diff --git a/src/main.ts b/src/main.ts index ef09886..1cc4237 100644 --- a/src/main.ts +++ b/src/main.ts @@ -32,6 +32,7 @@ import { import { AccessPoint, FileSystem, LifecyclePolicy, PerformanceMode, ThroughputMode } from 'aws-cdk-lib/aws-efs'; import { CfnCacheCluster, CfnSubnetGroup } from 'aws-cdk-lib/aws-elasticache'; import { ManagedPolicy, Role, ServicePrincipal } from 'aws-cdk-lib/aws-iam'; +import * as iam from 'aws-cdk-lib/aws-iam'; import { Key } from 'aws-cdk-lib/aws-kms'; import { LogGroup } from 'aws-cdk-lib/aws-logs'; import * as opensearch from 'aws-cdk-lib/aws-opensearchservice'; @@ -45,15 +46,14 @@ import { } from 'aws-cdk-lib/aws-rds'; import { Bucket, BucketEncryption } from 'aws-cdk-lib/aws-s3'; import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager'; +import { Topic } from 'aws-cdk-lib/aws-sns'; import * as cfninc from 'aws-cdk-lib/cloudformation-include'; +import * as cr from 'aws-cdk-lib/custom-resources'; import * as cxapi from 'aws-cdk-lib/cx-api'; //import * as cr from 'aws-cdk-lib/custom-resources'; //import * as iam from 'aws-cdk-lib/aws-iam'; import { Construct } from 'constructs'; import { MagentoService } from './magento'; -import { Topic } from 'aws-cdk-lib/aws-sns'; -import * as cr from 'aws-cdk-lib/custom-resources'; -import * as iam from 'aws-cdk-lib/aws-iam'; //https://www.npmjs.com/package/@aws-cdk-containers/ecs-service-extensions?activeTab=readme @@ -116,13 +116,13 @@ export class MagentoStack extends Stack { const enablePrivateLink = this.node.tryGetContext('enablePrivateLink'); if (enablePrivateLink == 'true') { vpc.addInterfaceEndpoint('CWIEndpoint', { service: InterfaceVpcEndpointAwsService.CLOUDWATCH_APPLICATION_INSIGHTS }); - vpc.addInterfaceEndpoint('CWLEndpoint', { service: InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS}); + vpc.addInterfaceEndpoint('CWLEndpoint', { service: InterfaceVpcEndpointAwsService.CLOUDWATCH_LOGS }); vpc.addInterfaceEndpoint('EFSEndpoint', { service: InterfaceVpcEndpointAwsService.ELASTIC_FILESYSTEM }); vpc.addInterfaceEndpoint('SMEndpoint', { service: InterfaceVpcEndpointAwsService.SECRETS_MANAGER }); - vpc.addGatewayEndpoint('S3GatewayEndpoint', {service: GatewayVpcEndpointAwsService.S3 }); - vpc.addInterfaceEndpoint('SSMEndpoint', {service: InterfaceVpcEndpointAwsService.SSM }); - vpc.addInterfaceEndpoint('EC2MessagesEndpoint', {service: InterfaceVpcEndpointAwsService.EC2_MESSAGES }); - vpc.addInterfaceEndpoint('SSMMessagesEndpoint', {service: InterfaceVpcEndpointAwsService.SSM_MESSAGES}); + vpc.addGatewayEndpoint('S3GatewayEndpoint', { service: GatewayVpcEndpointAwsService.S3 }); + vpc.addInterfaceEndpoint('SSMEndpoint', { service: InterfaceVpcEndpointAwsService.SSM }); + vpc.addInterfaceEndpoint('EC2MessagesEndpoint', { service: InterfaceVpcEndpointAwsService.EC2_MESSAGES }); + vpc.addInterfaceEndpoint('SSMMessagesEndpoint', { service: InterfaceVpcEndpointAwsService.SSM_MESSAGES }); } // Secure ecs exec loggings @@ -190,7 +190,7 @@ export class MagentoStack extends Stack { if (contextEc2Cluster == 'yes' || contextEc2Cluster == 'true') { ec2Cluster = true; } - + let asg1: AutoScalingGroup; let cp1: AsgCapacityProvider; @@ -322,7 +322,7 @@ export class MagentoStack extends Stack { }, ], }); //asg1.addToRolePolicy() - + // Set the removal policy for the ASG asg1.applyRemovalPolicy(RemovalPolicy.DESTROY); // Make the ASG depend on the VPC @@ -358,8 +358,6 @@ export class MagentoStack extends Stack { enableManagedTerminationProtection: true, targetCapacityPercent: 100, //do some over-provisionning }); - // Make the capacity provider depend on the ASG - cp1.node.addDependency(asg1); } // Create or Reuse ECS Cluster @@ -392,31 +390,28 @@ export class MagentoStack extends Stack { logging: ExecuteCommandLogging.OVERRIDE, }, }); + cluster.applyRemovalPolicy(RemovalPolicy.DESTROY); //Cast cluster to Cluster instead of ICluster if (ec2Cluster) { //const cluster = cluster as Cluster; cluster.addAsgCapacityProvider(cp1!); // Make the cluster depend on the capacity provider - cluster.node.addDependency(cp1!); + //cluster.node.addDependency(cp1!); } } new CfnOutput(this, 'ClusterName', { value: cluster.clusterName }); - - vpc.applyRemovalPolicy(RemovalPolicy.DESTROY); - cluster.applyRemovalPolicy(RemovalPolicy.DESTROY); - asg1!.applyRemovalPolicy(RemovalPolicy.DESTROY); - // Create the custom resource for cleanup - const cleanupResource = new cr.AwsCustomResource(this, 'RemoveCapacityProvider', { + //const cleanupResource = + new cr.AwsCustomResource(this, 'RemoveCapacityProvider', { onDelete: { service: 'ECS', action: 'putClusterCapacityProviders', parameters: { cluster: cluster.clusterName, capacityProviders: [], - defaultCapacityProviderStrategy: [] + defaultCapacityProviderStrategy: [], }, physicalResourceId: cr.PhysicalResourceId.of('RemoveCapacityProviderResource'), }, @@ -429,7 +424,7 @@ export class MagentoStack extends Stack { }); // Ensure the cleanup resource runs before the cluster is deleted - cluster.node.addDependency(cleanupResource); + //cluster.node.addDependency(cleanupResource); /* @@ -539,9 +534,9 @@ export class MagentoStack extends Stack { // resourceArn: db.clusterArn, // secretArn: db.secret?.secretArn, // database: DB_NAME, - // sql: `GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, - // CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, - // CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON ${DB_NAME}.* + // sql: `GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, + // CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, + // CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON ${DB_NAME}.* // TO '${DB_USER}'@'%'; // FLUSH PRIVILEGES;`, // }, diff --git a/test/__snapshots__/ec2.test.ts.snap b/test/__snapshots__/ec2.test.ts.snap index 91dbdf1..af58beb 100644 --- a/test/__snapshots__/ec2.test.ts.snap +++ b/test/__snapshots__/ec2.test.ts.snap @@ -152,6 +152,12 @@ Object { }, }, "Resources": Object { + "ASGNotificationTopic655E24DD": Object { + "Properties": Object { + "TopicName": "asg-notifications", + }, + "Type": "AWS::SNS::Topic", + }, "AWS679f53fac002430cb0da5b7982bd22872D164C4C": Object { "DependsOn": Array [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", @@ -205,6 +211,7 @@ Object { "Type": "AWS::IAM::Role", }, "Asg1ASG8A2F9427": Object { + "DeletionPolicy": "Delete", "Properties": Object { "LaunchConfigurationName": Object { "Ref": "Asg1LaunchConfig13CB129F", @@ -217,6 +224,19 @@ Object { ], "MinSize": "1", "NewInstancesProtectedFromScaleIn": true, + "NotificationConfigurations": Array [ + Object { + "NotificationTypes": Array [ + "autoscaling:EC2_INSTANCE_LAUNCH", + "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", + "autoscaling:EC2_INSTANCE_TERMINATE", + "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", + ], + "TopicARN": Object { + "Ref": "ASGNotificationTopic655E24DD", + }, + }, + ], "Tags": Array [ Object { "Key": "Name", @@ -235,6 +255,7 @@ Object { "IgnoreUnmodifiedGroupSizeProperties": true, }, }, + "UpdateReplacePolicy": "Delete", }, "Asg1InstanceProfileF0687320": Object { "Properties": Object { @@ -257,7 +278,7 @@ Object { "DeviceName": "/dev/xvda", "Ebs": Object { "DeleteOnTermination": true, - "Encrypted": false, + "Encrypted": true, "VolumeSize": 30, "VolumeType": "gp3", }, @@ -347,6 +368,13 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": "sns:Publish", + "Effect": "Allow", + "Resource": Object { + "Ref": "ASGNotificationTopic655E24DD", + }, + }, Object { "Action": Array [ "ecs:DeregisterContainerInstance", @@ -572,6 +600,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Type": "AWS::ECS::ClusterCapacityProviderAssociations", }, "ClusterEB0386A7": Object { + "DeletionPolicy": "Delete", "Properties": Object { "ClusterName": "magento", "ClusterSettings": Array [ @@ -604,6 +633,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", }, }, "Type": "AWS::ECS::Cluster", + "UpdateReplacePolicy": "Delete", }, "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": Object { "DependsOn": Array [ @@ -1427,8 +1457,9 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Type": "AWS::EFS::MountTarget", }, "MagentoAuroraCluster576B8023": Object { - "DeletionPolicy": "Snapshot", + "DeletionPolicy": "Delete", "Properties": Object { + "BacktrackWindow": 86400, "BackupRetentionPeriod": 14, "CopyTagsToSnapshot": true, "DBClusterParameterGroupName": "default.aurora-mysql8.0", @@ -1436,14 +1467,14 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Ref": "MagentoAuroraClusterSubnets1D05994E", }, "DatabaseName": "magento", - "DeletionProtection": true, + "DeletionProtection": false, "EnableCloudwatchLogsExports": Array [ "error", "general", "slowquery", ], "Engine": "aurora-mysql", - "EngineVersion": "8.0.mysql_aurora.3.03.0", + "EngineVersion": "8.0.mysql_aurora.3.07.1", "MasterUserPassword": Object { "Fn::Join": Array [ "", @@ -1457,7 +1488,6 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], }, "MasterUsername": "magentouser", - "Port": 42, "PreferredBackupWindow": "03:00-04:00", "StorageEncrypted": true, "VpcSecurityGroupIds": Array [ @@ -1470,7 +1500,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], }, "Type": "AWS::RDS::DBCluster", - "UpdateReplacePolicy": "Snapshot", + "UpdateReplacePolicy": "Delete", }, "MagentoAuroraClusterMonitoringRole76A738BF": Object { "Properties": Object { @@ -1768,7 +1798,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], "Essential": true, "Image": Object { - "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:ca4728ab8c88c1b3696d6f5b72909a7d9a92c850e2608d0233de1d0d9c0d0a83", + "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:c7d604857081028bb0c4e58774ea6a1952184e369e2e14c2dfc057904a89c349", }, "LogConfiguration": Object { "LogDriver": "awslogs", @@ -2682,7 +2712,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], "Essential": true, "Image": Object { - "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:ca4728ab8c88c1b3696d6f5b72909a7d9a92c850e2608d0233de1d0d9c0d0a83", + "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:c7d604857081028bb0c4e58774ea6a1952184e369e2e14c2dfc057904a89c349", }, "LogConfiguration": Object { "LogDriver": "awslogs", @@ -3174,6 +3204,66 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", }, "Type": "AWS::ElastiCache::SubnetGroup", }, + "RemoveCapacityProviderABB34814": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + ], + "Properties": Object { + "Delete": Object { + "Fn::Join": Array [ + "", + Array [ + "{\\"service\\":\\"ECS\\",\\"action\\":\\"putClusterCapacityProviders\\",\\"parameters\\":{\\"cluster\\":\\"", + Object { + "Ref": "ClusterEB0386A7", + }, + "\\",\\"capacityProviders\\":[],\\"defaultCapacityProviderStrategy\\":[]},\\"physicalResourceId\\":{\\"id\\":\\"RemoveCapacityProviderResource\\"}}", + ], + ], + }, + "InstallLatestAwsSdk": true, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "AWS679f53fac002430cb0da5b7982bd22872D164C4C", + "Arn", + ], + }, + }, + "Type": "Custom::AWS", + "UpdateReplacePolicy": "Delete", + }, + "RemoveCapacityProviderCustomResourcePolicy6A2F1083": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "ecs:PutClusterCapacityProviders", + "Effect": "Allow", + "Resource": Object { + "Fn::Join": Array [ + "", + Array [ + "arn:aws:ecs:us-east-1:1234567890:cluster/", + Object { + "Ref": "ClusterEB0386A7", + }, + ], + ], + }, + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + "Roles": Array [ + Object { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "TemplatedatavolEAF39683": Object { "Properties": Object { "Name": "datavol", diff --git a/test/__snapshots__/fsx.test.ts.snap b/test/__snapshots__/fsx.test.ts.snap index 04f9ece..601f74a 100644 --- a/test/__snapshots__/fsx.test.ts.snap +++ b/test/__snapshots__/fsx.test.ts.snap @@ -152,6 +152,12 @@ Object { }, }, "Resources": Object { + "ASGNotificationTopic655E24DD": Object { + "Properties": Object { + "TopicName": "asg-notifications", + }, + "Type": "AWS::SNS::Topic", + }, "AWS679f53fac002430cb0da5b7982bd22872D164C4C": Object { "DependsOn": Array [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", @@ -205,6 +211,7 @@ Object { "Type": "AWS::IAM::Role", }, "Asg1ASG8A2F9427": Object { + "DeletionPolicy": "Delete", "Properties": Object { "LaunchConfigurationName": Object { "Ref": "Asg1LaunchConfig13CB129F", @@ -217,6 +224,19 @@ Object { ], "MinSize": "1", "NewInstancesProtectedFromScaleIn": true, + "NotificationConfigurations": Array [ + Object { + "NotificationTypes": Array [ + "autoscaling:EC2_INSTANCE_LAUNCH", + "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", + "autoscaling:EC2_INSTANCE_TERMINATE", + "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", + ], + "TopicARN": Object { + "Ref": "ASGNotificationTopic655E24DD", + }, + }, + ], "Tags": Array [ Object { "Key": "Name", @@ -235,6 +255,7 @@ Object { "IgnoreUnmodifiedGroupSizeProperties": true, }, }, + "UpdateReplacePolicy": "Delete", }, "Asg1InstanceProfileF0687320": Object { "Properties": Object { @@ -257,7 +278,7 @@ Object { "DeviceName": "/dev/xvda", "Ebs": Object { "DeleteOnTermination": true, - "Encrypted": false, + "Encrypted": true, "VolumeSize": 