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "MySQLClusterSnapshottercluster9B2B4982": { + "Type": "AWS::ECS::Cluster" + }, + "MySQLClusterSnapshotterparametersServiceRole4959428F": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "MySQLClusterSnapshotterSubnetgroupF2F35C6A": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", - "SubnetIds": [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MySQLClusterSnapshotterparametersServiceRoleDefaultPolicy9544C62B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + "Ref": "AWS::AccountId" }, + ":cluster:", { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" } + ] ] + } + }, + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": "*" } + ], + "Version": "2012-10-17" }, - "MySQLClusterSnapshottercluster9B2B4982": { - "Type": "AWS::ECS::Cluster" + "PolicyName": "MySQLClusterSnapshotterparametersServiceRoleDefaultPolicy9544C62B", + "Roles": [ + { + "Ref": "MySQLClusterSnapshotterparametersServiceRole4959428F" + } + ] + } + }, + "MySQLClusterSnapshotterparametersAF9FF89F": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6.zip" }, - "MySQLClusterSnapshotterparametersServiceRole4959428F": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } + "Role": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterparametersServiceRole4959428F", + "Arn" + ] }, - "MySQLClusterSnapshotterparametersServiceRoleDefaultPolicy9544C62B": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "rds:DescribeDBClusters", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" - } - ] - ] - } - }, - { - "Action": "rds:DescribeDBInstances", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "MySQLClusterSnapshotterparametersServiceRoleDefaultPolicy9544C62B", - "Roles": [ - { - "Ref": "MySQLClusterSnapshotterparametersServiceRole4959428F" - } - ] + "Description": "src/parameters.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "MySQLClusterSnapshotterparametersServiceRoleDefaultPolicy9544C62B", + "MySQLClusterSnapshotterparametersServiceRole4959428F" + ] + }, + "MySQLClusterSnapshotterparametersLogRetention49B4A2F1": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "MySQLClusterSnapshotterparametersAF9FF89F" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "MySQLClusterSnapshotterwaitServiceRoleD1DB455D": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "MySQLClusterSnapshotterparametersAF9FF89F": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "7dedf603050cc97a3f7e06b2e58606f2fef08c81e52acb5e616dd3c0643b2cb0.zip" + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "Role": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterparametersServiceRole4959428F", - "Arn" + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "MySQLClusterSnapshotterwaitServiceRoleDefaultPolicy9E878AF7": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + } ] + ] }, - "Description": "src/parameters.lambda.ts", - "Environment": { - "Variables": { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" - } + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + } + ] + ] }, - "Handler": "index.handler", - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "MySQLClusterSnapshotterparametersServiceRoleDefaultPolicy9544C62B", - "MySQLClusterSnapshotterparametersServiceRole4959428F" - ] - }, - "MySQLClusterSnapshotterparametersLogRetention49B4A2F1": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "MySQLClusterSnapshotterparametersAF9FF89F" - } - ] + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" ] + ] }, - "RetentionInDays": 30 - } - }, - "MySQLClusterSnapshotterwaitServiceRoleD1DB455D": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:mysql-cluster-snapshot-*" + ] + ] }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] } + ], + "Version": "2012-10-17" }, - "MySQLClusterSnapshotterwaitServiceRoleDefaultPolicy9E878AF7": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "rds:DescribeDBClusters", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBSnapshots", - "rds:DescribeDBInstances" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" - } - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" - } - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:mysql-cluster-snapshot-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" + "PolicyName": "MySQLClusterSnapshotterwaitServiceRoleDefaultPolicy9E878AF7", + "Roles": [ + { + "Ref": "MySQLClusterSnapshotterwaitServiceRoleD1DB455D" + } + ] + } + }, + "MySQLClusterSnapshotterwait73D57C6D": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f.zip" + }, + "Role": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwaitServiceRoleD1DB455D", + "Arn" + ] + }, + "Description": "src/wait.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "MySQLClusterSnapshotterwaitServiceRoleDefaultPolicy9E878AF7", + "MySQLClusterSnapshotterwaitServiceRoleD1DB455D" + ] + }, + "MySQLClusterSnapshotterwaitLogRetention01D1F254": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "MySQLClusterSnapshotterwait73D57C6D" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "MySQLClusterSnapshotterLogs987A7E0A": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLClusterSnapshotterMySQLTask8414A409": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "Essential": false, + "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLClusterSnapshotterLogs987A7E0A" }, - "PolicyName": "MySQLClusterSnapshotterwaitServiceRoleDefaultPolicy9E878AF7", - "Roles": [ - { - "Ref": "MySQLClusterSnapshotterwaitServiceRoleD1DB455D" - } + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": false, + "SourceVolume": "config" + } + ], + "Name": "config" + }, + { + "Command": [ + "mysql", + "-e", + "SELECT 1" + ], + "DependsOn": [ + { + "Condition": "SUCCESS", + "ContainerName": "config" + } + ], + "Essential": true, + "Image": "public.ecr.aws/lts/mysql:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLClusterSnapshotterLogs987A7E0A" + }, + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": true, + "SourceVolume": "config" + } + ], + "Name": "mysql" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterMySQLTask813891E0", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027", + "Arn" + ] + }, + "Volumes": [ + { + "Host": {}, + "Name": "config" + } + ] + } + }, + "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy109BFD8B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterLogs987A7E0A", + "Arn" + ] + } + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "MySQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy109BFD8B", + "Roles": [ + { + "Ref": "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA" + } + ] + } + }, + "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLClusterSnapshotterPostreSQLTaskB18030B4": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "psql", + "-c", + "SELECT 1" + ], + "Essential": true, + "Image": "public.ecr.aws/lts/postgres:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "MySQLClusterSnapshotterLogs987A7E0A" + }, + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "Name": "postgres" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterPostreSQLTask8BE86494", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54", + "Arn" + ] + } + } + }, + "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyBFF6CA44": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterLogs987A7E0A", + "Arn" ] + } } + ], + "Version": "2012-10-17" }, - "MySQLClusterSnapshotterwait73D57C6D": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + "PolicyName": "MySQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyBFF6CA44", + "Roles": [ + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0" + } + ] + } + }, + "MySQLClusterSnapshotterDirectorRole6035EB89": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::FindInMap": [ + "ServiceprincipalMap", + { + "Ref": "AWS::Region" }, - "S3Key": "48d5a2396486c7e05d39c2b9e7a2dc2b28448934920dbf75dd9744865ba2ddc7.zip" + "states" + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "MySQLClusterSnapshotterDirectorRoleDefaultPolicy78A869F9": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterparametersAF9FF89F", + "Arn" + ] }, - "Role": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterwaitServiceRoleD1DB455D", - "Arn" + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterparametersAF9FF89F", + "Arn" + ] + }, + ":*" ] + ] + } + ] + }, + { + "Action": "rds:deleteDBClusterSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBClusterSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] }, - "Description": "src/wait.lambda.ts", - "Environment": { - "Variables": { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" - } - }, - "Handler": "index.handler", - "Runtime": "nodejs18.x" + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + ":*" + ] + ] + } + ] }, - "DependsOn": [ - "MySQLClusterSnapshotterwaitServiceRoleDefaultPolicy9E878AF7", - "MySQLClusterSnapshotterwaitServiceRoleD1DB455D" - ] - }, - "MySQLClusterSnapshotterwaitLogRetention01D1F254": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" + { + "Action": "rds:restoreDBClusterFromSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "MySQLClusterSnapshotterwait73D57C6D" - } - ] + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" ] + ] }, - "RetentionInDays": 30 - } - }, - "MySQLClusterSnapshotterLogs987A7E0A": { - "Type": "AWS::Logs::LogGroup", - "Properties": { - "RetentionInDays": 30 - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "MySQLClusterSnapshotterSubnetgroupF2F35C6A" + } + ] + ] } - } - }, - "MySQLClusterSnapshotterMySQLTask8414A409": { - "Type": "AWS::ECS::TaskDefinition", - "Properties": { - "ContainerDefinitions": [ - { - "Command": [ - "bash", - "-c", - "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" - ], - "Essential": false, - "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "MySQLClusterSnapshotterLogs987A7E0A" - }, - "awslogs-stream-prefix": "mysql-config", - "awslogs-region": { - "Ref": "AWS::Region" - } - } - }, - "MountPoints": [ - { - "ContainerPath": "/root", - "ReadOnly": false, - "SourceVolume": "config" - } - ], - "Name": "config" + ] + }, + { + "Action": "rds:modifyDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, + ":rds:", { - "Command": [ - "mysql", - "-e", - "SELECT 1" - ], - "DependsOn": [ - { - "Condition": "SUCCESS", - "ContainerName": "config" - } - ], - "Essential": true, - "Image": "public.ecr.aws/lts/mysql:latest", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "MySQLClusterSnapshotterLogs987A7E0A" - }, - "awslogs-stream-prefix": "mysql-sanitize", - "awslogs-region": { - "Ref": "AWS::Region" - } - } - }, - "MountPoints": [ - { - "ContainerPath": "/root", - "ReadOnly": true, - "SourceVolume": "config" - } - ], - "Name": "mysql" - } - ], - "Cpu": "256", - "ExecutionRoleArn": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA", - "Arn" + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBInstance", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] }, - "Family": "RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterMySQLTask813891E0", - "Memory": "512", - "NetworkMode": "awsvpc", - "RequiresCompatibilities": [ - "FARGATE" - ], - "TaskRoleArn": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027", - "Arn" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" ] - }, - "Volumes": [ + ] + } + ] + }, + { + "Action": "rds:describeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", { - "Host": {}, - "Name": "config" - } + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] ] - } - }, - "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" } + ] } - ], - "Version": "2012-10-17" - } - } - }, - "MySQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy109BFD8B": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ + ] + }, + ":", + { + "Fn::Select": [ + 2, { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterLogs987A7E0A", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" } + ] } - ], - "Version": "2012-10-17" - }, - "PolicyName": "MySQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy109BFD8B", - "Roles": [ + ] + }, + ":", { - "Ref": "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA" - } - ] - } - }, - "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + "Fn::Select": [ + 3, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" } + ] } - ], - "Version": "2012-10-17" - } - } - }, - "MySQLClusterSnapshotterPostreSQLTaskB18030B4": { - "Type": "AWS::ECS::TaskDefinition", - "Properties": { - "ContainerDefinitions": [ - { - "Command": [ - "psql", - "-c", - "SELECT 1" - ], - "Essential": true, - "Image": "public.ecr.aws/lts/postgres:latest", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "MySQLClusterSnapshotterLogs987A7E0A" - }, - "awslogs-stream-prefix": "psql-sanitize", - "awslogs-region": { - "Ref": "AWS::Region" - } - } - }, - "Name": "postgres" - } - ], - "Cpu": "256", - "ExecutionRoleArn": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0", - "Arn" - ] - }, - "Family": "RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterPostreSQLTask8BE86494", - "Memory": "512", - "NetworkMode": "awsvpc", - "RequiresCompatibilities": [ - "FARGATE" - ], - "TaskRoleArn": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54", - "Arn" - ] - } - } - }, - "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + ] + }, + ":", + { + "Fn::Select": [ + 4, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" } + ] } - ], - "Version": "2012-10-17" - } - } - }, - "MySQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyBFF6CA44": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ + ] + }, + ":", + { + "Fn::Select": [ + 0, { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterLogs987A7E0A", - "Arn" - ] + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] + } + ] } + ] } - ], - "Version": "2012-10-17" - }, - "PolicyName": "MySQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyBFF6CA44", - "Roles": [ + ] + }, + "/", { - "Ref": "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0" - } - ] - } - }, - "MySQLClusterSnapshotterDirectorRole6035EB89": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + "Fn::Select": [ + 1, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "states.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" + } + ] } + ] } + ] } - ], - "Version": "2012-10-17" + ] + } + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA", + "Arn" + ] } - } - }, - "MySQLClusterSnapshotterDirectorRoleDefaultPolicy78A869F9": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterparametersAF9FF89F", - "Arn" - ] - } - }, - { - "Action": "rds:deleteDBClusterSnapshot", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:sanitize-*" - ] - ] - } - }, + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, { - "Action": "rds:deleteDBInstance", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" } - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, { - "Action": "rds:deleteDBCluster", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" } - }, - { - "Action": "rds:createDBClusterSnapshot", - "Effect": "Allow", - "Resource": "*" - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterwait73D57C6D", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" } - }, - { - "Action": "rds:restoreDBClusterFromSnapshot", - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":subgrp:", - { - "Ref": "MySQLClusterSnapshotterSubnetgroupF2F35C6A" - } - ] - ] - } - ] - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, { - "Action": "rds:modifyDBCluster", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" } - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, { - "Action": "rds:createDBInstance", - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - }, + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] } - ] - }, - { - "Action": "rds:describeDBClusters", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - } - }, - { - "Action": "ecs:RunTask", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 2, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" - } - ] - } - ] - } - ] - } - ] - }, - "/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterMySQLTask8414A409" - } - ] - } - ] - } - ] - } - ] - } - ] - ] + ] } - }, - { - "Action": [ - "ecs:StopTask", - "ecs:DescribeTasks" - ], - "Effect": "Allow", - "Resource": "*" - }, + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterMySQLTaskTaskRole3BAE9027", - "Arn" - ] - }, + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterMySQLTaskExecutionRole50CCB6FA", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" + } + ] } - ] - }, - { - "Action": [ - "events:PutTargets", - "events:PutRule", - "events:DescribeRule" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":events:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":rule/StepFunctionsGetEventsForECSTaskRule" - ] - ] + ] } - }, - { - "Action": "ecs:RunTask", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 2, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" - } - ] - } - ] - } - ] - } - ] - }, - "/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "MySQLClusterSnapshotterPostreSQLTaskB18030B4" - } - ] - } - ] - } - ] - } - ] - } - ] - ] - } - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0", - "Arn" - ] - } - ] - }, - { - "Action": "rds:AddTagsToResource", - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:mysql-cluster-snapshot-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - } - ] + ] } - ], - "Version": "2012-10-17" - }, - "PolicyName": "MySQLClusterSnapshotterDirectorRoleDefaultPolicy78A869F9", - "Roles": [ - { - "Ref": "MySQLClusterSnapshotterDirectorRole6035EB89" + ] } + ] ] - } - }, - "MySQLClusterSnapshotterDirector73A14BB0": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterDirectorRole6035EB89", - "Arn" - ] + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskTaskRole09172C54", + "Arn" + ] }, - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterparametersAF9FF89F", - "Arn" - ] - }, - "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":true,\"databaseIdentifier\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" - }, - "\",\"databaseKey\":\"\",\"snapshotPrefix\":\"mysql-cluster-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.databaseIdentifier\",\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" - }, - "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterwait73D57C6D", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":true}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:restoreDBClusterFromSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"SnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterSGF5188D63", - "GroupId" - ] - }, - "\"],\"DbSubnetGroupName\":\"", - { - "Ref": "MySQLClusterSnapshotterSubnetgroupF2F35C6A" - }, - "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" - }, - "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterwait73D57C6D", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterwait73D57C6D", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Create Temporary Instance\":{\"Next\":\"Wait for Temporary Instance\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterwait73D57C6D", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbInstanceId\",\"isCluster\":true}},\"Get Temporary Cluster Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbClusters[0].Endpoint\"},\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:describeDBClusters\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", - { - "Fn::GetAtt": [ - "MySQLClusterSnapshottercluster9B2B4982", - "Arn" - ] - }, - "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterMySQLTask813891E0\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - "\",\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - }, - "\"],\"SecurityGroups\":[\"", - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterSGF5188D63", - "GroupId" - ] - }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"MYSQL_DATABASE\",\"Value\":\"\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbClusterSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" - }, - "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", - { - "Fn::GetAtt": [ - "MySQLClusterSnapshottercluster9B2B4982", - "Arn" - ] - }, - "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterPostreSQLTask8BE86494\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - "\",\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - }, - "\"],\"SecurityGroups\":[\"", - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterSGF5188D63", - "GroupId" - ] - }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "MySQLClusterSnapshotterwait73D57C6D", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":true}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"SkipFinalSnapshot\":true}}}},{\"StartAt\":\"Temporary Database\",\"States\":{\"Temporary Database\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:deleteDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" - ] - ] + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterPostreSQLTaskExecutionRole430431E0", + "Arn" + ] } + ] }, - "DependsOn": [ - "MySQLClusterSnapshotterDirectorRoleDefaultPolicy78A869F9", - "MySQLClusterSnapshotterDirectorRole6035EB89" - ] - }, - "PostgreSQLInstanceSnapshotterSG97FD02BB": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Group for communication between sanitizing job and database", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "RDS-sanitized-snapshots" - } - ], - "VpcId": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" - } - } - }, - "PostgreSQLInstanceSnapshotterSGfromRDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5AALLPORTSEF1B0737": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5A:ALL PORTS", - "FromPort": 0, - "GroupId": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterSG97FD02BB", - "GroupId" + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" ] + ] }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterSG97FD02BB", - "GroupId" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:mysql-cluster-snapshot-*" ] + ] }, - "ToPort": 65535 + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + ] } + ], + "Version": "2012-10-17" }, - "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", - "SubnetIds": [ - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" - }, - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" - } + "PolicyName": "MySQLClusterSnapshotterDirectorRoleDefaultPolicy78A869F9", + "Roles": [ + { + "Ref": "MySQLClusterSnapshotterDirectorRole6035EB89" + } + ] + } + }, + "MySQLClusterSnapshotterDirector73A14BB0": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterDirectorRole6035EB89", + "Arn" + ] + }, + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterparametersAF9FF89F", + "Arn" ] - } + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":true,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\",\"databaseKey\":\"\",\"snapshotPrefix\":\"mysql-cluster-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.databaseIdentifier\",\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":true}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBClusterFromSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"SnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "MySQLClusterSnapshotterSubnetgroupF2F35C6A" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Create Temporary Instance\":{\"Next\":\"Wait for Temporary Instance\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbInstanceId\",\"isCluster\":true}},\"Get Temporary Cluster Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbClusters[0].Endpoint\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBClusters\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshottercluster9B2B4982", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterMySQLTask813891E0\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"MYSQL_DATABASE\",\"Value\":\"\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbClusterSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefMySQLClusterD5C73C3376F94030" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshottercluster9B2B4982", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNMySQLClusterSnapshotterPostreSQLTask8BE86494\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterSGF5188D63", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "MySQLClusterSnapshotterwait73D57C6D", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":true}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"SkipFinalSnapshot\":true}}}},{\"StartAt\":\"Temporary Database\",\"States\":{\"Temporary Database\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] + } + }, + "DependsOn": [ + "MySQLClusterSnapshotterDirectorRoleDefaultPolicy78A869F9", + "MySQLClusterSnapshotterDirectorRole6035EB89" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgreSQLInstanceSnapshotterSG97FD02BB": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Group for communication between sanitizing job and database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "RDS-sanitized-snapshots" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "PostgreSQLInstanceSnapshotterSGfromRDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5AALLPORTSEF1B0737": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterSG52C89F5A:ALL PORTS", + "FromPort": 0, + "GroupId": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] }, - "PostgreSQLInstanceSnapshottercluster067EC069": { - "Type": "AWS::ECS::Cluster" + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] }, - "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + "ToPort": 65535 + } + }, + "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "PostgreSQLInstanceSnapshottercluster067EC069": { + "Type": "AWS::ECS::Cluster" + }, + "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "PostgreSQLInstanceSnapshotterparametersServiceRoleDefaultPolicy9C4B4594": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "rds:DescribeDBInstances", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" - } - ] - ] - } - } - ], - "Version": "2012-10-17" + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "PolicyName": "PostgreSQLInstanceSnapshotterparametersServiceRoleDefaultPolicy9C4B4594", - "Roles": [ + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "PostgreSQLInstanceSnapshotterparametersServiceRoleDefaultPolicy9C4B4594": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", { - "Ref": "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630" + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" } + ] ] + } } + ], + "Version": "2012-10-17" }, - "PostgreSQLInstanceSnapshotterparametersA0CF862A": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "7dedf603050cc97a3f7e06b2e58606f2fef08c81e52acb5e616dd3c0643b2cb0.zip" - }, - "Role": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630", - "Arn" - ] - }, - "Description": "src/parameters.lambda.ts", - "Environment": { - "Variables": { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" - } - }, - "Handler": "index.handler", - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "PostgreSQLInstanceSnapshotterparametersServiceRoleDefaultPolicy9C4B4594", - "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630" - ] + "PolicyName": "PostgreSQLInstanceSnapshotterparametersServiceRoleDefaultPolicy9C4B4594", + "Roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterparametersA0CF862A": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6.zip" }, - "PostgreSQLInstanceSnapshotterparametersLogRetentionED632F48": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "PostgreSQLInstanceSnapshotterparametersA0CF862A" - } - ] - ] - }, - "RetentionInDays": 30 - } + "Role": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630", + "Arn" + ] }, - "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } + "Description": "src/parameters.