From 721683d19669b897c633f38eb426c30a420d1b62 Mon Sep 17 00:00:00 2001 From: Abe Wubshet Date: Tue, 21 May 2024 09:40:56 -0400 Subject: [PATCH] release v1.0.5, rename to Centralized Network Inspection --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- CHANGELOG.md | 9 + CONTRIBUTING.md | 6 +- NOTICE.txt | 2 +- README.md | 36 +- deployment/build-s3-dist.sh | 19 +- deployment/run-unit-tests.sh | 2 +- solution-manifest.yaml | 6 +- ...entralized-network-inspection-solution.ts} | 14 +- source/cdk.json | 2 +- .../__tests__/ec2-manager.spec.ts | 0 .../__tests__/ec2-service.spec.ts | 0 .../firewall-config-validation.spec.ts | 0 .../firewall-invalid-policy-rule-arns.json | 0 .../firewall-invalid-policy-rule-path.json | 0 ...ll-invalid-policy-stateful-rule-group.json | 0 ...l-invalid-policy-stateless-rule-group.json | 0 .../firewall-invalid-policy.json | 0 .../firewallPolicies/firewall-policy-2.json | 0 .../firewall-policy.example.json | 0 .../firewall-invalid-rule-path.json | 0 .../firewall-invalid-rule-group-arn.json | 0 .../firewall-invalid-stateful.json | 0 .../firewall-invalid-stateless.json | 0 .../firewalls-valid/firewall.example.json | 0 .../firewalls/firewall-invalid.json | 0 .../firewalls/firewall-nopolicy.json | 0 .../firewalls/firewall.example.json | 0 .../ruleGroups/drop.rules | 0 .../ruleGroups/empty-rules.example.json | 0 .../ruleGroups/invalid-rulegroup.example.json | 0 .../stateful-domainblock.example.json | 0 .../stateless-fwd-to-stateful.example.json | 0 .../stateless-pass-action.example.json | 0 .../ruleGroups/suricata-rule-reference.json | 0 .../network-firewall-manager.spec.ts | 0 .../network-firewall-service.spec.ts | 6 +- .../__tests__/send-metrics.spec.ts | 6 +- .../__tests__/stringManipulation.spec.ts | 0 .../build.ts | 0 .../firewall-policy.example.json | 0 .../examples/firewalls/firewall.example.json | 0 .../config/examples/ruleGroups/drop.rules | 0 .../stateful-domainblock.example.json | 0 .../stateless-fwd-to-stateful.example.json | 0 .../stateless-pass-action.example.json | 0 .../ruleGroups/suricata-rule-reference.json | 0 .../firewallPolicies/firewall-policy-1.json | 0 .../config/firewalls/firewall-1.json | 0 .../index.ts | 2 +- .../jest.config.js | 2 +- .../lib/common/configReader/config-reader.ts | 0 .../lib/common/firewall-config-validation.ts | 0 .../lib/common/logger.ts | 0 .../lib/common/send-metrics.ts | 6 +- .../lib/common/stringUtils.ts | 0 .../lib/ec2-manager.ts | 0 .../lib/network-firewall-manager.ts | 0 .../lib/service/awsClientConfig.ts | 0 .../lib/service/ec2-service.ts | 0 .../lib/service/network-firewall-service.ts | 0 .../package-lock.json | 203 +- .../package.json | 22 +- .../tsconfig.json | 0 source/jest.config.js | 2 +- ...> centralized-network-inspection.stack.ts} | 45 +- source/package-lock.json | 139 +- source/package.json | 24 +- source/run-all-tests.sh | 2 +- ...-network-inspection-solution.test.ts.snap} | 2174 ++++++++--------- ...lized-network-inspection-solution.test.ts} | 18 +- source/tsconfig.json | 2 +- 72 files changed, 1372 insertions(+), 1379 deletions(-) rename source/bin/{network-firewall-auto-solution.ts => centralized-network-inspection-solution.ts} (74%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/ec2-manager.spec.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/ec2-service.spec.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-config-validation.spec.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-rule-arns.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-rule-path.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-stateful-rule-group.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-stateless-rule-group.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewallPolicies/firewall-policy-2.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewallPolicies/firewall-policy.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewalls-invalid-rule-file/firewall-invalid-rule-path.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewalls-invalid-rule-group-arns/firewall-invalid-rule-group-arn.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewalls-invalid-rule-groups/firewall-invalid-stateful.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewalls-invalid-rule-groups/firewall-invalid-stateless.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewalls-valid/firewall.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewalls/firewall-invalid.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewalls/firewall-nopolicy.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/firewalls/firewall.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/ruleGroups/drop.rules (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/ruleGroups/empty-rules.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/ruleGroups/invalid-rulegroup.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/ruleGroups/stateful-domainblock.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/ruleGroups/stateless-fwd-to-stateful.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/ruleGroups/stateless-pass-action.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/firewall-test-configuration/ruleGroups/suricata-rule-reference.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/network-firewall-manager.spec.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/network-firewall-service.spec.ts (99%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/send-metrics.spec.ts (86%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/__tests__/stringManipulation.spec.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/build.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/config/examples/firewallPolicies/firewall-policy.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/config/examples/firewalls/firewall.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/config/examples/ruleGroups/drop.rules (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/config/examples/ruleGroups/stateful-domainblock.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/config/examples/ruleGroups/stateless-fwd-to-stateful.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/config/examples/ruleGroups/stateless-pass-action.example.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/config/examples/ruleGroups/suricata-rule-reference.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/config/firewallPolicies/firewall-policy-1.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/config/firewalls/firewall-1.json (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/index.ts (98%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/jest.config.js (96%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/lib/common/configReader/config-reader.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/lib/common/firewall-config-validation.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/lib/common/logger.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/lib/common/send-metrics.ts (92%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/lib/common/stringUtils.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/lib/ec2-manager.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/lib/network-firewall-manager.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/lib/service/awsClientConfig.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/lib/service/ec2-service.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/lib/service/network-firewall-service.ts (100%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/package-lock.json (96%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/package.json (75%) rename source/{networkFirewallAutomation => centralizedNetworkInspection}/tsconfig.json (100%) rename source/lib/{network-firewall-automation-solution-stack.ts => centralized-network-inspection.stack.ts} (95%) rename source/test/__snapshots__/{network-firewall-automation-solution.test.ts.snap => centralized-network-inspection-solution.test.ts.snap} (91%) rename source/test/{network-firewall-automation-solution.test.ts => centralized-network-inspection-solution.test.ts} (56%) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index 98d9dd7..d57f275 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -19,7 +19,7 @@ A clear and concise description of what you expected to happen. - [ ] Version: [e.g. v1.0.0] -To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0108) - Firewall Automation for Network Traffic on AWS. Version **v1.0.0**_". +To get the version of the solution, you can look at the description of the created CloudFormation stack. For example, "_(SO0108) - Centralized Network Inspection on AWS. Version **v1.0.0**_". - [ ] Region: [e.g. us-east-1] - [ ] Was the solution modified from the version published on this repository? diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ce23f6..7c2c5ab 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,8 +5,17 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.0.5] - 2024-05 + +### Changed + +- Rename the solution to Centralized Network Inspection on AWS +- Bump up minor versions of dependencies + ## [1.0.4] - 2023-11-10 +### Changed + - Update NodeJS environment for CodeBuild from NodeJS16 to NodeJS18. ## [1.0.3] - 2023-10-27 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 402a626..c93ae0e 100755 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -11,7 +11,7 @@ information to effectively respond to your bug report or contribution. We welcome you to use the GitHub issue tracker to report bugs or suggest features. -When filing an issue, please check [existing open](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/issues), or [recently closed](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already +When filing an issue, please check [existing open](https://github.com/aws-solutions/centralized-network-inspection-on-aws/issues), or [recently closed](https://github.com/aws-solutions/centralized-network-inspection-on-aws/issues?utf8=%E2%9C%93&q=is%3Aissue%20is%3Aclosed%20), issues to make sure somebody else hasn't already reported the issue. Please try to include as much information as you can. Details like these are incredibly useful: * A reproducible test case or series of steps @@ -41,7 +41,7 @@ GitHub provides