30, "VolumeType": "gp3", }, @@ -347,6 +368,13 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": "sns:Publish", + "Effect": "Allow", + "Resource": Object { + "Ref": "ASGNotificationTopic655E24DD", + }, + }, Object { "Action": Array [ "ecs:DeregisterContainerInstance", @@ -572,6 +600,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Type": "AWS::ECS::ClusterCapacityProviderAssociations", }, "ClusterEB0386A7": Object { + "DeletionPolicy": "Delete", "Properties": Object { "ClusterName": "magento", "ClusterSettings": Array [ @@ -604,6 +633,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", }, }, "Type": "AWS::ECS::Cluster", + "UpdateReplacePolicy": "Delete", }, "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": Object { "DependsOn": Array [ @@ -1345,8 +1375,9 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Type": "AWS::EC2::SecurityGroupIngress", }, "MagentoAuroraCluster576B8023": Object { - "DeletionPolicy": "Snapshot", + "DeletionPolicy": "Delete", "Properties": Object { + "BacktrackWindow": 86400, "BackupRetentionPeriod": 14, "CopyTagsToSnapshot": true, "DBClusterParameterGroupName": "default.aurora-mysql8.0", @@ -1354,14 +1385,14 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Ref": "MagentoAuroraClusterSubnets1D05994E", }, "DatabaseName": "magento", - "DeletionProtection": true, + "DeletionProtection": false, "EnableCloudwatchLogsExports": Array [ "error", "general", "slowquery", ], "Engine": "aurora-mysql", - "EngineVersion": "8.0.mysql_aurora.3.03.0", + "EngineVersion": "8.0.mysql_aurora.3.07.1", "MasterUserPassword": Object { "Fn::Join": Array [ "", @@ -1375,7 +1406,6 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], }, "MasterUsername": "magentouser", - "Port": 42, "PreferredBackupWindow": "03:00-04:00", "StorageEncrypted": true, "VpcSecurityGroupIds": Array [ @@ -1388,7 +1418,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], }, "Type": "AWS::RDS::DBCluster", - "UpdateReplacePolicy": "Snapshot", + "UpdateReplacePolicy": "Delete", }, "MagentoAuroraClusterMonitoringRole76A738BF": Object { "Properties": Object { @@ -1686,7 +1716,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], "Essential": true, "Image": Object { - "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:ca4728ab8c88c1b3696d6f5b72909a7d9a92c850e2608d0233de1d0d9c0d0a83", + "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:c7d604857081028bb0c4e58774ea6a1952184e369e2e14c2dfc057904a89c349", }, "LogConfiguration": Object { "LogDriver": "awslogs", @@ -2570,7 +2600,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], "Essential": true, "Image": Object { - "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:ca4728ab8c88c1b3696d6f5b72909a7d9a92c850e2608d0233de1d0d9c0d0a83", + "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:c7d604857081028bb0c4e58774ea6a1952184e369e2e14c2dfc057904a89c349", }, "LogConfiguration": Object { "LogDriver": "awslogs", @@ -3032,6 +3062,66 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", }, "Type": "AWS::ElastiCache::SubnetGroup", }, + "RemoveCapacityProviderABB34814": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + ], + "Properties": Object { + "Delete": Object { + "Fn::Join": Array [ + "", + Array [ + "{\\"service\\":\\"ECS\\",\\"action\\":\\"putClusterCapacityProviders\\",\\"parameters\\":{\\"cluster\\":\\"", + Object { + "Ref": "ClusterEB0386A7", + }, + "\\",\\"capacityProviders\\":[],\\"defaultCapacityProviderStrategy\\":[]},\\"physicalResourceId\\":{\\"id\\":\\"RemoveCapacityProviderResource\\"}}", + ], + ], + }, + "InstallLatestAwsSdk": true, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "AWS679f53fac002430cb0da5b7982bd22872D164C4C", + "Arn", + ], + }, + }, + "Type": "Custom::AWS", + "UpdateReplacePolicy": "Delete", + }, + "RemoveCapacityProviderCustomResourcePolicy6A2F1083": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "ecs:PutClusterCapacityProviders", + "Effect": "Allow", + "Resource": Object { + "Fn::Join": Array [ + "", + Array [ + "arn:aws:ecs:us-east-1:1234567890:cluster/", + Object { + "Ref": "ClusterEB0386A7", + }, + ], + ], + }, + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + "Roles": Array [ + Object { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "TemplatedatavolEAF39683": Object { "Properties": Object { "Name": "datavol", diff --git a/test/__snapshots__/main-noefs.test.ts.snap