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } }, - "PostgreSQLInstanceSnapshotterwaitServiceRoleDefaultPolicy20C24234": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "rds:DescribeDBClusters", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBSnapshots", - "rds:DescribeDBInstances" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" - } - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" - } - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:psql-instance-snapshot-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PostgreSQLInstanceSnapshotterwaitServiceRoleDefaultPolicy20C24234", - "Roles": [ - { - "Ref": "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF" - } - ] + "Handler": "index.handler", + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "PostgreSQLInstanceSnapshotterparametersServiceRoleDefaultPolicy9C4B4594", + "PostgreSQLInstanceSnapshotterparametersServiceRole23B2E630" + ] + }, + "PostgreSQLInstanceSnapshotterparametersLogRetentionED632F48": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "PostgreSQLInstanceSnapshotterparametersA0CF862A" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "PostgreSQLInstanceSnapshotterwaitE64141BC": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "48d5a2396486c7e05d39c2b9e7a2dc2b28448934920dbf75dd9744865ba2ddc7.zip" + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "Role": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF", - "Arn" + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "PostgreSQLInstanceSnapshotterwaitServiceRoleDefaultPolicy20C24234": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + } ] + ] }, - "Description": "src/wait.lambda.ts", - "Environment": { - "Variables": { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" - } + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + } + ] + ] }, - "Handler": "index.handler", - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "PostgreSQLInstanceSnapshotterwaitServiceRoleDefaultPolicy20C24234", - "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF" - ] - }, - "PostgreSQLInstanceSnapshotterwaitLogRetentionB9508260": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "PostgreSQLInstanceSnapshotterwaitE64141BC" - } - ] + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:psql-instance-snapshot-*" ] + ] }, - "RetentionInDays": 30 + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] } + ], + "Version": "2012-10-17" }, - "PostgreSQLInstanceSnapshotterLogsF028D514": { - "Type": "AWS::Logs::LogGroup", - "Properties": { - "RetentionInDays": 30 - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "PolicyName": "PostgreSQLInstanceSnapshotterwaitServiceRoleDefaultPolicy20C24234", + "Roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterwaitE64141BC": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f.zip" }, - "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } + "Role": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF", + "Arn" + ] }, - "PostgreSQLInstanceSnapshotterMySQLTask53136402": { - "Type": "AWS::ECS::TaskDefinition", - "Properties": { - "ContainerDefinitions": [ - { - "Command": [ - "bash", - "-c", - "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" - ], - "Essential": false, - "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" - }, - "awslogs-stream-prefix": "mysql-config", - "awslogs-region": { - "Ref": "AWS::Region" - } - } - }, - "MountPoints": [ - { - "ContainerPath": "/root", - "ReadOnly": false, - "SourceVolume": "config" - } - ], - "Name": "config" - }, - { - "Command": [ - "mysql", - "-e", - "SELECT 1" - ], - "DependsOn": [ - { - "Condition": "SUCCESS", - "ContainerName": "config" - } - ], - "Essential": true, - "Image": "public.ecr.aws/lts/mysql:latest", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" - }, - "awslogs-stream-prefix": "mysql-sanitize", - "awslogs-region": { - "Ref": "AWS::Region" - } - } - }, - "MountPoints": [ - { - "ContainerPath": "/root", - "ReadOnly": true, - "SourceVolume": "config" - } - ], - "Name": "mysql" - } - ], - "Cpu": "256", - "ExecutionRoleArn": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF", - "Arn" - ] + "Description": "src/wait.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "PostgreSQLInstanceSnapshotterwaitServiceRoleDefaultPolicy20C24234", + "PostgreSQLInstanceSnapshotterwaitServiceRole7815F7FF" + ] + }, + "PostgreSQLInstanceSnapshotterwaitLogRetentionB9508260": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "PostgreSQLInstanceSnapshotterwaitE64141BC" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "PostgreSQLInstanceSnapshotterLogsF028D514": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLInstanceSnapshotterMySQLTask53136402": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "Essential": false, + "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" }, - "Family": "RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterMySQLTask1F6F549C", - "Memory": "512", - "NetworkMode": "awsvpc", - "RequiresCompatibilities": [ - "FARGATE" - ], - "TaskRoleArn": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11", - "Arn" - ] + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": false, + "SourceVolume": "config" + } + ], + "Name": "config" + }, + { + "Command": [ + "mysql", + "-e", + "SELECT 1" + ], + "DependsOn": [ + { + "Condition": "SUCCESS", + "ContainerName": "config" + } + ], + "Essential": true, + "Image": "public.ecr.aws/lts/mysql:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" }, - "Volumes": [ - { - "Host": {}, - "Name": "config" - } - ] - } - }, - "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" } - } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": true, + "SourceVolume": "config" + } + ], + "Name": "mysql" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF", + "Arn" + ] }, - "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicyBC957120": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterLogsF028D514", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicyBC957120", - "Roles": [ - { - "Ref": "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF" - } + "Family": "RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterMySQLTask1F6F549C", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11", + "Arn" + ] + }, + "Volumes": [ + { + "Host": {}, + "Name": "config" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicyBC957120": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterLogsF028D514", + "Arn" ] + } } + ], + "Version": "2012-10-17" }, - "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } + "PolicyName": "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleDefaultPolicyBC957120", + "Roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } } - }, - "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB": { - "Type": "AWS::ECS::TaskDefinition", - "Properties": { - "ContainerDefinitions": [ - { - "Command": [ - "psql", - "-c", - "SELECT 1" - ], - "Essential": true, - "Image": "public.ecr.aws/lts/postgres:latest", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" - }, - "awslogs-stream-prefix": "psql-sanitize", - "awslogs-region": { - "Ref": "AWS::Region" - } - } - }, - "Name": "postgres" - } - ], - "Cpu": "256", - "ExecutionRoleArn": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB", - "Arn" - ] + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "psql", + "-c", + "SELECT 1" + ], + "Essential": true, + "Image": "public.ecr.aws/lts/postgres:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLInstanceSnapshotterLogsF028D514" }, - "Family": "RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterPostreSQLTask00FF05BB", - "Memory": "512", - "NetworkMode": "awsvpc", - "RequiresCompatibilities": [ - "FARGATE" - ], - "TaskRoleArn": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB", - "Arn" - ] + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" } - } + } + }, + "Name": "postgres" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB", + "Arn" + ] }, - "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } + "Family": "RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterPostreSQLTask00FF05BB", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB", + "Arn" + ] + } + } + }, + "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } } - }, - "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy9201194B": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterLogsF028D514", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy9201194B", - "Roles": [ - { - "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB" - } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy9201194B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterLogsF028D514", + "Arn" ] + } } + ], + "Version": "2012-10-17" }, - "PostgreSQLInstanceSnapshotterDirectorRole89143BB2": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "states.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - } - ], - "Version": "2012-10-17" + "PolicyName": "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleDefaultPolicy9201194B", + "Roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterDirectorRole89143BB2": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::FindInMap": [ + "ServiceprincipalMap", + { + "Ref": "AWS::Region" + }, + "states" + ] } + } } - }, - "PostgreSQLInstanceSnapshotterDirectorRoleDefaultPolicyC372C868": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLInstanceSnapshotterDirectorRoleDefaultPolicyC372C868": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterparametersA0CF862A", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterparametersA0CF862A", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + }, + { + "Action": "rds:deleteDBSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + ":*" + ] + ] + } + ] + }, + { + "Action": "rds:restoreDBInstanceFromDBSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE" + } + ] + ] + } + ] + }, + { + "Action": "rds:modifyDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:describeDBInstances", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterparametersA0CF862A", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" } - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, { - "Action": "rds:deleteDBSnapshot", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:sanitize-*" - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" } - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, { - "Action": "rds:deleteDBInstance", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" } - }, - { - "Action": "rds:createDBSnapshot", - "Effect": "Allow", - "Resource": "*" - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterwaitE64141BC", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" } - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, { - "Action": "rds:restoreDBInstanceFromDBSnapshot", - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:sanitize-*" - ] - ] - }, + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":subgrp:", - { - "Ref": "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE" - } - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] } - ] - }, - { - "Action": "rds:modifyDBInstance", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] + ] } - }, + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, { - "Action": "rds:describeDBInstances", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" + } + ] + } + ] } - }, + ] + } + ] + } + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF", + "Arn" + ] + } + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, { - "Action": "ecs:RunTask", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 2, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" - } - ] - } - ] - } - ] - } - ] - }, - "/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterMySQLTask53136402" - } - ] - } - ] - } - ] - } - ] - } - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" } - }, - { - "Action": [ - "ecs:StopTask", - "ecs:DescribeTasks" - ], - "Effect": "Allow", - "Resource": "*" - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 2, { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterMySQLTaskTaskRoleB2EF5D11", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterMySQLTaskExecutionRoleD0258DFF", - "Arn" - ] - } - ] - }, + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 3, { - "Action": [ - "events:PutTargets", - "events:PutRule", - "events:DescribeRule" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":events:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":rule/StepFunctionsGetEventsForECSTaskRule" - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" } - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 4, { - "Action": "ecs:RunTask", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 2, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" - } - ] - } - ] - } - ] - } - ] - }, - "/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" - } - ] - } - ] - } - ] - } - ] - } - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" } - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB", - "Arn" - ] - }, + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] } - ] - }, + ] + } + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, { - "Action": "rds:AddTagsToResource", - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":snapshot:psql-instance-snapshot-*" - ] - ] - }, + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLInstanceSnapshotterPostreSQLTask3DC21CCB" + } + ] } - ] - }, - { - "Action": [ - "kms:CreateGrant", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + ] } + ] } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PostgreSQLInstanceSnapshotterDirectorRoleDefaultPolicyC372C868", - "Roles": [ - { - "Ref": "PostgreSQLInstanceSnapshotterDirectorRole89143BB2" + ] } + ] ] - } - }, - "PostgreSQLInstanceSnapshotterDirector22C6400C": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterDirectorRole89143BB2", - "Arn" + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskTaskRole04FEDCFB", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterPostreSQLTaskExecutionRoleF7C4A7FB", + "Arn" + ] + } + ] + }, + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:sanitize-*" ] + ] }, - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterparametersA0CF862A", - "Arn" - ] - }, - "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":false,\"databaseIdentifier\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" - }, - "\",\"databaseKey\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" - }, - "\",\"snapshotPrefix\":\"psql-instance-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.databaseIdentifier\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" - }, - "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterwaitE64141BC", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":false}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:restoreDBInstanceFromDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterSG97FD02BB", - "GroupId" - ] - }, - "\"],\"DbSubnetGroupName\":\"", - { - "Ref": "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE" - }, - "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" - }, - "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterwaitE64141BC", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterwaitE64141BC", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Get Temporary Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbInstances[0].Endpoint.Address\"},\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:describeDBInstances\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshottercluster067EC069", - "Arn" - ] - }, - "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterMySQLTask1F6F549C\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - "\",\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - }, - "\"],\"SecurityGroups\":[\"", - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterSG97FD02BB", - "GroupId" - ] - }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"MYSQL_DATABASE\",\"Value\":\"\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"DbSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" - }, - "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshottercluster067EC069", - "Arn" - ] - }, - "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterPostreSQLTask00FF05BB\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - "\",\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - }, - "\"],\"SecurityGroups\":[\"", - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterSG97FD02BB", - "GroupId" - ] - }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLInstanceSnapshotterwaitE64141BC", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":false}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:deleteDBSnapshot\",\"Parameters\":{\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" - ] + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":snapshot:psql-instance-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] } + ] }, - "DependsOn": [ - "PostgreSQLInstanceSnapshotterDirectorRoleDefaultPolicyC372C868", - "PostgreSQLInstanceSnapshotterDirectorRole89143BB2" - ] + { + "Action": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + } + } + ], + "Version": "2012-10-17" }, - "SnapshotKey0EDEBDF6": { - "Type": "AWS::KMS::Key", - "Properties": { - "KeyPolicy": { - "Statement": [ - { - "Action": "kms:*", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::", - { - "Ref": "AWS::AccountId" - }, - ":root" - ] - ] - } - }, - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "Description": "RDS sanitize test target key" - }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "PolicyName": "PostgreSQLInstanceSnapshotterDirectorRoleDefaultPolicyC372C868", + "Roles": [ + { + "Ref": "PostgreSQLInstanceSnapshotterDirectorRole89143BB2" + } + ] + } + }, + "PostgreSQLInstanceSnapshotterDirector22C6400C": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterDirectorRole89143BB2", + "Arn" + ] }, - "PostgreSQLClusterSnapshotterSG7FF985A8": { - "Type": "AWS::EC2::SecurityGroup", - "Properties": { - "GroupDescription": "Group for communication between sanitizing job and database", - "SecurityGroupEgress": [ - { - "CidrIp": "0.0.0.0/0", - "Description": "Allow all outbound traffic by default", - "IpProtocol": "-1" - } - ], - "Tags": [ - { - "Key": "Name", - "Value": "RDS-sanitized-snapshots" - } - ], - "VpcId": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterparametersA0CF862A", + "Arn" + ] + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":false,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\",\"databaseKey\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + }, + "\",\"snapshotPrefix\":\"psql-instance-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.databaseIdentifier\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":false}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBInstanceFromDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "PostgreSQLInstanceSnapshotterSubnetgroup7F19C7EE" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true,\"BackupRetentionPeriod\":0}},\"Wait for Temporary Password\":{\"Next\":\"Get Temporary Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":false}},\"Get Temporary Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbInstances[0].Endpoint.Address\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBInstances\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshottercluster067EC069", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterMySQLTask1F6F549C\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"MYSQL_DATABASE\",\"Value\":\"\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBSnapshot\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"DbSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresInstance8F00D2DD14EE3CD9" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshottercluster067EC069", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLInstanceSnapshotterPostreSQLTask00FF05BB\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterSG97FD02BB", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLInstanceSnapshotterwaitE64141BC", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":false}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBSnapshot\",\"Parameters\":{\"DbSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] + } + }, + "DependsOn": [ + "PostgreSQLInstanceSnapshotterDirectorRoleDefaultPolicyC372C868", + "PostgreSQLInstanceSnapshotterDirectorRole89143BB2" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "SnapshotKey0EDEBDF6": { + "Type": "AWS::KMS::Key", + "Properties": { + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::", + { + "Ref": "AWS::AccountId" + }, + ":root" + ] + ] } + }, + "Resource": "*" } + ], + "Version": "2012-10-17" }, - "PostgreSQLClusterSnapshotterSGfromRDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838ALLPORTS45F04871": { - "Type": "AWS::EC2::SecurityGroupIngress", - "Properties": { - "IpProtocol": "tcp", - "Description": "from RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838:ALL PORTS", - "FromPort": 0, - "GroupId": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterSG7FF985A8", - "GroupId" - ] - }, - "SourceSecurityGroupId": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterSG7FF985A8", - "GroupId" - ] - }, - "ToPort": 65535 + "Description": "RDS sanitize test target key" + }, + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "PostgreSQLClusterSnapshotterSG7FF985A8": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "Group for communication between sanitizing job and database", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "Tags": [ + { + "Key": "Name", + "Value": "RDS-sanitized-snapshots" + } + ], + "VpcId": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + } + }, + "PostgreSQLClusterSnapshotterSGfromRDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838ALLPORTS45F04871": { + "Type": "AWS::EC2::SecurityGroupIngress", + "Properties": { + "IpProtocol": "tcp", + "Description": "from RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterSGD655B838:ALL PORTS", + "FromPort": 0, + "GroupId": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "SourceSecurityGroupId": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "ToPort": 65535 + } + }, + "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3": { + "Type": "AWS::RDS::DBSubnetGroup", + "Properties": { + "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", + "SubnetIds": [ + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + }, + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + ] + } + }, + "PostgreSQLClusterSnapshotterclusterD066B562": { + "Type": "AWS::ECS::Cluster" + }, + "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3": { - "Type": "AWS::RDS::DBSubnetGroup", - "Properties": { - "DBSubnetGroupDescription": "Temporary database used for RDS-sanitize-snapshots", - "SubnetIds": [ + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "PostgreSQLClusterSnapshotterparametersServiceRoleDefaultPolicy82F25ECA": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "rds:DescribeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + "Ref": "AWS::Region" }, + ":", { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" } + ] ] + } + }, + { + "Action": "rds:DescribeDBInstances", + "Effect": "Allow", + "Resource": "*" } + ], + "Version": "2012-10-17" }, - "PostgreSQLClusterSnapshotterclusterD066B562": { - "Type": "AWS::ECS::Cluster" + "PolicyName": "PostgreSQLClusterSnapshotterparametersServiceRoleDefaultPolicy82F25ECA", + "Roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28" + } + ] + } + }, + "PostgreSQLClusterSnapshotterparameters25147BEC": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "73ae9c6df09ad4bfbc13c9d4e1f9695a2de8da41bbb8b0037182a8cda9a710c6.zip" }, - "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } + "Role": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28", + "Arn" + ] }, - "PostgreSQLClusterSnapshotterparametersServiceRoleDefaultPolicy82F25ECA": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "rds:DescribeDBClusters", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" - } - ] - ] - } - }, - { - "Action": "rds:DescribeDBInstances", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PostgreSQLClusterSnapshotterparametersServiceRoleDefaultPolicy82F25ECA", - "Roles": [ - { - "Ref": "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28" - } - ] + "Description": "src/parameters.