additional document on [forking a repository](https://help.githu ## Finding contributions to work on -Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels ((enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/labels/help%20wanted) issues is a great place to start. +Looking at the existing issues is a great way to find something to contribute on. As our projects, by default, use the default GitHub issue labels (enhancement/bug/duplicate/help wanted/invalid/question/wontfix), looking at any ['help wanted'](https://github.com/aws-solutions/centralized-network-inspection-on-aws/labels/help%20wanted) issues is a great place to start. ## Code of Conduct @@ -56,6 +56,6 @@ If you discover a potential security issue in this project we ask that you notif ## Licensing -See the [LICENSE](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution. +See the [LICENSE](https://github.com/aws-solutions/centralized-network-inspection-on-aws/blob/main/LICENSE.txt) file for our project's licensing. We will ask you to confirm the licensing of your contribution. We may ask you to sign a [Contributor License Agreement (CLA)](https://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes. \ No newline at end of file diff --git a/NOTICE.txt b/NOTICE.txt index d49613a..9652f65 100755 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -1,4 +1,4 @@ -Firewall Automation for Network Traffic on AWS +Centralized Network Inspection on AWS Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. Licensed under the Apache License Version 2.0 (the "License"). You may not use this file except diff --git a/README.md b/README.md index 10613bc..3123f9e 100755 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -**[Firewall Automation for Network Traffic on AWS](https://aws.amazon.com/solutions/implementations/firewall-automation-for-network-traffic-on-aws)** | **[🚧 Feature request](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/issues/new?assignees=&labels=feature-request%2C+enhancement&template=feature_request.md&title=)** | **[🐛 Bug Report](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/issues/new?assignees=&labels=bug%2C+triage&template=bug_report.md&title=)** +**[Centralized Network Inspection on AWS](https://aws.amazon.com/solutions/implementations/centralized-network-inspection-on-aws)** | **[🚧 Feature request](https://github.com/aws-solutions/centralized-network-inspection-on-aws/issues/new?assignees=&labels=feature-request%2C+enhancement&template=feature_request.md&title=)** | **[🐛 Bug Report](https://github.com/aws-solutions/centralized-network-inspection-on-aws/issues/new?assignees=&labels=bug%2C+triage&template=bug_report.md&title=)** Note: If you want to use the solution without building from source, navigate to Solution Landing Page @@ -17,7 +17,7 @@ Note: If you want to use the solution without building from source, navigate to # Solution Overview -Solution for Firewall Automation for Network Traffic on AWS. +Solution for Centralized Network Inspection on AWS. # Architecture Diagram @@ -35,9 +35,9 @@ cd source/ npm run build ``` -Build the Network Firewall Solution CodeBuild source code +Build the Centralized Network Inspection Solution CodeBuild source code ``` -cd source/networkfirewallAutomation +cd source/centralizedNetworkInspection tsc ``` @@ -46,7 +46,7 @@ Build the templates for custom deployments ``` cd deployments/ chmod +x ./build-s3-dist.sh -./build-s3-dist.sh [SOLUTION_DIST_BUCKET] network-firewall-automation [VERSION_ID] +./build-s3-dist.sh [SOLUTION_DIST_BUCKET] centralized-network-inspection [VERSION_ID] ``` @@ -64,18 +64,18 @@ chmod +x ./run-unit-tests.sh Follow the steps for deploying your custom version of the solution. * Create an S3 bucket with the bucket appended with the region in which the deployment is to be made. example, if the deployment is to be made in us-east-1 create a bucket name as [BUCKET_NAME]-us-east-1. * Create the distribution files using the script provided in the build section above. -* Create the S3 Key in the bucket network-firewall-automation/[VERSION_ID]/ -* Create the S3 Key in the bucket network-firewall-automation/latest/ -* Copy the file ./deployment/regional-s3-assets/network-firewall-automation.zip to the location s3://[BUCKET_NAME]-[REGION]/network-firewall-automation/[VERSION_ID]/ -* Copy the file ./deployment/regional-s3-assets/network-firewall-configuration.zip to the location s3://[BUCKET_NAME]-[REGION]/network-firewall-automation/latest/ +* Create the S3 Key in the bucket centralized-network-inspection/[VERSION_ID]/ +* Create the S3 Key in the bucket centralized-network-inspection/latest/ +* Copy the file ./deployment/regional-s3-assets/centralized-network-inspection.zip to the location s3://[BUCKET_NAME]-[REGION]/centralized-network-inspection/[VERSION_ID]/ +* Copy the file ./deployment/regional-s3-assets/centralized-network-inspection-configuration.zip to the location s3://[BUCKET_NAME]-[REGION]/centralized-network-inspection/latest/ -Once the above steps are completed, use the file ./deployment/global-s3-assets/firewall-automation-for-network-traffic-on-aws.template to create a stack in CloudFormation. +Once the above steps are completed, use the file ./deployment/global-s3-assets/centralized-network-inspection-on-aws.template to create a stack in CloudFormation. # File structure -firewall-automation-for-network-traffic-on-aws consists of: +centralized-network-inspection-on-aws consists of: - CDK constructs to generate necessary resources - Microservices used in the solution @@ -87,14 +87,14 @@ File Structure |build-s3-dist.sh/ [ Build script for create the distribution for the solution.] |-source/ |-bin/ - |-network-firewall-auto-solution.ts [ entry point for CDK app ] + |-centralized-network-inspection-solution.ts [ entry point for CDK app ] |-test/ [ unit tests for CDK constructs ] - |-network-firewall-automation-solution.test.ts [CDK construct for the solution.] + |-centralized-network-inspection-solution.test.ts [CDK construct for the solution.] |-__snapshots__ - |-network-firewall-automation-solution.test.ts.snap [CDK construct template snapshot of unit testing.] + |-centralized-network-inspection-solution.test.ts.snap [CDK construct template snapshot of unit testing.] |-lib/ - |-network-firewall-automation-solution-stack.ts [ CDK construct for the solution. ] - |-networkFirewallAutomation + |-centralized-network-inspection.stack.ts [ CDK construct for the solution. ] + |-centralizedNetworkInspection |-__tests__ |-firewall-test-configuration |-firewalls @@ -166,9 +166,9 @@ File Structure Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-Identifier: Apache-2.0 -See [LICENSE](https://github.com/aws-solutions/firewall-automation-for-network-traffic-on-aws/blob/master/LICENSE.txt) +See [LICENSE](https://github.com/aws-solutions/centralized-network-inspection-on-aws/blob/master/LICENSE.txt) ## Collection of operational metrics -This solution collects anonymous operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/network-firewall-deployment-automations-for-aws-transit-gateway/collection-of-operational-metrics.html). +This solution collects anonymized operational metrics to help AWS improve the quality and features of the solution. For more information, including how to disable this capability, please see the [implementation guide](https://docs.aws.amazon.com/solutions/latest/centralized-network-inspection-on-aws/reference.html). diff --git a/deployment/build-s3-dist.sh b/deployment/build-s3-dist.sh index 088bb6b..e9ccdff 100755 --- a/deployment/build-s3-dist.sh +++ b/deployment/build-s3-dist.sh @@ -87,6 +87,11 @@ for f in $template_dist_dir/*.template.json; do mv -- "$f" "${f%.template.json}.template" done +# Replace references to version +replace="s/%%VERSION%%/$DIST_VERSION/g" +echo "sed -i $replace $template_dist_dir/*.template" +sed -i -e $replace $template_dist_dir/*.template + echo "------------------------------------------------------------------------------" echo "[Packing] Source code artifacts" echo "------------------------------------------------------------------------------" @@ -98,9 +103,9 @@ echo "find $staging_dist_dir -iname "package-lock.json" -type f -exec rm -f "{}" find $staging_dist_dir -iname "package-lock.json" -type f -exec rm -f "{}" \; 2> /dev/null echo "------------------------------------------------------------------------------" -echo "Package Firewall Automation for Network Traffic on AWS node project for Code Build/Deploy stage " +echo "Package Centralized Network Inspection on AWS node project for Code Build/Deploy stage " echo "------------------------------------------------------------------------------" -cd $source_dir/networkFirewallAutomation/ +cd $source_dir/centralizedNetworkInspection/ npm install npm run build npm run zip @@ -109,23 +114,23 @@ if [ "$?" = "1" ]; then exit 1 fi echo "Copy package zip to dist directory" -echo "cp ./dist/network-firewall-automation.zip $build_dist_dir/network-firewall-automation.zip" -cp ./dist/network-firewall-automation.zip $build_dist_dir/network-firewall-automation.zip +echo "cp ./dist/centralized-network-inspection.zip $build_dist_dir/centralized-network-inspection.zip" +cp ./dist/centralized-network-inspection.zip $build_dist_dir/centralized-network-inspection.zip # build regional rule groups zip files for each region echo "Copying network firewall configurations to deployment folder" cd $template_dir -cp -pr $source_dir/networkFirewallAutomation/config/* ./ +cp -pr $source_dir/centralizedNetworkInspection/config/* ./ echo -e "\n Creating a zip file with network firewall configurations" echo -e "\n Building network firewall configuration" -zip -Xr "$build_dist_dir"/network-firewall-configuration.zip ./firewalls ./ruleGroups ./firewallPolicies ./examples +zip -Xr "$build_dist_dir"/centralized-network-inspection-configuration.zip ./firewalls ./ruleGroups ./firewallPolicies ./examples echo "------------------------------------------------------------------------------" echo "[Cleanup] Remove temporary files" echo "------------------------------------------------------------------------------" # cleanup generated files -cd $source_dir/networkFirewallAutomation/ +cd $source_dir/centralizedNetworkInspection/ npm run