b/test/__snapshots__/main-noefs.test.ts.snap index de2ce47..eea9daa 100644 --- a/test/__snapshots__/main-noefs.test.ts.snap +++ b/test/__snapshots__/main-noefs.test.ts.snap @@ -304,6 +304,7 @@ Object { "Type": "AWS::ECS::ClusterCapacityProviderAssociations", }, "ClusterEB0386A7": Object { + "DeletionPolicy": "Delete", "Properties": Object { "ClusterName": "magento", "ClusterSettings": Array [ @@ -336,6 +337,7 @@ Object { }, }, "Type": "AWS::ECS::Cluster", + "UpdateReplacePolicy": "Delete", }, "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": Object { "DependsOn": Array [ @@ -1063,8 +1065,9 @@ Object { "Type": "AWS::EC2::SecurityGroupIngress", }, "MagentoAuroraCluster576B8023": Object { - "DeletionPolicy": "Snapshot", + "DeletionPolicy": "Delete", "Properties": Object { + "BacktrackWindow": 86400, "BackupRetentionPeriod": 14, "CopyTagsToSnapshot": true, "DBClusterParameterGroupName": "default.aurora-mysql8.0", @@ -1072,14 +1075,14 @@ Object { "Ref": "MagentoAuroraClusterSubnets1D05994E", }, "DatabaseName": "magento", - "DeletionProtection": true, + "DeletionProtection": false, "EnableCloudwatchLogsExports": Array [ "error", "general", "slowquery", ], "Engine": "aurora-mysql", - "EngineVersion": "8.0.mysql_aurora.3.03.0", + "EngineVersion": "8.0.mysql_aurora.3.07.1", "MasterUserPassword": Object { "Fn::Join": Array [ "", @@ -1093,7 +1096,6 @@ Object { ], }, "MasterUsername": "magentouser", - "Port": 42, "PreferredBackupWindow": "03:00-04:00", "StorageEncrypted": true, "VpcSecurityGroupIds": Array [ @@ -1106,7 +1108,7 @@ Object { ], }, "Type": "AWS::RDS::DBCluster", - "UpdateReplacePolicy": "Snapshot", + "UpdateReplacePolicy": "Delete", }, "MagentoAuroraClusterMonitoringRole76A738BF": Object { "Properties": Object { @@ -1732,7 +1734,7 @@ Object { ], "Essential": true, "Image": Object { - "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:6ac07be846a6fd105f9e2d20354efe2182e82a1d1dc111f0571700ae4c426f99", + "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:c183cd786316269214916b8910684450a40a6df3706dc42912f4f26c0ff9b070", }, "LogConfiguration": Object { "LogDriver": "awslogs", @@ -2153,7 +2155,68 @@ Object { }, "Type": "AWS::ElastiCache::SubnetGroup", }, + "RemoveCapacityProviderABB34814": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + ], + "Properties": Object { + "Delete": Object { + "Fn::Join": Array [ + "", + Array [ + "{\\"service\\":\\"ECS\\",\\"action\\":\\"putClusterCapacityProviders\\",\\"parameters\\":{\\"cluster\\":\\"", + Object { + "Ref": "ClusterEB0386A7", + }, + "\\",\\"capacityProviders\\":[],\\"defaultCapacityProviderStrategy\\":[]},\\"physicalResourceId\\":{\\"id\\":\\"RemoveCapacityProviderResource\\"}}", + ], + ], + }, + "InstallLatestAwsSdk": true, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "AWS679f53fac002430cb0da5b7982bd22872D164C4C", + "Arn", + ], + }, + }, + "Type": "Custom::AWS", + "UpdateReplacePolicy": "Delete", + }, + "RemoveCapacityProviderCustomResourcePolicy6A2F1083": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "ecs:PutClusterCapacityProviders", + "Effect": "Allow", + "Resource": Object { + "Fn::Join": Array [ + "", + Array [ + "arn:aws:ecs:us-east-1:1234567890:cluster/", + Object { + "Ref": "ClusterEB0386A7", + }, + ], + ], + }, + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + "Roles": Array [ + Object { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "VPCB9E5F0B4": Object { + "DeletionPolicy": "Delete", "Properties": Object { "CidrBlock": "10.0.0.0/16", "EnableDnsHostnames": true, @@ -2167,6 +2230,7 @@ Object { ], }, "Type": "AWS::EC2::VPC", + "UpdateReplacePolicy": "Delete", }, "VPCIGWB7E252D3": Object { "Properties": Object { diff --git a/test/__snapshots__/main.test.ts.snap b/test/__snapshots__/main.test.ts.snap index ef836fa..16e5e5a 100644 --- a/test/__snapshots__/main.test.ts.snap +++ b/test/__snapshots__/main.test.ts.snap @@ -332,6 +332,7 @@ Object { "Type": "AWS::ECS::ClusterCapacityProviderAssociations", }, "ClusterEB0386A7": Object { + "DeletionPolicy": "Delete", "Properties": Object { "ClusterName": "magento", "ClusterSettings": Array [ @@ -364,6 +365,7 @@ Object { }, }, "Type": "AWS::ECS::Cluster", + "UpdateReplacePolicy": "Delete", }, "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": Object { "DependsOn": Array [ @@ -1187,8 +1189,9 @@ Object { "Type": "AWS::EFS::MountTarget", }, "MagentoAuroraCluster576B8023": Object { - "DeletionPolicy": "Snapshot", + "DeletionPolicy": "Delete", "Properties": Object { + "BacktrackWindow": 86400, "BackupRetentionPeriod": 14, "CopyTagsToSnapshot": true, "DBClusterParameterGroupName": "default.aurora-mysql8.0", @@ -1196,14 +1199,14 @@ Object { "Ref": "MagentoAuroraClusterSubnets1D05994E", }, "DatabaseName": "magento", - "DeletionProtection": true, + "DeletionProtection": false, "EnableCloudwatchLogsExports": Array [ "error", "general", "slowquery", ], "Engine": "aurora-mysql", - "EngineVersion": "8.0.mysql_aurora.3.03.0", + "EngineVersion": "8.0.mysql_aurora.3.07.1", "MasterUserPassword": Object { "Fn::Join": Array [ "", @@ -1217,7 +1220,6 @@ Object { ], }, "MasterUsername": "magentouser", - "Port": 42, "PreferredBackupWindow": "03:00-04:00", "StorageEncrypted": true, "VpcSecurityGroupIds": Array [ @@ -1230,7 +1232,7 @@ Object { ], }, "Type": "AWS::RDS::DBCluster", - "UpdateReplacePolicy": "Snapshot", + "UpdateReplacePolicy": "Delete", }, "MagentoAuroraClusterMonitoringRole76A738BF": Object { "Properties": Object { @@ -1516,7 +1518,7 @@ Object { ], "Essential": true, "Image": Object { - "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:ca4728ab8c88c1b3696d6f5b72909a7d9a92c850e2608d0233de1d0d9c0d0a83", + "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:c7d604857081028bb0c4e58774ea6a1952184e369e2e14c2dfc057904a89c349", }, "LogConfiguration": Object { "LogDriver": "awslogs", @@ -2403,7 +2405,7 @@ Object { ], "Essential": true, "Image": Object { - "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:ca4728ab8c88c1b3696d6f5b72909a7d9a92c850e2608d0233de1d0d9c0d0a83", + "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:c7d604857081028bb0c4e58774ea6a1952184e369e2e14c2dfc057904a89c349", }, "LogConfiguration": Object { "LogDriver": "awslogs", @@ -2863,6 +2865,66 @@ Object { }, "Type": "AWS::ElastiCache::SubnetGroup", }, + "RemoveCapacityProviderABB34814": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + ], + "Properties": Object { + "Delete": Object { + "Fn::Join": Array [ + "", + Array [ + "{\\"service\\":\\"ECS\\",\\"action\\":\\"putClusterCapacityProviders\\",\\"parameters\\":{\\"cluster\\":\\"", + Object { + "Ref": "ClusterEB0386A7", + }, + "\\",\\"capacityProviders\\":[],\\"defaultCapacityProviderStrategy\\":[]},\\"physicalResourceId\\":{\\"id\\":\\"RemoveCapacityProviderResource\\"}}", + ], + ], + }, + "InstallLatestAwsSdk": true, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "AWS679f53fac002430cb0da5b7982bd22872D164C4C", + "Arn", + ], + }, + }, + "Type": "Custom::AWS", + "UpdateReplacePolicy": "Delete", + }, + "RemoveCapacityProviderCustomResourcePolicy6A2F1083": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "ecs:PutClusterCapacityProviders", + "Effect": "Allow", + "Resource": Object { + "Fn::Join": Array [ + "", + Array [ + "arn:aws:ecs:us-east-1:1234567890:cluster/", + Object { + "Ref": "ClusterEB0386A7", + }, + ], + ], + }, + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + "Roles": Array [ + Object { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "albSG8D3A1F76": Object { "Properties": Object { "GroupDescription": "allow 80 and 443", @@ -3429,6 +3491,7 @@ Object { "Type": "AWS::ECS::ClusterCapacityProviderAssociations", }, "ClusterEB0386A7": Object { + "DeletionPolicy": "Delete", "Properties": Object { "ClusterName": "magento", "ClusterSettings": Array [ @@ -3461,6 +3524,7 @@ Object { }, }, "Type": "AWS::ECS::Cluster", + "UpdateReplacePolicy": "Delete", }, "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": Object { "DependsOn": Array [ @@ -4284,8 +4348,9 @@ Object { "Type": "AWS::EFS::MountTarget", }, "MagentoAuroraCluster576B8023": Object { - "DeletionPolicy": "Snapshot", + "DeletionPolicy": "Delete", "Properties": Object { + "BacktrackWindow": 86400, "BackupRetentionPeriod": 14, "CopyTagsToSnapshot": true, "DBClusterParameterGroupName": "default.aurora-mysql8.0", @@ -4293,14 +4358,14 @@ Object { "Ref": "MagentoAuroraClusterSubnets1D05994E", }, "DatabaseName": "magento", - "DeletionProtection": true, + "DeletionProtection": false, "EnableCloudwatchLogsExports": Array [ "error", "general", "slowquery", ], "Engine": "aurora-mysql", - "EngineVersion": "8.0.mysql_aurora.3.03.0", + "EngineVersion": "8.0.mysql_aurora.3.07.1", "MasterUserPassword": Object { "Fn::Join": Array [ "", @@ -4314,7 +4379,6 @@ Object { ], }, "MasterUsername": "magentouser", - "Port": 42, "PreferredBackupWindow": "03:00-04:00", "StorageEncrypted": true, "VpcSecurityGroupIds": Array [ @@ -4327,7 +4391,7 @@ Object { ], }, "Type": "AWS::RDS::DBCluster", - "UpdateReplacePolicy": "Snapshot", + "UpdateReplacePolicy": "Delete", }, "MagentoAuroraClusterMonitoringRole76A738BF": Object { "Properties": Object { @@ -4618,7 +4682,7 @@ Object { ], "Essential": true, "Image": Object { - "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:ca4728ab8c88c1b3696d6f5b72909a7d9a92c850e2608d0233de1d0d9c0d0a83", + "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:c7d604857081028bb0c4e58774ea6a1952184e369e2e14c2dfc057904a89c349", }, "LogConfiguration": Object { "LogDriver": "awslogs", @@ -5505,7 +5569,7 @@ Object { ], "Essential": true, "Image": Object { - "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:ca4728ab8c88c1b3696d6f5b72909a7d9a92c850e2608d0233de1d0d9c0d0a83", + "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:c7d604857081028bb0c4e58774ea6a1952184e369e2e14c2dfc057904a89c349", }, "LogConfiguration": Object { "LogDriver": "awslogs", @@ -5965,6 +6029,66 @@ Object { }, "Type": "AWS::ElastiCache::SubnetGroup", }, + "RemoveCapacityProviderABB34814": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + ], + "Properties": Object { + "Delete": Object { + "Fn::Join": Array [ + "", + Array [ + "{\\"service\\":\\"ECS\\",\\"action\\":\\"putClusterCapacityProviders\\",\\"parameters\\":{\\"cluster\\":\\"", + Object { + "Ref": "ClusterEB0386A7", + }, + "\\",\\"capacityProviders\\":[],\\"defaultCapacityProviderStrategy\\":[]},\\"physicalResourceId\\":{\\"id\\":\\"RemoveCapacityProviderResource\\"}}", + ], + ], + }, + "InstallLatestAwsSdk": true, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "AWS679f53fac002430cb0da5b7982bd22872D164C4C", + "Arn", + ], + }, + }, + "Type": "Custom::AWS", + "UpdateReplacePolicy": "Delete", + }, + "RemoveCapacityProviderCustomResourcePolicy6A2F1083": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "ecs:PutClusterCapacityProviders", + "Effect": "Allow", + "Resource": Object { + "Fn::Join": Array [ + "", + Array [ + "arn:aws:ecs:us-east-1:1234567890:cluster/", + Object { + "Ref": "ClusterEB0386A7", + }, + ], + ], + }, + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + "Roles": Array [ + Object { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "albSG8D3A1F76": Object { "Properties": Object { "GroupDescription": "allow 80 and 443", diff --git a/test/__snapshots__/nag.test.ts.snap b/test/__snapshots__/nag.test.ts.snap index 91dbdf1..af58beb 100644 --- a/test/__snapshots__/nag.test.ts.snap +++ b/test/__snapshots__/nag.test.ts.snap @@ -152,6 +152,12 @@ Object { }, }, "Resources": Object { + "ASGNotificationTopic655E24DD": Object { + "Properties": Object { + "TopicName": "asg-notifications", + }, + "Type": "AWS::SNS::Topic", + }, "AWS679f53fac002430cb0da5b7982bd22872D164C4C": Object { "DependsOn": Array [ "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", @@ -205,6 +211,7 @@ Object { "Type": "AWS::IAM::Role", }, "Asg1ASG8A2F9427": Object { + "DeletionPolicy": "Delete", "Properties": Object { "LaunchConfigurationName": Object { "Ref": "Asg1LaunchConfig13CB129F", @@ -217,6 +224,19 @@ Object { ], "MinSize": "1", "NewInstancesProtectedFromScaleIn": true, + "NotificationConfigurations": Array [ + Object { + "NotificationTypes": Array [ + "autoscaling:EC2_INSTANCE_LAUNCH", + "autoscaling:EC2_INSTANCE_LAUNCH_ERROR", + "autoscaling:EC2_INSTANCE_TERMINATE", + "autoscaling:EC2_INSTANCE_TERMINATE_ERROR", + ], + "TopicARN": Object { + "Ref": "ASGNotificationTopic655E24DD", + }, + }, + ], "Tags": Array [ Object { "Key": "Name", @@ -235,6 +255,7 @@ Object { "IgnoreUnmodifiedGroupSizeProperties": true, }, }, + "UpdateReplacePolicy": "Delete", }, "Asg1InstanceProfileF0687320": Object { "Properties": Object { @@ -257,7 +278,7 @@ Object { "DeviceName": "/dev/xvda", "Ebs": Object { "DeleteOnTermination": true, - "Encrypted": false, + "Encrypted": true, "VolumeSize": 30, "VolumeType": "gp3", }, @@ -347,6 +368,13 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Properties": Object { "PolicyDocument": Object { "Statement": Array [ + Object { + "Action": "sns:Publish", + "Effect": "Allow", + "Resource": Object { + "Ref": "ASGNotificationTopic655E24DD", + }, + }, Object { "Action": Array [ "ecs:DeregisterContainerInstance", @@ -572,6 +600,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Type": "AWS::ECS::ClusterCapacityProviderAssociations", }, "ClusterEB0386A7": Object { + "DeletionPolicy": "Delete", "Properties": Object { "ClusterName": "magento", "ClusterSettings": Array [ @@ -604,6 +633,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", }, }, "Type": "AWS::ECS::Cluster", + "UpdateReplacePolicy": "Delete", }, "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": Object { "DependsOn": Array [ @@ -1427,8 +1457,9 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Type": "AWS::EFS::MountTarget", }, "MagentoAuroraCluster576B8023": Object { - "DeletionPolicy": "Snapshot", + "DeletionPolicy": "Delete", "Properties": Object { + "BacktrackWindow": 86400, "BackupRetentionPeriod": 14, "CopyTagsToSnapshot": true, "DBClusterParameterGroupName": "default.aurora-mysql8.0", @@ -1436,14 +1467,14 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", "Ref": "MagentoAuroraClusterSubnets1D05994E", }, "DatabaseName": "magento", - "DeletionProtection": true, + "DeletionProtection": false, "EnableCloudwatchLogsExports": Array [ "error", "general", "slowquery", ], "Engine": "aurora-mysql", - "EngineVersion": "8.0.mysql_aurora.3.03.0", + "EngineVersion": "8.0.mysql_aurora.3.07.1", "MasterUserPassword": Object { "Fn::Join": Array [ "", @@ -1457,7 +1488,6 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], }, "MasterUsername": "magentouser", - "Port": 42, "PreferredBackupWindow": "03:00-04:00", "StorageEncrypted": true, "VpcSecurityGroupIds": Array [ @@ -1470,7 +1500,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], }, "Type": "AWS::RDS::DBCluster", - "UpdateReplacePolicy": "Snapshot", + "UpdateReplacePolicy": "Delete", }, "MagentoAuroraClusterMonitoringRole76A738BF": Object { "Properties": Object { @@ -1768,7 +1798,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], "Essential": true, "Image": Object { - "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:ca4728ab8c88c1b3696d6f5b72909a7d9a92c850e2608d0233de1d0d9c0d0a83", + "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:c7d604857081028bb0c4e58774ea6a1952184e369e2e14c2dfc057904a89c349", }, "LogConfiguration": Object { "LogDriver": "awslogs", @@ -2682,7 +2712,7 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", ], "Essential": true, "Image": Object { - "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:ca4728ab8c88c1b3696d6f5b72909a7d9a92c850e2608d0233de1d0d9c0d0a83", + "Fn::Sub": "1234567890.dkr.ecr.us-east-1.\${AWS::URLSuffix}/cdk-hnb659fds-container-assets-1234567890-us-east-1:c7d604857081028bb0c4e58774ea6a1952184e369e2e14c2dfc057904a89c349", }, "LogConfiguration": Object { "LogDriver": "awslogs", @@ -3174,6 +3204,66 @@ echo ECS_AWSVPC_BLOCK_IMDS=true >> /etc/ecs/ecs.config", }, "Type": "AWS::ElastiCache::SubnetGroup", }, + "RemoveCapacityProviderABB34814": Object { + "DeletionPolicy": "Delete", + "DependsOn": Array [ + "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + ], + "Properties": Object { + "Delete": Object { + "Fn::Join": Array [ + "", + Array [ + "{\\"service\\":\\"ECS\\",\\"action\\":\\"putClusterCapacityProviders\\",\\"parameters\\":{\\"cluster\\":\\"", + Object { + "Ref": "ClusterEB0386A7", + }, + "\\",\\"capacityProviders\\":[],\\"defaultCapacityProviderStrategy\\":[]},\\"physicalResourceId\\":{\\"id\\":\\"RemoveCapacityProviderResource\\"}}", + ], + ], + }, + "InstallLatestAwsSdk": true, + "ServiceToken": Object { + "Fn::GetAtt": Array [ + "AWS679f53fac002430cb0da5b7982bd22872D164C4C", + "Arn", + ], + }, + }, + "Type": "Custom::AWS", + "UpdateReplacePolicy": "Delete", + }, + "RemoveCapacityProviderCustomResourcePolicy6A2F1083": Object { + "Properties": Object { + "PolicyDocument": Object { + "Statement": Array [ + Object { + "Action": "ecs:PutClusterCapacityProviders", + "Effect": "Allow", + "Resource": Object { + "Fn::Join": Array [ + "", + Array [ + "arn:aws:ecs:us-east-1:1234567890:cluster/", + Object { + "Ref": "ClusterEB0386A7", + }, + ], + ], + }, + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "RemoveCapacityProviderCustomResourcePolicy6A2F1083", + "Roles": Array [ + Object { + "Ref": "AWS679f53fac002430cb0da5b7982bd2287ServiceRoleC1EA0FF2", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, "TemplatedatavolEAF39683": Object { "Properties": Object { "Name": "datavol",