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "PostgreSQLClusterSnapshotterparametersServiceRoleDefaultPolicy82F25ECA", + "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28" + ] + }, + "PostgreSQLClusterSnapshotterparametersLogRetention51777008": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "PostgreSQLClusterSnapshotterparameters25147BEC" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "PostgreSQLClusterSnapshotterparameters25147BEC": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "7dedf603050cc97a3f7e06b2e58606f2fef08c81e52acb5e616dd3c0643b2cb0.zip" + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "Role": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28", - "Arn" + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "PostgreSQLClusterSnapshotterwaitServiceRoleDefaultPolicyB7AEBC76": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "rds:DescribeDBClusters", + "rds:DescribeDBClusterSnapshots", + "rds:DescribeDBSnapshots", + "rds:DescribeDBInstances" + ], + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + } ] + ] }, - "Description": "src/parameters.lambda.ts", - "Environment": { - "Variables": { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" - } + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + } + ] + ] }, - "Handler": "index.handler", - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "PostgreSQLClusterSnapshotterparametersServiceRoleDefaultPolicy82F25ECA", - "PostgreSQLClusterSnapshotterparametersServiceRoleB3208E28" - ] - }, - "PostgreSQLClusterSnapshotterparametersLogRetention51777008": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "PostgreSQLClusterSnapshotterparameters25147BEC" - } - ] + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:psql-cluster-snapshot-*" ] + ] }, - "RetentionInDays": 30 + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] } + ], + "Version": "2012-10-17" }, - "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "PolicyName": "PostgreSQLClusterSnapshotterwaitServiceRoleDefaultPolicyB7AEBC76", + "Roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C" + } + ] + } + }, + "PostgreSQLClusterSnapshotterwait7A15A210": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "66486f7e33c34ceaae0d26eda8231c31f462018de9b6f34e598b3cc0df48b44f.zip" + }, + "Role": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C", + "Arn" + ] + }, + "Description": "src/wait.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "PostgreSQLClusterSnapshotterwaitServiceRoleDefaultPolicyB7AEBC76", + "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C" + ] + }, + "PostgreSQLClusterSnapshotterwaitLogRetention454520B8": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "PostgreSQLClusterSnapshotterwait7A15A210" + } + ] + ] + }, + "RetentionInDays": 30 + } + }, + "PostgreSQLClusterSnapshotterLogsD5C5A603": { + "Type": "AWS::Logs::LogGroup", + "Properties": { + "RetentionInDays": 30 + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "bash", + "-c", + "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" + ], + "Essential": false, + "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } + "awslogs-stream-prefix": "mysql-config", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": false, + "SourceVolume": "config" + } + ], + "Name": "config" + }, + { + "Command": [ + "mysql", + "-e", + "SELECT 1" + ], + "DependsOn": [ + { + "Condition": "SUCCESS", + "ContainerName": "config" + } + ], + "Essential": true, + "Image": "public.ecr.aws/lts/mysql:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" + }, + "awslogs-stream-prefix": "mysql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "MountPoints": [ + { + "ContainerPath": "/root", + "ReadOnly": true, + "SourceVolume": "config" + } + ], + "Name": "mysql" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterMySQLTask9865F232", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904", + "Arn" + ] + }, + "Volumes": [ + { + "Host": {}, + "Name": "config" + } + ] + } + }, + "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy6066AB09": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterLogsD5C5A603", + "Arn" ] + } } + ], + "Version": "2012-10-17" }, - "PostgreSQLClusterSnapshotterwaitServiceRoleDefaultPolicyB7AEBC76": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "rds:DescribeDBClusters", - "rds:DescribeDBClusterSnapshots", - "rds:DescribeDBSnapshots", - "rds:DescribeDBInstances" - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" - } - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" - } - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:psql-cluster-snapshot-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - } - ] - } - ], - "Version": "2012-10-17" + "PolicyName": "PostgreSQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy6066AB09", + "Roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B" + } + ] + } + }, + "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD": { + "Type": "AWS::ECS::TaskDefinition", + "Properties": { + "ContainerDefinitions": [ + { + "Command": [ + "psql", + "-c", + "SELECT 1" + ], + "Essential": true, + "Image": "public.ecr.aws/lts/postgres:latest", + "LogConfiguration": { + "LogDriver": "awslogs", + "Options": { + "awslogs-group": { + "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" }, - "PolicyName": "PostgreSQLClusterSnapshotterwaitServiceRoleDefaultPolicyB7AEBC76", - "Roles": [ - { - "Ref": "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C" - } + "awslogs-stream-prefix": "psql-sanitize", + "awslogs-region": { + "Ref": "AWS::Region" + } + } + }, + "Name": "postgres" + } + ], + "Cpu": "256", + "ExecutionRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24", + "Arn" + ] + }, + "Family": "RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterPostreSQLTask914B7835", + "Memory": "512", + "NetworkMode": "awsvpc", + "RequiresCompatibilities": [ + "FARGATE" + ], + "TaskRoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360", + "Arn" + ] + } + } + }, + "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "ecs-tasks.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyC9A9FEA1": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:CreateLogStream", + "logs:PutLogEvents" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterLogsD5C5A603", + "Arn" ] + } } + ], + "Version": "2012-10-17" }, - "PostgreSQLClusterSnapshotterwait7A15A210": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + "PolicyName": "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyC9A9FEA1", + "Roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24" + } + ] + } + }, + "PostgreSQLClusterSnapshotterDirectorRole38961E19": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::FindInMap": [ + "ServiceprincipalMap", + { + "Ref": "AWS::Region" }, - "S3Key": "48d5a2396486c7e05d39c2b9e7a2dc2b28448934920dbf75dd9744865ba2ddc7.zip" + "states" + ] + } + } + } + ], + "Version": "2012-10-17" + } + } + }, + "PostgreSQLClusterSnapshotterDirectorRoleDefaultPolicy6668829B": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterparameters25147BEC", + "Arn" + ] }, - "Role": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C", - "Arn" + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterparameters25147BEC", + "Arn" + ] + }, + ":*" ] + ] + } + ] + }, + { + "Action": "rds:deleteDBClusterSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBInstance", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:deleteDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBClusterSnapshot", + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] }, - "Description": "src/wait.lambda.ts", - "Environment": { - "Variables": { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" - } - }, - "Handler": "index.handler", - "Runtime": "nodejs18.x" + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + ":*" + ] + ] + } + ] }, - "DependsOn": [ - "PostgreSQLClusterSnapshotterwaitServiceRoleDefaultPolicyB7AEBC76", - "PostgreSQLClusterSnapshotterwaitServiceRole662B9A5C" - ] - }, - "PostgreSQLClusterSnapshotterwaitLogRetention454520B8": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" + { + "Action": "rds:copyDBClusterSnapshot", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:restoreDBClusterFromSnapshot", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "PostgreSQLClusterSnapshotterwait7A15A210" - } - ] + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":subgrp:", + { + "Ref": "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3" + } + ] + ] + } + ] + }, + { + "Action": "rds:modifyDBCluster", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "rds:createDBInstance", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] }, - "RetentionInDays": 30 - } - }, - "PostgreSQLClusterSnapshotterLogsD5C5A603": { - "Type": "AWS::Logs::LogGroup", - "Properties": { - "RetentionInDays": 30 + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":db:sanitize-*" + ] + ] + } + ] }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + { + "Action": "rds:describeDBClusters", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - } - } - }, - "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5": { - "Type": "AWS::ECS::TaskDefinition", - "Properties": { - "ContainerDefinitions": [ - { - "Command": [ - "bash", - "-c", - "echo \"[client]\nuser=$MYSQL_USER\nhost=$MYSQL_HOST\nport=$MYSQL_PORT\npassword=$MYSQL_PASSWORD\" > ~/.my.cnf && chmod 700 ~/.my.cnf" - ], - "Essential": false, - "Image": "public.ecr.aws/docker/library/bash:4-alpine3.15", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" - }, - "awslogs-stream-prefix": "mysql-config", - "awslogs-region": { - "Ref": "AWS::Region" - } - } - }, - "MountPoints": [ + "Fn::Split": [ + ":", { - "ContainerPath": "/root", - "ReadOnly": false, - "SourceVolume": "config" + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" } - ], - "Name": "config" + ] + } + ] }, + ":", { - "Command": [ - "mysql", - "-e", - "SELECT 1" - ], - "DependsOn": [ - { - "Condition": "SUCCESS", - "ContainerName": "config" - } - ], - "Essential": true, - "Image": "public.ecr.aws/lts/mysql:latest", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" - }, - "awslogs-stream-prefix": "mysql-sanitize", - "awslogs-region": { - "Ref": "AWS::Region" - } - } - }, - "MountPoints": [ + "Fn::Select": [ + 2, + { + "Fn::Split": [ + ":", { - "ContainerPath": "/root", - "ReadOnly": true, - "SourceVolume": "config" + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" } - ], - "Name": "mysql" - } - ], - "Cpu": "256", - "ExecutionRoleArn": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B", - "Arn" - ] - }, - "Family": "RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterMySQLTask9865F232", - "Memory": "512", - "NetworkMode": "awsvpc", - "RequiresCompatibilities": [ - "FARGATE" - ], - "TaskRoleArn": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904", - "Arn" - ] - }, - "Volumes": [ + ] + } + ] + }, + ":", { - "Host": {}, - "Name": "config" - } - ] - } - }, - "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + "Fn::Select": [ + 3, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" } + ] } - ], - "Version": "2012-10-17" - } - } - }, - "PostgreSQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy6066AB09": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ + ] + }, + ":", + { + "Fn::Select": [ + 4, { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterLogsD5C5A603", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" } + ] } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PostgreSQLClusterSnapshotterMySQLTaskExecutionRoleDefaultPolicy6066AB09", - "Roles": [ + ] + }, + ":", { - "Ref": "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B" - } - ] - } - }, - "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + "Fn::Select": [ + 0, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] + } + ] } + ] } - ], - "Version": "2012-10-17" - } - } - }, - "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD": { - "Type": "AWS::ECS::TaskDefinition", - "Properties": { - "ContainerDefinitions": [ - { - "Command": [ - "psql", - "-c", - "SELECT 1" - ], - "Essential": true, - "Image": "public.ecr.aws/lts/postgres:latest", - "LogConfiguration": { - "LogDriver": "awslogs", - "Options": { - "awslogs-group": { - "Ref": "PostgreSQLClusterSnapshotterLogsD5C5A603" - }, - "awslogs-stream-prefix": "psql-sanitize", - "awslogs-region": { - "Ref": "AWS::Region" + ] + }, + "/", + { + "Fn::Select": [ + 1, + { + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, + { + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" + } + ] } + ] } - }, - "Name": "postgres" + ] + } + ] } - ], - "Cpu": "256", - "ExecutionRoleArn": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24", - "Arn" - ] + ] + ] + } + }, + { + "Action": [ + "ecs:StopTask", + "ecs:DescribeTasks" + ], + "Effect": "Allow", + "Resource": "*" + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904", + "Arn" + ] }, - "Family": "RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterPostreSQLTask914B7835", - "Memory": "512", - "NetworkMode": "awsvpc", - "RequiresCompatibilities": [ - "FARGATE" - ], - "TaskRoleArn": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360", - "Arn" - ] + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B", + "Arn" + ] } - } - }, - "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + ] + }, + { + "Action": [ + "events:PutTargets", + "events:PutRule", + "events:DescribeRule" + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":events:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":rule/StepFunctionsGetEventsForECSTaskRule" + ] + ] + } + }, + { + "Action": "ecs:RunTask", + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Fn::Select": [ + 1, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "ecs-tasks.amazonaws.com" + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" } + ] } - ], - "Version": "2012-10-17" - } - } - }, - "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyC9A9FEA1": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ + ] + }, + ":", + { + "Fn::Select": [ + 2, { - "Action": [ - "logs:CreateLogStream", - "logs:PutLogEvents" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterLogsD5C5A603", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" } + ] } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRoleDefaultPolicyC9A9FEA1", - "Roles": [ + ] + }, + ":", { - "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24" - } - ] - } - }, - "PostgreSQLClusterSnapshotterDirectorRole38961E19": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + "Fn::Select": [ + 3, { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "states.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" } + ] } - ], - "Version": "2012-10-17" - } - } - }, - "PostgreSQLClusterSnapshotterDirectorRoleDefaultPolicy6668829B": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterparameters25147BEC", - "Arn" - ] - } - }, - { - "Action": "rds:deleteDBClusterSnapshot", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:sanitize-*" - ] - ] - } - }, - { - "Action": "rds:deleteDBInstance", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - } - }, - { - "Action": "rds:deleteDBCluster", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - } - }, - { - "Action": "rds:createDBClusterSnapshot", - "Effect": "Allow", - "Resource": "*" - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterwait7A15A210", - "Arn" - ] - } - }, - { - "Action": "rds:copyDBClusterSnapshot", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:sanitize-*" - ] - ] - } - }, - { - "Action": "rds:restoreDBClusterFromSnapshot", - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":subgrp:", - { - "Ref": "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3" - } - ] - ] - } - ] - }, - { - "Action": "rds:modifyDBCluster", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - } - }, - { - "Action": "rds:createDBInstance", - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":db:sanitize-*" - ] - ] - } - ] - }, - { - "Action": "rds:describeDBClusters", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] - } - }, + ] + }, + ":", + { + "Fn::Select": [ + 4, { - "Action": "ecs:RunTask", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 2, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" - } - ] - } - ] - } - ] - } - ] - }, - "/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterMySQLTask9D91D3F5" - } - ] - } - ] - } - ] - } - ] - } - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" } - }, - { - "Action": [ - "ecs:StopTask", - "ecs:DescribeTasks" - ], - "Effect": "Allow", - "Resource": "*" - }, + ] + } + ] + }, + ":", + { + "Fn::Select": [ + 0, { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterMySQLTaskTaskRoleE079F904", - "Arn" - ] - }, + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterMySQLTaskExecutionRole82F4953B", - "Arn" - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] } - ] - }, - { - "Action": [ - "events:PutTargets", - "events:PutRule", - "events:DescribeRule" - ], - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":events:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":rule/StepFunctionsGetEventsForECSTaskRule" - ] - ] + ] } - }, - { - "Action": "ecs:RunTask", - "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 2, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 3, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 4, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" - } - ] - } - ] - }, - ":", - { - "Fn::Select": [ - 0, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" - } - ] - } - ] - } - ] - } - ] - }, - "/", - { - "Fn::Select": [ - 1, - { - "Fn::Split": [ - "/", - { - "Fn::Select": [ - 5, - { - "Fn::Split": [ - ":", - { - "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" - } - ] - } - ] - } - ] - } - ] - } - ] - ] - } - }, - { - "Action": "iam:PassRole", - "Effect": "Allow", - "Resource": [ - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360", - "Arn" - ] - }, - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24", - "Arn" - ] - } - ] - }, + ] + } + ] + }, + "/", + { + "Fn::Select": [ + 1, { - "Action": "rds:AddTagsToResource", - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:sanitize-*" - ] - ] - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster-snapshot:psql-cluster-snapshot-*" - ] - ] - }, + "Fn::Split": [ + "/", + { + "Fn::Select": [ + 5, { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":rds:", - { - "Ref": "AWS::Region" - }, - ":", - { - "Ref": "AWS::AccountId" - }, - ":cluster:sanitize-*" - ] - ] + "Fn::Split": [ + ":", + { + "Ref": "PostgreSQLClusterSnapshotterPostreSQLTaskE150FEBD" + } + ] } - ] - }, - { - "Action": [ - "kms:CreateGrant", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "SnapshotKey0EDEBDF6", - "Arn" - ] - } - }, - { - "Action": [ - "kms:CreateGrant", - "kms:DescribeKey" - ], - "Effect": "Allow", - "Resource": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + ] } + ] } - ], - "Version": "2012-10-17" - }, - "PolicyName": "PostgreSQLClusterSnapshotterDirectorRoleDefaultPolicy6668829B", - "Roles": [ - { - "Ref": "PostgreSQLClusterSnapshotterDirectorRole38961E19" + ] } + ] ] - } - }, - "PostgreSQLClusterSnapshotterDirector864DA8F0": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "RoleArn": { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterDirectorRole38961E19", - "Arn" + } + }, + { + "Action": "iam:PassRole", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskTaskRole4CCD7360", + "Arn" + ] + }, + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterPostreSQLTaskExecutionRole9B27EF24", + "Arn" + ] + } + ] + }, + { + "Action": "rds:AddTagsToResource", + "Effect": "Allow", + "Resource": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:sanitize-*" ] + ] }, - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterparameters25147BEC", - "Arn" - ] - }, - "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":true,\"databaseIdentifier\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" - }, - "\",\"databaseKey\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" - }, - "\",\"snapshotPrefix\":\"psql-cluster-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.databaseIdentifier\",\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" - }, - "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Re-encrypt Snapshot\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterwait7A15A210", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":true}},\"Re-encrypt Snapshot\":{\"Next\":\"Wait for Re-encrypt\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:copyDBClusterSnapshot\",\"Parameters\":{\"SourceDBClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"TargetDBClusterSnapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"KmsKeyId\":\"", - { - "Ref": "SnapshotKey0EDEBDF6" - }, - "\",\"CopyTags\":false,\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" - }, - "\"}]}},\"Wait for Re-encrypt\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterwait7A15A210", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"isCluster\":true}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:restoreDBClusterFromSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"SnapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterSG7FF985A8", - "GroupId" - ] - }, - "\"],\"DbSubnetGroupName\":\"", - { - "Ref": "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3" - }, - "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" - }, - "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterwait7A15A210", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterwait7A15A210", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Create Temporary Instance\":{\"Next\":\"Wait for Temporary Instance\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterwait7A15A210", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbInstanceId\",\"isCluster\":true}},\"Get Temporary Cluster Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbClusters[0].Endpoint\"},\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:describeDBClusters\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterclusterD066B562", - "Arn" - ] - }, - "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterMySQLTask9865F232\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - "\",\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - }, - "\"],\"SecurityGroups\":[\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterSG7FF985A8", - "GroupId" - ] - }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"MYSQL_DATABASE\",\"Value\":\"\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbClusterSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" - }, - "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterclusterD066B562", - "Arn" - ] - }, - "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterPostreSQLTask914B7835\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - }, - "\",\"", - { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" - }, - "\"],\"SecurityGroups\":[\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterSG7FF985A8", - "GroupId" - ] - }, - "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", - { - "Fn::GetAtt": [ - "PostgreSQLClusterSnapshotterwait7A15A210", - "Arn" - ] - }, - "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":true}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Re-encrypted Snapshot\",\"States\":{\"Re-encrypted Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempEncSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"SkipFinalSnapshot\":true}}}},{\"StartAt\":\"Temporary Database\",\"States\":{\"Temporary Database\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", - { - "Ref": "AWS::Partition" - }, - ":states:::aws-sdk:rds:deleteDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" - ] + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster-snapshot:psql-cluster-snapshot-*" + ] + ] + }, + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" + }, + ":rds:", + { + "Ref": "AWS::Region" + }, + ":", + { + "Ref": "AWS::AccountId" + }, + ":cluster:sanitize-*" ] + ] } + ] }, - "DependsOn": [ - "PostgreSQLClusterSnapshotterDirectorRoleDefaultPolicy6668829B", - "PostgreSQLClusterSnapshotterDirectorRole38961E19" - ] - } - }, - "Outputs": { - "ExportsOutputRefMySQLInstanceSnapshotterDirector69A6B7B421EEFD9B": { - "Value": { - "Ref": "MySQLInstanceSnapshotterDirector69A6B7B4" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLInstanceSnapshotterDirector69A6B7B421EEFD9B" - } - }, - "ExportsOutputRefMySQLClusterSnapshotterDirector73A14BB07F203611": { - "Value": { - "Ref": "MySQLClusterSnapshotterDirector73A14BB0" + { + "Action": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "SnapshotKey0EDEBDF6", + "Arn" + ] + } }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLClusterSnapshotterDirector73A14BB07F203611" + { + "Action": [ + "kms:CreateGrant", + "kms:DescribeKey" + ], + "Effect": "Allow", + "Resource": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + } } + ], + "Version": "2012-10-17" }, - "ExportsOutputRefPostgreSQLInstanceSnapshotterDirector22C6400CD7D4E9FC": { - "Value": { - "Ref": "PostgreSQLInstanceSnapshotterDirector22C6400C" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLInstanceSnapshotterDirector22C6400CD7D4E9FC" - } + "PolicyName": "PostgreSQLClusterSnapshotterDirectorRoleDefaultPolicy6668829B", + "Roles": [ + { + "Ref": "PostgreSQLClusterSnapshotterDirectorRole38961E19" + } + ] + } + }, + "PostgreSQLClusterSnapshotterDirector864DA8F0": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "RoleArn": { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterDirectorRole38961E19", + "Arn" + ] }, - "ExportsOutputRefPostgreSQLClusterSnapshotterDirector864DA8F006C62DA7": { - "Value": { - "Ref": "PostgreSQLClusterSnapshotterDirector864DA8F0" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLClusterSnapshotterDirector864DA8F006C62DA7" - } + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"Get Parameters\",\"States\":{\"Get Parameters\":{\"Next\":\"Error Catcher\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterparameters25147BEC", + "Arn" + ] + }, + "\",\"Parameters\":{\"executionId.