cleanup:tsc npm run cleanup:dist diff --git a/deployment/run-unit-tests.sh b/deployment/run-unit-tests.sh index 509d05f..32a11bb 100755 --- a/deployment/run-unit-tests.sh +++ b/deployment/run-unit-tests.sh @@ -69,7 +69,7 @@ source_dir="$(cd $PWD/../source; pwd -P)" coverage_reports_top_path=$source_dir/test/coverage-reports #Run the npm install for the lambda projects -run_javascript_test $source_dir/networkFirewallAutomation networkFirewallAutomation +run_javascript_test $source_dir/centralizedNetworkInspection centralizedNetworkInspection run_cdk_project_test $source_dir diff --git a/solution-manifest.yaml b/solution-manifest.yaml index 6060639..e00a2c7 100644 --- a/solution-manifest.yaml +++ b/solution-manifest.yaml @@ -1,9 +1,9 @@ --- id: SO0108 # Solution Id -name: firewall-automation-for-network-traffic-on-aws # trademarked name -version: v1.0.4 # current version of the solution. Used to verify template headers +name: centralized-network-inspection-on-aws # trademarked name +version: v1.0.5 # current version of the solution. Used to verify template headers cloudformation_templates: # This list should match with AWS CloudFormation templates section of IG - - template: firewall-automation-for-network-traffic-on-aws.template + - template: centralized-network-inspection-on-aws.template main_template: true build_environment: build_image: 'aws/codebuild/standard:7.0' # Options include: 'aws/codebuild/standard:5.0','aws/codebuild/standard:6.0','aws/codebuild/standard:7.0','aws/codebuild/amazonlinux2-x86_64-standard:4.0','aws/codebuild/amazonlinux2-x86_64-standard:5.0' \ No newline at end of file diff --git a/source/bin/network-firewall-auto-solution.ts b/source/bin/centralized-network-inspection-solution.ts similarity index 74% rename from source/bin/network-firewall-auto-solution.ts rename to source/bin/centralized-network-inspection-solution.ts index 2b6010f..c33f1a2 100755 --- a/source/bin/network-firewall-auto-solution.ts +++ b/source/bin/centralized-network-inspection-solution.ts @@ -6,9 +6,9 @@ import { App, DefaultStackSynthesizer } from 'aws-cdk-lib'; import { - NetworkFirewallAutomationStack, - NetworkFirewallAutomationStackProps -} from '../lib/network-firewall-automation-solution-stack'; + CentralizedNetworkInspectionStack, + CentralizedNetworkInspectionStackProps +} from '../lib/centralized-network-inspection.stack'; const SOLUTION_VERSION = process.env['DIST_VERSION']; const SOLUTION_NAME = process.env['SOLUTION_NAME']; @@ -19,7 +19,7 @@ const SOLUTION_PROVIDER = 'AWS Solution Development'; const app = new App(); -let NetworkFirewallAutomationStackProperties: NetworkFirewallAutomationStackProps = { +let centralizedNetworkInspectionStackProps: CentralizedNetworkInspectionStackProps = { synthesizer: new DefaultStackSynthesizer({ generateBootstrapVersionRule: false }), @@ -32,8 +32,8 @@ let NetworkFirewallAutomationStackProperties: NetworkFirewallAutomationStackProp description: `(${SOLUTION_ID}) - The AWS CloudFormation template for deployment of the ${SOLUTION_NAME}, Version: ${SOLUTION_VERSION}` }; -new NetworkFirewallAutomationStack( +new CentralizedNetworkInspectionStack( app, - 'firewall-automation-for-network-traffic-on-aws', - NetworkFirewallAutomationStackProperties + 'centralized-network-inspection-on-aws', + centralizedNetworkInspectionStackProps ); diff --git a/source/cdk.json b/source/cdk.json index 9a31f98..5a5f4c7 100755 --- a/source/cdk.json +++ b/source/cdk.json @@ -1,3 +1,3 @@ { - "app": "npx ts-node bin/network-firewall-auto-solution.ts" + "app": "npx ts-node bin/centralized-network-inspection-solution.ts" } diff --git a/source/networkFirewallAutomation/__tests__/ec2-manager.spec.ts b/source/centralizedNetworkInspection/__tests__/ec2-manager.spec.ts similarity index 100% rename from source/networkFirewallAutomation/__tests__/ec2-manager.spec.ts rename to source/centralizedNetworkInspection/__tests__/ec2-manager.spec.ts diff --git a/source/networkFirewallAutomation/__tests__/ec2-service.spec.ts b/source/centralizedNetworkInspection/__tests__/ec2-service.spec.ts similarity index 100% rename from source/networkFirewallAutomation/__tests__/ec2-service.spec.ts rename to source/centralizedNetworkInspection/__tests__/ec2-service.spec.ts diff --git a/source/networkFirewallAutomation/__tests__/firewall-config-validation.spec.ts b/source/centralizedNetworkInspection/__tests__/firewall-config-validation.spec.ts similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-config-validation.spec.ts rename to source/centralizedNetworkInspection/__tests__/firewall-config-validation.spec.ts diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-rule-arns.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-rule-arns.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-rule-arns.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-rule-arns.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-rule-path.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-rule-path.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-rule-path.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-rule-path.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-stateful-rule-group.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-stateful-rule-group.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-stateful-rule-group.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-stateful-rule-group.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-stateless-rule-group.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-stateless-rule-group.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-stateless-rule-group.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy-stateless-rule-group.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-invalid-policy.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-policy-2.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-policy-2.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-policy-2.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-policy-2.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-policy.example.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-policy.example.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewallPolicies/firewall-policy.example.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewallPolicies/firewall-policy.example.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls-invalid-rule-file/firewall-invalid-rule-path.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls-invalid-rule-file/firewall-invalid-rule-path.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls-invalid-rule-file/firewall-invalid-rule-path.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls-invalid-rule-file/firewall-invalid-rule-path.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls-invalid-rule-group-arns/firewall-invalid-rule-group-arn.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls-invalid-rule-group-arns/firewall-invalid-rule-group-arn.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls-invalid-rule-group-arns/firewall-invalid-rule-group-arn.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls-invalid-rule-group-arns/firewall-invalid-rule-group-arn.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls-invalid-rule-groups/firewall-invalid-stateful.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls-invalid-rule-groups/firewall-invalid-stateful.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls-invalid-rule-groups/firewall-invalid-stateful.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls-invalid-rule-groups/firewall-invalid-stateful.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls-invalid-rule-groups/firewall-invalid-stateless.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls-invalid-rule-groups/firewall-invalid-stateless.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls-invalid-rule-groups/firewall-invalid-stateless.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls-invalid-rule-groups/firewall-invalid-stateless.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls-valid/firewall.example.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls-valid/firewall.example.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls-valid/firewall.example.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls-valid/firewall.example.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls/firewall-invalid.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls/firewall-invalid.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls/firewall-invalid.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls/firewall-invalid.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls/firewall-nopolicy.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls/firewall-nopolicy.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls/firewall-nopolicy.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls/firewall-nopolicy.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls/firewall.example.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls/firewall.example.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/firewalls/firewall.example.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/firewalls/firewall.example.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/drop.rules b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/drop.rules similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/drop.rules rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/drop.rules diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/empty-rules.example.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/empty-rules.example.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/empty-rules.example.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/empty-rules.example.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/invalid-rulegroup.example.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/invalid-rulegroup.example.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/invalid-rulegroup.example.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/invalid-rulegroup.example.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/stateful-domainblock.example.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/stateful-domainblock.example.