{ "Description": "(SO0146) Video on Demand on AWS Foundation Solution Implementation. Version v1.3.11", "Mappings": { "Send": { "AnonymizedUsage": { "Data": "Yes" } } }, "Parameters": { "emailAddress": { "Type": "String", "AllowedPattern": "^[_A-Za-z0-9-\\+]+(\\.[_A-Za-z0-9-]+)*@[A-Za-z0-9-]+(\\.[A-Za-z0-9]+)*(\\.[A-Za-z]{2,})$", "Description": "The admin email address to receive SNS notifications for job status." } }, "Resources": { "Logs6819BB44": { "Type": "AWS::S3::Bucket", "Properties": { "AccessControl": "LogDeliveryWrite", "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "OwnershipControls": { "Rules": [ { "ObjectOwnership": "ObjectWriter" } ] }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true }, "VersioningConfiguration": { "Status": "Enabled" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W35", "reason": "Logs bucket does not require logging configuration" }, { "id": "W51", "reason": "Logs bucket is private and does not require a bucket policy" } ] }, "cdk_nag": { "rules_to_suppress": [ { "reason": "Used to store access logs for other buckets", "id": "AwsSolutions-S1" }, { "reason": "Bucket is private and is not using HTTP", "id": "AwsSolutions-S10" } ] } } }, "LogsPolicy90DB40C9": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "Logs6819BB44" }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "Logs6819BB44", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "Logs6819BB44", "Arn" ] }, "/*" ] ] } ] } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "VodFoundation/Logs/Policy/Resource" } }, "Source71E471F1": { "Type": "AWS::S3::Bucket", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "LoggingConfiguration": { "DestinationBucketName": { "Ref": "Logs6819BB44" }, "LogFilePrefix": "source-bucket-logs/" }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true }, "VersioningConfiguration": { "Status": "Enabled" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W51", "reason": "source bucket is private and does not require a bucket policy" } ] }, "cdk_nag": { "rules_to_suppress": [ { "reason": "Bucket is private and is not using HTTP", "id": "AwsSolutions-S10" } ] } } }, "SourcePolicyE5AB5F73": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "Source71E471F1" }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "Source71E471F1", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "Source71E471F1", "Arn" ] }, "/*" ] ] } ] } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "VodFoundation/Source/Policy/Resource" } }, "Destination920A3C57": { "Type": "AWS::S3::Bucket", "Properties": { "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { "ServerSideEncryptionByDefault": { "SSEAlgorithm": "AES256" } } ] }, "CorsConfiguration": { "CorsRules": [ { "AllowedHeaders": [ "*" ], "AllowedMethods": [ "GET" ], "AllowedOrigins": [ "*" ], "MaxAge": 3000 } ] }, "LoggingConfiguration": { "DestinationBucketName": { "Ref": "Logs6819BB44" }, "LogFilePrefix": "destination-bucket-logs/" }, "PublicAccessBlockConfiguration": { "BlockPublicAcls": true, "BlockPublicPolicy": true, "IgnorePublicAcls": true, "RestrictPublicBuckets": true }, "VersioningConfiguration": { "Status": "Enabled" } }, "UpdateReplacePolicy": "Retain", "DeletionPolicy": "Retain", "Metadata": { "aws:cdk:path": "VodFoundation/Destination/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "Bucket is private and is not using HTTP", "id": "AwsSolutions-S10" } ] } } }, "DestinationPolicy7982387E": { "Type": "AWS::S3::BucketPolicy", "Properties": { "Bucket": { "Ref": "Destination920A3C57" }, "PolicyDocument": { "Statement": [ { "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": [ { "Fn::GetAtt": [ "Destination920A3C57", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "Destination920A3C57", "Arn" ] }, "/*" ] ] } ] }, { "Action": "s3:GetObject", "Condition": { "StringEquals": { "AWS:SourceArn": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":cloudfront::", { "Ref": "AWS::AccountId" }, ":distribution/", { "Ref": "CloudFrontCloudFrontDistribution824F3346" } ] ] } } }, "Effect": "Allow", "Principal": { "Service": "cloudfront.amazonaws.com" }, "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "Destination920A3C57", "Arn" ] }, "/*" ] ] } } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "VodFoundation/Destination/Policy/Resource", "cfn_nag": { "rules_to_suppress": [ { "id": "F16", "reason": "Public website bucket policy requires a wildcard principal" } ] }, "cdk_nag": { "rules_to_suppress": [ { "reason": "Bucket is private and is not using HTTP", "id": "AwsSolutions-S10" } ] } } }, "CloudFrontCloudFrontOac36AB834C": { "Type": "AWS::CloudFront::OriginAccessControl", "Properties": { "OriginAccessControlConfig": { "Description": "Origin access control provisioned by aws-cloudfront-s3", "Name": { "Fn::Join": [ "", [ "aws-cloudfront-s3-ClouFront-", { "Fn::Select": [ 2, { "Fn::Split": [ "/", { "Ref": "AWS::StackId" } ] } ] } ] ] }, "OriginAccessControlOriginType": "s3", "SigningBehavior": "always", "SigningProtocol": "sigv4" } }, "Metadata": { "aws:cdk:path": "VodFoundation/CloudFront/CloudFrontOac" } }, "CloudFrontCloudFrontDistribution824F3346": { "Type": "AWS::CloudFront::Distribution", "Properties": { "DistributionConfig": { "Comment": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, " Video on Demand Foundation" ] ] }, "DefaultCacheBehavior": { "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6", "Compress": true, "TargetOriginId": "VodFoundationCloudFrontCloudFrontDistributionOrigin1F191A578", "ViewerProtocolPolicy": "redirect-to-https" }, "DefaultRootObject": "index.html", "Enabled": true, "HttpVersion": "http2", "IPV6Enabled": true, "Logging": { "Bucket": { "Fn::GetAtt": [ "Logs6819BB44", "RegionalDomainName" ] }, "Prefix": "cloudfront-logs/" }, "Origins": [ { "DomainName": { "Fn::GetAtt": [ "Destination920A3C57", "RegionalDomainName" ] }, "Id": "VodFoundationCloudFrontCloudFrontDistributionOrigin1F191A578", "OriginAccessControlId": { "Fn::GetAtt": [ "CloudFrontCloudFrontOac36AB834C", "Id" ] }, "S3OriginConfig": { "OriginAccessIdentity": "" } } ] } }, "Metadata": { "aws:cdk:path": "VodFoundation/CloudFront/CloudFrontDistribution/Resource", "cfn_nag": { "rules_to_suppress": [ { "id": "W70", "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion" } ] }, "cdk_nag": { "rules_to_suppress": [ { "reason": "Use case does not warrant CloudFront Geo restriction", "id": "AwsSolutions-CFR1" }, { "reason": "Use case does not warrant CloudFront integration with AWS WAF", "id": "AwsSolutions-CFR2" }, { "reason": "CloudFront automatically sets the security policy to TLSv1 when the distribution uses the CloudFront domain name", "id": "AwsSolutions-CFR4" }, { "reason": "False alarm. The AWS-cloudfront-s3 solutions construct provides Origin-Access-Control by default.", "id": "AwsSolutions-CFR7" } ] } } }, "MediaConvertRole031A64A9": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "mediaconvert.amazonaws.com" } } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "VodFoundation/MediaConvertRole/Resource" } }, "MediaconvertPolicy9E3026EC": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": [ { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "Source71E471F1", "Arn" ] }, "/*" ] ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "Destination920A3C57", "Arn" ] }, "/*" ] ] } ] }, { "Action": "execute-api:Invoke", "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":execute-api:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":*" ] ] } } ], "Version": "2012-10-17" }, "PolicyName": "MediaconvertPolicy9E3026EC", "Roles": [ { "Ref": "MediaConvertRole031A64A9" } ] }, "Metadata": { "aws:cdk:path": "VodFoundation/MediaconvertPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "/* required to get/put objects to