$\":\"$$.Execution.Id\",\"isCluster\":true,\"databaseIdentifier\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\",\"databaseKey\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputFnGetAttKey961B73FDArn5A860C43" + }, + "\",\"snapshotPrefix\":\"psql-cluster-snapshot\",\"tempPrefix\":\"sanitize\"}},\"Error Catcher\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"Next\":\"Cleanup\",\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"ResultPath\":null,\"Next\":\"Cleanup\"}],\"Branches\":[{\"StartAt\":\"Create Temporary Snapshot\",\"States\":{\"Create Temporary Snapshot\":{\"Next\":\"Wait for Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.databaseIdentifier\",\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"}]}},\"Wait for Snapshot\":{\"Next\":\"Re-encrypt Snapshot\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempSnapshotId\",\"isCluster\":true}},\"Re-encrypt Snapshot\":{\"Next\":\"Wait for Re-encrypt\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:copyDBClusterSnapshot\",\"Parameters\":{\"SourceDBClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\",\"TargetDBClusterSnapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"KmsKeyId\":\"", + { + "Ref": "SnapshotKey0EDEBDF6" + }, + "\",\"CopyTags\":false,\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"}]}},\"Wait for Re-encrypt\":{\"Next\":\"Create Temporary Database\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.databaseIdentifier\",\"snapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"isCluster\":true}},\"Create Temporary Database\":{\"Next\":\"Wait for Temporary Database\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:restoreDBClusterFromSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"Engine.$\":\"$.engine\",\"SnapshotIdentifier.$\":\"$.tempEncSnapshotId\",\"PubliclyAccessible\":false,\"VpcSecurityGroupIds\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "\"],\"DbSubnetGroupName\":\"", + { + "Ref": "PostgreSQLClusterSnapshotterSubnetgroupA37EB2B3" + }, + "\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"}]}},\"Wait for Temporary Database\":{\"Next\":\"Set Temporary Password\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Set Temporary Password\":{\"Next\":\"Wait for Temporary Password\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:modifyDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"MasterUserPassword.$\":\"$.tempDb.password\",\"ApplyImmediately\":true}},\"Wait for Temporary Password\":{\"Next\":\"Create Temporary Instance\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"cluster\",\"databaseIdentifier.$\":\"$.tempDbId\",\"isCluster\":true}},\"Create Temporary Instance\":{\"Next\":\"Wait for Temporary Instance\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBInstance\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"DbInstanceClass.$\":\"$.tempDbInstanceClass\",\"Engine.$\":\"$.engine\"}},\"Wait for Temporary Instance\":{\"Next\":\"Get Temporary Cluster Endpoint\",\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"instance\",\"databaseIdentifier.$\":\"$.tempDbInstanceId\",\"isCluster\":true}},\"Get Temporary Cluster Endpoint\":{\"Next\":\"Sanitize\",\"Type\":\"Task\",\"ResultPath\":\"$.tempDb.host\",\"ResultSelector\":{\"endpoint.$\":\"$.DbClusters[0].Endpoint\"},\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:describeDBClusters\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\"}},\"Sanitize\":{\"Type\":\"Choice\",\"Choices\":[{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"mysql\",\"Next\":\"Sanitize MySQL\"},{\"Variable\":\"$.dockerImage\",\"StringEquals\":\"postgres\",\"Next\":\"Sanitize Postgres\"}]},\"Sanitize MySQL\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterclusterD066B562", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterMySQLTask9865F232\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"config\",\"Environment\":[{\"Name\":\"MYSQL_HOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"MYSQL_PORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"MYSQL_USER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"MYSQL_PASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"MYSQL_DATABASE\",\"Value\":\"\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Create Final Snapshot\":{\"Next\":\"Wait for Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:createDBClusterSnapshot\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"DbClusterSnapshotIdentifier.$\":\"$.targetSnapshotId\",\"Tags\":[{\"Key\":\"RDS-sanitized-snapshots\",\"Value\":\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-RDS:ExportsOutputRefPostgresCluster5A5B7BE8BE4E3D78" + }, + "\"},{\"Key\":\"Final\",\"Value\":\"true\"}]}},\"Sanitize Postgres\":{\"Next\":\"Create Final Snapshot\",\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::ecs:runTask.sync\",\"Parameters\":{\"Cluster\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterclusterD066B562", + "Arn" + ] + }, + "\",\"TaskDefinition\":\"RDSSanitizedSnapshotterSFNPostgreSQLClusterSnapshotterPostreSQLTask914B7835\",\"NetworkConfiguration\":{\"AwsvpcConfiguration\":{\"Subnets\":[\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + }, + "\",\"", + { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + }, + "\"],\"SecurityGroups\":[\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterSG7FF985A8", + "GroupId" + ] + }, + "\"]}},\"Overrides\":{\"ContainerOverrides\":[{\"Name\":\"postgres\",\"Environment\":[{\"Name\":\"PGHOST\",\"Value.$\":\"$.tempDb.host.endpoint\"},{\"Name\":\"PGPORT\",\"Value.$\":\"$.tempDb.port\"},{\"Name\":\"PGUSER\",\"Value.$\":\"$.tempDb.user\"},{\"Name\":\"PGPASSWORD\",\"Value.$\":\"$.tempDb.password\"},{\"Name\":\"PGDATABASE\",\"Value\":\"postgres\"},{\"Name\":\"PGCONNECT_TIMEOUT\",\"Value\":\"30\"}]}]},\"LaunchType\":\"FARGATE\"}},\"Wait for Final Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"Lambda.ServiceException\",\"Lambda.AWSLambdaException\",\"Lambda.SdkClientException\"],\"IntervalSeconds\":2,\"MaxAttempts\":6,\"BackoffRate\":2},{\"ErrorEquals\":[\"NotReady\"],\"IntervalSeconds\":60,\"MaxAttempts\":300,\"BackoffRate\":1}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"", + { + "Fn::GetAtt": [ + "PostgreSQLClusterSnapshotterwait7A15A210", + "Arn" + ] + }, + "\",\"Parameters\":{\"resourceType\":\"snapshot\",\"databaseIdentifier.$\":\"$.tempDbId\",\"snapshotIdentifier.$\":\"$.targetSnapshotId\",\"isCluster\":true}}}}]},\"Cleanup\":{\"Type\":\"Parallel\",\"ResultPath\":null,\"End\":true,\"Branches\":[{\"StartAt\":\"Temporary Snapshot\",\"States\":{\"Temporary Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempSnapshotId\"}}}},{\"StartAt\":\"Re-encrypted Snapshot\",\"States\":{\"Re-encrypted Snapshot\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBClusterSnapshot\",\"Parameters\":{\"DbClusterSnapshotIdentifier.$\":\"$.tempEncSnapshotId\"}}}},{\"StartAt\":\"Temporary Database Instance\",\"States\":{\"Temporary Database Instance\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBInstance\",\"Parameters\":{\"DbInstanceIdentifier.$\":\"$.tempDbInstanceId\",\"SkipFinalSnapshot\":true}}}},{\"StartAt\":\"Temporary Database\",\"States\":{\"Temporary Database\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":5}],\"Type\":\"Task\",\"ResultPath\":null,\"Resource\":\"arn:", + { + "Ref": "AWS::Partition" + }, + ":states:::aws-sdk:rds:deleteDBCluster\",\"Parameters\":{\"DbClusterIdentifier.$\":\"$.tempDbId\",\"SkipFinalSnapshot\":true}}}}]}}}" + ] + ] } + }, + "DependsOn": [ + "PostgreSQLClusterSnapshotterDirectorRoleDefaultPolicy6668829B", + "PostgreSQLClusterSnapshotterDirectorRole38961E19" + ], + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Mappings": { + "DefaultCrNodeVersionMap": { + "af-south-1": { + "value": "nodejs16.x" + }, + "ap-east-1": { + "value": "nodejs16.x" + }, + "ap-northeast-1": { + "value": "nodejs16.x" + }, + "ap-northeast-2": { + "value": "nodejs16.x" + }, + "ap-northeast-3": { + "value": "nodejs16.x" + }, + "ap-south-1": { + "value": "nodejs16.x" + }, + "ap-south-2": { + "value": "nodejs16.x" + }, + "ap-southeast-1": { + "value": "nodejs16.x" + }, + "ap-southeast-2": { + "value": "nodejs16.x" + }, + "ap-southeast-3": { + "value": "nodejs16.x" + }, + "ca-central-1": { + "value": "nodejs16.x" + }, + "cn-north-1": { + "value": "nodejs16.x" + }, + "cn-northwest-1": { + "value": "nodejs16.x" + }, + "eu-central-1": { + "value": "nodejs16.x" + }, + "eu-central-2": { + "value": "nodejs16.x" + }, + "eu-north-1": { + "value": "nodejs16.x" + }, + "eu-south-1": { + "value": "nodejs16.x" + }, + "eu-south-2": { + "value": "nodejs16.x" + }, + "eu-west-1": { + "value": "nodejs16.x" + }, + "eu-west-2": { + "value": "nodejs16.x" + }, + "eu-west-3": { + "value": "nodejs16.x" + }, + "me-central-1": { + "value": "nodejs16.x" + }, + "me-south-1": { + "value": "nodejs16.x" + }, + "sa-east-1": { + "value": "nodejs16.x" + }, + "us-east-1": { + "value": "nodejs16.x" + }, + "us-east-2": { + "value": "nodejs16.x" + }, + "us-gov-east-1": { + "value": "nodejs16.x" + }, + "us-gov-west-1": { + "value": "nodejs16.x" + }, + "us-iso-east-1": { + "value": "nodejs14.x" + }, + "us-iso-west-1": { + "value": "nodejs14.x" + }, + "us-isob-east-1": { + "value": "nodejs14.x" + }, + "us-west-1": { + "value": "nodejs16.x" + }, + "us-west-2": { + "value": "nodejs16.x" + } }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" - } + "ServiceprincipalMap": { + "af-south-1": { + "states": "states.af-south-1.amazonaws.com" + }, + "ap-east-1": { + "states": "states.ap-east-1.amazonaws.com" + }, + "ap-northeast-1": { + "states": "states.ap-northeast-1.amazonaws.com" + }, + "ap-northeast-2": { + "states": "states.ap-northeast-2.amazonaws.com" + }, + "ap-northeast-3": { + "states": "states.ap-northeast-3.amazonaws.com" + }, + "ap-south-1": { + "states": "states.ap-south-1.amazonaws.com" + }, + "ap-south-2": { + "states": "states.ap-south-2.amazonaws.com" + }, + "ap-southeast-1": { + "states": "states.ap-southeast-1.amazonaws.com" + }, + "ap-southeast-2": { + "states": "states.ap-southeast-2.amazonaws.com" + }, + "ap-southeast-3": { + "states": "states.ap-southeast-3.amazonaws.com" + }, + "ca-central-1": { + "states": "states.ca-central-1.amazonaws.com" + }, + "cn-north-1": { + "states": "states.cn-north-1.amazonaws.com" + }, + "cn-northwest-1": { + "states": "states.cn-northwest-1.amazonaws.com" + }, + "eu-central-1": { + "states": "states.eu-central-1.amazonaws.com" + }, + "eu-central-2": { + "states": "states.eu-central-2.amazonaws.com" + }, + "eu-north-1": { + "states": "states.eu-north-1.amazonaws.com" + }, + "eu-south-1": { + "states": "states.eu-south-1.amazonaws.com" + }, + "eu-south-2": { + "states": "states.eu-south-2.amazonaws.com" + }, + "eu-west-1": { + "states": "states.eu-west-1.amazonaws.com" + }, + "eu-west-2": { + "states": "states.eu-west-2.amazonaws.com" + }, + "eu-west-3": { + "states": "states.eu-west-3.amazonaws.com" + }, + "me-central-1": { + "states": "states.me-central-1.amazonaws.com" + }, + "me-south-1": { + "states": "states.me-south-1.amazonaws.com" + }, + "sa-east-1": { + "states": "states.sa-east-1.amazonaws.com" + }, + "us-east-1": { + "states": "states.us-east-1.amazonaws.com" + }, + "us-east-2": { + "states": "states.us-east-2.amazonaws.com" + }, + "us-gov-east-1": { + "states": "states.us-gov-east-1.amazonaws.com" + }, + "us-gov-west-1": { + "states": "states.us-gov-west-1.amazonaws.com" + }, + "us-iso-east-1": { + "states": "states.amazonaws.com" + }, + "us-iso-west-1": { + "states": "states.amazonaws.com" + }, + "us-isob-east-1": { + "states": "states.amazonaws.com" + }, + "us-west-1": { + "states": "states.us-west-1.amazonaws.com" + }, + "us-west-2": { + "states": "states.us-west-2.amazonaws.com" + } + } + }, + "Outputs": { + "ExportsOutputRefMySQLInstanceSnapshotterDirector69A6B7B421EEFD9B": { + "Value": { + "Ref": "MySQLInstanceSnapshotterDirector69A6B7B4" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLInstanceSnapshotterDirector69A6B7B421EEFD9B" + } }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } + "ExportsOutputRefMySQLClusterSnapshotterDirector73A14BB07F203611": { + "Value": { + "Ref": "MySQLClusterSnapshotterDirector73A14BB0" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLClusterSnapshotterDirector73A14BB07F203611" + } + }, + "ExportsOutputRefPostgreSQLInstanceSnapshotterDirector22C6400CD7D4E9FC": { + "Value": { + "Ref": "PostgreSQLInstanceSnapshotterDirector22C6400C" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLInstanceSnapshotterDirector22C6400CD7D4E9FC" + } + }, + "ExportsOutputRefPostgreSQLClusterSnapshotterDirector864DA8F006C62DA7": { + "Value": { + "Ref": "PostgreSQLClusterSnapshotterDirector864DA8F0" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLClusterSnapshotterDirector864DA8F006C62DA7" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } + ] } + } } \ No newline at end of file diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.assets.json index 53e5a15..b60aee6 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.assets.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.assets.json @@ -1,59 +1,59 @@ { - "version": "15.0.0", + "version": "32.0.0", "files": { - "97b590c7ee6304183b966b22e3246b6086a89ed3c20267b3a9cd944df7ac4cb9": { + "295638eaca4e56d19aa29f193a42e7ff4e2e20125032e0676efb5c35b233d93c": { "source": { - "path": "asset.97b590c7ee6304183b966b22e3246b6086a89ed3c20267b3a9cd944df7ac4cb9.lambda", + "path": "asset.295638eaca4e56d19aa29f193a42e7ff4e2e20125032e0676efb5c35b233d93c.lambda", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "97b590c7ee6304183b966b22e3246b6086a89ed3c20267b3a9cd944df7ac4cb9.zip", + "objectKey": "295638eaca4e56d19aa29f193a42e7ff4e2e20125032e0676efb5c35b233d93c.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827": { + "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8": { "source": { - "path": "asset.b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827", + "path": "asset.5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827.zip", + "objectKey": "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "8b6846efdbd59549edcde659c0cd396434f41431d0fbd238e7df0dc10ff975aa": { + "a33c1b440d13b6b6bee62c123d3c08a68dd448e2e31726e9f3f30b0c06607178": { "source": { - "path": "asset.8b6846efdbd59549edcde659c0cd396434f41431d0fbd238e7df0dc10ff975aa.lambda", + "path": "asset.a33c1b440d13b6b6bee62c123d3c08a68dd448e2e31726e9f3f30b0c06607178.lambda", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "8b6846efdbd59549edcde659c0cd396434f41431d0fbd238e7df0dc10ff975aa.zip", + "objectKey": "a33c1b440d13b6b6bee62c123d3c08a68dd448e2e31726e9f3f30b0c06607178.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c": { + "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e": { "source": { - "path": "asset.c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c", + "path": "asset.8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e", "packaging": "zip" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip", + "objectKey": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } }, - "694ff5760159025d4df9631d0d2c615f1ffd84298ae888cc2808e611a7c1d66d": { + "9081f8c54eb5f9ecf144aac5402d28febba41fdc1f190565a3b2b752512a0393": { "source": { "path": "RDS-Sanitized-Snapshotter-Test.template.json", "packaging": "file" @@ -61,7 +61,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "694ff5760159025d4df9631d0d2c615f1ffd84298ae888cc2808e611a7c1d66d.json", + "objectKey": "9081f8c54eb5f9ecf144aac5402d28febba41fdc1f190565a3b2b752512a0393.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.template.json index 435a443..f59725b 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.template.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-Test.template.json @@ -1,899 +1,1260 @@ { - "Resources": { - "TestServiceRoleCF49002B": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + "Resources": { + "TestServiceRoleCF49002B": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "TestServiceRoleDefaultPolicyE51BF2AA": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "PolicyName": "TestServiceRoleDefaultPolicyE51BF2AA", - "Roles": [ - { - "Ref": "TestServiceRoleCF49002B" - } - ] + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "TestServiceRoleDefaultPolicyE51BF2AA": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "states:StartExecution", + "Effect": "Allow", + "Resource": "*" } + ], + "Version": "2012-10-17" }, - "Test7BFAF513": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "97b590c7ee6304183b966b22e3246b6086a89ed3c20267b3a9cd944df7ac4cb9.zip" - }, - "Role": { - "Fn::GetAtt": [ - "TestServiceRoleCF49002B", - "Arn" - ] - }, - "Description": "src/test.lambda.ts", - "Environment": { - "Variables": { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" - } - }, - "Handler": "index.handler", - "Runtime": "nodejs18.x" - }, - "DependsOn": [ - "TestServiceRoleDefaultPolicyE51BF2AA", - "TestServiceRoleCF49002B" - ] + "PolicyName": "TestServiceRoleDefaultPolicyE51BF2AA", + "Roles": [ + { + "Ref": "TestServiceRoleCF49002B" + } + ] + } + }, + "Test7BFAF513": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "295638eaca4e56d19aa29f193a42e7ff4e2e20125032e0676efb5c35b233d93c.zip" }, - "TestLogRetention7A4CD73F": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "Test7BFAF513" - } - ] - ] - }, - "RetentionInDays": 1 - } + "Role": { + "Fn::GetAtt": [ + "TestServiceRoleCF49002B", + "Arn" + ] }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] - } + "Description": "src/test.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "logs:PutRetentionPolicy", - "logs:DeleteRetentionPolicy" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", - "Roles": [ - { - "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" - } - ] - } + "Handler": "index.handler", + "Runtime": "nodejs18.x" + }, + "DependsOn": [ + "TestServiceRoleDefaultPolicyE51BF2AA", + "TestServiceRoleCF49002B" + ] + }, + "TestLogRetention7A4CD73F": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] }, - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Handler": "index.handler", - "Runtime": "nodejs14.x", - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "b120b13d9d868c7622e7db1b68bae4c0f82ffd0227b8c15f2cef38e186ff3827.zip" - }, - "Role": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", - "Arn" - ] - } - }, - "DependsOn": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "Test7BFAF513" + } ] + ] }, - "WaitServiceRole80F0B8D7": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + "RetentionInDays": 1 + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "WaitServiceRoleDefaultPolicy527907DE": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": [ - "states:DescribeExecution", - "rds:describeDBClusterSnapshots", - "rds:DeleteDBClusterSnapshot", - "rds:DescribeDBSnapshots", - "rds:DeleteDBSnapshot" - ], - "Effect": "Allow", - "Resource": "*" - } - ], - "Version": "2012-10-17" + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "PolicyName": "WaitServiceRoleDefaultPolicy527907DE", - "Roles": [ - { - "Ref": "WaitServiceRole80F0B8D7" - } - ] + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "logs:PutRetentionPolicy", + "logs:DeleteRetentionPolicy" + ], + "Effect": "Allow", + "Resource": "*" } + ], + "Version": "2012-10-17" }, - "Wait4449FB25": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "8b6846efdbd59549edcde659c0cd396434f41431d0fbd238e7df0dc10ff975aa.zip" - }, - "Role": { - "Fn::GetAtt": [ - "WaitServiceRole80F0B8D7", - "Arn" - ] - }, - "Description": "src/test-wait.lambda.ts", - "Environment": { - "Variables": { - "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" - } - }, - "Handler": "index.handler", - "Runtime": "nodejs18.x", - "Timeout": 180 + "PolicyName": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "Roles": [ + { + "Ref": "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + } + ] + } + }, + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Handler": "index.handler", + "Runtime": { + "Fn::FindInMap": [ + "DefaultCrNodeVersionMap", + { + "Ref": "AWS::Region" }, - "DependsOn": [ - "WaitServiceRoleDefaultPolicy527907DE", - "WaitServiceRole80F0B8D7" - ] + "value" + ] }, - "WaitLogRetentionD0E6D74E": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] - }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "Wait4449FB25" - } - ] - ] - }, - "RetentionInDays": 1 + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "5fa1330271b8967d9254ba2d4a07144f8acefe8b77e6d6bba38261373a50d5f8.zip" + }, + "Role": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB", + "Arn" + ] + } + }, + "DependsOn": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRoleDefaultPolicyADDA7DEB", + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aServiceRole9741ECFB" + ] + }, + "WaitServiceRole80F0B8D7": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "ProviderframeworkonEventServiceRole9FF04296": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] - ] - } - ] + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "WaitServiceRoleDefaultPolicy527907DE": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "states:DescribeExecution", + "rds:describeDBClusterSnapshots", + "rds:DeleteDBClusterSnapshot", + "rds:DescribeDBSnapshots", + "rds:DeleteDBSnapshot" + ], + "Effect": "Allow", + "Resource": "*" } + ], + "Version": "2012-10-17" }, - "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "Test7BFAF513", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "Wait4449FB25", - "Arn" - ] - } - }, - { - "Action": "states:StartExecution", - "Effect": "Allow", - "Resource": { - "Ref": "Providerwaiterstatemachine5D4A9DF0" - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", - "Roles": [ - { - "Ref": "ProviderframeworkonEventServiceRole9FF04296" - } - ] + "PolicyName": "WaitServiceRoleDefaultPolicy527907DE", + "Roles": [ + { + "Ref": "WaitServiceRole80F0B8D7" + } + ] + } + }, + "Wait4449FB25": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "a33c1b440d13b6b6bee62c123d3c08a68dd448e2e31726e9f3f30b0c06607178.zip" + }, + "Role": { + "Fn::GetAtt": [ + "WaitServiceRole80F0B8D7", + "Arn" + ] + }, + "Description": "src/test-wait.lambda.ts", + "Environment": { + "Variables": { + "AWS_NODEJS_CONNECTION_REUSE_ENABLED": "1" + } + }, + "Handler": "index.handler", + "Runtime": "nodejs18.x", + "Timeout": 180 + }, + "DependsOn": [ + "WaitServiceRoleDefaultPolicy527907DE", + "WaitServiceRole80F0B8D7" + ] + }, + "WaitLogRetentionD0E6D74E": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "Wait4449FB25" + } + ] + ] + }, + "RetentionInDays": 1 + } + }, + "ProviderframeworkonEventServiceRole9FF04296": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } } + ], + "Version": "2012-10-17" }, - "ProviderframeworkonEvent83C1D0A7": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkonEventServiceRole9FF04296", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - onEvent (RDS-Sanitized-Snapshotter-Test/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "Test7BFAF513", - "Arn" - ] - }, - "USER_IS_COMPLETE_FUNCTION_ARN": { - "Fn::GetAtt": [ - "Wait4449FB25", - "Arn" - ] - }, - "WAITER_STATE_MACHINE_ARN": { - "Ref": "Providerwaiterstatemachine5D4A9DF0" - } - } + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "Handler": "framework.onEvent", - "Runtime": "nodejs12.x", - "Timeout": 900 - }, - "DependsOn": [ - "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", - "ProviderframeworkonEventServiceRole9FF04296" + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] ] - }, - "ProviderframeworkonEventLogRetention74EACA97": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] + } + ] + } + }, + "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "ProviderframeworkonEvent83C1D0A7" - } + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" ] + }, + ":*" ] + ] + } + ] + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] }, - "RetentionInDays": 1 - } - }, - "ProviderframeworkisCompleteServiceRoleB1087139": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" ] - } - ] + }, + ":*" + ] + ] + } + ] + }, + { + "Action": "states:StartExecution", + "Effect": "Allow", + "Resource": { + "Ref": "Providerwaiterstatemachine5D4A9DF0" + } } + ], + "Version": "2012-10-17" }, - "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "Test7BFAF513", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "Wait4449FB25", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", - "Roles": [ - { - "Ref": "ProviderframeworkisCompleteServiceRoleB1087139" - } - ] + "PolicyName": "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", + "Roles": [ + { + "Ref": "ProviderframeworkonEventServiceRole9FF04296" + } + ] + } + }, + "ProviderframeworkonEvent83C1D0A7": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkonEventServiceRole9FF04296", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - onEvent (RDS-Sanitized-Snapshotter-Test/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + }, + "WAITER_STATE_MACHINE_ARN": { + "Ref": "Providerwaiterstatemachine5D4A9DF0" } + } }, - "ProviderframeworkisComplete26D7B0CB": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkisCompleteServiceRoleB1087139", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - isComplete (RDS-Sanitized-Snapshotter-Test/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "Test7BFAF513", - "Arn" - ] - }, - "USER_IS_COMPLETE_FUNCTION_ARN": { - "Fn::GetAtt": [ - "Wait4449FB25", - "Arn" - ] - } - } - }, - "Handler": "framework.isComplete", - "Runtime": "nodejs12.x", - "Timeout": 900 + "Handler": "framework.onEvent", + "Runtime": { + "Fn::FindInMap": [ + "DefaultCrNodeVersionMap", + { + "Ref": "AWS::Region" }, - "DependsOn": [ - "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", - "ProviderframeworkisCompleteServiceRoleB1087139" + "value" + ] + }, + "Timeout": 900 + }, + "DependsOn": [ + "ProviderframeworkonEventServiceRoleDefaultPolicy48CD2133", + "ProviderframeworkonEventServiceRole9FF04296" + ] + }, + "ProviderframeworkonEventLogRetention74EACA97": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "ProviderframeworkonEvent83C1D0A7" + } ] + ] }, - "ProviderframeworkisCompleteLogRetentionC7DBBE41": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] + "RetentionInDays": 1 + } + }, + "ProviderframeworkisCompleteServiceRoleB1087139": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "ProviderframeworkisComplete26D7B0CB" - } + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" ] + }, + ":*" ] + ] + } + ] + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] }, - "RetentionInDays": 1 - } - }, - "ProviderframeworkonTimeoutServiceRole28643D26": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "lambda.amazonaws.com" - } - } - ], - "Version": "2012-10-17" - }, - "ManagedPolicyArns": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition" - }, - ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" - ] + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" ] - } - ] + }, + ":*" + ] + ] + } + ] } + ], + "Version": "2012-10-17" }, - "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "Test7BFAF513", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "Wait4449FB25", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", - "Roles": [ - { - "Ref": "ProviderframeworkonTimeoutServiceRole28643D26" - } - ] + "PolicyName": "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", + "Roles": [ + { + "Ref": "ProviderframeworkisCompleteServiceRoleB1087139" + } + ] + } + }, + "ProviderframeworkisComplete26D7B0CB": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkisCompleteServiceRoleB1087139", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - isComplete (RDS-Sanitized-Snapshotter-Test/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] } + } }, - "ProviderframeworkonTimeout0B47CA38": { - "Type": "AWS::Lambda::Function", - "Properties": { - "Code": { - "S3Bucket": { - "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" - }, - "S3Key": "c691172cdeefa2c91b5a2907f9d81118e47597634943344795f1a844192dd49c.zip" - }, - "Role": { - "Fn::GetAtt": [ - "ProviderframeworkonTimeoutServiceRole28643D26", - "Arn" - ] - }, - "Description": "AWS CDK resource provider framework - onTimeout (RDS-Sanitized-Snapshotter-Test/Provider)", - "Environment": { - "Variables": { - "USER_ON_EVENT_FUNCTION_ARN": { - "Fn::GetAtt": [ - "Test7BFAF513", - "Arn" - ] - }, - "USER_IS_COMPLETE_FUNCTION_ARN": { - "Fn::GetAtt": [ - "Wait4449FB25", - "Arn" - ] - } - } - }, - "Handler": "framework.onTimeout", - "Runtime": "nodejs12.x", - "Timeout": 900 + "Handler": "framework.isComplete", + "Runtime": { + "Fn::FindInMap": [ + "DefaultCrNodeVersionMap", + { + "Ref": "AWS::Region" }, - "DependsOn": [ - "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", - "ProviderframeworkonTimeoutServiceRole28643D26" + "value" + ] + }, + "Timeout": 900 + }, + "DependsOn": [ + "ProviderframeworkisCompleteServiceRoleDefaultPolicy2E7140AC", + "ProviderframeworkisCompleteServiceRoleB1087139" + ] + }, + "ProviderframeworkisCompleteLogRetentionC7DBBE41": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "ProviderframeworkisComplete26D7B0CB" + } ] + ] }, - "ProviderframeworkonTimeoutLogRetentionE4EB0919": { - "Type": "Custom::LogRetention", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", - "Arn" - ] + "RetentionInDays": 1 + } + }, + "ProviderframeworkonTimeoutServiceRole28643D26": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com" + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition" }, - "LogGroupName": { - "Fn::Join": [ - "", - [ - "/aws/lambda/", - { - "Ref": "ProviderframeworkonTimeout0B47CA38" - } + ":iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ] + ] + } + ] + } + }, + "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" ] + }, + ":*" ] + ] + } + ] + }, + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] }, - "RetentionInDays": 1 - } - }, - "ProviderwaiterstatemachineRole0C7159F9": { - "Type": "AWS::IAM::Role", - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "states.", - { - "Ref": "AWS::Region" - }, - ".amazonaws.com" - ] - ] - } - } - } - ], - "Version": "2012-10-17" + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] + }, + ":*" + ] + ] } + ] } + ], + "Version": "2012-10-17" }, - "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A": { - "Type": "AWS::IAM::Policy", - "Properties": { - "PolicyDocument": { - "Statement": [ - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "ProviderframeworkisComplete26D7B0CB", - "Arn" - ] - } - }, - { - "Action": "lambda:InvokeFunction", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "ProviderframeworkonTimeout0B47CA38", - "Arn" - ] - } - } - ], - "Version": "2012-10-17" - }, - "PolicyName": "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", - "Roles": [ - { - "Ref": "ProviderwaiterstatemachineRole0C7159F9" - } - ] + "PolicyName": "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", + "Roles": [ + { + "Ref": "ProviderframeworkonTimeoutServiceRole28643D26" + } + ] + } + }, + "ProviderframeworkonTimeout0B47CA38": { + "Type": "AWS::Lambda::Function", + "Properties": { + "Code": { + "S3Bucket": { + "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}" + }, + "S3Key": "8e3d635893ea17fa3158623489cd42c680fad925b38de1ef51cb10d84f6e245e.zip" + }, + "Role": { + "Fn::GetAtt": [ + "ProviderframeworkonTimeoutServiceRole28643D26", + "Arn" + ] + }, + "Description": "AWS CDK resource provider framework - onTimeout (RDS-Sanitized-Snapshotter-Test/Provider)", + "Environment": { + "Variables": { + "USER_ON_EVENT_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Test7BFAF513", + "Arn" + ] + }, + "USER_IS_COMPLETE_FUNCTION_ARN": { + "Fn::GetAtt": [ + "Wait4449FB25", + "Arn" + ] } + } }, - "Providerwaiterstatemachine5D4A9DF0": { - "Type": "AWS::StepFunctions::StateMachine", - "Properties": { - "DefinitionString": { - "Fn::Join": [ - "", - [ - "{\"StartAt\":\"framework-isComplete-task\",\"States\":{\"framework-isComplete-task\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":5,\"MaxAttempts\":360,\"BackoffRate\":1}],\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"Next\":\"framework-onTimeout-task\"}],\"Type\":\"Task\",\"Resource\":\"", - { - "Fn::GetAtt": [ - "ProviderframeworkisComplete26D7B0CB", - "Arn" - ] - }, - "\"},\"framework-onTimeout-task\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"", - { - "Fn::GetAtt": [ - "ProviderframeworkonTimeout0B47CA38", - "Arn" - ] - }, - "\"}}}" - ] - ] - }, - "RoleArn": { - "Fn::GetAtt": [ - "ProviderwaiterstatemachineRole0C7159F9", - "Arn" - ] - } + "Handler": "framework.onTimeout", + "Runtime": { + "Fn::FindInMap": [ + "DefaultCrNodeVersionMap", + { + "Ref": "AWS::Region" }, - "DependsOn": [ - "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", - "ProviderwaiterstatemachineRole0C7159F9" + "value" + ] + }, + "Timeout": 900 + }, + "DependsOn": [ + "ProviderframeworkonTimeoutServiceRoleDefaultPolicy2688969F", + "ProviderframeworkonTimeoutServiceRole28643D26" + ] + }, + "ProviderframeworkonTimeoutLogRetentionE4EB0919": { + "Type": "Custom::LogRetention", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "LogRetentionaae0aa3c5b4d4f87b02d85b201efdd8aFD4BFC8A", + "Arn" + ] + }, + "LogGroupName": { + "Fn::Join": [ + "", + [ + "/aws/lambda/", + { + "Ref": "ProviderframeworkonTimeout0B47CA38" + } ] + ] }, - "TestMySQLInstance": { - "Type": "AWS::CloudFormation::CustomResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "ProviderframeworkonEvent83C1D0A7", - "Arn" - ] - }, - "StepFunctionArn": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLInstanceSnapshotterDirector69A6B7B421EEFD9B" + "RetentionInDays": 1 + } + }, + "ProviderwaiterstatemachineRole0C7159F9": { + "Type": "AWS::IAM::Role", + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::FindInMap": [ + "ServiceprincipalMap", + { + "Ref": "AWS::Region" + }, + "states" + ] } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "TestMySQLCluster": { - "Type": "AWS::CloudFormation::CustomResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "ProviderframeworkonEvent83C1D0A7", - "Arn" - ] + } + } + ], + "Version": "2012-10-17" + } + } + }, + "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A": { + "Type": "AWS::IAM::Policy", + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "ProviderframeworkisComplete26D7B0CB", + "Arn" + ] }, - "StepFunctionArn": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLClusterSnapshotterDirector73A14BB07F203611" - } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "TestPostgreSQLInstance": { - "Type": "AWS::CloudFormation::CustomResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "ProviderframeworkonEvent83C1D0A7", - "Arn" + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ProviderframeworkisComplete26D7B0CB", + "Arn" + ] + }, + ":*" ] - }, - "StepFunctionArn": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLInstanceSnapshotterDirector22C6400CD7D4E9FC" + ] } + ] }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" - }, - "TestPostgreSQLCluster": { - "Type": "AWS::CloudFormation::CustomResource", - "Properties": { - "ServiceToken": { - "Fn::GetAtt": [ - "ProviderframeworkonEvent83C1D0A7", - "Arn" - ] + { + "Action": "lambda:InvokeFunction", + "Effect": "Allow", + "Resource": [ + { + "Fn::GetAtt": [ + "ProviderframeworkonTimeout0B47CA38", + "Arn" + ] }, - "StepFunctionArn": { - "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLClusterSnapshotterDirector864DA8F006C62DA7" + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "ProviderframeworkonTimeout0B47CA38", + "Arn" + ] + }, + ":*" + ] + ] } - }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + ] + } + ], + "Version": "2012-10-17" + }, + "PolicyName": "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", + "Roles": [ + { + "Ref": "ProviderwaiterstatemachineRole0C7159F9" + } + ] + } + }, + "Providerwaiterstatemachine5D4A9DF0": { + "Type": "AWS::StepFunctions::StateMachine", + "Properties": { + "DefinitionString": { + "Fn::Join": [ + "", + [ + "{\"StartAt\":\"framework-isComplete-task\",\"States\":{\"framework-isComplete-task\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":5,\"MaxAttempts\":360,\"BackoffRate\":1}],\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"Next\":\"framework-onTimeout-task\"}],\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "ProviderframeworkisComplete26D7B0CB", + "Arn" + ] + }, + "\"},\"framework-onTimeout-task\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"", + { + "Fn::GetAtt": [ + "ProviderframeworkonTimeout0B47CA38", + "Arn" + ] + }, + "\"}}}" + ] + ] + }, + "RoleArn": { + "Fn::GetAtt": [ + "ProviderwaiterstatemachineRole0C7159F9", + "Arn" + ] } + }, + "DependsOn": [ + "ProviderwaiterstatemachineRoleDefaultPolicyD3C3DA1A", + "ProviderwaiterstatemachineRole0C7159F9" + ] }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + "TestMySQLInstance": { + "Type": "AWS::CloudFormation::CustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "ProviderframeworkonEvent83C1D0A7", + "Arn" + ] + }, + "StepFunctionArn": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLInstanceSnapshotterDirector69A6B7B421EEFD9B" } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } + "TestMySQLCluster": { + "Type": "AWS::CloudFormation::CustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "ProviderframeworkonEvent83C1D0A7", + "Arn" + ] + }, + "StepFunctionArn": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefMySQLClusterSnapshotterDirector73A14BB07F203611" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "TestPostgreSQLInstance": { + "Type": "AWS::CloudFormation::CustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "ProviderframeworkonEvent83C1D0A7", + "Arn" + ] + }, + "StepFunctionArn": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLInstanceSnapshotterDirector22C6400CD7D4E9FC" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + }, + "TestPostgreSQLCluster": { + "Type": "AWS::CloudFormation::CustomResource", + "Properties": { + "ServiceToken": { + "Fn::GetAtt": [ + "ProviderframeworkonEvent83C1D0A7", + "Arn" + ] + }, + "StepFunctionArn": { + "Fn::ImportValue": "RDS-Sanitized-Snapshotter-SFN:ExportsOutputRefPostgreSQLClusterSnapshotterDirector864DA8F006C62DA7" + } + }, + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" + } + }, + "Mappings": { + "DefaultCrNodeVersionMap": { + "af-south-1": { + "value": "nodejs16.x" + }, + "ap-east-1": { + "value": "nodejs16.x" + }, + "ap-northeast-1": { + "value": "nodejs16.x" + }, + "ap-northeast-2": { + "value": "nodejs16.x" + }, + "ap-northeast-3": { + "value": "nodejs16.x" + }, + "ap-south-1": { + "value": "nodejs16.x" + }, + "ap-south-2": { + "value": "nodejs16.x" + }, + "ap-southeast-1": { + "value": "nodejs16.x" + }, + "ap-southeast-2": { + "value": "nodejs16.x" + }, + "ap-southeast-3": { + "value": "nodejs16.x" + }, + "ca-central-1": { + "value": "nodejs16.x" + }, + "cn-north-1": { + "value": "nodejs16.x" + }, + "cn-northwest-1": { + "value": "nodejs16.x" + }, + "eu-central-1": { + "value": "nodejs16.x" + }, + "eu-central-2": { + "value": "nodejs16.x" + }, + "eu-north-1": { + "value": "nodejs16.x" + }, + "eu-south-1": { + "value": "nodejs16.x" + }, + "eu-south-2": { + "value": "nodejs16.x" + }, + "eu-west-1": { + "value": "nodejs16.x" + }, + "eu-west-2": { + "value": "nodejs16.x" + }, + "eu-west-3": { + "value": "nodejs16.x" + }, + "me-central-1": { + "value": "nodejs16.x" + }, + "me-south-1": { + "value": "nodejs16.x" + }, + "sa-east-1": { + "value": "nodejs16.x" + }, + "us-east-1": { + "value": "nodejs16.x" + }, + "us-east-2": { + "value": "nodejs16.x" + }, + "us-gov-east-1": { + "value": "nodejs16.x" + }, + "us-gov-west-1": { + "value": "nodejs16.x" + }, + "us-iso-east-1": { + "value": "nodejs14.x" + }, + "us-iso-west-1": { + "value": "nodejs14.x" + }, + "us-isob-east-1": { + "value": "nodejs14.x" + }, + "us-west-1": { + "value": "nodejs16.x" + }, + "us-west-2": { + "value": "nodejs16.x" + } + }, + "ServiceprincipalMap": { + "af-south-1": { + "states": "states.af-south-1.amazonaws.com" + }, + "ap-east-1": { + "states": "states.ap-east-1.amazonaws.com" + }, + "ap-northeast-1": { + "states": "states.ap-northeast-1.amazonaws.com" + }, + "ap-northeast-2": { + "states": "states.ap-northeast-2.amazonaws.com" + }, + "ap-northeast-3": { + "states": "states.ap-northeast-3.amazonaws.com" + }, + "ap-south-1": { + "states": "states.ap-south-1.amazonaws.com" + }, + "ap-south-2": { + "states": "states.ap-south-2.amazonaws.com" + }, + "ap-southeast-1": { + "states": "states.ap-southeast-1.amazonaws.com" + }, + "ap-southeast-2": { + "states": "states.ap-southeast-2.amazonaws.com" + }, + "ap-southeast-3": { + "states": "states.ap-southeast-3.amazonaws.com" + }, + "ca-central-1": { + "states": "states.ca-central-1.amazonaws.com" + }, + "cn-north-1": { + "states": "states.cn-north-1.amazonaws.com" + }, + "cn-northwest-1": { + "states": "states.cn-northwest-1.amazonaws.com" + }, + "eu-central-1": { + "states": "states.eu-central-1.amazonaws.com" + }, + "eu-central-2": { + "states": "states.eu-central-2.amazonaws.com" + }, + "eu-north-1": { + "states": "states.eu-north-1.amazonaws.com" + }, + "eu-south-1": { + "states": "states.eu-south-1.amazonaws.com" + }, + "eu-south-2": { + "states": "states.eu-south-2.amazonaws.com" + }, + "eu-west-1": { + "states": "states.eu-west-1.amazonaws.com" + }, + "eu-west-2": { + "states": "states.eu-west-2.amazonaws.com" + }, + "eu-west-3": { + "states": "states.eu-west-3.amazonaws.com" + }, + "me-central-1": { + "states": "states.me-central-1.amazonaws.com" + }, + "me-south-1": { + "states": "states.me-south-1.amazonaws.com" + }, + "sa-east-1": { + "states": "states.sa-east-1.amazonaws.com" + }, + "us-east-1": { + "states": "states.us-east-1.amazonaws.com" + }, + "us-east-2": { + "states": "states.us-east-2.amazonaws.com" + }, + "us-gov-east-1": { + "states": "states.us-gov-east-1.amazonaws.com" + }, + "us-gov-west-1": { + "states": "states.us-gov-west-1.amazonaws.com" + }, + "us-iso-east-1": { + "states": "states.amazonaws.com" + }, + "us-iso-west-1": { + "states": "states.amazonaws.com" + }, + "us-isob-east-1": { + "states": "states.amazonaws.com" + }, + "us-west-1": { + "states": "states.us-west-1.amazonaws.com" + }, + "us-west-2": { + "states": "states.us-west-2.amazonaws.com" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } + ] } + } } \ No newline at end of file diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.assets.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.assets.json index f40b611..20dc3c4 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.assets.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.assets.json @@ -1,7 +1,7 @@ { - "version": "15.0.0", + "version": "32.0.0", "files": { - "e1ad50fff358a4d76a975fbed49a11be9092a80929266a283050aeb617026a8a": { + "7f7fe87c1bc49355a41f2ecfc0a1dc170c5c17a83e322d536b7500a4fc2dae48": { "source": { "path": "RDS-Sanitized-Snapshotter-VPC.template.json", "packaging": "file" @@ -9,7 +9,7 @@ "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "e1ad50fff358a4d76a975fbed49a11be9092a80929266a283050aeb617026a8a.json", + "objectKey": "7f7fe87c1bc49355a41f2ecfc0a1dc170c5c17a83e322d536b7500a4fc2dae48.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.template.json b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.template.json index 93bc5d3..3b4fff3 100644 --- a/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.template.json +++ b/test/default.integ.snapshot/RDS-Sanitized-Snapshotter-VPC.template.json @@ -1,545 +1,549 @@ { - "Resources": { - "VPCB9E5F0B4": { - "Type": "AWS::EC2::VPC", - "Properties": { - "CidrBlock": "10.0.0.0/16", - "EnableDnsHostnames": true, - "EnableDnsSupport": true, - "InstanceTenancy": "default", - "Tags": [ - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC" - } - ] - } + "Resources": { + "VPCB9E5F0B4": { + "Type": "AWS::EC2::VPC", + "Properties": { + "CidrBlock": "10.0.0.0/16", + "EnableDnsHostnames": true, + "EnableDnsSupport": true, + "InstanceTenancy": "default", + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC" + } + ] + } + }, + "VPCPublicSubnet1SubnetB4246D30": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "VPCPublicSubnet1SubnetB4246D30": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.0.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" - } - ] + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" } + ] }, - "VPCPublicSubnet1RouteTableFEE4B781": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" - } - ] - } - }, - "VPCPublicSubnet1RouteTableAssociation0B0896DC": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet1RouteTableFEE4B781" - }, - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - } - } + "CidrBlock": "10.0.0.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableFEE4B781": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "VPCPublicSubnet1DefaultRoute91CEF279": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet1RouteTableFEE4B781" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "VPCIGWB7E252D3" - } - }, - "DependsOn": [ - "VPCVPCGW99B986DC" - ] + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1RouteTableAssociation0B0896DC": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" }, - "VPCPublicSubnet1EIP6AD938E8": { - "Type": "AWS::EC2::EIP", - "Properties": { - "Domain": "vpc", - "Tags": [ - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" - } - ] - } + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" + } + } + }, + "VPCPublicSubnet1DefaultRoute91CEF279": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet1RouteTableFEE4B781" }, - "VPCPublicSubnet1NATGatewayE0556630": { - "Type": "AWS::EC2::NatGateway", - "Properties": { - "SubnetId": { - "Ref": "VPCPublicSubnet1SubnetB4246D30" - }, - "AllocationId": { - "Fn::GetAtt": [ - "VPCPublicSubnet1EIP6AD938E8", - "AllocationId" - ] - }, - "Tags": [ - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" - } - ] - } + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPublicSubnet1EIP6AD938E8": { + "Type": "AWS::EC2::EIP", + "Properties": { + "Domain": "vpc", + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + } + }, + "VPCPublicSubnet1NATGatewayE0556630": { + "Type": "AWS::EC2::NatGateway", + "Properties": { + "SubnetId": { + "Ref": "VPCPublicSubnet1SubnetB4246D30" }, - "VPCPublicSubnet2Subnet74179F39": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.32.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "MapPublicIpOnLaunch": true, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Public" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Public" - }, - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2" - } - ] - } + "AllocationId": { + "Fn::GetAtt": [ + "VPCPublicSubnet1EIP6AD938E8", + "AllocationId" + ] }, - "VPCPublicSubnet2RouteTable6F1A15F1": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2" - } - ] - } + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet1" + } + ] + }, + "DependsOn": [ + "VPCPublicSubnet1DefaultRoute91CEF279", + "VPCPublicSubnet1RouteTableAssociation0B0896DC" + ] + }, + "VPCPublicSubnet2Subnet74179F39": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "VPCPublicSubnet2RouteTableAssociation5A808732": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" - }, - "SubnetId": { - "Ref": "VPCPublicSubnet2Subnet74179F39" - } + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" } + ] }, - "VPCPublicSubnet2DefaultRouteB7481BBA": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "GatewayId": { - "Ref": "VPCIGWB7E252D3" - } - }, - "DependsOn": [ - "VPCVPCGW99B986DC" - ] + "CidrBlock": "10.0.32.0/19", + "MapPublicIpOnLaunch": true, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Public" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Public" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTable6F1A15F1": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "VPCPrivateSubnet1Subnet8BCA10E0": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.64.