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/stateful-domainblock.example.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/stateful-domainblock.example.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/stateless-fwd-to-stateful.example.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/stateless-fwd-to-stateful.example.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/stateless-fwd-to-stateful.example.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/stateless-fwd-to-stateful.example.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/stateless-pass-action.example.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/stateless-pass-action.example.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/stateless-pass-action.example.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/stateless-pass-action.example.json diff --git a/source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/suricata-rule-reference.json b/source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/suricata-rule-reference.json similarity index 100% rename from source/networkFirewallAutomation/__tests__/firewall-test-configuration/ruleGroups/suricata-rule-reference.json rename to source/centralizedNetworkInspection/__tests__/firewall-test-configuration/ruleGroups/suricata-rule-reference.json diff --git a/source/networkFirewallAutomation/__tests__/network-firewall-manager.spec.ts b/source/centralizedNetworkInspection/__tests__/network-firewall-manager.spec.ts similarity index 100% rename from source/networkFirewallAutomation/__tests__/network-firewall-manager.spec.ts rename to source/centralizedNetworkInspection/__tests__/network-firewall-manager.spec.ts diff --git a/source/networkFirewallAutomation/__tests__/network-firewall-service.spec.ts b/source/centralizedNetworkInspection/__tests__/network-firewall-service.spec.ts similarity index 99% rename from source/networkFirewallAutomation/__tests__/network-firewall-service.spec.ts rename to source/centralizedNetworkInspection/__tests__/network-firewall-service.spec.ts index 9c14203..8e037e1 100644 --- a/source/networkFirewallAutomation/__tests__/network-firewall-service.spec.ts +++ b/source/centralizedNetworkInspection/__tests__/network-firewall-service.spec.ts @@ -314,7 +314,7 @@ jest.mock( LogType: 'ALERT', LogDestinationType: 'CloudWatchLogs', LogDestination: { - logGroup: 'network-firewall-automation-solution', + logGroup: 'centralized-network-inspection-solution', prefix: 'alerts', }, }, @@ -643,7 +643,7 @@ test('Update logging configuration', async () => { { LogType: 'ALERT', LogDestination: { - bucketName: 'network-firewall-automation-solution', + bucketName: 'centralized-network-inspection-solution', prefix: 'alerts', }, LogDestinationType: 'S3', @@ -655,7 +655,7 @@ test('Update logging configuration', async () => { LogDestinationConfigs: [ { LogType: 'ALERT', - LogDestination: { bucketName: 'network-firewall-automation-solution', prefix: 'alerts' }, + LogDestination: { bucketName: 'centralized-network-inspection-solution', prefix: 'alerts' }, LogDestinationType: 'S3', }, ], diff --git a/source/networkFirewallAutomation/__tests__/send-metrics.spec.ts b/source/centralizedNetworkInspection/__tests__/send-metrics.spec.ts similarity index 86% rename from source/networkFirewallAutomation/__tests__/send-metrics.spec.ts rename to source/centralizedNetworkInspection/__tests__/send-metrics.spec.ts index 2728c66..453da23 100644 --- a/source/networkFirewallAutomation/__tests__/send-metrics.spec.ts +++ b/source/centralizedNetworkInspection/__tests__/send-metrics.spec.ts @@ -11,8 +11,8 @@ jest.mock( __esModule: true, SSM: jest.fn().mockReturnValue({ getParameter: jest.fn().mockImplementation(data => { - expect(data).toStrictEqual({ Name: 'network-firewall-solution-uuid-asds' }); - if ('network-firewall-solution-uuid-asds' === data['Name']) { + expect(data).toStrictEqual({ Name: 'centralized-network-inspection-solution-uuid-asds' }); + if ('centralized-network-inspection-solution-uuid-asds' === data['Name']) { return { promise: jest.fn().mockReturnValue({ Parameter: { @@ -62,7 +62,7 @@ jest.mock( test('test sending the metrics when the uuid is already in the parameter store.', async () => { process.env.STACK_ID = 'asds'; - process.env.SEND_ANONYMOUS_METRICS = 'Yes'; + process.env.SEND_ANONYMIZED_METRICS = 'Yes'; await MetricsManager.sendMetrics({ numberOfFirewalls: 1, numberOfPolicies: 1, diff --git a/source/networkFirewallAutomation/__tests__/stringManipulation.spec.ts b/source/centralizedNetworkInspection/__tests__/stringManipulation.spec.ts similarity index 100% rename from source/networkFirewallAutomation/__tests__/stringManipulation.spec.ts rename to source/centralizedNetworkInspection/__tests__/stringManipulation.spec.ts diff --git a/source/networkFirewallAutomation/build.ts b/source/centralizedNetworkInspection/build.ts similarity index 100% rename from source/networkFirewallAutomation/build.ts rename to source/centralizedNetworkInspection/build.ts diff --git a/source/networkFirewallAutomation/config/examples/firewallPolicies/firewall-policy.example.json b/source/centralizedNetworkInspection/config/examples/firewallPolicies/firewall-policy.example.json similarity index 100% rename from source/networkFirewallAutomation/config/examples/firewallPolicies/firewall-policy.example.json rename to source/centralizedNetworkInspection/config/examples/firewallPolicies/firewall-policy.example.json diff --git a/source/networkFirewallAutomation/config/examples/firewalls/firewall.example.json b/source/centralizedNetworkInspection/config/examples/firewalls/firewall.example.json similarity index 100% rename from source/networkFirewallAutomation/config/examples/firewalls/firewall.example.json rename to source/centralizedNetworkInspection/config/examples/firewalls/firewall.example.json diff --git a/source/networkFirewallAutomation/config/examples/ruleGroups/drop.rules b/source/centralizedNetworkInspection/config/examples/ruleGroups/drop.rules similarity index 100% rename from source/networkFirewallAutomation/config/examples/ruleGroups/drop.rules rename to source/centralizedNetworkInspection/config/examples/ruleGroups/drop.rules diff --git a/source/networkFirewallAutomation/config/examples/ruleGroups/stateful-domainblock.example.json b/source/centralizedNetworkInspection/config/examples/ruleGroups/stateful-domainblock.example.json similarity index 100% rename from source/networkFirewallAutomation/config/examples/ruleGroups/stateful-domainblock.example.json rename to source/centralizedNetworkInspection/config/examples/ruleGroups/stateful-domainblock.example.json diff --git a/source/networkFirewallAutomation/config/examples/ruleGroups/stateless-fwd-to-stateful.example.json b/source/centralizedNetworkInspection/config/examples/ruleGroups/stateless-fwd-to-stateful.example.json similarity index 100% rename from source/networkFirewallAutomation/config/examples/ruleGroups/stateless-fwd-to-stateful.example.json rename to source/centralizedNetworkInspection/config/examples/ruleGroups/stateless-fwd-to-stateful.example.json diff --git a/source/networkFirewallAutomation/config/examples/ruleGroups/stateless-pass-action.example.json b/source/centralizedNetworkInspection/config/examples/ruleGroups/stateless-pass-action.example.json similarity index 100% rename from source/networkFirewallAutomation/config/examples/ruleGroups/stateless-pass-action.example.json rename to source/centralizedNetworkInspection/config/examples/ruleGroups/stateless-pass-action.example.json diff --git a/source/networkFirewallAutomation/config/examples/ruleGroups/suricata-rule-reference.json b/source/centralizedNetworkInspection/config/examples/ruleGroups/suricata-rule-reference.json similarity index 100% rename from source/networkFirewallAutomation/config/examples/ruleGroups/suricata-rule-reference.json rename to source/centralizedNetworkInspection/config/examples/ruleGroups/suricata-rule-reference.json diff --git a/source/networkFirewallAutomation/config/firewallPolicies/firewall-policy-1.json b/source/centralizedNetworkInspection/config/firewallPolicies/firewall-policy-1.json similarity index 100% rename from source/networkFirewallAutomation/config/firewallPolicies/firewall-policy-1.json rename to source/centralizedNetworkInspection/config/firewallPolicies/firewall-policy-1.json diff --git a/source/networkFirewallAutomation/config/firewalls/firewall-1.json b/source/centralizedNetworkInspection/config/firewalls/firewall-1.json similarity index 100% rename from source/networkFirewallAutomation/config/firewalls/firewall-1.json rename to source/centralizedNetworkInspection/config/firewalls/firewall-1.json diff --git a/source/networkFirewallAutomation/index.ts b/source/centralizedNetworkInspection/index.ts similarity index 98% rename from source/networkFirewallAutomation/index.ts rename to source/centralizedNetworkInspection/index.ts index 993a3a7..d58f3b8 100644 --- a/source/networkFirewallAutomation/index.ts +++ b/source/centralizedNetworkInspection/index.ts @@ -5,7 +5,7 @@ /** * @description - * Firewall Automation for Network Traffic on AWS + * Centralized Network Inspection on AWS * @author aws-solutions */ diff --git a/source/networkFirewallAutomation/jest.config.js b/source/centralizedNetworkInspection/jest.config.js similarity index 96% rename from source/networkFirewallAutomation/jest.config.js rename to source/centralizedNetworkInspection/jest.config.js index fc18292..7a7bb1e 100644 --- a/source/networkFirewallAutomation/jest.config.js +++ b/source/centralizedNetworkInspection/jest.config.js @@ -28,7 +28,7 @@ const config = { '**/*.ts', '!**/*.d.ts', '!