{ "Resources": { "TestBucket560B80BC": { "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "K9Example/TestBucket/Resource" } }, "S3BucketPolicy189C1E8E": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "TestBucket560B80BC" }, "PolicyDocument": { "Statement": [ { "Action": [ "s3:DeleteBucket", "s3:DeleteBucketPolicy", "s3:DeleteBucketWebsite", "s3:ObjectOwnerOverrideToBucketOwner", "s3:PutAccelerateConfiguration", "s3:PutAnalyticsConfiguration", "s3:PutBucketAcl", "s3:PutBucketCORS", "s3:PutBucketLogging", "s3:PutBucketNotification", "s3:PutBucketObjectLockConfiguration", "s3:PutBucketOwnershipControls", "s3:PutBucketPolicy", "s3:PutBucketPublicAccessBlock", "s3:PutBucketRequestPayment", "s3:PutBucketTagging", "s3:PutBucketVersioning", "s3:PutBucketWebsite", "s3:PutEncryptionConfiguration", "s3:PutIntelligentTieringConfiguration", "s3:PutInventoryConfiguration", "s3:PutLifecycleConfiguration", "s3:PutMetricsConfiguration", "s3:PutObjectAcl", "s3:PutObjectLegalHold", "s3:PutObjectRetention", "s3:PutObjectVersionAcl", "s3:PutReplicationConfiguration" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, "/*" ] ] } ], "Sid": "Allow Restricted administer-resource" }, { "Action": [ "s3:GetAccelerateConfiguration", "s3:GetAnalyticsConfiguration", "s3:GetBucketAcl", "s3:GetBucketCORS", "s3:GetBucketLocation", "s3:GetBucketLogging", "s3:GetBucketNotification", "s3:GetBucketObjectLockConfiguration", "s3:GetBucketOwnershipControls", "s3:GetBucketPolicy", "s3:GetBucketPolicyStatus", "s3:GetBucketPublicAccessBlock", "s3:GetBucketRequestPayment", "s3:GetBucketTagging", "s3:GetBucketVersioning", "s3:GetBucketWebsite", "s3:GetEncryptionConfiguration", "s3:GetIntelligentTieringConfiguration", "s3:GetInventoryConfiguration", "s3:GetLifecycleConfiguration", "s3:GetMetricsConfiguration", "s3:GetObjectAcl", "s3:GetObjectAttributes", "s3:GetObjectLegalHold", "s3:GetObjectRetention", "s3:GetObjectTagging", "s3:GetObjectVersionAcl", "s3:GetObjectVersionAttributes", "s3:GetObjectVersionTagging", "s3:GetReplicationConfiguration", "s3:ListBucketMultipartUploads", "s3:ListBucketVersions", "s3:ListMultipartUploadParts" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1", "arn:aws:iam::123456789012:role/k9-auditor", "arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, "/*" ] ] } ], "Sid": "Allow Restricted read-config" }, { "Action": [ "s3:GetObject", "s3:GetObjectTorrent", "s3:GetObjectVersion", "s3:GetObjectVersionForReplication", "s3:GetObjectVersionTorrent", "s3:ListBucket" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:role/app-backend", "arn:aws:iam::123456789012:role/customer-service" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, "/*" ] ] } ], "Sid": "Allow Restricted read-data" }, { "Action": [ "s3:AbortMultipartUpload", "s3:InitiateReplication", "s3:PutBucketTagging", "s3:PutObject", "s3:PutObjectTagging", "s3:PutObjectVersionTagging", "s3:ReplicateDelete", "s3:ReplicateObject", "s3:ReplicateTags", "s3:RestoreObject" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:role/app-backend" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, "/*" ] ] } ], "Sid": "Allow Restricted write-data" }, { "Action": [ "s3:DeleteObject", "s3:DeleteObjectTagging", "s3:DeleteObjectVersion", "s3:DeleteObjectVersionTagging" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, "/*" ] ] } ], "Sid": "Allow Restricted delete-data" }, { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": false } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, "/*" ] ] } ], "Sid": "DenyInsecureCommunications" }, { "Action": [ "s3:PutObject", "s3:ReplicateObject" ], "Condition": { "Null": { "s3:x-amz-server-side-encryption": true } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, "/*" ] ] } ], "Sid": "DenyUnencryptedStorage" }, { "Action": [ "s3:PutObject", "s3:ReplicateObject" ], "Condition": { "StringNotEquals": { "s3:x-amz-server-side-encryption": "aws:kms" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, "/*" ] ] } ], "Sid": "DenyUnexpectedEncryptionMethod" }, { "Action": "s3:*", "Condition": { "ArnNotEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1", "arn:aws:iam::123456789012:role/k9-auditor", "arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer", "arn:aws:iam::123456789012:role/app-backend", "arn:aws:iam::123456789012:role/customer-service" ] } }, "Effect": "Deny", "Principal": { "AWS": [ "*", "*" ] }, "Resource": [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "TestBucket560B80BC", "Arn" ] }, "/*" ] ] } ], "Sid": "DenyEveryoneElse" } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "K9Example/S3BucketPolicy/Resource" } }, "TestQueue6F0069AA": { "Type": "AWS::SQS::Queue", "Properties": { "QueueName": "app-queue-with-k9-policy" }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "K9Example/TestQueue/Resource" } }, "TestQueuePolicyA65327BC": { "Type": "AWS::SQS::QueuePolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "sqs:AddPermission", "sqs:CancelMessageMoveTask", "sqs:CreateQueue", "sqs:DeleteQueue", "sqs:PurgeQueue", "sqs:RemovePermission", "sqs:SetQueueAttributes" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "Allow Restricted administer-resource 1" }, { "Action": [ "sqs:StartMessageMoveTask", "sqs:TagQueue", "sqs:UntagQueue" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "Allow Restricted administer-resource 2" }, { "Action": [ "sqs:GetQueueAttributes", "sqs:GetQueueUrl", "sqs:ListDeadLetterSourceQueues", "sqs:ListMessageMoveTasks", "sqs:ListQueues", "sqs:ListQueueTags" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1", "arn:aws:iam::123456789012:role/k9-auditor", "arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "Allow Restricted read-config" }, { "Action": "sqs:ReceiveMessage", "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:role/app-backend", "arn:aws:iam::123456789012:role/customer-service" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "Allow Restricted read-data" }, { "Action": [ "sqs:ChangeMessageVisibility", "sqs:SendMessage" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:role/app-backend" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "Allow Restricted write-data" }, { "Action": [ "sqs:DeleteMessage", "sqs:DeleteQueue", "sqs:PurgeQueue" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "Allow Restricted delete-data" }, { "Action": "sqs:*", "Condition": { "Bool": { "aws:PrincipalIsAWSService": [ "false" ] }, "ArnNotEquals": { "aws:PrincipalArn": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::", { "Ref": "AWS::AccountId" }, ":root" ] ] }, "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1", "arn:aws:iam::123456789012:role/k9-auditor", "arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer", "arn:aws:iam::123456789012:role/app-backend", "arn:aws:iam::123456789012:role/customer-service" ] } }, "Effect": "Deny", "Principal": { "AWS": [ "*", "*" ] }, "Resource": "*", "Sid": "DenyEveryoneElse" } ], "Version": "2012-10-17" }, "Queues": [ { "Ref": "TestQueue6F0069AA" } ] }, "Metadata": { "aws:cdk:path": "K9Example/TestQueue/Policy/Resource" } }, "TestKey4CACAF33": { "Type": "AWS::KMS::Key", "Properties": { "KeyPolicy": { "Statement": [ { "Action": [ "kms:CancelKeyDeletion", "kms:ConnectCustomKeyStore", "kms:CreateAlias", "kms:CreateCustomKeyStore", "kms:CreateGrant", "kms:CreateKey", "kms:DeleteAlias", "kms:DisableKey", "kms:DisableKeyRotation", "kms:DisconnectCustomKeyStore", "kms:EnableKey", "kms:EnableKeyRotation", "kms:PutKeyPolicy", "kms:RetireGrant", "kms:RevokeGrant", "kms:ScheduleKeyDeletion", "kms:TagResource", "kms:UntagResource", "kms:UpdateAlias", "kms:UpdateCustomKeyStore", "kms:UpdateKeyDescription" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "Allow Restricted administer-resource" }, { "Action": [ "kms:DescribeCustomKeyStores", "kms:DescribeKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:GetParametersForImport", "kms:GetPublicKey", "kms:ListAliases", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeys", "kms:ListResourceTags", "kms:ListRetirableGrants" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "Allow Restricted read-config" }, { "Action": [ "kms:Decrypt", "kms:Verify" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:role/app-backend", "arn:aws:iam::123456789012:role/customer-service" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "Allow Restricted read-data" }, { "Action": [ "kms:Encrypt", "kms:GenerateDataKey", "kms:GenerateDataKeyPair", "kms:GenerateDataKeyPairWithoutPlaintext", "kms:GenerateDataKeyWithoutPlaintext", "kms:GenerateRandom", "kms:ImportKeyMaterial", "kms:ReEncryptFrom", "kms:ReEncryptTo", "kms:Sign" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:role/app-backend" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "Allow Restricted write-data" }, { "Action": [ "kms:DeleteCustomKeyStore", "kms:DeleteImportedKeyMaterial" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "Allow Restricted delete-data" } ], "Version": "2012-10-17" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "K9Example/TestKey/Resource" } }, "TestTable5769773A": { "Type": "AWS::DynamoDB::GlobalTable", "Properties": { "AttributeDefinitions": [ { "AttributeName": "pk", "AttributeType": "S" } ], "BillingMode": "PAY_PER_REQUEST", "KeySchema": [ { "AttributeName": "pk", "KeyType": "HASH" } ], "Replicas": [ { "Region": { "Ref": "AWS::Region" }, "ResourcePolicy": { "PolicyDocument": { "Statement": [ { "Action": [ "dynamodb:CreateBackup", "dynamodb:DeleteResourcePolicy", "dynamodb:DeleteTableReplica", "dynamodb:DisableKinesisStreamingDestination", "dynamodb:EnableKinesisStreamingDestination", "dynamodb:ExportTableToPointInTime", "dynamodb:PutResourcePolicy", "dynamodb:RestoreTableToPointInTime", "dynamodb:TagResource", "dynamodb:UntagResource", "dynamodb:UpdateContinuousBackups", "dynamodb:UpdateContributorInsights", "dynamodb:UpdateKinesisStreamingDestination", "dynamodb:UpdateTable", "dynamodb:UpdateTableReplicaAutoScaling", "dynamodb:UpdateTimeToLive" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "AllowRestrictedAdministerResource" }, { "Action": [ "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeContributorInsights", "dynamodb:DescribeExport", "dynamodb:DescribeKinesisStreamingDestination", "dynamodb:DescribeTable", "dynamodb:DescribeTableReplicaAutoScaling", "dynamodb:DescribeTimeToLive", "dynamodb:GetResourcePolicy", "dynamodb:ListTagsOfResource" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1", "arn:aws:iam::123456789012:role/k9-auditor", "arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "AllowRestrictedReadConfig" }, { "Action": [ "dynamodb:BatchGetItem", "dynamodb:ConditionCheckItem", "dynamodb:GetItem", "dynamodb:PartiQLSelect", "dynamodb:Query", "dynamodb:Scan" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:role/app-backend", "arn:aws:iam::123456789012:role/customer-service" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "AllowRestrictedReadData" }, { "Action": [ "dynamodb:BatchWriteItem", "dynamodb:PartiQLInsert", "dynamodb:PartiQLUpdate", "dynamodb:PutItem", "dynamodb:UpdateItem" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [ "arn:aws:iam::123456789012:role/app-backend" ] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "AllowRestrictedWriteData" }, { "Action": [ "dynamodb:DeleteItem", "dynamodb:DeleteTable", "dynamodb:DeleteTableReplica", "dynamodb:PartiQLDelete" ], "Condition": { "ArnEquals": { "aws:PrincipalArn": [] } }, "Effect": "Allow", "Principal": { "AWS": "*" }, "Resource": "*", "Sid": "AllowRestrictedDeleteData" }, { "Action": "dynamodb:*", "Condition": { "Bool": { "aws:PrincipalIsAWSService": [ "false" ] }, "ArnNotEquals": { "aws:PrincipalArn": [ { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::", { "Ref": "AWS::AccountId" }, ":root" ] ] }, "arn:aws:iam::123456789012:user/ci", "arn:aws:iam::123456789012:user/person1", "arn:aws:iam::123456789012:role/k9-auditor", "arn:aws:iam::123456789012:role/aws-service-role/access-analyzer.amazonaws.com/AWSServiceRoleForAccessAnalyzer", "arn:aws:iam::123456789012:role/app-backend", "arn:aws:iam::123456789012:role/customer-service" ] } }, "Effect": "Deny", "Principal": { "AWS": [ "*", "*" ] }, "Resource": "*", "Sid": "DenyEveryoneElse" } ], "Version": "2012-10-17" } } } ] }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "K9Example/TestTable/Resource" } }, "CDKMetadata": { "Type": "AWS::CDK::Metadata", "Properties": { "Analytics": "v2:deflate64:H4sIAAAAAAAA/02NwQ6CMBBEv8V7WQGN3uXggYui8WpKuyalpY0slZCm/24AE7zszLzJZnLIjgdIN3ygREidGFVDuPVcaMYHegbaQTh5obFnxcv+3CIXZ5QYV7zkyOhNEK4ePU7dYua7PvzFyHRLEEqcixLHyORoeetkDeHOa4OPfGrOxtXczCDGCVRIzndiHimclapXzkZmnURoaPvJU8j2kG4aUirpvO1Vi1At+gWhj+v29gAAAA==" }, "Metadata": { "aws:cdk:path": "K9Example/CDKMetadata/Default" }, "Condition": "CDKMetadataAvailable" } }, "Conditions": { "CDKMetadataAvailable": { "Fn::Or": [ { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "af-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-3" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-4" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-northwest-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-2" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "il-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "sa-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-1" ] } ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-2" ] } ] } }, "Parameters": { "BootstrapVersion": { "Type": "AWS::SSM::Parameter::Value", "Default": "/cdk-bootstrap/hnb659fds/version", "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" } }, "Rules": { "CheckBootstrapVersion": { "Assertions": [ { "Assert": { "Fn::Not": [ { "Fn::Contains": [ [ "1", "2", "3", "4", "5" ], { "Ref": "BootstrapVersion" } ] } ] }, "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." } ] } } }