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated" - }, - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1" - } - ] - } + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PublicSubnet2" + } + ] + } + }, + "VPCPublicSubnet2RouteTableAssociation5A808732": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" }, - "VPCPrivateSubnet1RouteTableBE8A6027": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1" - } - ] - } + "SubnetId": { + "Ref": "VPCPublicSubnet2Subnet74179F39" + } + } + }, + "VPCPublicSubnet2DefaultRouteB7481BBA": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCPublicSubnet2RouteTable6F1A15F1" }, - "VPCPrivateSubnet1RouteTableAssociation347902D1": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" - }, - "SubnetId": { - "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" - } - } + "DestinationCidrBlock": "0.0.0.0/0", + "GatewayId": { + "Ref": "VPCIGWB7E252D3" + } + }, + "DependsOn": [ + "VPCVPCGW99B986DC" + ] + }, + "VPCPrivateSubnet1Subnet8BCA10E0": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "VPCPrivateSubnet2SubnetCFCDAA7A": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.96.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Private" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Isolated" - }, - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2" - } - ] + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" } + ] }, - "VPCPrivateSubnet2RouteTable0A19E10E": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2" - } - ] - } + "CidrBlock": "10.0.64.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableBE8A6027": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "VPCPrivateSubnet2RouteTableAssociation0C73D413": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" - }, - "SubnetId": { - "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" - } - } + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet1" + } + ] + } + }, + "VPCPrivateSubnet1RouteTableAssociation347902D1": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet1RouteTableBE8A6027" }, - "VPCIsolatedSubnet1SubnetEBD00FC6": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.128.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": { - "Fn::Select": [ - 0, - { - "Fn::GetAZs": "" - } - ] - }, - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Isolated" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1" - } - ] - } + "SubnetId": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + } + } + }, + "VPCPrivateSubnet2SubnetCFCDAA7A": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "VPCIsolatedSubnet1RouteTableEB156210": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1" - } - ] + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" } + ] }, - "VPCIsolatedSubnet1RouteTableAssociationA2D18F7C": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCIsolatedSubnet1RouteTableEB156210" - }, - "SubnetId": { - "Ref": "VPCIsolatedSubnet1SubnetEBD00FC6" - } - } + "CidrBlock": "10.0.96.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Private" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Isolated" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTable0A19E10E": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "VPCIsolatedSubnet1DefaultRoute97D5523A": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VPCIsolatedSubnet1RouteTableEB156210" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "VPCPublicSubnet1NATGatewayE0556630" - } - } + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/PrivateSubnet2" + } + ] + } + }, + "VPCPrivateSubnet2RouteTableAssociation0C73D413": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCPrivateSubnet2RouteTable0A19E10E" }, - "VPCIsolatedSubnet2Subnet4B1C8CAA": { - "Type": "AWS::EC2::Subnet", - "Properties": { - "CidrBlock": "10.0.160.0/19", - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "AvailabilityZone": { - "Fn::Select": [ - 1, - { - "Fn::GetAZs": "" - } - ] - }, - "MapPublicIpOnLaunch": false, - "Tags": [ - { - "Key": "aws-cdk:subnet-name", - "Value": "Isolated" - }, - { - "Key": "aws-cdk:subnet-type", - "Value": "Private" - }, - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2" - } - ] - } + "SubnetId": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + } + } + }, + "VPCIsolatedSubnet1SubnetEBD00FC6": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "VPCIsolatedSubnet2RouteTable9B4F78DC": { - "Type": "AWS::EC2::RouteTable", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "Tags": [ - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2" - } - ] + "AvailabilityZone": { + "Fn::Select": [ + 0, + { + "Fn::GetAZs": "" } + ] }, - "VPCIsolatedSubnet2RouteTableAssociation7BF8E0EB": { - "Type": "AWS::EC2::SubnetRouteTableAssociation", - "Properties": { - "RouteTableId": { - "Ref": "VPCIsolatedSubnet2RouteTable9B4F78DC" - }, - "SubnetId": { - "Ref": "VPCIsolatedSubnet2Subnet4B1C8CAA" - } - } + "CidrBlock": "10.0.128.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1" + } + ] + } + }, + "VPCIsolatedSubnet1RouteTableEB156210": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "VPCIsolatedSubnet2DefaultRoute5D7CAC57": { - "Type": "AWS::EC2::Route", - "Properties": { - "RouteTableId": { - "Ref": "VPCIsolatedSubnet2RouteTable9B4F78DC" - }, - "DestinationCidrBlock": "0.0.0.0/0", - "NatGatewayId": { - "Ref": "VPCPublicSubnet1NATGatewayE0556630" - } - } + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet1" + } + ] + } + }, + "VPCIsolatedSubnet1RouteTableAssociationA2D18F7C": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCIsolatedSubnet1RouteTableEB156210" }, - "VPCIGWB7E252D3": { - "Type": "AWS::EC2::InternetGateway", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": "RDS-Sanitized-Snapshotter-VPC/VPC" - } - ] - } + "SubnetId": { + "Ref": "VPCIsolatedSubnet1SubnetEBD00FC6" + } + } + }, + "VPCIsolatedSubnet1DefaultRoute97D5523A": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCIsolatedSubnet1RouteTableEB156210" }, - "VPCVPCGW99B986DC": { - "Type": "AWS::EC2::VPCGatewayAttachment", - "Properties": { - "VpcId": { - "Ref": "VPCB9E5F0B4" - }, - "InternetGatewayId": { - "Ref": "VPCIGWB7E252D3" - } - } + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" } + } }, - "Outputs": { - "ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF": { - "Value": { - "Ref": "VPCIsolatedSubnet1SubnetEBD00FC6" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" - } + "VPCIsolatedSubnet2Subnet4B1C8CAA": { + "Type": "AWS::EC2::Subnet", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81": { - "Value": { - "Ref": "VPCIsolatedSubnet2Subnet4B1C8CAA" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + "AvailabilityZone": { + "Fn::Select": [ + 1, + { + "Fn::GetAZs": "" } + ] }, - "ExportsOutputRefVPCB9E5F0B4BD23A326": { - "Value": { - "Ref": "VPCB9E5F0B4" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" - } + "CidrBlock": "10.0.160.0/19", + "MapPublicIpOnLaunch": false, + "Tags": [ + { + "Key": "aws-cdk:subnet-name", + "Value": "Isolated" + }, + { + "Key": "aws-cdk:subnet-type", + "Value": "Private" + }, + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2" + } + ] + } + }, + "VPCIsolatedSubnet2RouteTable9B4F78DC": { + "Type": "AWS::EC2::RouteTable", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" }, - "ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7": { - "Value": { - "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" - } + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC/IsolatedSubnet2" + } + ] + } + }, + "VPCIsolatedSubnet2RouteTableAssociation7BF8E0EB": { + "Type": "AWS::EC2::SubnetRouteTableAssociation", + "Properties": { + "RouteTableId": { + "Ref": "VPCIsolatedSubnet2RouteTable9B4F78DC" }, - "ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D": { - "Value": { - "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" - }, - "Export": { - "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" - } + "SubnetId": { + "Ref": "VPCIsolatedSubnet2Subnet4B1C8CAA" } + } }, - "Parameters": { - "BootstrapVersion": { - "Type": "AWS::SSM::Parameter::Value", - "Default": "/cdk-bootstrap/hnb659fds/version", - "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + "VPCIsolatedSubnet2DefaultRoute5D7CAC57": { + "Type": "AWS::EC2::Route", + "Properties": { + "RouteTableId": { + "Ref": "VPCIsolatedSubnet2RouteTable9B4F78DC" + }, + "DestinationCidrBlock": "0.0.0.0/0", + "NatGatewayId": { + "Ref": "VPCPublicSubnet1NATGatewayE0556630" } + } + }, + "VPCIGWB7E252D3": { + "Type": "AWS::EC2::InternetGateway", + "Properties": { + "Tags": [ + { + "Key": "Name", + "Value": "RDS-Sanitized-Snapshotter-VPC/VPC" + } + ] + } }, - "Rules": { - "CheckBootstrapVersion": { - "Assertions": [ - { - "Assert": { - "Fn::Not": [ - { - "Fn::Contains": [ - [ - "1", - "2", - "3", - "4", - "5" - ], - { - "Ref": "BootstrapVersion" - } - ] - } - ] - }, - "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." - } + "VPCVPCGW99B986DC": { + "Type": "AWS::EC2::VPCGatewayAttachment", + "Properties": { + "VpcId": { + "Ref": "VPCB9E5F0B4" + }, + "InternetGatewayId": { + "Ref": "VPCIGWB7E252D3" + } + } + } + }, + "Outputs": { + "ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF": { + "Value": { + "Ref": "VPCIsolatedSubnet1SubnetEBD00FC6" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet1SubnetEBD00FC6298E81EF" + } + }, + "ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81": { + "Value": { + "Ref": "VPCIsolatedSubnet2Subnet4B1C8CAA" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCIsolatedSubnet2Subnet4B1C8CAAD8B83B81" + } + }, + "ExportsOutputRefVPCB9E5F0B4BD23A326": { + "Value": { + "Ref": "VPCB9E5F0B4" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCB9E5F0B4BD23A326" + } + }, + "ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7": { + "Value": { + "Ref": "VPCPrivateSubnet1Subnet8BCA10E0" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet1Subnet8BCA10E01F79A1B7" + } + }, + "ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D": { + "Value": { + "Ref": "VPCPrivateSubnet2SubnetCFCDAA7A" + }, + "Export": { + "Name": "RDS-Sanitized-Snapshotter-VPC:ExportsOutputRefVPCPrivateSubnet2SubnetCFCDAA7AB22CF85D" + } + } + }, + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } + ] } + } } \ No newline at end of file diff --git a/test/default.integ.ts b/test/default.integ.ts index 672b228..5de7278 100644 --- a/test/default.integ.ts +++ b/test/default.integ.ts @@ -1,5 +1,6 @@ import * as cdk from 'aws-cdk-lib'; import { aws_ec2 as ec2, aws_iam as iam, aws_kms as kms, aws_logs as logs, aws_rds as rds, custom_resources, RemovalPolicy } from 'aws-cdk-lib'; +import { AuroraMysqlEngineVersion } from 'aws-cdk-lib/aws-rds'; import { RdsSanitizedSnapshotter } from '../src'; import { TestFunction } from '../src/test-function'; import { TestWaitFunction } from '../src/test-wait-function'; @@ -42,7 +43,9 @@ const mysqlDatabaseCluster = new rds.DatabaseCluster(rdsStack, 'MySQL Cluster', vpc, }, instances: 1, - engine: rds.DatabaseClusterEngine.AURORA_MYSQL, + engine: rds.DatabaseClusterEngine.auroraMysql({ + version: AuroraMysqlEngineVersion.of('8.0.mysql_aurora.3.05.0', '8.0'), + }), backup: { retention: cdk.Duration.days(1), }, @@ -51,7 +54,7 @@ const mysqlDatabaseCluster = new rds.DatabaseCluster(rdsStack, 'MySQL Cluster', const sourceKey = new kms.Key(rdsStack, 'Key', { description: 'RDS sanitize test source key' }); const postgresDatabaseInstance = new rds.DatabaseInstance(rdsStack, 'Postgres Instance', { vpc, - engine: rds.DatabaseInstanceEngine.postgres({ version: rds.PostgresEngineVersion.VER_10 }), + engine: rds.DatabaseInstanceEngine.postgres({ version: rds.PostgresEngineVersion.VER_13 }), instanceType: ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.SMALL), storageEncryptionKey: sourceKey, removalPolicy: RemovalPolicy.DESTROY, @@ -63,7 +66,7 @@ const postgresDatabaseCluster = new rds.DatabaseCluster(rdsStack, 'Postgres Clus vpc, }, instances: 1, - engine: rds.DatabaseClusterEngine.auroraPostgres({ version: rds.AuroraPostgresEngineVersion.VER_12_8 }), + engine: rds.DatabaseClusterEngine.auroraPostgres({ version: rds.AuroraPostgresEngineVersion.VER_13_4 }), storageEncryptionKey: sourceKey, backup: { retention: cdk.Duration.days(1), @@ -101,6 +104,12 @@ const postgresClusterSfn = new RdsSanitizedSnapshotter(sfnStack, 'PostgreSQL Clu databaseKey: sourceKey, snapshotKey: new kms.Key(sfnStack, 'Snapshot Key', { description: 'RDS sanitize test target key' }), // test re-encryption }).snapshotter; +// const postgresServerlessSfn = new RdsSanitizedSnapshotter(sfnStack, 'PostgreSQL Serverless Snapshotter', { +// vpc, +// databaseCluster: postgresDatabaseServerless, +// script: 'SELECT 1', +// snapshotPrefix: 'psql-serverless-snapshot', +// }).snapshotter; // Trigger step functions const testStack = new cdk.Stack(app, 'RDS-Sanitized-Snapshotter-Test'); @@ -153,3 +162,9 @@ new cdk.CustomResource(testStack, 'Test PostgreSQL Cluster', { StepFunctionArn: postgresClusterSfn.stateMachineArn, }, }); +// new cdk.CustomResource(testStack, 'Test PostgreSQL Serverless', { +// serviceToken: provider.serviceToken, +// properties: { +// StepFunctionArn: postgresServerlessSfn.stateMachineArn, +// }, +// }); diff --git a/yarn.lock b/yarn.lock index 5de57f3..22a5795 100644 --- a/yarn.lock +++ b/yarn.lock @@ -15,7 +15,517 @@ "@jridgewell/gen-mapping" "^0.3.0" "@jridgewell/trace-mapping" "^0.3.9" -"@aws-sdk/types@^3.433.0": +"@aws-cdk/asset-awscli-v1@^2.2.177": + version "2.2.201" + resolved "https://registry.yarnpkg.com/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.201.tgz#a7b51d3ecc8ff3ca9798269eda3a1db2400b506a" + integrity sha512-INZqcwDinNaIdb5CtW3ez5s943nX5stGBQS6VOP2JDlOFP81hM3fds/9NDknipqfUkZM43dx+HgVvkXYXXARCQ== + +"@aws-cdk/asset-kubectl-v20@^2.1.1": + version "2.1.2" + resolved "https://registry.yarnpkg.com/@aws-cdk/asset-kubectl-v20/-/asset-kubectl-v20-2.1.2.tgz#d8e20b5f5dc20128ea2000dc479ca3c7ddc27248" + integrity sha512-3M2tELJOxQv0apCIiuKQ4pAbncz9GuLwnKFqxifWfe77wuMxyTRPmxssYHs42ePqzap1LT6GDcPygGs+hHstLg== + +"@aws-cdk/asset-node-proxy-agent-v5@^2.0.148": + version "2.0.166" + resolved "https://registry.yarnpkg.com/@aws-cdk/asset-node-proxy-agent-v5/-/asset-node-proxy-agent-v5-2.0.166.tgz#467507db141cd829ff8aa9d6ea5519310a4276b8" + integrity sha512-j0xnccpUQHXJKPgCwQcGGNu4lRiC1PptYfdxBIH1L4dRK91iBxtSQHESRQX+yB47oGLaF/WfNN/aF3WXwlhikg== + +"@aws-crypto/crc32@3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@aws-crypto/crc32/-/crc32-3.0.0.tgz#07300eca214409c33e3ff769cd5697b57fdd38fa" + integrity sha512-IzSgsrxUcsrejQbPVilIKy16kAT52EwB6zSaI+M3xxIhKh5+aldEyvI+z6erM7TCLB2BJsFrtHjp6/4/sr+3dA== + dependencies: + "@aws-crypto/util" "^3.0.0" + "@aws-sdk/types" "^3.222.0" + tslib "^1.11.1" + +"@aws-crypto/ie11-detection@^3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@aws-crypto/ie11-detection/-/ie11-detection-3.0.0.tgz#640ae66b4ec3395cee6a8e94ebcd9f80c24cd688" + integrity sha512-341lBBkiY1DfDNKai/wXM3aujNBkXR7tq1URPQDL9wi3AUbI80NR74uF1TXHMm7po1AcnFk8iu2S2IeU/+/A+Q== + dependencies: + tslib "^1.11.1" + +"@aws-crypto/sha256-browser@3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@aws-crypto/sha256-browser/-/sha256-browser-3.0.0.tgz#05f160138ab893f1c6ba5be57cfd108f05827766" + integrity sha512-8VLmW2B+gjFbU5uMeqtQM6Nj0/F1bro80xQXCW6CQBWgosFWXTx77aeOF5CAIAmbOK64SdMBJdNr6J41yP5mvQ== + dependencies: + "@aws-crypto/ie11-detection" "^3.0.0" + "@aws-crypto/sha256-js" "^3.0.0" + "@aws-crypto/supports-web-crypto" "^3.0.0" + "@aws-crypto/util" "^3.0.0" + "@aws-sdk/types" "^3.222.0" + "@aws-sdk/util-locate-window" "^3.0.0" + "@aws-sdk/util-utf8-browser" "^3.0.0" + tslib "^1.11.1" + +"@aws-crypto/sha256-js@3.0.0", "@aws-crypto/sha256-js@^3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@aws-crypto/sha256-js/-/sha256-js-3.0.0.tgz#f06b84d550d25521e60d2a0e2a90139341e007c2" + integrity sha512-PnNN7os0+yd1XvXAy23CFOmTbMaDxgxXtTKHybrJ39Y8kGzBATgBFibWJKH6BhytLI/Zyszs87xCOBNyBig6vQ== + dependencies: + "@aws-crypto/util" "^3.0.0" + "@aws-sdk/types" "^3.222.0" + tslib "^1.11.1" + +"@aws-crypto/supports-web-crypto@^3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@aws-crypto/supports-web-crypto/-/supports-web-crypto-3.0.0.tgz#5d1bf825afa8072af2717c3e455f35cda0103ec2" + integrity sha512-06hBdMwUAb2WFTuGG73LSC0wfPu93xWwo5vL2et9eymgmu3Id5vFAHBbajVWiGhPO37qcsdCap/FqXvJGJWPIg== + dependencies: + tslib "^1.11.1" + +"@aws-crypto/util@^3.0.0": + version "3.0.0" + resolved "https://registry.yarnpkg.com/@aws-crypto/util/-/util-3.0.0.tgz#1c7ca90c29293f0883468ad48117937f0fe5bfb0" + integrity sha512-2OJlpeJpCR48CC8r+uKVChzs9Iungj9wkZrl8Z041DWEWvyIHILYKCPNzJghKsivj+S3mLo6BVc7mBNzdxA46w== + dependencies: + "@aws-sdk/types" "^3.222.0" + "@aws-sdk/util-utf8-browser" "^3.0.0" + tslib "^1.11.1" + +"@aws-sdk/client-rds@^3.438.0": + version "3.438.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-rds/-/client-rds-3.438.0.tgz#ec502d13f5bd3198824d7b39b0522fbd7c8c0991" + integrity sha512-DvahIn36DjgS/pLQKV3OYe2O+74MqnKJSZh8YzrmsJlDyYQgVpBoEUuyaeCZLy5luM7fAV0+XXcEJ+wGpOe7tA== + dependencies: + "@aws-crypto/sha256-browser" "3.0.0" + "@aws-crypto/sha256-js" "3.0.0" + "@aws-sdk/client-sts" "3.438.0" + "@aws-sdk/core" "3.436.0" + "@aws-sdk/credential-provider-node" "3.438.0" + "@aws-sdk/middleware-host-header" "3.433.0" + "@aws-sdk/middleware-logger" "3.433.0" + "@aws-sdk/middleware-recursion-detection" "3.433.0" + "@aws-sdk/middleware-sdk-rds" "3.433.0" + "@aws-sdk/middleware-signing" "3.433.0" + "@aws-sdk/middleware-user-agent" "3.438.0" + "@aws-sdk/region-config-resolver" "3.433.0" + "@aws-sdk/types" "3.433.0" + "@aws-sdk/util-endpoints" "3.438.0" + "@aws-sdk/util-user-agent-browser" "3.433.0" + "@aws-sdk/util-user-agent-node" "3.437.0" + "@smithy/config-resolver" "^2.0.16" + "@smithy/fetch-http-handler" "^2.2.4" + "@smithy/hash-node" "^2.0.12" + "@smithy/invalid-dependency" "^2.0.12" + "@smithy/middleware-content-length" "^2.0.14" + "@smithy/middleware-endpoint" "^2.1.3" + "@smithy/middleware-retry" "^2.0.18" + "@smithy/middleware-serde" "^2.0.12" + "@smithy/middleware-stack" "^2.0.6" + "@smithy/node-config-provider" "^2.1.3" + "@smithy/node-http-handler" "^2.1.8" + "@smithy/protocol-http" "^3.0.8" + "@smithy/smithy-client" "^2.1.12" + "@smithy/types" "^2.4.0" + "@smithy/url-parser" "^2.0.12" + "@smithy/util-base64" "^2.0.0" + "@smithy/util-body-length-browser" "^2.0.0" + "@smithy/util-body-length-node" "^2.1.0" + "@smithy/util-defaults-mode-browser" "^2.0.16" + "@smithy/util-defaults-mode-node" "^2.0.21" + "@smithy/util-endpoints" "^1.0.2" + "@smithy/util-retry" "^2.0.5" + "@smithy/util-utf8" "^2.0.0" + "@smithy/util-waiter" "^2.0.12" + fast-xml-parser "4.2.5" + tslib "^2.5.0" + +"@aws-sdk/client-resource-groups-tagging-api@^3.438.0": + version "3.438.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-resource-groups-tagging-api/-/client-resource-groups-tagging-api-3.438.0.tgz#fb50f55e4d71e9e2bc89c0e9ea416d189ee2769c" + integrity sha512-E0ibClDUWV43M0cuei0FT+fXSP5BUTzVVW0o2SAdUfONfkSykpsyAUVvmsRhvqJvu3XI+qLwrFmghI3hIJBZKw== + dependencies: + "@aws-crypto/sha256-browser" "3.0.0" + "@aws-crypto/sha256-js" "3.0.0" + "@aws-sdk/client-sts" "3.438.0" + "@aws-sdk/core" "3.436.0" + "@aws-sdk/credential-provider-node" "3.438.0" + "@aws-sdk/middleware-host-header" "3.433.0" + "@aws-sdk/middleware-logger" "3.433.0" + "@aws-sdk/middleware-recursion-detection" "3.433.0" + "@aws-sdk/middleware-signing" "3.433.0" + "@aws-sdk/middleware-user-agent" "3.438.0" + "@aws-sdk/region-config-resolver" "3.433.0" + "@aws-sdk/types" "3.433.0" + "@aws-sdk/util-endpoints" "3.438.0" + "@aws-sdk/util-user-agent-browser" "3.433.0" + "@aws-sdk/util-user-agent-node" "3.437.0" + "@smithy/config-resolver" "^2.0.16" + "@smithy/fetch-http-handler" "^2.2.4" + "@smithy/hash-node" "^2.0.12" + "@smithy/invalid-dependency" "^2.0.12" + "@smithy/middleware-content-length" "^2.0.14" + "@smithy/middleware-endpoint" "^2.1.3" + "@smithy/middleware-retry" "^2.0.18" + "@smithy/middleware-serde" "^2.0.12" + "@smithy/middleware-stack" "^2.0.6" + "@smithy/node-config-provider" "^2.1.3" + "@smithy/node-http-handler" "^2.1.8" + "@smithy/protocol-http" "^3.0.8" + "@smithy/smithy-client" "^2.1.12" + "@smithy/types" "^2.4.0" + "@smithy/url-parser" "^2.0.12" + "@smithy/util-base64" "^2.0.0" + "@smithy/util-body-length-browser" "^2.0.0" + "@smithy/util-body-length-node" "^2.1.0" + "@smithy/util-defaults-mode-browser" "^2.0.16" + "@smithy/util-defaults-mode-node" "^2.0.21" + "@smithy/util-endpoints" "^1.0.2" + "@smithy/util-retry" "^2.0.5" + "@smithy/util-utf8" "^2.0.0" + tslib "^2.5.0" + +"@aws-sdk/client-sfn@^3.438.0": + version "3.438.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sfn/-/client-sfn-3.438.0.tgz#6c79e086acfdaa72dc7b690d8ff8adca647e8d3b" + integrity sha512-poawwa9PFSdTT4koZf0nl1lrY++J7Ow6wIli6bHAdFIyUEpeSt6MphPmILzTDLd+iRBqYPIOyAFsiN35h332bg== + dependencies: + "@aws-crypto/sha256-browser" "3.0.0" + "@aws-crypto/sha256-js" "3.0.0" + "@aws-sdk/client-sts" "3.438.0" + "@aws-sdk/core" "3.436.0" + "@aws-sdk/credential-provider-node" "3.438.0" + "@aws-sdk/middleware-host-header" "3.433.0" + "@aws-sdk/middleware-logger" "3.433.0" + "@aws-sdk/middleware-recursion-detection" "3.433.0" + "@aws-sdk/middleware-signing" "3.433.0" + "@aws-sdk/middleware-user-agent" "3.438.0" + "@aws-sdk/region-config-resolver" "3.433.0" + "@aws-sdk/types" "3.433.0" + "@aws-sdk/util-endpoints" "3.438.0" + "@aws-sdk/util-user-agent-browser" "3.433.0" + "@aws-sdk/util-user-agent-node" "3.437.0" + "@smithy/config-resolver" "^2.0.16" + "@smithy/fetch-http-handler" "^2.2.4" + "@smithy/hash-node" "^2.0.12" + "@smithy/invalid-dependency" "^2.0.12" + "@smithy/middleware-content-length" "^2.0.14" + "@smithy/middleware-endpoint" "^2.1.3" + "@smithy/middleware-retry" "^2.0.18" + "@smithy/middleware-serde" "^2.0.12" + "@smithy/middleware-stack" "^2.0.6" + "@smithy/node-config-provider" "^2.1.3" + "@smithy/node-http-handler" "^2.1.8" + "@smithy/protocol-http" "^3.0.8" + "@smithy/smithy-client" "^2.1.12" + "@smithy/types" "^2.4.0" + "@smithy/url-parser" "^2.0.12" + "@smithy/util-base64" "^2.0.0" + "@smithy/util-body-length-browser" "^2.0.0" + "@smithy/util-body-length-node" "^2.1.0" + "@smithy/util-defaults-mode-browser" "^2.0.16" + "@smithy/util-defaults-mode-node" "^2.0.21" + "@smithy/util-endpoints" "^1.0.2" + "@smithy/util-retry" "^2.0.5" + "@smithy/util-utf8" "^2.0.0" + tslib "^2.5.0" + +"@aws-sdk/client-sso@3.438.0": + version "3.438.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.438.0.tgz#2a48cc7f03c5858796053b09cd0b1480e067a5ce" + integrity sha512-L/xKq+K78PShLku8x5gM6lZDUp7LhFJ2ksKH7Vll+exSZq+QUaxuzjp4gqdzh6B0oIshv2jssQlUa0ScOmVRMg== + dependencies: + "@aws-crypto/sha256-browser" "3.0.0" + "@aws-crypto/sha256-js" "3.0.0" + "@aws-sdk/core" "3.436.0" + "@aws-sdk/middleware-host-header" "3.433.0" + "@aws-sdk/middleware-logger" "3.433.0" + "@aws-sdk/middleware-recursion-detection" "3.433.0" + "@aws-sdk/middleware-user-agent" "3.438.0" + "@aws-sdk/region-config-resolver" "3.433.0" + "@aws-sdk/types" "3.433.0" + "@aws-sdk/util-endpoints" "3.438.0" + "@aws-sdk/util-user-agent-browser" "3.433.0" + "@aws-sdk/util-user-agent-node" "3.437.0" + "@smithy/config-resolver" "^2.0.16" + "@smithy/fetch-http-handler" "^2.2.4" + "@smithy/hash-node" "^2.0.12" + "@smithy/invalid-dependency" "^2.0.12" + "@smithy/middleware-content-length" "^2.0.14" + "@smithy/middleware-endpoint" "^2.1.3" + "@smithy/middleware-retry" "^2.0.18" + "@smithy/middleware-serde" "^2.0.12" + "@smithy/middleware-stack" "^2.0.6" + "@smithy/node-config-provider" "^2.1.3" + "@smithy/node-http-handler" "^2.1.8" + "@smithy/protocol-http" "^3.0.8" + "@smithy/smithy-client" "^2.1.12" + "@smithy/types" "^2.4.0" + "@smithy/url-parser" "^2.0.12" + "@smithy/util-base64" "^2.0.0" + "@smithy/util-body-length-browser" "^2.0.0" + "@smithy/util-body-length-node" "^2.1.0" + "@smithy/util-defaults-mode-browser" "^2.0.16" + "@smithy/util-defaults-mode-node" "^2.0.21" + "@smithy/util-endpoints" "^1.0.2" + "@smithy/util-retry" "^2.0.5" + "@smithy/util-utf8" "^2.0.0" + tslib "^2.5.0" + +"@aws-sdk/client-sts@3.438.0": + version "3.438.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.438.0.tgz#d4a961d4a689035ca66cf2fd1f72ce89c6aca5c7" + integrity sha512-UBxLZKVVvbR4LHwSNSqaKx22YBSOGkavrh4SyDP8o8XOlXeRxTCllfSfjL9K5Mktp+ZwQ2NiubNcwmvUcGKbbg== + dependencies: + "@aws-crypto/sha256-browser" "3.0.0" + "@aws-crypto/sha256-js" "3.0.0" + "@aws-sdk/core" "3.436.0" + "@aws-sdk/credential-provider-node" "3.438.0" + "@aws-sdk/middleware-host-header" "3.433.0" + "@aws-sdk/middleware-logger" "3.433.0" + "@aws-sdk/middleware-recursion-detection" "3.433.0" + "@aws-sdk/middleware-sdk-sts" "3.433.0" + "@aws-sdk/middleware-signing" "3.433.0" + "@aws-sdk/middleware-user-agent" "3.438.0" + "@aws-sdk/region-config-resolver" "3.433.0" + "@aws-sdk/types" "3.433.0" + "@aws-sdk/util-endpoints" "3.438.0" + "@aws-sdk/util-user-agent-browser" "3.433.0" + "@aws-sdk/util-user-agent-node" "3.437.0" + "@smithy/config-resolver" "^2.0.16" + "@smithy/fetch-http-handler" "^2.2.4" + "@smithy/hash-node" "^2.0.12" + "@smithy/invalid-dependency" "^2.0.12" + "@smithy/middleware-content-length" "^2.0.14" + "@smithy/middleware-endpoint" "^2.1.3" + "@smithy/middleware-retry" "^2.0.18" + "@smithy/middleware-serde" "^2.0.12" + "@smithy/middleware-stack" "^2.0.6" + "@smithy/node-config-provider" "^2.1.3" + "@smithy/node-http-handler" "^2.1.8" + "@smithy/protocol-http" "^3.0.8" + "@smithy/smithy-client" "^2.1.12" + "@smithy/types" "^2.4.0" + "@smithy/url-parser" "^2.0.12" + "@smithy/util-base64" "^2.0.0" + "@smithy/util-body-length-browser" "^2.0.0" + "@smithy/util-body-length-node" "^2.1.0" + "@smithy/util-defaults-mode-browser" "^2.0.16" + "@smithy/util-defaults-mode-node" "^2.0.21" + "@smithy/util-endpoints" "^1.0.2" + "@smithy/util-retry" "^2.0.5" + "@smithy/util-utf8" "^2.0.0" + fast-xml-parser "4.2.5" + tslib "^2.5.0" + +"@aws-sdk/core@3.436.0": + version "3.436.