**/*.spec.ts', - '!./bin/network-firewall-auto-solution.ts', + '!./bin/centralized-network-inspection-solution.ts', '!./build.ts', '!./index.ts', ], diff --git a/source/networkFirewallAutomation/lib/common/configReader/config-reader.ts b/source/centralizedNetworkInspection/lib/common/configReader/config-reader.ts similarity index 100% rename from source/networkFirewallAutomation/lib/common/configReader/config-reader.ts rename to source/centralizedNetworkInspection/lib/common/configReader/config-reader.ts diff --git a/source/networkFirewallAutomation/lib/common/firewall-config-validation.ts b/source/centralizedNetworkInspection/lib/common/firewall-config-validation.ts similarity index 100% rename from source/networkFirewallAutomation/lib/common/firewall-config-validation.ts rename to source/centralizedNetworkInspection/lib/common/firewall-config-validation.ts diff --git a/source/networkFirewallAutomation/lib/common/logger.ts b/source/centralizedNetworkInspection/lib/common/logger.ts similarity index 100% rename from source/networkFirewallAutomation/lib/common/logger.ts rename to source/centralizedNetworkInspection/lib/common/logger.ts diff --git a/source/networkFirewallAutomation/lib/common/send-metrics.ts b/source/centralizedNetworkInspection/lib/common/send-metrics.ts similarity index 92% rename from source/networkFirewallAutomation/lib/common/send-metrics.ts rename to source/centralizedNetworkInspection/lib/common/send-metrics.ts index 38ea016..e947134 100644 --- a/source/networkFirewallAutomation/lib/common/send-metrics.ts +++ b/source/centralizedNetworkInspection/lib/common/send-metrics.ts @@ -23,15 +23,15 @@ export class MetricsManager { static async sendMetrics(data: NetworkFirewallMetrics) { const ssmParameterForUUID = process.env.SSM_PARAM_FOR_UUID ? process.env.SSM_PARAM_FOR_UUID - : 'network-firewall-solution-uuid'; + : 'centralized-network-inspection-solution-uuid'; const stackId = process.env.STACK_ID ? process.env.STACK_ID.slice(process.env.STACK_ID.length - 36) : ''; - const sendAnonymousMetrics = process.env.SEND_ANONYMOUS_METRICS ? process.env.SEND_ANONYMOUS_METRICS : 'No'; + const sendAnonymizedMetrics = process.env.SEND_ANONYMIZED_METRICS ? process.env.SEND_ANONYMIZED_METRICS : 'No'; let uuid = ''; Logger.log(LOG_LEVEL.DEBUG, `ssm parameter uuid key prefix ${ssmParameterForUUID}`) const ssmUUIDKey = `${ssmParameterForUUID}-${stackId}`; Logger.log(LOG_LEVEL.DEBUG, `ssm parameter uuid key ${ssmUUIDKey}`) try { - if (sendAnonymousMetrics.toUpperCase() === 'YES') { + if (sendAnonymizedMetrics.toUpperCase() === 'YES') { let ssmInstance = new SSM({ customUserAgent: process.env.CUSTOM_SDK_USER_AGENT, }); diff --git a/source/networkFirewallAutomation/lib/common/stringUtils.ts b/source/centralizedNetworkInspection/lib/common/stringUtils.ts similarity index 100% rename from source/networkFirewallAutomation/lib/common/stringUtils.ts rename to source/centralizedNetworkInspection/lib/common/stringUtils.ts diff --git a/source/networkFirewallAutomation/lib/ec2-manager.ts b/source/centralizedNetworkInspection/lib/ec2-manager.ts similarity index 100% rename from source/networkFirewallAutomation/lib/ec2-manager.ts rename to source/centralizedNetworkInspection/lib/ec2-manager.ts diff --git a/source/networkFirewallAutomation/lib/network-firewall-manager.ts b/source/centralizedNetworkInspection/lib/network-firewall-manager.ts similarity index 100% rename from source/networkFirewallAutomation/lib/network-firewall-manager.ts rename to source/centralizedNetworkInspection/lib/network-firewall-manager.ts diff --git a/source/networkFirewallAutomation/lib/service/awsClientConfig.ts b/source/centralizedNetworkInspection/lib/service/awsClientConfig.ts similarity index 100% rename from source/networkFirewallAutomation/lib/service/awsClientConfig.ts rename to source/centralizedNetworkInspection/lib/service/awsClientConfig.ts diff --git a/source/networkFirewallAutomation/lib/service/ec2-service.ts b/source/centralizedNetworkInspection/lib/service/ec2-service.ts similarity index 100% rename from source/networkFirewallAutomation/lib/service/ec2-service.ts rename to source/centralizedNetworkInspection/lib/service/ec2-service.ts diff --git a/source/networkFirewallAutomation/lib/service/network-firewall-service.ts b/source/centralizedNetworkInspection/lib/service/network-firewall-service.ts similarity index 100% rename from source/networkFirewallAutomation/lib/service/network-firewall-service.ts rename to source/centralizedNetworkInspection/lib/service/network-firewall-service.ts diff --git a/source/networkFirewallAutomation/package-lock.json b/source/centralizedNetworkInspection/package-lock.json similarity index 96% rename from source/networkFirewallAutomation/package-lock.json rename to source/centralizedNetworkInspection/package-lock.json index d08ad41..b64ea35 100644 --- a/source/networkFirewallAutomation/package-lock.json +++ b/source/centralizedNetworkInspection/package-lock.json @@ -1,12 +1,12 @@ { - "name": "network-firewall", - "version": "1.0.3", + "name": "centralized-network-inspection", + "version": "1.0.5", "lockfileVersion": 3, "requires": true, "packages": { "": { - "name": "network-firewall", - "version": "1.0.3", + "name": "centralized-network-inspection", + "version": "1.0.5", "license": "Apache-2.0", "dependencies": { "aws-sdk": "^2.1482.0", @@ -15,15 +15,15 @@ "uuid": "^9.0.1" }, "devDependencies": { - "@types/jest": "~29.5.5", + "@types/jest": "~29.5.12", "@types/moment": "^2.13.0", - "@types/node": "^20.9.0", - "@types/uuid": "^9.0.6", - "aws-sdk-mock": "^5.1.0", + "@types/node": "^20.12.12", + "@types/uuid": "^9.0.8", + "aws-sdk-mock": "^5.9.0", "jest": "~29.7.0", - "ts-jest": "~29.1.1", - "ts-node": "~10.9.1", - "typescript": "~5.2.2" + "ts-jest": "~29.1.2", + "ts-node": "~10.9.2", + "typescript": "~5.4.5" } }, "node_modules/@ampproject/remapping": { @@ -1059,9 +1059,9 @@ } }, "node_modules/@sinonjs/samsam": { - "version": "7.0.1", - "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-7.0.1.tgz", - "integrity": "sha512-zsAk2Jkiq89mhZovB2LLOdTCxJF4hqqTToGP0ASWlhp4I1hqOjcfmZGafXntCN7MDC6yySH0mFHrYtHceOeLmw==", + "version": "8.0.0", + "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-8.0.0.tgz", + "integrity": "sha512-Bp8KUVlLp8ibJZrnvq2foVhP0IVX2CIprMJPK0vqGqgrDa0OHVKeZyBykqskkrdxV6yKBPmGasO8LVjAKR3Gew==", "dev": true, "dependencies": { "@sinonjs/commons": "^2.0.0", @@ -1183,9 +1183,9 @@ } }, "node_modules/@types/jest": { - "version": "29.5.8", - "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.8.tgz", - "integrity": "sha512-fXEFTxMV2Co8ZF5aYFJv+YeA08RTYJfhtN5c9JSv/mFEMe+xxjufCb+PHL+bJcMs/ebPUsBu+UNTEz+ydXrR6g==", + "version": "29.5.12", + "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "integrity": "sha512-eDC8bTvT/QhYdxJAulQikueigY5AsdBRH2yDKW3yveW7svY3+DzN84/2NUgkw10RTiJbWqZrTtoGVdYlvFJdLw==", "dev": true, "dependencies": { "expect": "^29.0.0", @@ -1203,9 +1203,9 @@ } }, "node_modules/@types/node": { - "version": "20.9.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.9.0.tgz", - "integrity": "sha512-nekiGu2NDb1BcVofVcEKMIwzlx4NjHlcjhoxxKBNLtz15Y1z7MYf549DFvkHSId02Ax6kGwWntIBPC3l/JZcmw==", + "version": "20.12.12", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.12.12.tgz", + "integrity": "sha512-eWLDGF/FOSPtAvEqeRAQ4C8LSA7M1I7i0ky1I8U7kD1J5ITyW3AsRhQrKVoWf5pFKZ2kILsEGJhsI9r93PYnOw==", "dev": true, "dependencies": { "undici-types": "~5.26.4" @@ -1218,24 +1218,24 @@ "dev": true }, "node_modules/@types/uuid": { - "version": "9.0.7", - "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.7.tgz", - "integrity": "sha512-WUtIVRUZ9i5dYXefDEAI7sh9/O7jGvHg7Df/5O/gtH3Yabe5odI3UWopVR1qbPXQtvOxWu3mM4XxlYeZtMWF4g==", + "version": "9.0.8", + "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz", + "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA==", "dev": true }, "node_modules/@types/yargs": { - "version": "17.0.31", - "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.31.tgz", - "integrity": "sha512-bocYSx4DI8TmdlvxqGpVNXOgCNR1Jj0gNPhhAY+iz1rgKDAaYrAYdFYnhDV1IFuiuVc9HkOwyDcFxaTElF3/wg==", + "version": "17.0.30", + "resolved": "https://registry.npmjs.org/@types/yargs/-/yargs-17.0.30.tgz", + "integrity": "sha512-3SJLzYk3yz3EgI9I8OLoH06B3PdXIoU2imrBZzaGqUtUXf5iUNDtmAfCGuQrny1bnmyjh/GM/YNts6WK5jR5Rw==", "dev": true, "dependencies": { "@types/yargs-parser": "*" } }, "node_modules/@types/yargs-parser": { - "version": "21.0.3", - "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.3.tgz", - "integrity": "sha512-I4q9QU9MQv4oEOz4tAHJtNz1cwuLxn2F3xcc2iV5WdqLPpUnj30aUuxt1mAxYTG+oe8CZMV/+6rU4S4gRDzqtQ==", + "version": "21.0.2", + "resolved": "https://registry.npmjs.org/@types/yargs-parser/-/yargs-parser-21.0.2.tgz", + "integrity": "sha512-5qcvofLPbfjmBfKaLfj/+f+Sbd6pN4zl7w7VSVI5uz7m9QZTuB2aZAa2uo1wHFBNN2x6g/SoTkXmd8mQnQF2Cw==", "dev": true }, "node_modules/acorn": { @@ -1363,14 +1363,17 @@ } }, "node_modules/aws-sdk-mock": { - "version": "5.8.0", - "resolved": "https://registry.npmjs.org/aws-sdk-mock/-/aws-sdk-mock-5.8.0.tgz", - "integrity": "sha512-s0Vy4DObFmVJ6h1uTw1LGInOop77oF0JXH2N39Lv+1Wss274EowVk9odhM4Sji4mynXcM5oSu68uYqkJRviDRA==", + "version": "5.9.0", + "resolved": "https://registry.npmjs.org/aws-sdk-mock/-/aws-sdk-mock-5.9.0.tgz", + "integrity": "sha512-kTUXaQQ1CTn3Cwxa2g1XqtCDq+FTEbPl/zgaYCok357f7gbWkeYEegqa5RziTRb11oNIUHrLp9DSHwZT3XdBkA==", "dev": true, "dependencies": { "aws-sdk": "^2.1231.0", - "sinon": "^14.0.1", + "sinon": "^17.0.0", "traverse": "^0.6.6" + }, + "engines": { + "node": ">=18.0.0" } }, "node_modules/aws-sdk/node_modules/uuid": { @@ -1382,9 +1385,9 @@ } }, "node_modules/axios": { - "version": "1.6.1", - "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.1.tgz", - "integrity": "sha512-vfBmhDpKafglh0EldBEbVuoe7DyAavGSLWhuSm5ZSEKQnHhBf0xAAwybbNH1IkrJNGnS/VG4I5yxig1pCEXE4g==", + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.0.tgz", + "integrity": "sha512-EZ1DYihju9pwVB+jg67ogm+Tmqc6JmhamRN6I4Zt8DfZu5lbcQGw3ozH9lFejSJgs/ibaef3A9PMXPLeefFGJg==", "dependencies": { "follow-redirects": "^1.15.0", "form-data": "^4.0.0", @@ -1894,9 +1897,9 @@ } }, "node_modules/diff": { - "version": "5.1.0", - "resolved": "https://registry.npmjs.org/diff/-/diff-5.1.0.tgz", - "integrity": "sha512-D+mk+qE8VC/PAUrlAU34N+VfXev0ghe5ywmpqrawphmVZc1bEfn56uo9qpyGp1p4xpzOHkSW4ztBd6L7Xx4ACw==", + "version": "5.2.0", + "resolved": "https://registry.npmjs.org/diff/-/diff-5.2.0.tgz", + "integrity": "sha512-uIFDxqpRZGZ6ThOk84hEfqWoHx2devRFvpTZcTHur85vImfaxUbTW9Ryh4CpCuDnToOP1CEtXKIgytHBPVff5A==", "dev": true, "engines": { "node": ">=0.3.1" @@ -2072,9 +2075,9 @@ } }, "node_modules/follow-redirects": { - "version": "1.15.3", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz", - "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==", + "version": "1.15.6", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz", + "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==", "funding": [ { "type": "individual", @@ -2491,9 +2494,9 @@ "dev": true }, "node_modules/istanbul-lib-coverage": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz", - "integrity": "sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==", + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.1.tgz", + "integrity": "sha512-opCrKqbthmq3SKZ10mFMQG9dk3fTa3quaOLD35kJa5ejwZHd9xAr+kLuziiZz2cG32s4lMZxNdmdcEQnTDP4+g==", "dev": true, "engines": { "node": ">=8" @@ -3235,9 +3238,9 @@ } }, "node_modules/just-extend": { - "version": "4.2.1", - "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-4.2.1.tgz", - "integrity": "sha512-g3UB796vUFIY90VIv/WX3L2c8CS2MdWUww3CNrYmqza1Fg0DURc2K/O4YrnklBdQarSJ/y8JnJYDGc+1iumQjg==", + "version": "6.2.0", + "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-6.2.0.tgz", + "integrity": "sha512-cYofQu2Xpom82S6qD778jBDpwvvy39s1l/hrYij2u9AMdQcGRpaBu6kY4mVhuno5kJVi1DAz4aiphA2WI1/OAw==", "dev": true }, "node_modules/kleur": { @@ -3440,25 +3443,25 @@ "dev": true }, "node_modules/nise": { - "version": "5.1.5", - "resolved": "https://registry.npmjs.org/nise/-/nise-5.1.5.tgz", - "integrity": "sha512-VJuPIfUFaXNRzETTQEEItTOP8Y171ijr+JLq42wHes3DiryR8vT+1TXQW/Rx8JNUhyYYWyIvjXTU6dOhJcs9Nw==", + "version": "5.1.9", + "resolved": "https://registry.npmjs.org/nise/-/nise-5.1.9.tgz", + "integrity": "sha512-qOnoujW4SV6e40dYxJOb3uvuoPHtmLzIk4TFo+j0jPJoC+5Z9xja5qH5JZobEPsa8+YYphMrOSwnrshEhG2qww==", "dev": true, "dependencies": { - "@sinonjs/commons": "^2.0.0", - "@sinonjs/fake-timers": "^10.0.2", - "@sinonjs/text-encoding": "^0.7.1", - "just-extend": "^4.0.2", - "path-to-regexp": "^1.7.0" + "@sinonjs/commons": "^3.0.0", + "@sinonjs/fake-timers": "^11.2.2", + "@sinonjs/text-encoding": "^0.7.2", + "just-extend": "^6.2.0", + "path-to-regexp": "^6.2.1" } }, - "node_modules/nise/node_modules/@sinonjs/commons": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", - "integrity": "sha512-uLa0j859mMrg2slwQYdO/AkrOfmH+X6LTVmNTS9CqexuE2IvVORIkSpJLqePAbEnKJ77aMmCwr1NUZ57120Xcg==", + "node_modules/nise/node_modules/@sinonjs/fake-timers": { + "version": "11.2.2", + "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "integrity": "sha512-G2piCSxQ7oWOxwGSAyFHfPIsyeJGXYtc6mFbnFA+kRXkiEnTl8c/8jul2S329iFBnDI9HGoeWWAZvuvOkZccgw==", "dev": true, "dependencies": { - "type-detect": "4.0.8" + "@sinonjs/commons": "^3.0.0" } }, "node_modules/node-int64": { @@ -3621,18 +3624,9 @@ "dev": true }, "node_modules/path-to-regexp": { - "version": "1.8.0", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz", - "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==", - "dev": true, - "dependencies": { - "isarray": "0.0.1" - } - }, - "node_modules/path-to-regexp/node_modules/isarray": { - "version": "0.0.1", - "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz", - "integrity": "sha512-D2S+3GLxWH+uhrNEcoh/fnmYeP8E8/zHl644d/jdA0g2uyXvy3sb0qxotE+ne0LtccHknQzWwZEzhak7oJ0COQ==", + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.2.tgz", + "integrity": "sha512-GQX3SSMokngb36+whdpRXE+3f9V8UzyAorlYvOGx87ufGHehNTn5lCxrKtLyZ4Yl/wEKnNnr98ZzOwwDZV5ogw==", "dev": true }, "node_modules/picocolors": { @@ -3866,17 +3860,16 @@ "dev": true }, "node_modules/sinon": { - "version": "14.0.2", - "resolved": "https://registry.npmjs.org/sinon/-/sinon-14.0.2.tgz", - "integrity": "sha512-PDpV0ZI3ZCS3pEqx0vpNp6kzPhHrLx72wA0G+ZLaaJjLIYeE0n8INlgaohKuGy7hP0as5tbUd23QWu5U233t+w==", - "deprecated": "16.1.1", + "version": "17.0.1", + "resolved": "https://registry.npmjs.org/sinon/-/sinon-17.0.1.tgz", + "integrity": "sha512-wmwE19Lie0MLT+ZYNpDymasPHUKTaZHUH/pKEubRXIzySv9Atnlw+BUMGCzWgV7b7wO+Hw6f1TEOr0IUnmU8/g==", "dev": true, "dependencies": { - "@sinonjs/commons": "^2.0.0", - "@sinonjs/fake-timers": "^9.1.2", - "@sinonjs/samsam": "^7.0.1", - "diff": "^5.0.0", - "nise": "^5.1.2", + "@sinonjs/commons": "^3.0.0", + "@sinonjs/fake-timers": "^11.2.2", + "@sinonjs/samsam": "^8.0.0", + "diff": "^5.1.0", + "nise": "^5.1.5", "supports-color": "^7.2.0" }, "funding": { @@ -3884,31 +3877,13 @@ "url": "https://opencollective.com/sinon" } }, - "node_modules/sinon/node_modules/@sinonjs/commons": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-2.0.0.tgz", - "integrity": "sha512-uLa0j859mMrg2slwQYdO/AkrOfmH+X6LTVmNTS9CqexuE2IvVORIkSpJLqePAbEnKJ77aMmCwr1NUZ57120Xcg==", - "dev": true, - "dependencies": { - "type-detect": "4.0.8" - } - }, "node_modules/sinon/node_modules/@sinonjs/fake-timers": { - "version": "9.1.2", - "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz", - "integrity": "sha512-BPS4ynJW/o92PUR4wgriz2Ud5gpST5vz6GQfMixEDK0Z8ZCUv2M7SkBLykH56T++Xs+8ln9zTGbOvNGIe02/jw==", + "version": "11.2.2", + "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-11.2.2.tgz", + "integrity": "sha512-G2piCSxQ7oWOxwGSAyFHfPIsyeJGXYtc6mFbnFA+kRXkiEnTl8c/8jul2S329iFBnDI9HGoeWWAZvuvOkZccgw==", "dev": true, "dependencies": { - "@sinonjs/commons": "^1.7.0" - } - }, - "node_modules/sinon/node_modules/@sinonjs/fake-timers/node_modules/@sinonjs/commons": { - "version": "1.8.6", - "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.6.tgz", - "integrity": "sha512-Ky+XkAkqPZSm3NLBeUng77EBQl3cmeJhITaGHdYH8kjVB+aun3S4XBRti2zt17mtt0mIUDiNxYeoJm6drVvBJQ==", - "dev": true, - "dependencies": { - "type-detect": "4.0.8" + "@sinonjs/commons": "^3.0.0" } }, "node_modules/sisteransi": { @@ -4107,9 +4082,9 @@ } }, "node_modules/ts-jest": { - "version": "29.1.1", - "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.1.tgz", - "integrity": "sha512-D6xjnnbP17cC85nliwGiL+tpoKN0StpgE0TeOjXQTU6MVCfsB4v7aW05CgQ/1OywGb0x/oy9hHFnN+sczTiRaA==", + "version": "29.1.2", + "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.2.tgz", + "integrity": "sha512-br6GJoH/WUX4pu7FbZXuWGKGNDuU7b8Uj77g/Sp7puZV6EXzuByl6JrECvm0MzVzSTkSHWTihsXt+5XYER5b+g==", "dev": true, "dependencies": { "bs-logger": "0.x", @@ -4125,7 +4100,7 @@ "ts-jest": "cli.js" }, "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + "node": "^16.10.0 || ^18.0.0 || >=20.0.0" }, "peerDependencies": { "@babel/core": ">=7.0.0-beta.0 <8", @@ -4183,9 +4158,9 @@ "dev": true }, "node_modules/ts-node": { - "version": "10.9.1", - "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.1.tgz", - "integrity": "sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw==", + "version": "10.9.2", + "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==", "dev": true, "dependencies": { "@cspotcode/source-map-support": "^0.8.0", @@ -4256,9 +4231,9 @@ } }, "node_modules/typescript": { - "version": "5.2.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.2.2.tgz", - "integrity": "sha512-mI4WrpHsbCIcwT9cF4FZvr80QUeKvsUsUvKDoR+X/7XHQH98xYD8YHZg7ANtz2GtZt/CBq2QJ0thkGJMHfqc1w==", + "version": "5.4.5", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.5.tgz", + "integrity": "sha512-vcI4UpRgg81oIRUFwR0WSIHKt11nJ7SAVlYNIu+QpqeyXP+gpQJy/Z4+F0aGxSE4MqwjyXvW/TzgkLAx2AGHwQ==", "dev": true, "bin": { "tsc": "bin/tsc", diff --git a/source/networkFirewallAutomation/package.json b/source/centralizedNetworkInspection/package.json similarity index 75% rename from source/networkFirewallAutomation/package.json rename to source/centralizedNetworkInspection/package.json index 5c3b78a..4f56c0c 100644 --- a/source/networkFirewallAutomation/package.json +++ b/source/centralizedNetworkInspection/package.json @@ -1,7 +1,7 @@ { - "name": "network-firewall", - "version": "1.0.3", - "description": "Firewall Automation for Network Traffic on AWS", + "name": "centralized-network-inspection", + "version": "1.0.5", + "description": "Centralized Network Inspection on AWS", "main": "index.js", "types": "index.d.ts", "author": { @@ -28,17 +28,17 @@ "build:copy": "for file in `find . -name '*.js' | egrep -v '__tests__|node_modules'`;do echo \"Copying $file\"; cp $file dist/$file; done", "build:install": "cp package.json dist/ && cd dist && ls -ltRr && npm install --production", "build": "tsc && npm run build-init && npm run build:copy && npm run build:install", - "zip": "cd dist && zip -rq network-firewall-automation.zip ." + "zip": "cd dist && zip -rq centralized-network-inspection.zip ." }, "devDependencies": { "@types/moment": "^2.13.0", - "@types/uuid": "^9.0.6", - "aws-sdk-mock": "^5.1.0", - "@types/jest": "~29.5.5", - "@types/node": "^20.9.0", + "@types/uuid": "^9.0.8", + "aws-sdk-mock": "^5.9.0", + "@types/jest": "~29.5.12", + "@types/node": "^20.12.12", "jest": "~29.7.0", - "ts-jest": "~29.1.1", - "ts-node": "~10.9.1", - "typescript": "~5.2.2" + "ts-jest": "~29.1.2", + "ts-node": "~10.9.2", + "typescript": "~5.4.5" } } diff --git a/source/networkFirewallAutomation/tsconfig.json b/source/centralizedNetworkInspection/tsconfig.json similarity index 100% rename from source/networkFirewallAutomation/tsconfig.json rename to source/centralizedNetworkInspection/tsconfig.json diff --git a/source/jest.config.js b/source/jest.config.js index 86a4278..9f83d35 100644 --- a/source/jest.config.js +++ b/source/jest.config.js @@ -16,7 +16,7 @@ const config = { // The glob patterns Jest uses to detect test files testMatch: ['**/?(*.)+(spec|test).[t]s?(x)'], // An array of regexp pattern strings that are matched against all test paths, matched tests are skipped - testPathIgnorePatterns: ['/node_modules/', '/networkFirewallAutomation/'], + testPathIgnorePatterns: ['/node_modules/', '/centralizedNetworkInspection/'], // A map from regular expressions to paths to transformers transform: { '^.+\\.(t)sx?