S3", "id": "AwsSolutions-IAM5" } ] } } }, "CustomResourceRoleAB1EF463": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "VodFoundation/CustomResourceRole/Resource" } }, "CustomResourcePolicy79526710": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "s3:PutObject", "s3:PutBucketNotification" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "Source71E471F1", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "Source71E471F1", "Arn" ] }, "/*" ] ] } ] }, { "Action": "mediaconvert:DescribeEndpoints", "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:aws:mediaconvert:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":*" ] ] } }, { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "CustomResourcePolicy79526710", "Roles": [ { "Ref": "CustomResourceRoleAB1EF463" } ] }, "Metadata": { "aws:cdk:path": "VodFoundation/CustomResourcePolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "Resource ARNs are not generated at the time of policy creation", "id": "AwsSolutions-IAM5" } ] }, "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Resource ARNs are not generated at the time of policy creation" } ] } } }, "CustomResource8CDCD7A7": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "video-on-demand-on-aws-foundation/v1.3.11/assetb1273a816ff7f01dad4d5e316ccbb581b20c840f1bc8995d2ae7473acb3ba768.zip" }, "Description": "CFN Custom resource to copy assets to S3 and get the MediaConvert endpoint", "Environment": { "Variables": { "SOLUTION_IDENTIFIER": "AwsSolution/SO0146/v1.3.11" } }, "Handler": "assetb1273a816ff7f01dad4d5e316ccbb581b20c840f1bc8995d2ae7473acb3ba768/index.handler", "Role": { "Fn::GetAtt": [ "CustomResourceRoleAB1EF463", "Arn" ] }, "Runtime": "nodejs22.x", "Timeout": 30 }, "DependsOn": [ "CustomResourcePolicy79526710", "CustomResourceRoleAB1EF463" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Invalid warning: function has access to cloudwatch" }, { "id": "W89", "reason": "Invalid warning: lambda not needed in VPC" }, { "id": "W92", "reason": "Invalid warning: lambda does not need ReservedConcurrentExecutions" } ] } } }, "Endpoint": { "Type": "AWS::CloudFormation::CustomResource", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "CustomResource8CDCD7A7", "Arn" ] } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "VodFoundation/Endpoint/Default" } }, "JobSubmitRole4FA8E972": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "VodFoundation/JobSubmitRole/Resource" } }, "JobSubmitRoleDefaultPolicy20E077D9": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sns:Publish", "Effect": "Allow", "Resource": { "Ref": "NotificationSnsTopicB941FD22" } } ], "Version": "2012-10-17" }, "PolicyName": "JobSubmitRoleDefaultPolicy20E077D9", "Roles": [ { "Ref": "JobSubmitRole4FA8E972" } ] }, "Metadata": { "aws:cdk:path": "VodFoundation/JobSubmitRole/DefaultPolicy/Resource" } }, "JobSubmitPolicy098DF0F8": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "iam:PassRole", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ "MediaConvertRole031A64A9", "Arn" ] } }, { "Action": "mediaconvert:CreateJob", "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":mediaconvert:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":*" ] ] } }, { "Action": [ "s3:GetObject", "s3:ListBucket" ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ "Source71E471F1", "Arn" ] }, { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "Source71E471F1", "Arn" ] }, "/*" ] ] } ] }, { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "JobSubmitPolicy098DF0F8", "Roles": [ { "Ref": "JobSubmitRole4FA8E972" } ] }, "Metadata": { "aws:cdk:path": "VodFoundation/JobSubmitPolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "Resource ARNs are not generated at the time of policy creation", "id": "AwsSolutions-IAM5" } ] }, "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Resource ARNs are not generated at the time of policy creation" } ] } } }, "jobSubmitB391E42F": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "video-on-demand-on-aws-foundation/v1.3.11/asseta522f256146e3241e7cf6fd6dfc504fc64bb6413d7988e8a95c59e9e18b375c7.zip" }, "Description": "Submits