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.436.0.tgz#d85ecde9ac524a8f3cfe7e29b9e16942d7291723" + integrity sha512-vX5/LjXvCejC2XUY6TSg1oozjqK6BvkE75t0ys9dgqyr5PlZyZksMoeAFHUlj0sCjhT3ziWCujP1oiSpPWY9hg== + dependencies: + "@smithy/smithy-client" "^2.1.12" + +"@aws-sdk/credential-provider-env@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.433.0.tgz#7cceca1002ba2e79e10a9dfb119442bea7b88e7c" + integrity sha512-Vl7Qz5qYyxBurMn6hfSiNJeUHSqfVUlMt0C1Bds3tCkl3IzecRWwyBOlxtxO3VCrgVeW3HqswLzCvhAFzPH6nQ== + dependencies: + "@aws-sdk/types" "3.433.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/credential-provider-ini@3.438.0": + version "3.438.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.438.0.tgz#845b09d2996e235d125a148aa8eca2f448d0d48e" + integrity sha512-WYPQR3pXoHJjn9/RMWipUhsUNFy6zhOiII6u8LJ5w84aNqIjV4+BdRYztRNGJD98jdtekhbkX0YKoSuZqP+unQ== + dependencies: + "@aws-sdk/credential-provider-env" "3.433.0" + "@aws-sdk/credential-provider-process" "3.433.0" + "@aws-sdk/credential-provider-sso" "3.438.0" + "@aws-sdk/credential-provider-web-identity" "3.433.0" + "@aws-sdk/types" "3.433.0" + "@smithy/credential-provider-imds" "^2.0.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/shared-ini-file-loader" "^2.0.6" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/credential-provider-node@3.438.0": + version "3.438.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.438.0.tgz#dfe72b8d580c70ed5b807741111be09dfe5aa5ae" + integrity sha512-uaw3D2R0svyrC32qyZ2aOv/l0AT9eClh+eQsZJTQD3Kz9q+2VdeOBThQ8fsMfRtm26nUbZo6A/CRwxkm6okI+w== + dependencies: + "@aws-sdk/credential-provider-env" "3.433.0" + "@aws-sdk/credential-provider-ini" "3.438.0" + "@aws-sdk/credential-provider-process" "3.433.0" + "@aws-sdk/credential-provider-sso" "3.438.0" + "@aws-sdk/credential-provider-web-identity" "3.433.0" + "@aws-sdk/types" "3.433.0" + "@smithy/credential-provider-imds" "^2.0.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/shared-ini-file-loader" "^2.0.6" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/credential-provider-process@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.433.0.tgz#dd51c92480ed620e4c3f989852ee408ab1209d59" + integrity sha512-W7FcGlQjio9Y/PepcZGRyl5Bpwb0uWU7qIUCh+u4+q2mW4D5ZngXg8V/opL9/I/p4tUH9VXZLyLGwyBSkdhL+A== + dependencies: + "@aws-sdk/types" "3.433.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/shared-ini-file-loader" "^2.0.6" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/credential-provider-sso@3.438.0": + version "3.438.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.438.0.tgz#871062ae67f7f73e0b8725d3a84a27b6f3c9708d" + integrity sha512-Xykli/64xR18cBV5P0XFxcH120omtfAjC/cFy/9nFU/+dPvbk0uu1yEOZYteWHyGGkPN4PkHmbh60GiUCLQkWQ== + dependencies: + "@aws-sdk/client-sso" "3.438.0" + "@aws-sdk/token-providers" "3.438.0" + "@aws-sdk/types" "3.433.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/shared-ini-file-loader" "^2.0.6" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/credential-provider-web-identity@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.433.0.tgz#32403ba9cc47d3c46500f3c8e5e0041d20e4dbe8" + integrity sha512-RlwjP1I5wO+aPpwyCp23Mk8nmRbRL33hqRASy73c4JA2z2YiRua+ryt6MalIxehhwQU6xvXUKulJnPG9VaMFZg== + dependencies: + "@aws-sdk/types" "3.433.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/middleware-host-header@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-host-header/-/middleware-host-header-3.433.0.tgz#3b6687ee4021c2b56c96cff61b45a33fb762b1c7" + integrity sha512-mBTq3UWv1UzeHG+OfUQ2MB/5GEkt5LTKFaUqzL7ESwzW8XtpBgXnjZvIwu3Vcd3sEetMwijwaGiJhY0ae/YyaA== + dependencies: + "@aws-sdk/types" "3.433.0" + "@smithy/protocol-http" "^3.0.8" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/middleware-logger@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-logger/-/middleware-logger-3.433.0.tgz#fcd4e31a8f134861cd519477b959c218a3600186" + integrity sha512-We346Fb5xGonTGVZC9Nvqtnqy74VJzYuTLLiuuftA5sbNzftBDy/22QCfvYSTOAl3bvif+dkDUzQY2ihc5PwOQ== + dependencies: + "@aws-sdk/types" "3.433.0" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/middleware-recursion-detection@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.433.0.tgz#5b4b7878ea46c70f507c9ea7c30ad0e5ee4ae6bf" + integrity sha512-HEvYC9PQlWY/ccUYtLvAlwwf1iCif2TSAmLNr3YTBRVa98x6jKL0hlCrHWYklFeqOGSKy6XhE+NGJMUII0/HaQ== + dependencies: + "@aws-sdk/types" "3.433.0" + "@smithy/protocol-http" "^3.0.8" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/middleware-sdk-rds@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-rds/-/middleware-sdk-rds-3.433.0.tgz#238941989feb88b93ba1766c9221202b136f0586" + integrity sha512-Vuyx6s717TP5f6xVlXPIOpo41Fhf2O+VhrFYqfuyTOEJ8b74OmPbRCuUJ7Y0X03LpZXmHJajcx2HzSaikTLttA== + dependencies: + "@aws-sdk/types" "3.433.0" + "@aws-sdk/util-format-url" "3.433.0" + "@smithy/middleware-endpoint" "^2.1.3" + "@smithy/protocol-http" "^3.0.8" + "@smithy/signature-v4" "^2.0.0" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/middleware-sdk-sts@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-sts/-/middleware-sdk-sts-3.433.0.tgz#9b30f17a922ecc5fd46b93f1edcd20d7146b814f" + integrity sha512-ORYbJnBejUyonFl5FwIqhvI3Cq6sAp9j+JpkKZtFNma9tFPdrhmYgfCeNH32H/wGTQV/tUoQ3luh0gA4cuk6DA== + dependencies: + "@aws-sdk/middleware-signing" "3.433.0" + "@aws-sdk/types" "3.433.0" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/middleware-signing@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-signing/-/middleware-signing-3.433.0.tgz#670557ace5b97729dbabb6a991815e44eb0ef03b" + integrity sha512-jxPvt59NZo/epMNLNTu47ikmP8v0q217I6bQFGJG7JVFnfl36zDktMwGw+0xZR80qiK47/2BWrNpta61Zd2FxQ== + dependencies: + "@aws-sdk/types" "3.433.0" + "@smithy/property-provider" "^2.0.0" + "@smithy/protocol-http" "^3.0.8" + "@smithy/signature-v4" "^2.0.0" + "@smithy/types" "^2.4.0" + "@smithy/util-middleware" "^2.0.5" + tslib "^2.5.0" + +"@aws-sdk/middleware-user-agent@3.438.0": + version "3.438.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.438.0.tgz#a1165134d5b95e1fbeb841740084b3a43dead18a" + integrity sha512-a+xHT1wOxT6EA6YyLmrfaroKWOkwwyiktUfXKM0FsUutGzNi4fKhb5NZ2al58NsXzHgHFrasSDp+Lqbd/X2cEw== + dependencies: + "@aws-sdk/types" "3.433.0" + "@aws-sdk/util-endpoints" "3.438.0" + "@smithy/protocol-http" "^3.0.8" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/region-config-resolver@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/region-config-resolver/-/region-config-resolver-3.433.0.tgz#37eb5f40db8af7ba9361aeb28c62b45421e780f0" + integrity sha512-xpjRjCZW+CDFdcMmmhIYg81ST5UAnJh61IHziQEk0FXONrg4kjyYPZAOjEdzXQ+HxJQuGQLKPhRdzxmQnbX7pg== + dependencies: + "@smithy/node-config-provider" "^2.1.3" + "@smithy/types" "^2.4.0" + "@smithy/util-config-provider" "^2.0.0" + "@smithy/util-middleware" "^2.0.5" + tslib "^2.5.0" + +"@aws-sdk/token-providers@3.438.0": + version "3.438.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.438.0.tgz#e91baa37c9c78cb5b21cae96a12e7e1705c931d3" + integrity sha512-G2fUfTtU6/1ayYRMu0Pd9Ln4qYSvwJOWCqJMdkDgvXSwdgcOSOLsnAIk1AHGJDAvgLikdCzuyOsdJiexr9Vnww== + dependencies: + "@aws-crypto/sha256-browser" "3.0.0" + "@aws-crypto/sha256-js" "3.0.0" + "@aws-sdk/middleware-host-header" "3.433.0" + "@aws-sdk/middleware-logger" "3.433.0" + "@aws-sdk/middleware-recursion-detection" "3.433.0" + "@aws-sdk/middleware-user-agent" "3.438.0" + "@aws-sdk/region-config-resolver" "3.433.0" + "@aws-sdk/types" "3.433.0" + "@aws-sdk/util-endpoints" "3.438.0" + "@aws-sdk/util-user-agent-browser" "3.433.0" + "@aws-sdk/util-user-agent-node" "3.437.0" + "@smithy/config-resolver" "^2.0.16" + "@smithy/fetch-http-handler" "^2.2.4" + "@smithy/hash-node" "^2.0.12" + "@smithy/invalid-dependency" "^2.0.12" + "@smithy/middleware-content-length" "^2.0.14" + "@smithy/middleware-endpoint" "^2.1.3" + "@smithy/middleware-retry" "^2.0.18" + "@smithy/middleware-serde" "^2.0.12" + "@smithy/middleware-stack" "^2.0.6" + "@smithy/node-config-provider" "^2.1.3" + "@smithy/node-http-handler" "^2.1.8" + "@smithy/property-provider" "^2.0.0" + "@smithy/protocol-http" "^3.0.8" + "@smithy/shared-ini-file-loader" "^2.0.6" + "@smithy/smithy-client" "^2.1.12" + "@smithy/types" "^2.4.0" + "@smithy/url-parser" "^2.0.12" + "@smithy/util-base64" "^2.0.0" + "@smithy/util-body-length-browser" "^2.0.0" + "@smithy/util-body-length-node" "^2.1.0" + "@smithy/util-defaults-mode-browser" "^2.0.16" + "@smithy/util-defaults-mode-node" "^2.0.21" + "@smithy/util-endpoints" "^1.0.2" + "@smithy/util-retry" "^2.0.5" + "@smithy/util-utf8" "^2.0.0" + tslib "^2.5.0" + +"@aws-sdk/types@3.433.0", "@aws-sdk/types@^3.222.0": version "3.433.0" resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.433.0.tgz#0f94eae2a4a3525ca872c9ab04e143c01806d755" integrity sha512-0jEE2mSrNDd8VGFjTc1otYrwYPIkzZJEIK90ZxisKvQ/EURGBhNzWn7ejWB9XCMFT6XumYLBR0V9qq5UPisWtA== @@ -23,6 +533,59 @@ "@smithy/types" "^2.4.0" tslib "^2.5.0" +"@aws-sdk/util-endpoints@3.438.0": + version "3.438.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-endpoints/-/util-endpoints-3.438.0.tgz#fe79a0ad87fc201c8ecb422f6f040bd300c98df9" + integrity sha512-6VyPTq1kN3GWxwFt5DdZfOsr6cJZPLjWh0troY/0uUv3hK74C9o3Y0Xf/z8UAUvQFkVqZse12O0/BgPVMImvfA== + dependencies: + "@aws-sdk/types" "3.433.0" + "@smithy/util-endpoints" "^1.0.2" + tslib "^2.5.0" + +"@aws-sdk/util-format-url@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-format-url/-/util-format-url-3.433.0.tgz#65c11be0e071342ebfeecea04be7bc181ac36699" + integrity sha512-Z6T7I4hELoQ4eeIuKIKx+52B9bc3SCPhjgMcFAFQeesjmHAr0drHyoGNJIat6ckvgI6zzFaeaBZTvWDA2hyDkA== + dependencies: + "@aws-sdk/types" "3.433.0" + "@smithy/querystring-builder" "^2.0.12" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/util-locate-window@^3.0.0": + version "3.310.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-locate-window/-/util-locate-window-3.310.0.tgz#b071baf050301adee89051032bd4139bba32cc40" + integrity sha512-qo2t/vBTnoXpjKxlsC2e1gBrRm80M3bId27r0BRB2VniSSe7bL1mmzM+/HFtujm0iAxtPM+aLEflLJlJeDPg0w== + dependencies: + tslib "^2.5.0" + +"@aws-sdk/util-user-agent-browser@3.433.0": + version "3.433.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.433.0.tgz#b5ed0c0cca0db34a2c1c2ffc1b65e7cdd8dc88ff" + integrity sha512-2Cf/Lwvxbt5RXvWFXrFr49vXv0IddiUwrZoAiwhDYxvsh+BMnh+NUFot+ZQaTrk/8IPZVDeLPWZRdVy00iaVXQ== + dependencies: + "@aws-sdk/types" "3.433.0" + "@smithy/types" "^2.4.0" + bowser "^2.11.0" + tslib "^2.5.0" + +"@aws-sdk/util-user-agent-node@3.437.0": + version "3.437.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.437.0.tgz#f77729854ddf049ccaba8bae3d8fa279812b4716" + integrity sha512-JVEcvWaniamtYVPem4UthtCNoTBCfFTwYj7Y3CrWZ2Qic4TqrwLkAfaBGtI2TGrhIClVr77uzLI6exqMTN7orA== + dependencies: + "@aws-sdk/types" "3.433.0" + "@smithy/node-config-provider" "^2.1.3" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@aws-sdk/util-utf8-browser@^3.0.0": + version "3.259.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-utf8-browser/-/util-utf8-browser-3.259.0.tgz#3275a6f5eb334f96ca76635b961d3c50259fd9ff" + integrity sha512-UvFa/vR+e19XookZF8RzFZBrw2EUkQWxiBW0yYQAhvk3C+QVGl0H3ouca8LDBlBfQKXwmW3huo/59H8rwb1wJw== + dependencies: + tslib "^2.3.1" + "@babel/code-frame@^7.0.0", "@babel/code-frame@^7.12.13", "@babel/code-frame@^7.22.13": version "7.22.13" resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.22.13.tgz#e3c1c099402598483b7a8c46a721d1038803755e" @@ -962,6 +1525,227 @@ dependencies: "@sinonjs/commons" "^1.7.0" +"@smithy/abort-controller@^2.0.12": + version "2.0.12" + resolved "https://registry.yarnpkg.com/@smithy/abort-controller/-/abort-controller-2.0.12.tgz#62cd47c81fa1d7d6c2d6fde0c2f54ea89892fb6a" + integrity sha512-YIJyefe1mi3GxKdZxEBEuzYOeQ9xpYfqnFmWzojCssRAuR7ycxwpoRQgp965vuW426xUAQhCV5rCaWElQ7XsaA== + dependencies: + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/config-resolver@^2.0.16": + version "2.0.16" + resolved "https://registry.yarnpkg.com/@smithy/config-resolver/-/config-resolver-2.0.16.tgz#f2abf65a21f56731fdab2d39d2df2dd0e377c9cc" + integrity sha512-1k+FWHQDt2pfpXhJsOmNMmlAZ3NUQ98X5tYsjQhVGq+0X6cOBMhfh6Igd0IX3Ut6lEO6DQAdPMI/blNr3JZfMQ== + dependencies: + "@smithy/node-config-provider" "^2.1.3" + "@smithy/types" "^2.4.0" + "@smithy/util-config-provider" "^2.0.0" + "@smithy/util-middleware" "^2.0.5" + tslib "^2.5.0" + +"@smithy/credential-provider-imds@^2.0.0", "@smithy/credential-provider-imds@^2.0.18": + version "2.0.18" + resolved "https://registry.yarnpkg.com/@smithy/credential-provider-imds/-/credential-provider-imds-2.0.18.tgz#9a5b8be3f268bb4ac7b7ef321f57b0e9a61e2940" + integrity sha512-QnPBi6D2zj6AHJdUTo5zXmk8vwHJ2bNevhcVned1y+TZz/OI5cizz5DsYNkqFUIDn8tBuEyKNgbmKVNhBbuY3g== + dependencies: + "@smithy/node-config-provider" "^2.1.3" + "@smithy/property-provider" "^2.0.13" + "@smithy/types" "^2.4.0" + "@smithy/url-parser" "^2.0.12" + tslib "^2.5.0" + +"@smithy/eventstream-codec@^2.0.12": + version "2.0.12" + resolved "https://registry.yarnpkg.com/@smithy/eventstream-codec/-/eventstream-codec-2.0.12.tgz#99fab750d0ac3941f341d912d3c3a1ab985e1a7a" + integrity sha512-ZZQLzHBJkbiAAdj2C5K+lBlYp/XJ+eH2uy+jgJgYIFW/o5AM59Hlj7zyI44/ZTDIQWmBxb3EFv/c5t44V8/g8A== + dependencies: + "@aws-crypto/crc32" "3.0.0" + "@smithy/types" "^2.4.0" + "@smithy/util-hex-encoding" "^2.0.0" + tslib "^2.5.0" + +"@smithy/fetch-http-handler@^2.2.4": + version "2.2.4" + resolved "https://registry.yarnpkg.com/@smithy/fetch-http-handler/-/fetch-http-handler-2.2.4.tgz#405716581a5a336f2c162daf4169bff600fc47ce" + integrity sha512-gIPRFEGi+c6V52eauGKrjDzPWF2Cu7Z1r5F8A3j2wcwz25sPG/t8kjsbEhli/tS/2zJp/ybCZXe4j4ro3yv/HA== + dependencies: + "@smithy/protocol-http" "^3.0.8" + "@smithy/querystring-builder" "^2.0.12" + "@smithy/types" "^2.4.0" + "@smithy/util-base64" "^2.0.0" + tslib "^2.5.0" + +"@smithy/hash-node@^2.0.12": + version "2.0.12" + resolved "https://registry.yarnpkg.com/@smithy/hash-node/-/hash-node-2.0.12.tgz#514586ca3f54840322273029eef66c41d9001e39" + integrity sha512-fDZnTr5j9t5qcbeJ037aMZXxMka13Znqwrgy3PAqYj6Dm3XHXHftTH3q+NWgayUxl1992GFtQt1RuEzRMy3NnQ== + dependencies: + "@smithy/types" "^2.4.0" + "@smithy/util-buffer-from" "^2.0.0" + "@smithy/util-utf8" "^2.0.0" + tslib "^2.5.0" + +"@smithy/invalid-dependency@^2.0.12": + version "2.0.12" + resolved "https://registry.yarnpkg.com/@smithy/invalid-dependency/-/invalid-dependency-2.0.12.tgz#de78a5e9457cc397aad0648e18c0260b522fe604" + integrity sha512-p5Y+iMHV3SoEpy3VSR7mifbreHQwVSvHSAz/m4GdoXfOzKzaYC8hYv10Ks7Deblkf7lhas8U+lAp9ThbBM+ZXA== + dependencies: + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/is-array-buffer@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@smithy/is-array-buffer/-/is-array-buffer-2.0.0.tgz#8fa9b8040651e7ba0b2f6106e636a91354ff7d34" + integrity sha512-z3PjFjMyZNI98JFRJi/U0nGoLWMSJlDjAW4QUX2WNZLas5C0CmVV6LJ01JI0k90l7FvpmixjWxPFmENSClQ7ug== + dependencies: + tslib "^2.5.0" + +"@smithy/middleware-content-length@^2.0.14": + version "2.0.14" + resolved "https://registry.yarnpkg.com/@smithy/middleware-content-length/-/middleware-content-length-2.0.14.tgz#ee1aa842490cee90b6ac208fb13a7d56d3ed84f2" + integrity sha512-poUNgKTw9XwPXfX9nEHpVgrMNVpaSMZbshqvPxFVoalF4wp6kRzYKOfdesSVectlQ51VtigoLfbXcdyPwvxgTg== + dependencies: + "@smithy/protocol-http" "^3.0.8" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/middleware-endpoint@^2.1.3": + version "2.1.3" + resolved "https://registry.yarnpkg.com/@smithy/middleware-endpoint/-/middleware-endpoint-2.1.3.tgz#ab7ebff4ecbc9b02ec70dd57179f47c4f16bf03f" + integrity sha512-ZrQ0/YX6hNVTxqMEHtEaDbDv6pNeEji/a5Vk3HuFC5R3ZY8lfoATyxmOGxBVYnF3NUvZLNC7umEv1WzWGWvCGQ== + dependencies: + "@smithy/middleware-serde" "^2.0.12" + "@smithy/node-config-provider" "^2.1.3" + "@smithy/shared-ini-file-loader" "^2.2.2" + "@smithy/types" "^2.4.0" + "@smithy/url-parser" "^2.0.12" + "@smithy/util-middleware" "^2.0.5" + tslib "^2.5.0" + +"@smithy/middleware-retry@^2.0.18": + version "2.0.18" + resolved "https://registry.yarnpkg.com/@smithy/middleware-retry/-/middleware-retry-2.0.18.tgz#37982552a1d3815148797831df025e470423fc5e" + integrity sha512-VyrHQRldGSb3v9oFOB5yPxmLT7U2sQic2ytylOnYlnsmVOLlFIaI6sW22c+w2675yq+XZ6HOuzV7x2OBYCWRNA== + dependencies: + "@smithy/node-config-provider" "^2.1.3" + "@smithy/protocol-http" "^3.0.8" + "@smithy/service-error-classification" "^2.0.5" + "@smithy/types" "^2.4.0" + "@smithy/util-middleware" "^2.0.5" + "@smithy/util-retry" "^2.0.5" + tslib "^2.5.0" + uuid "^8.3.2" + +"@smithy/middleware-serde@^2.0.12": + version "2.0.12" + resolved "https://registry.yarnpkg.com/@smithy/middleware-serde/-/middleware-serde-2.0.12.tgz#edc93c400a5ffec6c068419163f9d880bdff5e5b" + integrity sha512-IBeco157lIScecq2Z+n0gq56i4MTnfKxS7rbfrAORveDJgnbBAaEQgYqMqp/cYqKrpvEXcyTjwKHrBjCCIZh2A== + dependencies: + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/middleware-stack@^2.0.6": + version "2.0.6" + resolved "https://registry.yarnpkg.com/@smithy/middleware-stack/-/middleware-stack-2.0.6.tgz#c58d6e4ffc4498bf47fd27adcddd142395d3ba84" + integrity sha512-YSvNZeOKWLJ0M/ycxwDIe2Ztkp6Qixmcml1ggsSv2fdHKGkBPhGrX5tMzPGMI1yyx55UEYBi2OB4s+RriXX48A== + dependencies: + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/node-config-provider@^2.1.3": + version "2.1.3" + resolved "https://registry.yarnpkg.com/@smithy/node-config-provider/-/node-config-provider-2.1.3.tgz#bf4cee69df08d43618ad4329d234351b14d98ef7" + integrity sha512-J6lXvRHGVnSX3n1PYi+e1L5HN73DkkJpUviV3Ebf+8wSaIjAf+eVNbzyvh/S5EQz7nf4KVfwbD5vdoZMAthAEQ== + dependencies: + "@smithy/property-provider" "^2.0.13" + "@smithy/shared-ini-file-loader" "^2.2.2" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/node-http-handler@^2.1.8": + version "2.1.8" + resolved "https://registry.yarnpkg.com/@smithy/node-http-handler/-/node-http-handler-2.1.8.tgz#aad989d5445c43a677e7e6161c6fa4abd0e46023" + integrity sha512-KZylM7Wff/So5SmCiwg2kQNXJ+RXgz34wkxS7WNwIUXuZrZZpY/jKJCK+ZaGyuESDu3TxcaY+zeYGJmnFKbQsA== + dependencies: + "@smithy/abort-controller" "^2.0.12" + "@smithy/protocol-http" "^3.0.8" + "@smithy/querystring-builder" "^2.0.12" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/property-provider@^2.0.0", "@smithy/property-provider@^2.0.13": + version "2.0.13" + resolved "https://registry.yarnpkg.com/@smithy/property-provider/-/property-provider-2.0.13.tgz#45ee47ad79d638082523f944c49fd2e851312098" + integrity sha512-VJqUf2CbsQX6uUiC5dUPuoEATuFjkbkW3lJHbRnpk9EDC9X+iKqhfTK+WP+lve5EQ9TcCI1Q6R7hrg41FyC54w== + dependencies: + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/protocol-http@^3.0.8": + version "3.0.8" + resolved "https://registry.yarnpkg.com/@smithy/protocol-http/-/protocol-http-3.0.8.tgz#0f7c114f6b8e23a57dff7a275d085bac97b9233c" + integrity sha512-SHJvYeWq8q0FK8xHk+xjV9dzDUDjFMT+G1pZbV+XB6OVoac/FSVshlMNPeUJ8AmSkcDKHRu5vASnRqZHgD3qhw== + dependencies: + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/querystring-builder@^2.0.12": + version "2.0.12" + resolved "https://registry.yarnpkg.com/@smithy/querystring-builder/-/querystring-builder-2.0.12.tgz#d13e0eea08d43596bdbb182206ccdee0956d06fd" + integrity sha512-cDbF07IuCjiN8CdGvPzfJjXIrmDSelScRfyJYrYBNBbKl2+k7QD/KqiHhtRyEKgID5mmEVrV6KE6L/iPJ98sFw== + dependencies: + "@smithy/types" "^2.4.0" + "@smithy/util-uri-escape" "^2.0.0" + tslib "^2.5.0" + +"@smithy/querystring-parser@^2.0.12": + version "2.0.12" + resolved "https://registry.yarnpkg.com/@smithy/querystring-parser/-/querystring-parser-2.0.12.tgz#d2c234031e266359716a0c62c8c1208a5bd2557e" + integrity sha512-fytyTcXaMzPBuNtPlhj5v6dbl4bJAnwKZFyyItAGt4Tgm9HFPZNo7a9r1SKPr/qdxUEBzvL9Rh+B9SkTX3kFxg== + dependencies: + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/service-error-classification@^2.0.5": + version "2.0.5" + resolved "https://registry.yarnpkg.com/@smithy/service-error-classification/-/service-error-classification-2.0.5.tgz#22c84fad456730adfa31cae91d47acd31304c346" + integrity sha512-M0SeJnEgD2ywJyV99Fb1yKFzmxDe9JfpJiYTVSRMyRLc467BPU0qsuuDPzMCdB1mU8M8u1rVOdkqdoyFN8UFTw== + dependencies: + "@smithy/types" "^2.4.0" + +"@smithy/shared-ini-file-loader@^2.0.6", "@smithy/shared-ini-file-loader@^2.2.2": + version "2.2.2" + resolved "https://registry.yarnpkg.com/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-2.2.2.tgz#b52064c5254a01f5c98a821207448de439938667" + integrity sha512-noyQUPn7b1M8uB0GEXc/Zyxq+5K2b7aaqWnLp+hgJ7+xu/FCvtyWy5eWLDjQEsHnAet2IZhS5QF8872OR69uNg== + dependencies: + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/signature-v4@^2.0.0": + version "2.0.12" + resolved "https://registry.yarnpkg.com/@smithy/signature-v4/-/signature-v4-2.0.12.tgz#4f9f5bba25e784d110fdc4a276b715feae82bb28" + integrity sha512-6Kc2lCZEVmb1nNYngyNbWpq0d82OZwITH11SW/Q0U6PX5fH7B2cIcFe7o6eGEFPkTZTP8itTzmYiGcECL0D0Lw== + dependencies: + "@smithy/eventstream-codec" "^2.0.12" + "@smithy/is-array-buffer" "^2.0.0" + "@smithy/types" "^2.4.0" + "@smithy/util-hex-encoding" "^2.0.0" + "@smithy/util-middleware" "^2.0.5" + "@smithy/util-uri-escape" "^2.0.0" + "@smithy/util-utf8" "^2.0.0" + tslib "^2.5.0" + +"@smithy/smithy-client@^2.1.12": + version "2.1.12" + resolved "https://registry.yarnpkg.com/@smithy/smithy-client/-/smithy-client-2.1.12.tgz#a7f10ab846d41ce1042eb81f087c4c9eb438b481" + integrity sha512-XXqhridfkKnpj+lt8vM6HRlZbqUAqBjVC74JIi13F/AYQd/zTj9SOyGfxnbp4mjY9q28LityxIuV8CTinr9r5w== + dependencies: + "@smithy/middleware-stack" "^2.0.6" + "@smithy/types" "^2.4.0" + "@smithy/util-stream" "^2.0.17" + tslib "^2.5.0" + "@smithy/types@^2.4.0": version "2.4.0" resolved "https://registry.yarnpkg.com/@smithy/types/-/types-2.4.0.tgz#ed35e429e3ea3d089c68ed1bf951d0ccbdf2692e" @@ -969,6 +1753,147 @@ dependencies: tslib "^2.5.0" +"@smithy/url-parser@^2.0.12": + version "2.0.12" + resolved "https://registry.yarnpkg.com/@smithy/url-parser/-/url-parser-2.0.12.tgz#a4cdd1b66176e48f10d119298f8f90b06b7e8a01" + integrity sha512-qgkW2mZqRvlNUcBkxYB/gYacRaAdck77Dk3/g2iw0S9F0EYthIS3loGfly8AwoWpIvHKhkTsCXXQfzksgZ4zIA== + dependencies: + "@smithy/querystring-parser" "^2.0.12" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/util-base64@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@smithy/util-base64/-/util-base64-2.0.0.tgz#1beeabfb155471d1d41c8d0603be1351f883c444" + integrity sha512-Zb1E4xx+m5Lud8bbeYi5FkcMJMnn+1WUnJF3qD7rAdXpaL7UjkFQLdmW5fHadoKbdHpwH9vSR8EyTJFHJs++tA== + dependencies: + "@smithy/util-buffer-from" "^2.0.0" + tslib "^2.5.0" + +"@smithy/util-body-length-browser@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@smithy/util-body-length-browser/-/util-body-length-browser-2.0.0.tgz#5447853003b4c73da3bc5f3c5e82c21d592d1650" + integrity sha512-JdDuS4ircJt+FDnaQj88TzZY3+njZ6O+D3uakS32f2VNnDo3vyEuNdBOh/oFd8Df1zSZOuH1HEChk2AOYDezZg== + dependencies: + tslib "^2.5.0" + +"@smithy/util-body-length-node@^2.1.0": + version "2.1.0" + resolved "https://registry.yarnpkg.com/@smithy/util-body-length-node/-/util-body-length-node-2.1.0.tgz#313a5f7c5017947baf5fa018bfc22628904bbcfa" + integrity sha512-/li0/kj/y3fQ3vyzn36NTLGmUwAICb7Jbe/CsWCktW363gh1MOcpEcSO3mJ344Gv2dqz8YJCLQpb6hju/0qOWw== + dependencies: + tslib "^2.5.0" + +"@smithy/util-buffer-from@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@smithy/util-buffer-from/-/util-buffer-from-2.0.0.tgz#7eb75d72288b6b3001bc5f75b48b711513091deb" + integrity sha512-/YNnLoHsR+4W4Vf2wL5lGv0ksg8Bmk3GEGxn2vEQt52AQaPSCuaO5PM5VM7lP1K9qHRKHwrPGktqVoAHKWHxzw== + dependencies: + "@smithy/is-array-buffer" "^2.0.0" + tslib "^2.5.0" + +"@smithy/util-config-provider@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@smithy/util-config-provider/-/util-config-provider-2.0.0.tgz#4dd6a793605559d94267312fd06d0f58784b4c38" + integrity sha512-xCQ6UapcIWKxXHEU4Mcs2s7LcFQRiU3XEluM2WcCjjBtQkUN71Tb+ydGmJFPxMUrW/GWMgQEEGipLym4XG0jZg== + dependencies: + tslib "^2.5.0" + +"@smithy/util-defaults-mode-browser@^2.0.16": + version "2.0.16" + resolved "https://registry.yarnpkg.com/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-2.0.16.tgz#7d60c4e1d00ed569f47fd6343b822c4ff3c2c9f8" + integrity sha512-Uv5Cu8nVkuvLn0puX+R9zWbSNpLIR3AxUlPoLJ7hC5lvir8B2WVqVEkJLwtixKAncVLasnTVjPDCidtAUTGEQw== + dependencies: + "@smithy/property-provider" "^2.0.13" + "@smithy/smithy-client" "^2.1.12" + "@smithy/types" "^2.4.0" + bowser "^2.11.0" + tslib "^2.5.0" + +"@smithy/util-defaults-mode-node@^2.0.21": + version "2.0.21" + resolved "https://registry.yarnpkg.com/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-2.0.21.tgz#d10c887b3e641c63e235ce95ba32137fd0bd1838" + integrity sha512-cUEsttVZ79B7Al2rWK2FW03HBpD9LyuqFtm+1qFty5u9sHSdesr215gS2Ln53fTopNiPgeXpdoM3IgjvIO0rJw== + dependencies: + "@smithy/config-resolver" "^2.0.16" + "@smithy/credential-provider-imds" "^2.0.18" + "@smithy/node-config-provider" "^2.1.3" + "@smithy/property-provider" "^2.0.13" + "@smithy/smithy-client" "^2.1.12" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/util-endpoints@^1.0.2": + version "1.0.2" + resolved "https://registry.yarnpkg.com/@smithy/util-endpoints/-/util-endpoints-1.0.2.tgz#8be5b840c19661e3830ca10973f775b331bd94cd" + integrity sha512-QEdq+sP68IJHAMVB2ugKVVZEWeKQtZLuf+akHzc8eTVElsZ2ZdVLWC6Cp+uKjJ/t4yOj1qu6ZzyxJQEQ8jdEjg== + dependencies: + "@smithy/node-config-provider" "^2.1.3" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/util-hex-encoding@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@smithy/util-hex-encoding/-/util-hex-encoding-2.0.0.tgz#0aa3515acd2b005c6d55675e377080a7c513b59e" + integrity sha512-c5xY+NUnFqG6d7HFh1IFfrm3mGl29lC+vF+geHv4ToiuJCBmIfzx6IeHLg+OgRdPFKDXIw6pvi+p3CsscaMcMA== + dependencies: + tslib "^2.5.0" + +"@smithy/util-middleware@^2.0.5": + version "2.0.5" + resolved "https://registry.yarnpkg.com/@smithy/util-middleware/-/util-middleware-2.0.5.tgz#c63dc491de81641c99ade9309f30c54ad0e28fbd" + integrity sha512-1lyT3TcaMJQe+OFfVI+TlomDkPuVzb27NZYdYtmSTltVmLaUjdCyt4KE+OH1CnhZKsz4/cdCL420Lg9UH5Z2Mw== + dependencies: + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/util-retry@^2.0.5": + version "2.0.5" + resolved "https://registry.yarnpkg.com/@smithy/util-retry/-/util-retry-2.0.5.tgz#1a93721da082301aca61d8b42380369761a7e80d" + integrity sha512-x3t1+MQAJ6QONk3GTbJNcugCFDVJ+Bkro5YqQQK1EyVesajNDqxFtCx9WdOFNGm/Cbm7tUdwVEmfKQOJoU2Vtw== + dependencies: + "@smithy/service-error-classification" "^2.0.5" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + +"@smithy/util-stream@^2.0.17": + version "2.0.17" + resolved "https://registry.yarnpkg.com/@smithy/util-stream/-/util-stream-2.0.17.tgz#4c980891b0943e9e64949d7afcf1ec4a7b510ea8" + integrity sha512-fP/ZQ27rRvHsqItds8yB7jerwMpZFTL3QqbQbidUiG0+mttMoKdP0ZqnvM8UK5q0/dfc3/pN7g4XKPXOU7oRWw== + dependencies: + "@smithy/fetch-http-handler" "^2.2.4" + "@smithy/node-http-handler" "^2.1.8" + "@smithy/types" "^2.4.0" + "@smithy/util-base64" "^2.0.0" + "@smithy/util-buffer-from" "^2.0.0" + "@smithy/util-hex-encoding" "^2.0.0" + "@smithy/util-utf8" "^2.0.0" + tslib "^2.5.0" + +"@smithy/util-uri-escape@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@smithy/util-uri-escape/-/util-uri-escape-2.0.0.tgz#19955b1a0f517a87ae77ac729e0e411963dfda95" + integrity sha512-ebkxsqinSdEooQduuk9CbKcI+wheijxEb3utGXkCoYQkJnwTnLbH1JXGimJtUkQwNQbsbuYwG2+aFVyZf5TLaw== + dependencies: + tslib "^2.5.0" + +"@smithy/util-utf8@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@smithy/util-utf8/-/util-utf8-2.0.0.tgz#b4da87566ea7757435e153799df9da717262ad42" + integrity sha512-rctU1VkziY84n5OXe3bPNpKR001ZCME2JCaBBFgtiM2hfKbHFudc/BkMuPab8hRbLd0j3vbnBTTZ1igBf0wgiQ== + dependencies: + "@smithy/util-buffer-from" "^2.0.0" + tslib "^2.5.0" + +"@smithy/util-waiter@^2.0.12": + version "2.0.12" + resolved "https://registry.yarnpkg.com/@smithy/util-waiter/-/util-waiter-2.0.12.tgz#a7348f9fd2bade5f2f3ee7ecf7c43ab86ed244ee" + integrity sha512-3sENmyVa1NnOPoiT2NCApPmu7ukP7S/v7kL9IxNmnygkDldn7/yK0TP42oPJLwB2k3mospNsSePIlqdXEUyPHA== + dependencies: + "@smithy/abort-controller" "^2.0.12" + "@smithy/types" "^2.4.0" + tslib "^2.5.0" + "@szmarczak/http-timer@^5.0.1": version "5.0.1" resolved "https://registry.yarnpkg.com/@szmarczak/http-timer/-/http-timer-5.0.1.tgz#c7c1bf1141cdd4751b0399c8fc7b8b664cd5be3a" @@ -1019,7 +1944,7 @@ "@tufjs/canonical-json" "1.0.0" minimatch "^9.0.0" -"@types/aws-lambda@^8.10.125": +"@types/aws-lambda@^8.10.124": version "8.10.125" resolved "https://registry.yarnpkg.com/@types/aws-lambda/-/aws-lambda-8.10.125.tgz#c2ba86f7d98fe1827a7b048e0d31a65a8b5aed8c" integrity sha512-Vqw/WMlV4O1fJT6capim01v7VLDZkcX1n6Yhb52E7IfnMqYbNfwHfyDV8rRN42NLBtdDvfaqcCqs2K0fr5ljZw== @@ -1351,7 +2276,7 @@ ajv@^6.12.4: json-schema-traverse "^0.4.1" uri-js "^4.2.2" -ajv@^8.12.0: +ajv@^8.0.1, ajv@^8.12.0: version "8.12.0" resolved "https://registry.yarnpkg.com/ajv/-/ajv-8.12.0.tgz#d1a0527323e22f53562c567c00991577dfbe19d1" integrity sha512-sRu1kpcO9yLtYxBKvqfTeh9KzZEwO3STyX1HT+4CaDzC6HpTGYhIhPIzj9XuKU7KYDwnaeh5hcOwjy1QuJzBPA== @@ -1530,34 +2455,38 @@ arrify@^1.0.1: resolved "https://registry.yarnpkg.com/arrify/-/arrify-1.0.1.tgz#898508da2226f380df904728456849c1501a4b0d" integrity sha512-3CYzex9M9FGQjCGMGyi6/31c8GJbgb0qGyrx5HWxPd0aCwh4cB2YjMb2Xf9UuoogrMrlO9cTqnB5rI5GHZTcUA== +astral-regex@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/astral-regex/-/astral-regex-2.0.0.tgz#483143c567aeed4785759c0865786dc77d7d2e31" + integrity sha512-Z7tMw1ytTXt5jqMcOP+OQteU1VuNK9Y02uuJtKQ1Sv69jXQKKg5cibLwGJow8yzZP+eAc18EmLGPal0bp36rvQ== + asynckit@^0.4.0: version "0.4.0" resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79" integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q== -at-least-node@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/at-least-node/-/at-least-node-1.0.0.tgz#602cd4b46e844ad4effc92a8011a3c46e0238dc2" - integrity sha512-+q/t7Ekv1EDY2l6Gda6LLiX14rU9TV20Wa3ofeQmwPFZbOMo9DXrLbOjFaaclkXKWidIaopwAObQDqwWtGUjqg== - available-typed-arrays@^1.0.5: version "1.0.5" resolved "https://registry.yarnpkg.com/available-typed-arrays/-/available-typed-arrays-1.0.5.tgz#92f95616501069d07d10edb2fc37d3e1c65123b7" integrity sha512-DMD0KiN46eipeziST1LPP/STfDU0sufISXmjSgvVsoU2tqxctQeASejWcfNtxYKqETM1UxQ8sp2OrSBWpHY6sw== -aws-cdk-lib@2.0.0: - version "2.0.0" - resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.0.0.tgz#da7cf476363771f5ce4eb2aa73388b91db50553e" - integrity sha512-ETom3THcblmS3GSoS6rb2AGy7HZpcpoHvwNlxeVIVbmGOiKrrqjvECK2uOJtNboV/vDTHHjx/s/1SwptLo9dlg== +aws-cdk-lib@2.85.0: + version "2.85.0" + resolved "https://registry.yarnpkg.com/aws-cdk-lib/-/aws-cdk-lib-2.85.0.tgz#09a577799b63107d3128c2755ee02acedc580e5d" + integrity sha512-u+ypK8XEMRH3tGRMSmcbPYxLet7xBdGIztUkMcPtlNJGhS/vxqh12yYkem3g3zzmHwdX8OPLSnlZ2sIuiIqp/g== dependencies: + "@aws-cdk/asset-awscli-v1" "^2.2.177" + "@aws-cdk/asset-kubectl-v20" "^2.1.1" + "@aws-cdk/asset-node-proxy-agent-v5" "^2.0.148" "@balena/dockerignore" "^1.0.2" case "1.6.3" - fs-extra "^9.1.0" - ignore "^5.1.9" - jsonschema "^1.4.0" - minimatch "^3.0.4" - punycode "^2.1.1" - semver "^7.3.5" + fs-extra "^11.1.1" + ignore "^5.2.4" + jsonschema "^1.4.1" + minimatch "^3.1.2" + punycode "^2.3.0" + semver "^7.5.1" + table "^6.8.1" yaml "1.10.2" aws-cdk@^2: @@ -1567,22 +2496,6 @@ aws-cdk@^2: optionalDependencies: fsevents "2.3.2" -aws-sdk@^2.1483.0: - version "2.1483.0" - resolved "https://registry.yarnpkg.com/aws-sdk/-/aws-sdk-2.1483.0.tgz#1687731fec00b7196d5fc093a75c8eebb4f0f044" - integrity sha512-u1DVpvBd2UeYLXwXgY8tO/SjbdFEE6nRkQWiLaDJaBoHycHpe+DjPtGl1KaLiOIMaDZ+cnIzf3/aRSss/mCeBQ== - dependencies: - buffer "4.9.2" - events "1.1.1" - ieee754 "1.1.13" - jmespath "0.16.0" - querystring "0.2.0" - sax "1.2.1" - url "0.10.3" - util "^0.12.4" - uuid "8.0.0" - xml2js "0.5.0" - babel-jest@^27.5.1: version "27.5.1" resolved "https://registry.yarnpkg.com/babel-jest/-/babel-jest-27.5.1.tgz#a1bf8d61928edfefd21da27eb86a695bfd691444" @@ -1649,10 +2562,10 @@ balanced-match@^1.0.0: resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee" integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw== -base64-js@^1.0.2: - version "1.5.1" - resolved "https://registry.yarnpkg.com/base64-js/-/base64-js-1.5.1.tgz#1b1b440160a5bf7ad40b650f095963481903930a" - integrity sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA== +bowser@^2.11.0: + version "2.11.0" + resolved "https://registry.yarnpkg.com/bowser/-/bowser-2.11.0.tgz#5ca3c35757a7aa5771500c70a73a9f91ef420a8f" + integrity sha512-AlcaJBi/pqqJBIQ8U9Mcpc9i8Aqxn88Skv5d+xBX006BY5u8N3mGLHa5Lgppa7L/HfwgwLgZ6NYs+Ag6uUmJRA== boxen@^7.0.0: version "7.1.1" @@ -1724,15 +2637,6 @@ buffer-from@^1.0.0: resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.2.tgz#2b146a6fd72e80b4f55d255f35ed59a3a9a41bd5" integrity sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ== -buffer@4.9.2: - version "4.9.2" - resolved "https://registry.yarnpkg.com/buffer/-/buffer-4.9.2.tgz#230ead344002988644841ab0244af8c44bbe3ef8" - integrity sha512-xq+q3SRMOxGivLhBNaUdC64hDTQwejJ+H0T/NB1XMtTVEwNTrfFF3gAxiyW0Bu/xWEGhjVKgUcMhCrUy2+uCWg== - dependencies: - base64-js "^1.0.2" - ieee754 "^1.1.4" - isarray "^1.0.0" - builtins@^5.0.0: version "5.0.1" resolved "https://registry.yarnpkg.com/builtins/-/builtins-5.0.1.tgz#87f6db9ab0458be728564fa81d876d8d74552fa9" @@ -2830,11 +3734,6 @@ esutils@^2.0.2: resolved "https://registry.yarnpkg.com/esutils/-/esutils-2.0.3.tgz#74d2eb4de0b8da1293711910d50775b9b710ef64" integrity sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g== -events@1.1.1: - version "1.1.1" - resolved "https://registry.yarnpkg.com/events/-/events-1.1.1.tgz#9ebdb7635ad099c70dcc4c2a1f5004288e8bd924" - integrity sha512-kEcvvCBByWXGnZy6JUlgAp2gBIUjfCAV6P6TgT1/aaQKcmuAEC4OZTV1I4EWQLz2gxZw76atuVyvHhTxvi0Flw== - execa@^5.0.0: version "5.1.1" resolved "https://registry.yarnpkg.com/execa/-/execa-5.1.1.tgz#f80ad9cbf4298f7bd1d4c9555c21e93741c411dd" @@ -2906,6 +3805,13 @@ fast-memoize@^2.5.2: resolved "https://registry.yarnpkg.com/fast-memoize/-/fast-memoize-2.5.2.tgz#79e3bb6a4ec867ea40ba0e7146816f6cdce9b57e" integrity sha512-Ue0LwpDYErFbmNnZSF0UH6eImUwDmogUO1jyE+JbN2gsQz/jICm1Ve7t9QT0rNSsfJt+Hs4/S3GnsDVjL4HVrw== +fast-xml-parser@4.2.5: + version "4.2.5" + resolved "https://registry.yarnpkg.com/fast-xml-parser/-/fast-xml-parser-4.2.5.tgz#a6747a09296a6cb34f2ae634019bf1738f3b421f" + integrity sha512-B9/wizE4WngqQftFPmdaMYlXoJlJOYxGQOanC77fq9k8+Z0v5dDSVh+3glErdIROP//s/jgb7ZuxKfB8nVyo0g== + dependencies: + strnum "^1.0.5" + fastq@^1.6.0: version "1.15.0" resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.15.0.tgz#d04d07c6a2a68fe4599fea8d2e103a937fae6b3a" @@ -3028,6 +3934,15 @@ fs-extra@^10.1.0: jsonfile "^6.0.1" universalify "^2.0.0" +fs-extra@^11.1.1: + version "11.1.1" + resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-11.1.1.tgz#da69f7c39f3b002378b0954bb6ae7efdc0876e2d" + integrity sha512-MGIE4HOvQCeUCzmlHs0vXpih4ysz4wg9qiSAu6cd42lVwPbTM1TjV7RusoyQqMmk/95gdQZX72u+YW+c3eEpFQ== + dependencies: + graceful-fs "^4.2.0" + jsonfile "^6.0.1" + universalify "^2.0.0" + fs-extra@^8.1.0: version "8.1.0" resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-8.1.0.tgz#49d43c45a88cd9677668cb7be1b46efdb8d2e1c0" @@ -3037,16 +3952,6 @@ fs-extra@^8.1.0: jsonfile "^4.0.0" universalify "^0.1.0" -fs-extra@^9.1.0: - version "9.1.0" - resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-9.1.0.tgz#5954460c764a8da2094ba3554bf839e6b9a7c86d" - integrity sha512-hcg3ZmepS30/7BSFqRvoo3DOMQu7IjqxO5nCDt+zM9XWjb33Wg7ziNT+Qvqbuc3+gWpzO02JubVyk2G4Zvo1OQ== - dependencies: - at-least-node "^1.0.0" - graceful-fs "^4.2.0" - jsonfile "^6.0.1" - universalify "^2.0.0" - fs-minipass@^2.0.0, fs-minipass@^2.1.0: version "2.1.0" resolved "https://registry.yarnpkg.com/fs-minipass/-/fs-minipass-2.1.0.tgz#7f5036fdbf12c63c169190cbe4199c852271f9fb" @@ -3517,16 +4422,6 @@ iconv-lite@^0.6.2: dependencies: safer-buffer ">= 2.1.2 < 3.0.0" -ieee754@1.1.13: - version "1.1.13" - resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.1.13.tgz#ec168558e95aa181fd87d37f55c32bbcb6708b84" - integrity sha512-4vf7I2LYV/HaWerSo3XmlMkp5eZ83i+/CDluXi/IGTs/O1sejBNhTtnxzmRZfvOUqj7lZjqHkeTvpgSFDlWZTg== - -ieee754@^1.1.4: - version "1.2.1" - resolved "https://registry.yarnpkg.com/ieee754/-/ieee754-1.2.1.tgz#8eb7a10a63fff25d15a57b001586d177d1b0d352" - integrity sha512-dcyqhDvX1C46lXZcVqCpK+FtMRQVdIMN6/Df5js2zouUsqG7I6sFxitIC+7KYK29KdXOLHdu9zL4sFnoVQnqaA== - ignore-walk@^6.0.0: version "6.0.3" resolved "https://registry.yarnpkg.com/ignore-walk/-/ignore-walk-6.0.3.tgz#0fcdb6decaccda35e308a7b0948645dd9523b7bb" @@ -3534,7 +4429,7 @@ ignore-walk@^6.0.0: dependencies: minimatch "^9.0.0" -ignore@^5.1.9, ignore@^5.2.0, ignore@^5.2.4: +ignore@^5.2.0, ignore@^5.2.4: version "5.2.4" resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.2.4.tgz#a291c0c6178ff1b960befe47fcdec301674a6324" integrity sha512-MAb38BcSbH0eHNBxn7ql2NH/kX33OkB3lZ1BNdh7ENeRChHTYsTvWrMubiIAMNS2llXEEgZ1MUOBtXChP3kaFQ== @@ -3622,14 +4517,6 @@ ip@^2.0.0: resolved "https://registry.yarnpkg.com/ip/-/ip-2.0.0.tgz#4cf4ab182fee2314c75ede1276f8c80b479936da" integrity sha512-WKa+XuLG1A1R0UWhl2+1XQSi+fZWMsYKffMZTTYsiZaUD8k2yDAj5atimTUD2TZkyCkNEeYE5NhFZmupOGtjYQ== -is-arguments@^1.0.4: - version "1.1.1" - resolved "https://registry.yarnpkg.com/is-arguments/-/is-arguments-1.1.1.tgz#15b3f88fda01f2a97fec84ca761a560f123efa9b" - integrity sha512-8Q7EARjzEnKpt/PCD7e1cgUS0a6X8u5tdSiMqXhojOdoV9TsMsiO+9VLC5vAmO8N7/GmXn7yjR8qnA6bVAEzfA== - dependencies: - call-bind "^1.0.2" - has-tostringtag "^1.0.0" - is-array-buffer@^3.0.1, is-array-buffer@^3.0.2: version "3.0.2" resolved "https://registry.yarnpkg.com/is-array-buffer/-/is-array-buffer-3.0.2.tgz#f2653ced8412081638ecb0ebbd0c41c6e0aecbbe" @@ -3700,13 +4587,6 @@ is-generator-fn@^2.0.0: resolved "https://registry.yarnpkg.com/is-generator-fn/-/is-generator-fn-2.1.0.tgz#7d140adc389aaf3011a8f2a2a4cfa6faadffb118" integrity sha512-cTIB4yPYL/Grw0EaSzASzg6bBy9gqCofvWN8okThAYIxKJZC+udlRAmGbM0XLeniEJSs8uEgHPGuHSe1XsOLSQ== -is-generator-function@^1.0.7: - version "1.0.10" - resolved "https://registry.yarnpkg.com/is-generator-function/-/is-generator-function-1.0.10.tgz#f1558baf1ac17e0deea7c0415c438351ff2b3c72" - integrity sha512-jsEjy9l3yiXEQ+PsXdmBwEPcOxaXWLspKdplFUVI9vq1iZgIekeC0L167qeu86czQaxed3q/Uzuw0swL0irL8A== - dependencies: - has-tostringtag "^1.0.0" - is-glob@^4.0.0, is-glob@^4.0.1, is-glob@^4.0.3: version "4.0.3" resolved "https://registry.yarnpkg.com/is-glob/-/is-glob-4.0.3.tgz#64f61e42cbbb2eec2071a9dac0b28ba1e65d5084" @@ -3810,7 +4690,7 @@ is-text-path@^1.0.1: dependencies: text-extensions "^1.0.0" -is-typed-array@^1.1.10, is-typed-array@^1.1.12, is-typed-array@^1.1.3, is-typed-array@^1.1.9: +is-typed-array@^1.1.10, is-typed-array@^1.1.12, is-typed-array@^1.1.9: version "1.1.12" resolved "https://registry.yarnpkg.com/is-typed-array/-/is-typed-array-1.1.12.tgz#d0bab5686ef4a76f7a73097b95470ab199c57d4a" integrity sha512-Z14TF2JNG8Lss5/HMqt0//T9JeHXttXy5pH/DBU4vi98ozO2btxzq9MwYDZYnKwU8nRsz/+GVFVRDq3DkVuSPg== @@ -3834,16 +4714,16 @@ is-yarn-global@^0.4.0: resolved "https://registry.yarnpkg.com/is-yarn-global/-/is-yarn-global-0.4.1.tgz#b312d902b313f81e4eaf98b6361ba2b45cd694bb" integrity sha512-/kppl+R+LO5VmhYSEWARUFjodS25D68gvj8W7z0I7OWhUla5xWu8KL6CtB2V0R6yqhnRgbcaREMr4EEM6htLPQ== -isarray@^1.0.0, isarray@~1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" - integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== - isarray@^2.0.5: version "2.0.5" resolved "https://registry.yarnpkg.com/isarray/-/isarray-2.0.5.tgz#8af1e4c1221244cc62459faf38940d4e644a5723" integrity sha512-xHjhDr3cNBK0BzdUJSPXZntQUx/mwMS5Rw4A7lPJ90XGAO6ISP/ePDNuo0vhqOZU+UD5JoodwCAAoZQd3FeAKw== +isarray@~1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/isarray/-/isarray-1.0.0.tgz#bb935d48582cba168c06834957a54a3e07124f11" + integrity sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ== + isexe@^2.0.0: version "2.0.0" resolved "https://registry.yarnpkg.com/isexe/-/isexe-2.0.0.tgz#e8fbf374dc556ff8947a10dcb0572d633f2cfa10" @@ -4320,11 +5200,6 @@ jju@^1.1.0: resolved "https://registry.yarnpkg.com/jju/-/jju-1.4.0.tgz#a3abe2718af241a2b2904f84a625970f389ae32a" integrity sha512-8wb9Yw966OSxApiCt0K3yNJL8pnNeIv+OEq2YMidz4FKP6nonSRoOXc80iXY4JaN2FC11B9qsNmDsm+ZOfMROA== -jmespath@0.16.0: - version "0.16.0" - resolved "https://registry.yarnpkg.com/jmespath/-/jmespath-0.16.0.tgz#b15b0a85dfd4d930d43e69ed605943c802785076" - integrity sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw== - js-tokens@^4.0.0: version "4.0.0" resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499" @@ -4600,7 +5475,7 @@ jsonparse@^1.2.0, jsonparse@^1.3.1: resolved "https://registry.yarnpkg.com/jsonparse/-/jsonparse-1.3.1.tgz#3f4dae4a91fac315f71062f8521cc239f1366280" integrity sha512-POQXvpdL69+CluYsillJ7SUhKvytYjW9vG/GKpnf+xP8UWgYEM/RaMzHHofbALDiKbbP1W8UEYmgGl39WkPZsg== -jsonschema@^1.4.0: +jsonschema@^1.4.1: version "1.4.1" resolved "https://registry.yarnpkg.com/jsonschema/-/jsonschema-1.4.1.tgz#cc4c3f0077fb4542982973d8a083b6b34f482dab" integrity sha512-S6cATIPVv1z0IlxdN+zUk5EPjkGCdnhN4wVSBlvoUO1tOLJootbo9CquNJmbIh4yikWHiUedhRYrNPn1arpEmQ== @@ -4707,6 +5582,11 @@ lodash.merge@^4.6.2: resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.2.tgz#558aa53b43b661e1925a0afdfa36a9a1085fe57a" integrity sha512-0KpjqXRVvrYyCsX1swR/XTK0va6VQkQM6MNo7PqW77ByjAhoARA8EfrP1N4+KlKj8YS0ZUCtRT/YUuhyYDujIQ== +lodash.truncate@^4.4.2: + version "4.4.2" + resolved "https://registry.yarnpkg.com/lodash.truncate/-/lodash.truncate-4.4.2.tgz#5a350da0b1113b837ecfffd5812cbe58d6eae193" + integrity sha512-jttmRe7bRse52OsWIMDLaXxWqRAmtIUccAQ3garviCqJjafXOfNMO0yMfNpdD6zbGaTU0P5Nz7e7gAT6cKmJRw== + lodash@^4.17.15, lodash@^4.17.21, lodash@^4.7.0: version "4.17.21" resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" @@ -5626,12 +6506,7 @@ psl@^1.1.33: resolved "https://registry.yarnpkg.com/psl/-/psl-1.9.0.tgz#d0df2a137f00794565fcaf3b2c00cd09f8d5a5a7" integrity sha512-E/ZsdU4HLs/68gYzgGTkMicWTLPdAftJLfJFlLUAAKZGkStNU72sZjT66SnMDVOfOWY/YAoiD7Jxa9iHvngcag== -punycode@1.3.2: - version "1.3.2" - resolved "https://registry.yarnpkg.com/punycode/-/punycode-1.3.2.tgz#9653a036fb7c1ee42342f2325cceefea3926c48d" - integrity sha512-RofWgt/7fL5wP1Y7fxE7/EmTLzQVnB0ycyibJ0OOHIlJqTNzglYFxVwETOcIoJqJmpDXJ9xImDv+Fq34F/d4Dw== - -punycode@^2.1.0, punycode@^2.1.1: +punycode@^2.1.0, punycode@^2.1.1, punycode@^2.3.0: version "2.3.0" resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.3.0.tgz#f67fa67c94da8f4d0cfff981aee4118064199b8f" integrity sha512-rRV+zQD8tVFys26lAGR9WUuS4iUAngJScM+ZRSKtvl5tKeZ2t5bvdNFdNHBW9FWR4guGHlgmsZ1G7BSm2wTbuA== @@ -5648,11 +6523,6 @@ q@^1.5.1: resolved "https://registry.yarnpkg.com/q/-/q-1.5.1.tgz#7e32f75b41381291d04611f1bf14109ac00651d7" integrity sha512-kV/CThkXo6xyFEZUugw/+pIOywXcDbFYgSct5cT3gqlbkBE1SJdwy6UQoZvodiWF/ckQLZyDE/Bu1M6gVu5lVw== -querystring@0.2.0: - version "0.2.0" - resolved "https://registry.yarnpkg.com/querystring/-/querystring-0.2.0.tgz#b209849203bb25df820da756e747005878521620" - integrity sha512-X/xY82scca2tau62i9mDyU9K+I+djTMUsvwf7xnUX5GLvVzgJybOJf4Y6o9Zx3oJK/LSXg5tTZBjwzqVPaPO2g== - querystringify@^2.1.1: version "2.2.0" resolved "https://registry.yarnpkg.com/querystringify/-/querystringify-2.2.0.tgz#3345941b4153cb9d082d8eee4cda2016a9aef7f6" @@ -5955,16 +6825,6 @@ safe-regex-test@^1.0.0: resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a" integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg== -sax@1.2.1: - version "1.2.1" - resolved "https://registry.yarnpkg.com/sax/-/sax-1.2.1.tgz#7b8e656190b228e81a66aea748480d828cd2d37a" - integrity sha512-8I2a3LovHTOpm7NV5yOyO8IHqgVsfK4+UuySrXU8YXkSRX7k6hCV9b3HrkKCr3nMpgj+0bmocaJJWpvp1oc7ZA== - -sax@>=0.6.0: - version "1.3.0" - resolved "https://registry.yarnpkg.com/sax/-/sax-1.3.0.tgz#a5dbe77db3be05c9d1ee7785dbd3ea9de51593d0" - integrity sha512-0s+oAmw9zLl1V1cS9BtZN7JAd0cW5e0QH4W3LWEK6a4LaLEA2OTpGYWDY+6XasBLtz6wkm3u1xRw95mRuJ59WA== - saxes@^5.0.1: version "5.0.1" resolved "https://registry.yarnpkg.com/saxes/-/saxes-5.0.1.tgz#eebab953fa3b7608dbe94e5dadb15c888fa6696d" @@ -5996,7 +6856,7 @@ semver-utils@^1.1.4: resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== -semver@7.x, semver@^7.0.0, semver@^7.1.1, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.7, semver@^7.5.0, semver@^7.5.3, semver@^7.5.4: +semver@7.x, semver@^7.0.0, semver@^7.1.1, semver@^7.3.2, semver@^7.3.4, semver@^7.3.5, semver@^7.3.7, semver@^7.5.0, semver@^7.5.1, semver@^7.5.3, semver@^7.5.4: version "7.5.4" resolved "https://registry.yarnpkg.com/semver/-/semver-7.5.4.tgz#483986ec4ed38e1c6c48c34894a9182dbff68a6e" integrity sha512-1bCSESV6Pv+i21Hvpxp3Dx+pSD8lIPt8uVjRrxAUt/nbswYc+tK6Y2btiULjd4+fnq15PX+nqQDC7Oft7WkwcA== @@ -6101,6 +6961,15 @@ slash@^3.0.0: resolved "https://registry.yarnpkg.com/slash/-/slash-3.0.0.tgz#6539be870c165adbd5240220dbe361f1bc4d4634" integrity sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q== +slice-ansi@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/slice-ansi/-/slice-ansi-4.0.0.tgz#500e8dd0fd55b05815086255b3195adf2a45fe6b" + integrity sha512-qMCMfhY040cVHT43K9BFygqYbUPFZKHOg7K73mtTWJRb8pyP3fzf4Ixd5SzdEJQ6MRUg/WBnOLxghZtKKurENQ== + dependencies: + ansi-styles "^4.0.0" + astral-regex "^2.0.0" + is-fullwidth-code-point "^3.0.0" + smart-buffer@^4.2.0: version "4.2.0" resolved "https://registry.yarnpkg.com/smart-buffer/-/smart-buffer-4.2.0.tgz#6e1d71fa4f18c05f7d0ff216dd16a481d0e8d9ae" @@ -6397,6 +7266,11 @@ strip-json-comments@~2.0.1: resolved "https://registry.yarnpkg.com/strip-json-comments/-/strip-json-comments-2.0.1.tgz#3c531942e908c2697c0ec344858c286c7ca0a60a" integrity sha512-4gB8na07fecVVkOI6Rs4e7T6NOTki5EmL7TUduTs6bu3EdnSycntVJ4re8kgZA+wx9IueI2Y11bfbgwtzuE0KQ== +strnum@^1.0.5: + version "1.0.5" + resolved "https://registry.yarnpkg.com/strnum/-/strnum-1.0.5.tgz#5c4e829fe15ad4ff0d20c3db5ac97b73c9b072db" + integrity sha512-J8bbNyKKXl5qYcR36TIO8W3mVGVHrmmxsd5PAItGkmyzwJvybiw2IVq5nqd0i4LSNSkB/sx9VHllbfFdr9k1JA== + supports-color@^5.3.0: version "5.5.0" resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-5.5.0.tgz#e2e69a44ac8772f78a1ec0b35b689df6530efc8f" @@ -6436,6 +7310,17 @@ symbol-tree@^3.2.4: resolved "https://registry.yarnpkg.com/symbol-tree/-/symbol-tree-3.2.4.tgz#430637d248ba77e078883951fb9aa0eed7c63fa2" integrity sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw== +table@^6.8.1: + version "6.8.1" + resolved "https://registry.yarnpkg.com/table/-/table-6.8.1.tgz#ea2b71359fe03b017a5fbc296204471158080bdf" + integrity sha512-Y4X9zqrCftUhMeH2EptSSERdVKt/nEdijTOacGD/97EKjhQ/Qs8RTlEGABSJNNN8lac9kheH+af7yAkEWlgneA== + dependencies: + ajv "^8.0.1" + lodash.truncate "^4.4.2" + slice-ansi "^4.0.0" + string-width "^4.2.3" + strip-ansi "^6.0.1" + tapable@^2.2.0: version "2.2.1" resolved "https://registry.yarnpkg.com/tapable/-/tapable-2.2.1.tgz#1967a73ef4060a82f12ab96af86d52fdb76eeca0" @@ -6592,7 +7477,12 @@ tsconfig-paths@^3.14.2: minimist "^1.2.6" strip-bom "^3.0.0" -tslib@^2.5.0: +tslib@^1.11.1: + version "1.14.1" + resolved "https://registry.yarnpkg.com/tslib/-/tslib-1.14.1.tgz#cf2d38bdc34a134bcaf1091c41f6619e2f672d00" + integrity sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg== + +tslib@^2.3.1, tslib@^2.5.0: version "2.6.2" resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.2.tgz#703ac29425e7b37cd6fd456e92404d46d1f3e4ae" integrity sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q== @@ -6832,35 +7722,11 @@ url-parse@^1.5.3: querystringify "^2.1.1" requires-port "^1.0.0" -url@0.10.3: - version "0.10.3" - resolved "https://registry.yarnpkg.com/url/-/url-0.10.3.tgz#021e4d9c7705f21bbf37d03ceb58767402774c64" - integrity sha512-hzSUW2q06EqL1gKM/a+obYHLIO6ct2hwPuviqTTOcfFVc61UbfJ2Q32+uGL/HCPxKqrdGB5QUwIe7UqlDgwsOQ== - dependencies: - punycode "1.3.2" - querystring "0.2.0" - util-deprecate@^1.0.1, util-deprecate@~1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf" integrity sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw== -util@^0.12.4: - version "0.12.5" - resolved "https://registry.yarnpkg.com/util/-/util-0.12.5.tgz#5f17a6059b73db61a875668781a1c2b136bd6fbc" - integrity sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA== - dependencies: - inherits "^2.0.3" - is-arguments "^1.0.4" - is-generator-function "^1.0.7" - is-typed-array "^1.1.3" - which-typed-array "^1.1.2" - -uuid@8.0.0: - version "8.0.0" - resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.0.0.tgz#bc6ccf91b5ff0ac07bbcdbf1c7c4e150db4dbb6c" - integrity sha512-jOXGuXZAWdsTH7eZLtyXMqUb9EcWMGZNbL9YcGBJl4MH4nrxHmZJhEHvyLFrkxo+28uLb/NYRcStH48fnD0Vzw== - uuid@^8.3.2: version "8.3.2" resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.3.2.tgz#80d5b5ced271bb9af6c445f21a1a04c606cefbe2" @@ -6958,7 +7824,18 @@ which-boxed-primitive@^1.0.2: is-string "^1.0.5" is-symbol "^1.0.3" -which-typed-array@^1.1.11, which-typed-array@^1.1.13, which-typed-array@^1.1.2: +which-typed-array@^1.1.11: + version "1.1.11" + resolved "https://registry.yarnpkg.com/which-typed-array/-/which-typed-array-1.1.11.tgz#99d691f23c72aab6768680805a271b69761ed61a" + integrity sha512-qe9UWWpkeG5yzZ0tNYxDmd7vo58HDBc39mZ0xWWpolAGADdFOzkfamWLDxkOWcvHQKVmdTyQdLD4NOfjLWTKew== + dependencies: + available-typed-arrays "^1.0.5" + call-bind "^1.0.2" + for-each "^0.3.3" + gopd "^1.0.1" + has-tostringtag "^1.0.0" + +which-typed-array@^1.1.13: version "1.1.13" resolved "https://registry.yarnpkg.com/which-typed-array/-/which-typed-array-1.1.13.tgz#870cd5be06ddb616f504e7b039c4c24898184d36" integrity sha512-P5Nra0qjSncduVPEAr7xhoF5guty49ArDTwzJ/yNuPIbZppyRxFQsRCWrocxIY+CnMVG+qfbU2FmDKyvSGClow== @@ -7060,14 +7937,6 @@ xml-name-validator@^3.0.0: resolved "https://registry.yarnpkg.com/xml-name-validator/-/xml-name-validator-3.0.0.tgz#6ae73e06de4d8c6e47f9fb181f78d648ad457c6a" integrity sha512-A5CUptxDsvxKJEU3yO6DuWBSJz/qizqzJKOMIfUJHETbBw/sFaDxgd6fxm1ewUaM0jZ444Fc5vC5ROYurg/4Pw== -xml2js@0.5.0: - version "0.5.0" - resolved "https://registry.yarnpkg.com/xml2js/-/xml2js-0.5.0.tgz#d9440631fbb2ed800203fad106f2724f62c493b7" - integrity sha512-drPFnkQJik/O+uPKpqSgr22mpuFHqKdbS835iAQrUC73L2F5WkboIRd63ai/2Yg6I1jzifPFKH2NTK+cfglkIA== - dependencies: - sax ">=0.6.0" - xmlbuilder "~11.0.0" - xml@^1.0.1: version "1.0.1" resolved "https://registry.yarnpkg.com/xml/-/xml-1.0.1.tgz#78ba72020029c5bc87b8a81a3cfcd74b4a2fc1e5" @@ -7088,11 +7957,6 @@ xmlbuilder@^15.1.1: resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-15.1.1.tgz#9dcdce49eea66d8d10b42cae94a79c3c8d0c2ec5" integrity sha512-yMqGBqtXyeN1e3TGYvgNgDVZ3j84W4cwkOXQswghol6APgZWaff9lnbvN7MHYJOiXsvGPXtjTYJEiC9J2wv9Eg== -xmlbuilder@~11.0.0: - version "11.0.1" - resolved "https://registry.yarnpkg.com/xmlbuilder/-/xmlbuilder-11.0.1.tgz#be9bae1c8a046e76b31127726347d0ad7002beb3" - integrity sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA== - xmlchars@^2.2.0: version "2.2.0" resolved "https://registry.yarnpkg.com/xmlchars/-/xmlchars-2.2.0.tgz#060fe1bcb7f9c76fe2a17db86a9bc3ab894210cb"