an Encoding job to MediaConvert", "Environment": { "Variables": { "MEDIACONVERT_ENDPOINT": { "Fn::GetAtt": [ "Endpoint", "Endpoint" ] }, "MEDIACONVERT_ROLE": { "Fn::GetAtt": [ "MediaConvertRole031A64A9", "Arn" ] }, "JOB_SETTINGS": "job-settings.json", "DESTINATION_BUCKET": { "Ref": "Destination920A3C57" }, "SOLUTION_ID": "SO0146", "STACKNAME": { "Ref": "AWS::StackName" }, "SOLUTION_IDENTIFIER": "AwsSolution/SO0146/v1.3.11", "SNS_TOPIC_ARN": { "Ref": "NotificationSnsTopicB941FD22" }, "SNS_TOPIC_NAME": { "Fn::GetAtt": [ "NotificationSnsTopicB941FD22", "TopicName" ] } } }, "Handler": "asseta522f256146e3241e7cf6fd6dfc504fc64bb6413d7988e8a95c59e9e18b375c7/index.handler", "Role": { "Fn::GetAtt": [ "JobSubmitRole4FA8E972", "Arn" ] }, "Runtime": "nodejs22.x", "Timeout": 30 }, "DependsOn": [ "JobSubmitPolicy098DF0F8", "JobSubmitRoleDefaultPolicy20E077D9", "JobSubmitRole4FA8E972" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Invalid warning: function has access to cloudwatch" }, { "id": "W89", "reason": "Invalid warning: lambda not needed in VPC" }, { "id": "W92", "reason": "Invalid warning: lambda does not need ReservedConcurrentExecutions" } ] } } }, "jobSubmitEventInvokeConfig0385F502": { "Type": "AWS::Lambda::EventInvokeConfig", "Properties": { "FunctionName": { "Ref": "jobSubmitB391E42F" }, "MaximumRetryAttempts": 0, "Qualifier": "$LATEST" }, "DependsOn": [ "JobSubmitPolicy098DF0F8", "JobSubmitRoleDefaultPolicy20E077D9", "JobSubmitRole4FA8E972" ], "Metadata": { "aws:cdk:path": "VodFoundation/jobSubmit/EventInvokeConfig/Resource" } }, "jobSubmitS3Trigger3DEB8D7C": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "jobSubmitB391E42F", "Arn" ] }, "Principal": "s3.amazonaws.com", "SourceAccount": { "Ref": "AWS::AccountId" } }, "DependsOn": [ "JobSubmitPolicy098DF0F8", "JobSubmitRoleDefaultPolicy20E077D9", "JobSubmitRole4FA8E972" ], "Metadata": { "aws:cdk:path": "VodFoundation/jobSubmit/S3Trigger" } }, "JobCompleteRole81FD9028": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" } } ], "Version": "2012-10-17" } }, "Metadata": { "aws:cdk:path": "VodFoundation/JobCompleteRole/Resource" } }, "JobCompleteRoleDefaultPolicyD4DC2F12": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "sns:Publish", "Effect": "Allow", "Resource": { "Ref": "NotificationSnsTopicB941FD22" } } ], "Version": "2012-10-17" }, "PolicyName": "JobCompleteRoleDefaultPolicyD4DC2F12", "Roles": [ { "Ref": "JobCompleteRole81FD9028" } ] }, "Metadata": { "aws:cdk:path": "VodFoundation/JobCompleteRole/DefaultPolicy/Resource" } }, "JobCompletePolicyBBFD3892": { "Type": "AWS::IAM::Policy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": "mediaconvert:GetJob", "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":mediaconvert:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":*" ] ] } }, { "Action": [ "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": { "Fn::Join": [ "", [ { "Fn::GetAtt": [ "Source71E471F1", "Arn" ] }, "/*" ] ] } }, { "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow", "Resource": "*" } ], "Version": "2012-10-17" }, "PolicyName": "JobCompletePolicyBBFD3892", "Roles": [ { "Ref": "JobCompleteRole81FD9028" } ] }, "Metadata": { "aws:cdk:path": "VodFoundation/JobCompletePolicy/Resource", "cdk_nag": { "rules_to_suppress": [ { "reason": "Resource ARNs are not generated at the time of policy creation", "id": "AwsSolutions-IAM5" } ] }, "cfn_nag": { "rules_to_suppress": [ { "id": "W12", "reason": "Resource ARNs are not generated at the time of policy creation" } ] } } }, "JobComplete703682D0": { "Type": "AWS::Lambda::Function", "Properties": { "Code": { "S3Bucket": { "Fn::Sub": "solutions-${AWS::Region}" }, "S3Key": "video-on-demand-on-aws-foundation/v1.3.11/asset28b22989af9bcd6eaa97a4788896ecff68f62cbb13a636427f6f3cc3aab422bd.zip" }, "Description": "Triggered by EventBridge,processes completed MediaConvert jobs.", "Environment": { "Variables": { "MEDIACONVERT_ENDPOINT": { "Fn::GetAtt": [ "Endpoint", "Endpoint" ] }, "CLOUDFRONT_DOMAIN": { "Fn::GetAtt": [ "CloudFrontCloudFrontDistribution824F3346", "DomainName" ] }, "SOURCE_BUCKET": { "Ref": "Source71E471F1" }, "JOB_MANIFEST": "jobs-manifest.json", "STACKNAME": { "Ref": "AWS::StackName" }, "METRICS": { "Fn::FindInMap": [ "Send", "AnonymizedUsage", "Data" ] }, "SOLUTION_ID": "SO0146", "VERSION": "v1.3.11", "UUID": { "Fn::GetAtt": [ "Endpoint", "UUID" ] }, "SOLUTION_IDENTIFIER": "AwsSolution/SO0146/v1.3.11", "SNS_TOPIC_ARN": { "Ref": "NotificationSnsTopicB941FD22" }, "SNS_TOPIC_NAME": { "Fn::GetAtt": [ "NotificationSnsTopicB941FD22", "TopicName" ] } } }, "Handler": "asset28b22989af9bcd6eaa97a4788896ecff68f62cbb13a636427f6f3cc3aab422bd/index.handler", "Role": { "Fn::GetAtt": [ "JobCompleteRole81FD9028", "Arn" ] }, "Runtime": "nodejs22.x", "Timeout": 30 }, "DependsOn": [ "JobCompletePolicyBBFD3892", "JobCompleteRoleDefaultPolicyD4DC2F12", "JobCompleteRole81FD9028" ], "Metadata": { "cfn_nag": { "rules_to_suppress": [ { "id": "W58", "reason": "Invalid warning: function has access to cloudwatch" }, { "id": "W89", "reason": "Invalid warning: lambda not needed in VPC" }, { "id": "W92", "reason": "Invalid warning: lambda does not need ReservedConcurrentExecutions" } ] } } }, "JobCompleteEventInvokeConfig692D89BE": { "Type": "AWS::Lambda::EventInvokeConfig", "Properties": { "FunctionName": { "Ref": "JobComplete703682D0" }, "MaximumRetryAttempts": 0, "Qualifier": "$LATEST" }, "DependsOn": [ "JobCompletePolicyBBFD3892", "JobCompleteRoleDefaultPolicyD4DC2F12", "JobCompleteRole81FD9028" ], "Metadata": { "aws:cdk:path": "VodFoundation/JobComplete/EventInvokeConfig/Resource" } }, "JobCompleteAwsEventsLambdaInvokePermission1ED79B615": { "Type": "AWS::Lambda::Permission", "Properties": { "Action": "lambda:InvokeFunction", "FunctionName": { "Fn::GetAtt": [ "JobComplete703682D0", "Arn" ] }, "Principal": "events.amazonaws.com", "SourceArn": { "Fn::GetAtt": [ "EventTriggerEventsRule76A88FDF", "Arn" ] } }, "DependsOn": [ "JobCompletePolicyBBFD3892", "JobCompleteRoleDefaultPolicyD4DC2F12", "JobCompleteRole81FD9028" ], "Metadata": { "aws:cdk:path": "VodFoundation/JobComplete/AwsEventsLambdaInvokePermission-1" } }, "S3Config": { "Type": "AWS::CloudFormation::CustomResource", "Properties": { "ServiceToken": { "Fn::GetAtt": [ "CustomResource8CDCD7A7", "Arn" ] }, "SourceBucket": { "Ref": "Source71E471F1" }, "LambdaArn": { "Fn::GetAtt": [ "jobSubmitB391E42F", "Arn" ] } }, "UpdateReplacePolicy": "Delete", "DeletionPolicy": "Delete", "Metadata": { "aws:cdk:path": "VodFoundation/S3Config/Default" } }, "EventTriggerEventsRule76A88FDF": { "Type": "AWS::Events::Rule", "Properties": { "EventPattern": { "source": [ "aws.mediaconvert" ], "detail": { "userMetadata": { "StackName": [ { "Ref": "AWS::StackName" } ] }, "status": [ "COMPLETE", "ERROR", "CANCELED", "INPUT_INFORMATION" ] } }, "State": "ENABLED", "Targets": [ { "Arn": { "Fn::GetAtt": [ "JobComplete703682D0", "Arn" ] }, "Id": "Target0" } ] }, "Metadata": { "aws:cdk:path": "VodFoundation/EventTrigger/EventsRule/Resource" } }, "NotificationSnsTopicB941FD22": { "Type": "AWS::SNS::Topic", "Properties": { "KmsMasterKeyId": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":kms:", { "Ref": "AWS::Region" }, ":", { "Ref": "AWS::AccountId" }, ":alias/aws/sns" ] ] } }, "Metadata": { "aws:cdk:path": "VodFoundation/Notification/SnsTopic/Resource" } }, "NotificationSnsTopicPolicy4027082A": { "Type": "AWS::SNS::TopicPolicy", "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ "SNS:Publish", "SNS:RemovePermission", "SNS:SetTopicAttributes", "SNS:DeleteTopic", "SNS:ListSubscriptionsByTopic", "SNS:GetTopicAttributes", "SNS:Receive", "SNS:AddPermission", "SNS:Subscribe" ], "Condition": { "StringEquals": { "AWS:SourceOwner": { "Ref": "AWS::AccountId" } } }, "Effect": "Allow", "Principal": { "AWS": { "Fn::Join": [ "", [ "arn:", { "Ref": "AWS::Partition" }, ":iam::", { "Ref": "AWS::AccountId" }, ":root" ] ] } }, "Resource": { "Ref": "NotificationSnsTopicB941FD22" }, "Sid": "TopicOwnerOnlyAccess" }, { "Action": [ "SNS:Publish", "SNS:RemovePermission", "SNS:SetTopicAttributes", "SNS:DeleteTopic", "SNS:ListSubscriptionsByTopic", "SNS:GetTopicAttributes", "SNS:Receive", "SNS:AddPermission", "SNS:Subscribe" ], "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Effect": "Deny", "Principal": { "AWS": "*" }, "Resource": { "Ref": "NotificationSnsTopicB941FD22" }, "Sid": "HttpsOnly" } ], "Version": "2012-10-17" }, "Topics": [ { "Ref": "NotificationSnsTopicB941FD22" } ] }, "Metadata": { "aws:cdk:path": "VodFoundation/Notification/SnsTopic/Policy/Resource" } }, "NotificationSnsTopicTokenSubscription1209F3ABA": { "Type": "AWS::SNS::Subscription", "Properties": { "Endpoint": { "Ref": "emailAddress" }, "Protocol": "email", "TopicArn": { "Ref": "NotificationSnsTopicB941FD22" } }, "Metadata": { "aws:cdk:path": "VodFoundation/Notification/SnsTopic/TokenSubscription:1/Resource" } }, "CDKMetadata": { "Type": "AWS::CDK::Metadata", "Properties": { "Analytics": "v2:deflate64:H4sIAAAAAAAA/21RTW/CMAz9LdzTjBVt2nHQbdKkTSDKHaWpQYY2ruIENEX571PajnLYJX7vWfHzRy5DPn+U85m6cqbrc9ZgJUPplD6L4mC+VdehOSa4UVa14MAKdeV94IUMK6/P4FJyREPYUIP6Z5JHPpCVYohCN+TrgyXjZCgOZm3xiGapNTAXZJylRrwhO4uVd0gm1brnUaBqZdhSAynVx8l1QFE0qq1qJcOHN/qvyg2/X8C4T3OhMxRkDtjP+K+4Adsic2/Li71iBsdymYKA9IFl2PqxE99AFGxYhh11qJM2gP6derynpa9YW+z+erznMYotMHmrQfSWpVPH/iKeHbW3XPK+w2vvOu+ieHmS+ew13Zap6VfHmSbDznrt+CElwnSLjBeySOwjsR2Vi2HAymJ9hGzc5/sk7eir18ZVZ2nwQdlRaThGYagGeeKHS57Lx2c5n50YMbPeOGxBbof4C60zzW2FAgAA" }, "Metadata": { "aws:cdk:path": "VodFoundation/CDKMetadata/Default" }, "Condition": "CDKMetadataAvailable" } }, "Outputs": { "SourceBucket": { "Description": "Source S3 Bucket used to host source video and MediaConvert job settings files", "Value": { "Ref": "Source71E471F1" }, "Export": { "Name": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, "-SourceBucket" ] ] } } }, "DestinationBucket": { "Description": "Source S3 Bucket used to host all MediaConvert ouputs", "Value": { "Ref": "Destination920A3C57" }, "Export": { "Name": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, "-DestinationBucket" ] ] } } }, "CloudFrontDomain": { "Description": "CloudFront Domain Name", "Value": { "Fn::GetAtt": [ "CloudFrontCloudFrontDistribution824F3346", "DomainName" ] }, "Export": { "Name": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, "-CloudFrontDomain" ] ] } } }, "SnsTopic": { "Description": "SNS Topic used to capture the VOD workflow outputs including errors", "Value": { "Fn::GetAtt": [ "NotificationSnsTopicB941FD22", "TopicName" ] }, "Export": { "Name": { "Fn::Join": [ "", [ { "Ref": "AWS::StackName" }, "-SnsTopic" ] ] } } } }, "Conditions": { "CDKMetadataAvailable": { "Fn::Or": [ { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "af-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-northeast-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-south-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-3" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ap-southeast-4" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "ca-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "cn-northwest-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-central-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-north-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-south-2" ] } ] }, { "Fn::Or": [ { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "eu-west-3" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "il-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-central-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "me-south-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "sa-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-1" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-east-2" ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-1" ] } ] }, { "Fn::Equals": [ { "Ref": "AWS::Region" }, "us-west-2" ] } ] } } }