$': 'ts-jest', diff --git a/source/lib/network-firewall-automation-solution-stack.ts b/source/lib/centralized-network-inspection.stack.ts similarity index 95% rename from source/lib/network-firewall-automation-solution-stack.ts rename to source/lib/centralized-network-inspection.stack.ts index 788e8c1..ff759c7 100755 --- a/source/lib/network-firewall-automation-solution-stack.ts +++ b/source/lib/centralized-network-inspection.stack.ts @@ -43,7 +43,7 @@ import { } from 'aws-cdk-lib/aws-s3'; import { Construct } from 'constructs'; -export interface NetworkFirewallAutomationStackProps extends StackProps { +export interface CentralizedNetworkInspectionStackProps extends StackProps { solutionId: string; solutionTradeMarkName: string | undefined; solutionProvider: string | undefined; @@ -52,8 +52,8 @@ export interface NetworkFirewallAutomationStackProps extends StackProps { solutionVersion: string | undefined; } -export class NetworkFirewallAutomationStack extends Stack { - constructor(scope: Construct, id: string, props: NetworkFirewallAutomationStackProps) { +export class CentralizedNetworkInspectionStack extends Stack { + constructor(scope: Construct, id: string, props: CentralizedNetworkInspectionStackProps) { super(scope, id, props); /** @@ -188,18 +188,17 @@ export class NetworkFirewallAutomationStack extends Stack { * Mappings - define fixed values */ const mappings = new CfnMapping(this, 'SolutionMapping'); - mappings.setValue('Version', 'Latest', 'latest'); mappings.setValue('Route', 'QuadZero', '0.0.0.0/0'); mappings.setValue('Log', 'Level', 'info'); - mappings.setValue('CodeCommitRepo', 'Name', 'network-firewall-config-repo-'); + mappings.setValue('CodeCommitRepo', 'Name', 'centralized-network-inspection-config-repo-'); mappings.setValue('Metrics', 'URL', 'https://metrics.awssolutionsbuilder.com/generic'); mappings.setValue('Solution', 'Identifier', props.solutionId); mappings.setValue('Solution', 'Version', props.solutionVersion); mappings.setValue('TransitGatewayAttachment', 'ApplianceMode', 'enable'); + mappings.setValue('ParameterKey', 'UniqueId', `Solutions/${props.solutionName}/UUID`); - const send = new CfnMapping(this, 'Send'); - send.setValue('AnonymousUsage', 'Data', 'Yes'); - send.setValue('ParameterKey', 'UniqueId', `Solutions/${props.solutionName}/UUID`); + const sendAnonymizedData = new CfnMapping(this, 'AnonymizedData'); + sendAnonymizedData.setValue('SendAnonymizedData', 'Data', 'Yes'); /** * Conditions - control whether certain resources are created or whether @@ -542,7 +541,7 @@ export class NetworkFirewallAutomationStack extends Stack { codeCommitRepo_cfn_ref.addOverride('Properties.Code.S3.Bucket', `${props.solutionBucket}-${this.region}`); codeCommitRepo_cfn_ref.addOverride( 'Properties.Code.S3.Key', - `${props.solutionName}/${mappings.findInMap('Version', 'Latest')}/network-firewall-configuration.zip` + `${props.solutionName}/%%VERSION%%/centralized-network-inspection-configuration.zip` ); codeCommitRepo_cfn_ref.addOverride('DeletionPolicy', 'Retain'); codeCommitRepo_cfn_ref.addOverride('UpdateReplacePolicy', 'Retain'); @@ -613,11 +612,11 @@ export class NetworkFirewallAutomationStack extends Stack { type: BuildEnvironmentVariableType.PLAINTEXT, }, ['SSM_PARAM_FOR_UUID']: { - value: `/${send.findInMap('ParameterKey', 'UniqueId')}`, + value: `/${mappings.findInMap('ParameterKey', 'UniqueId')}`, type: BuildEnvironmentVariableType.PLAINTEXT, }, - ['SEND_ANONYMOUS_METRICS']: { - value: `${send.findInMap('AnonymousUsage', 'Data')}`, + ['SEND_ANONYMIZED_METRICS']: { + value: `${sendAnonymizedData.findInMap('SendAnonymizedData', 'Data')}`, type: BuildEnvironmentVariableType.PLAINTEXT, }, ['SOLUTION_ID']: { @@ -660,10 +659,10 @@ export class NetworkFirewallAutomationStack extends Stack { commands: [ `cd $current`, `pwd; ls -ltr`, - `echo 'Download Network Firewall Solution Package'`, - `aws s3 cp s3://${codeBuildStagesSourceCodeBucket.bucketName}/$sourceCodeKey/network-firewall-automation.zip $current || true`, - `if [ -f $current/network-firewall-automation.zip ];then exit 0;else echo \"Copy file to s3 bucket\"; aws s3 cp s3://${props.solutionBucket}-${Aws.REGION}/$sourceCodeKey/network-firewall-automation.zip s3://${codeBuildStagesSourceCodeBucket.bucketName}/$sourceCodeKey/network-firewall-automation.zip --copy-props none; aws s3 cp s3://${codeBuildStagesSourceCodeBucket.bucketName}/$sourceCodeKey/network-firewall-automation.zip $current; fi;`, - `unzip -o $current/network-firewall-automation.zip -d $current`, + `echo 'Download Centralized Network Inspection Solution Package'`, + `aws s3 cp s3://${codeBuildStagesSourceCodeBucket.bucketName}/$sourceCodeKey/centralized-network-inspection.zip $current || true`, + `if [ -f $current/centralized-network-inspection.zip ];then exit 0;else echo \"Copy file to s3 bucket\"; aws s3 cp s3://${props.solutionBucket}-${Aws.REGION}/$sourceCodeKey/centralized-network-inspection.zip s3://${codeBuildStagesSourceCodeBucket.bucketName}/$sourceCodeKey/centralized-network-inspection.zip --copy-props none; aws s3 cp s3://${codeBuildStagesSourceCodeBucket.bucketName}/$sourceCodeKey/centralized-network-inspection.zip $current; fi;`, + `unzip -o $current/centralized-network-inspection.zip -d $current`, `pwd; ls -ltr`, ], }, @@ -712,7 +711,7 @@ export class NetworkFirewallAutomationStack extends Stack { effect: Effect.ALLOW, resources: [ Fn.sub('arn:${AWS::Partition}:ssm:${AWS::Region}:${AWS::AccountId}:parameter/${ParameterKey}-*', { - ParameterKey: `${send.findInMap('ParameterKey', 'UniqueId')}`, + ParameterKey: `${mappings.findInMap('ParameterKey', 'UniqueId')}`, }), ], }), @@ -919,9 +918,9 @@ export class NetworkFirewallAutomationStack extends Stack { commands: [ `cd $current`, `pwd; ls -ltr`, - `echo 'Download Network Firewall Solution Package'`, - `aws s3 cp s3://${codeBuildStagesSourceCodeBucket.bucketName}/$sourceCodeKey/network-firewall-automation.zip $current`, - `unzip -o $current/network-firewall-automation.zip -d $current`, + `echo 'Download Centralized Network Inspection Solution Package'`, + `aws s3 cp s3://${codeBuildStagesSourceCodeBucket.bucketName}/$sourceCodeKey/centralized-network-inspection.zip $current`, + `unzip -o $current/centralized-network-inspection.zip -d $current`, `pwd; ls -ltr`, ], }, @@ -949,7 +948,7 @@ export class NetworkFirewallAutomationStack extends Stack { deployProject.role?.attachInlinePolicy(deployStageFirewallLoggingCWPolicy); deployProject.role?.attachInlinePolicy(deployStageModifyTransitGatewayAttachmentPolicy); - const codePipeline = new Pipeline(this, `NetworkFirewallCodePipeline`, { + const codePipeline = new Pipeline(this, `CentralizedNetworkInspectionCodePipeline`, { stages: [ { stageName: 'Source', @@ -993,7 +992,7 @@ export class NetworkFirewallAutomationStack extends Stack { const stack = Stack.of(this); const codePipelineArtifactBucketKmsKeyAlias = stack.node - .findChild('NetworkFirewallCodePipeline') + .findChild('CentralizedNetworkInspectionCodePipeline') .node.findChild('ArtifactsBucketEncryptionKeyAlias').node.defaultChild as CfnAlias; codePipelineArtifactBucketKmsKeyAlias.addPropertyOverride('AliasName', { 'Fn::Join': [ @@ -1081,7 +1080,7 @@ export class NetworkFirewallAutomationStack extends Stack { rules_to_suppress: [ { id: 'W35', - reason: "This S3 bucket is used as the destination for 'NetworkFirewallCodePipelineArtifactsBucket'", + reason: "This S3 bucket is used as the destination for 'CentralizedNetworkInspectionCodePipelineArtifactsBucket'", }, ], }; diff --git a/source/package-lock.json b/source/package-lock.json index a505330..e81ba96 100644 --- a/source/package-lock.json +++ b/source/package-lock.json @@ -1,26 +1,26 @@ { - "name": "network-firewall-automation-solution", - "version": "1.0.3", + "name": "centralized-network-inspection-solution", + "version": "1.0.5", "lockfileVersion": 3, "requires": true, "packages": { "": { - "name": "network-firewall-automation-solution", - "version": "1.0.3", + "name": "centralized-network-inspection-solution", + "version": "1.0.5", "license": "Apache-2.0", "bin": { - "network-firewall-auto-solution": "bin/network-firewall-auto-solution.js" + "centralized-network-inspection-solution": "bin/centralized-network-inspection-solution.js" }, "devDependencies": { - "@types/jest": "~29.5.5", - "@types/node": "^20.9.0", - "aws-cdk": "^2.105.0", - "aws-cdk-lib": "^2.105.0", - "constructs": "^10.0.0", + "@types/jest": "~29.5.12", + "@types/node": "^20.12.12", + "aws-cdk": "^2.142.0", + "aws-cdk-lib": "^2.142.0", + "constructs": "^10.3.0", "jest": "~29.7.0", - "ts-jest": "~29.1.1", - "ts-node": "~10.9.1", - "typescript": "~5.2.2" + "ts-jest": "~29.1.2", + "ts-node": "~10.9.2", + "typescript": "~5.4.5" } }, "node_modules/@ampproject/remapping": { @@ -37,9 +37,9 @@ } }, "node_modules/@aws-cdk/asset-awscli-v1": { - "version": "2.2.201", - "resolved": "https://registry.npmjs.org/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.201.tgz", - "integrity": "sha512-INZqcwDinNaIdb5CtW3ez5s943nX5stGBQS6VOP2JDlOFP81hM3fds/9NDknipqfUkZM43dx+HgVvkXYXXARCQ==", + "version": "2.2.202", + "resolved": "https://registry.npmjs.org/@aws-cdk/asset-awscli-v1/-/asset-awscli-v1-2.2.202.tgz", + "integrity": "sha512-JqlF0D4+EVugnG5dAsNZMqhu3HW7ehOXm5SDMxMbXNDMdsF0pxtQKNHRl52z1U9igsHmaFpUgSGjbhAJ+0JONg==", "dev": true }, "node_modules/@aws-cdk/asset-kubectl-v20": { @@ -49,9 +49,9 @@ "dev": true }, "node_modules/@aws-cdk/asset-node-proxy-agent-v6": { - "version": "2.0.1", - "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.1.tgz", - "integrity": "sha512-DDt4SLdLOwWCjGtltH4VCST7hpOI5DzieuhGZsBpZ+AgJdSI2GCjklCXm0GCTwJG/SolkL5dtQXyUKgg9luBDg==", + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/@aws-cdk/asset-node-proxy-agent-v6/-/asset-node-proxy-agent-v6-2.0.3.tgz", + "integrity": "sha512-twhuEG+JPOYCYPx/xy5uH2+VUsIEhPTzDY0F1KuB+ocjWWB/KEDiOVL19nHvbPCB6fhWnkykXEMJ4HHcKvjtvg==", "dev": true }, "node_modules/@babel/code-frame": { @@ -1172,9 +1172,9 @@ } }, "node_modules/@types/jest": { - "version": "29.5.8", - "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.8.tgz", - "integrity": "sha512-fXEFTxMV2Co8ZF5aYFJv+YeA08RTYJfhtN5c9JSv/mFEMe+xxjufCb+PHL+bJcMs/ebPUsBu+UNTEz+ydXrR6g==", + "version": "29.5.12", + "resolved": "https://registry.npmjs.org/@types/jest/-/jest-29.5.12.tgz", + "integrity": "sha512-eDC8bTvT/QhYdxJAulQikueigY5AsdBRH2yDKW3yveW7svY3+DzN84/2NUgkw10RTiJbWqZrTtoGVdYlvFJdLw==", "dev": true, "dependencies": { "expect": "^29.0.0", @@ -1182,9 +1182,9 @@ } }, "node_modules/@types/node": { - "version": "20.9.0", - "resolved": "https://registry.npmjs.org/@types/node/-/node-20.9.0.tgz", - "integrity": "sha512-nekiGu2NDb1BcVofVcEKMIwzlx4NjHlcjhoxxKBNLtz15Y1z7MYf549DFvkHSId02Ax6kGwWntIBPC3l/JZcmw==", + "version": "20.12.12", + "resolved": "https://registry.npmjs.org/@types/node/-/node-20.12.12.tgz", + "integrity": "sha512-eWLDGF/FOSPtAvEqeRAQ4C8LSA7M1I7i0ky1I8U7kD1J5ITyW3AsRhQrKVoWf5pFKZ2kILsEGJhsI9r93PYnOw==", "dev": true, "dependencies": { "undici-types": "~5.26.4" @@ -1300,9 +1300,9 @@ } }, "node_modules/aws-cdk": { - "version": "2.105.0", - "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.105.0.tgz", - "integrity": "sha512-3ji+HNlCJUJ3o9h430gdRhocmeQrpM49fibXpvj3rvzBwuyWSTe2t8uohMPScSMETv59sHOlZpOdAEd+WwkuHQ==", + "version": "2.142.0", + "resolved": "https://registry.npmjs.org/aws-cdk/-/aws-cdk-2.142.0.tgz", + "integrity": "sha512-vrEO02gY2G+38GIbYpYyR9/+KZV2ZE0MgGG3a515IkU6lHU3CkebxIgsmO4gHwFXNsePwcnAq3HQXhCS8SfXmw==", "dev": true, "bin": { "cdk": "bin/cdk" @@ -1315,9 +1315,9 @@ } }, "node_modules/aws-cdk-lib": { - "version": "2.105.0", - "resolved": "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.105.0.tgz", - "integrity": "sha512-pByAPfRyOzF+AVz56aLUPLhYiRZzfIjyV9Bf2t0X3cpwVW21zVC+8GrQcQwy+zWgFGg3Gx6IVFNio3t8awHXHA==", + "version": "2.142.0", + "resolved": "https://registry.npmjs.org/aws-cdk-lib/-/aws-cdk-lib-2.142.0.tgz", + "integrity": "sha512-WQc+1jk6mC3QrJnWyvZCmjQHcBcsrhSP3rCqLVvDcjOiZIvCRUHXDtkVmB5iUgaf2RhPu15sPwYegkCPpa7afQ==", "bundleDependencies": [ "@balena/dockerignore", "case", @@ -1328,22 +1328,24 @@ "punycode", "semver", "table", - "yaml" + "yaml", + "mime-types" ], "dev": true, "dependencies": { - "@aws-cdk/asset-awscli-v1": "^2.2.200", + "@aws-cdk/asset-awscli-v1": "^2.2.202", "@aws-cdk/asset-kubectl-v20": "^2.1.2", - "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.1", + "@aws-cdk/asset-node-proxy-agent-v6": "^2.0.3", "@balena/dockerignore": "^1.0.2", "case": "1.6.3", - "fs-extra": "^11.1.1", - "ignore": "^5.2.4", + "fs-extra": "^11.2.0", + "ignore": "^5.3.1", "jsonschema": "^1.4.1", + "mime-types": "^2.1.35", "minimatch": "^3.1.2", - "punycode": "^2.3.0", - "semver": "^7.5.4", - "table": "^6.8.1", + "punycode": "^2.3.1", + "semver": "^7.6.0", + "table": "^6.8.2", "yaml": "1.10.2" }, "engines": { @@ -1360,15 +1362,15 @@ "license": "Apache-2.0" }, "node_modules/aws-cdk-lib/node_modules/ajv": { - "version": "8.12.0", + "version": "8.13.0", "dev": true, "inBundle": true, "license": "MIT", "dependencies": { - "fast-deep-equal": "^3.1.1", + "fast-deep-equal": "^3.1.3", "json-schema-traverse": "^1.0.0", "require-from-string": "^2.0.2", - "uri-js": "^4.2.2" + "uri-js": "^4.4.1" }, "funding": { "type": "github", @@ -1470,7 +1472,7 @@ "license": "MIT" }, "node_modules/aws-cdk-lib/node_modules/fs-extra": { - "version": "11.1.1", + "version": "11.2.0", "dev": true, "inBundle": true, "license": "MIT", @@ -1490,7 +1492,7 @@ "license": "ISC" }, "node_modules/aws-cdk-lib/node_modules/ignore": { - "version": "5.2.4", + "version": "5.3.1", "dev": true, "inBundle": true, "license": "MIT", @@ -1552,6 +1554,27 @@ "node": ">=10" } }, + "node_modules/aws-cdk-lib/node_modules/mime-db": { + "version": "1.52.0", + "dev": true, + "inBundle": true, + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/aws-cdk-lib/node_modules/mime-types": { + "version": "2.1.35", + "dev": true, + "inBundle": true, + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, "node_modules/aws-cdk-lib/node_modules/minimatch": { "version": "3.1.2", "dev": true, @@ -1565,7 +1588,7 @@ } }, "node_modules/aws-cdk-lib/node_modules/punycode": { - "version": "2.3.0", + "version": "2.3.1", "dev": true, "inBundle": true, "license": "MIT", @@ -1583,7 +1606,7 @@ } }, "node_modules/aws-cdk-lib/node_modules/semver": { - "version": "7.5.4", + "version": "7.6.0", "dev": true, "inBundle": true, "license": "ISC", @@ -1641,7 +1664,7 @@ } }, "node_modules/aws-cdk-lib/node_modules/table": { - "version": "6.8.1", + "version": "6.8.2", "dev": true, "inBundle": true, "license": "BSD-3-Clause", @@ -1657,7 +1680,7 @@ } }, "node_modules/aws-cdk-lib/node_modules/universalify": { - "version": "2.0.0", + "version": "2.0.1", "dev": true, "inBundle": true, "license": "MIT", @@ -3982,9 +4005,9 @@ } }, "node_modules/ts-jest": { - "version": "29.1.1", - "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.1.tgz", - "integrity": "sha512-D6xjnnbP17cC85nliwGiL+tpoKN0StpgE0TeOjXQTU6MVCfsB4v7aW05CgQ/1OywGb0x/oy9hHFnN+sczTiRaA==", + "version": "29.1.2", + "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.1.2.tgz", + "integrity": "sha512-br6GJoH/WUX4pu7FbZXuWGKGNDuU7b8Uj77g/Sp7puZV6EXzuByl6JrECvm0MzVzSTkSHWTihsXt+5XYER5b+g==", "dev": true, "dependencies": { "bs-logger": "0.x", @@ -4000,7 +4023,7 @@ "ts-jest": "cli.js" }, "engines": { - "node": "^14.15.0 || ^16.10.0 || >=18.0.0" + "node": "^16.10.0 || ^18.0.0 || >=20.0.0" }, "peerDependencies": { "@babel/core": ">=7.0.0-beta.0 <8", @@ -4058,9 +4081,9 @@ "dev": true }, "node_modules/ts-node": { - "version": "10.9.1", - "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.1.tgz", - "integrity": "sha512-NtVysVPkxxrwFGUUxGYhfux8k78pQB3JqYBXlLRZgdGUqTO5wU/UyHop5p70iEbGhB7q5KmiZiU0Y3KlJrScEw==", + "version": "10.9.2", + "resolved": "https://registry.npmjs.org/ts-node/-/ts-node-10.9.2.tgz", + "integrity": "sha512-f0FFpIdcHgn8zcPSbf1dRevwt047YMnaiJM3u2w2RewrB+fob/zePZcrOyQoLMMO7aBIddLcQIEK5dYjkLnGrQ==", "dev": true, "dependencies": { "@cspotcode/source-map-support": "^0.8.0", @@ -4122,9 +4145,9 @@ } }, "node_modules/typescript": { - "version": "5.2.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.2.2.tgz", - "integrity": "sha512-mI4WrpHsbCIcwT9cF4FZvr80QUeKvsUsUvKDoR+X/7XHQH98xYD8YHZg7ANtz2GtZt/CBq2QJ0thkGJMHfqc1w==", + "version": "5.4.5", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.4.5.tgz", + "integrity": "sha512-vcI4UpRgg81oIRUFwR0WSIHKt11nJ7SAVlYNIu+QpqeyXP+gpQJy/Z4+F0aGxSE4MqwjyXvW/TzgkLAx2AGHwQ==", "dev": true, "bin": { "tsc": "bin/tsc", diff --git a/source/package.json b/source/package.json index 744270b..2f0495d 100755 --- a/source/package.json +++ b/source/package.json @@ -1,9 +1,9 @@ { - "name": "network-firewall-automation-solution", - "version": "1.0.3", - "description": "Firewall Automation for Network Traffic on AWS", + "name": "centralized-network-inspection-solution", + "version": "1.0.5", + "description": "Centralized Network Inspection on AWS", "bin": { - "network-firewall-auto-solution": "bin/network-firewall-auto-solution.js" + "centralized-network-inspection-solution": "bin/centralized-network-inspection-solution.js" }, "scripts": { "cleanup": "tsc --build ./ --clean && rm -rf node_modules && rm -f package-lock.json", @@ -21,14 +21,14 @@ }, "license": "Apache-2.0", "devDependencies": { - "@types/jest": "~29.5.5", - "@types/node": "^20.9.0", - "aws-cdk": "^2.105.0", - "aws-cdk-lib": "^2.105.0", - "constructs": "^10.0.0", + "@types/jest": "~29.5.12", + "@types/node": "^20.12.12", + "aws-cdk": "^2.142.0", + "aws-cdk-lib": "^2.142.0", + "constructs": "^10.3.0", "jest": "~29.7.0", - "ts-jest": "~29.1.1", - "ts-node": "~10.9.1", - "typescript": "~5.2.2" + "ts-jest": "~29.1.2", + "ts-node": "~10.9.2", + "typescript": "~5.4.5" } } \ No newline at end of file diff --git a/source/run-all-tests.sh b/source/run-all-tests.sh index 509d05f..32a11bb 100755 --- a/source/run-all-tests.sh +++ b/source/run-all-tests.sh @@ -69,7 +69,7 @@ source_dir="$(cd $PWD/../source; pwd -P)" coverage_reports_top_path=$source_dir/test/coverage-reports #Run the npm install for the lambda projects -run_javascript_test $source_dir/networkFirewallAutomation networkFirewallAutomation +run_javascript_test $source_dir/centralizedNetworkInspection centralizedNetworkInspection run_cdk_project_test $source_dir diff --git a/source/test/__snapshots__/network-firewall-automation-solution.test.ts.snap b/source/test/__snapshots__/centralized-network-inspection-solution.test.ts.snap similarity index 91% rename from source/test/__snapshots__/network-firewall-automation-solution.test.ts.snap rename to source/test/__snapshots__/centralized-network-inspection-solution.test.ts.snap index dafdcf9..9c166d0 100644 --- a/source/test/__snapshots__/network-firewall-automation-solution.test.ts.snap +++ b/source/test/__snapshots__/centralized-network-inspection-solution.test.ts.snap @@ -1,6 +1,6 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomationStack Snapshot test 1`] = ` +exports[`Centralized Network Inspection on AWS centralizedNetworkInspectionStack Snapshot test 1`] = ` { "AWSTemplateFormatVersion": "2010-09-09", "Conditions": { @@ -84,17 +84,14 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio }, }, "Mappings": { - "Send": { - "AnonymousUsage": { + "AnonymizedData": { + "SendAnonymizedData": { "Data": "Yes", }, - "ParameterKey": { - "UniqueId": "Solutions/network-firewall-automation/UUID", - }, }, "SolutionMapping": { "CodeCommitRepo": { - "Name": "network-firewall-config-repo-", + "Name": "centralized-network-inspection-config-repo-", }, "Log": { "Level": "info", @@ -102,6 +99,9 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Metrics": { "URL": "https://metrics.awssolutionsbuilder.com/generic", }, + "ParameterKey": { + "UniqueId": "Solutions/centralized-network-inspection/UUID", + }, "Route": { "QuadZero": "0.0.0.0/0", }, @@ -112,9 +112,6 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "TransitGatewayAttachment": { "ApplianceMode": "enable", }, - "Version": { - "Latest": "latest", - }, }, }, "Metadata": { @@ -178,7 +175,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "ArtifactBucketforCodePipeline": { "Description": "Artifact bucket name configured for the CodePipeline.", "Value": { - "Ref": "NetworkFirewallCodePipelineArtifactsBucketF2569455", + "Ref": "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", }, }, "CloudWatchLogGroupforFirewallLogs": { @@ -343,7 +340,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio }, "EncryptionKey": { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", "Arn", ], }, @@ -463,7 +460,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio { "Name": "CODE_BUILD_SOURCE_CODE_S3_KEY", "Type": "PLAINTEXT", - "Value": "network-firewall-automation/v1.0.3", + "Value": "centralized-network-inspection/v1.0.3", }, { "Name": "STACK_ID", @@ -482,7 +479,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "/", { "Fn::FindInMap": [ - "Send", + "SolutionMapping", "ParameterKey", "UniqueId", ], @@ -492,12 +489,12 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio }, }, { - "Name": "SEND_ANONYMOUS_METRICS", + "Name": "SEND_ANONYMIZED_METRICS", "Type": "PLAINTEXT", "Value": { "Fn::FindInMap": [ - "Send", - "AnonymousUsage", + "AnonymizedData", + "SendAnonymizedData", "Data", ], }, @@ -576,7 +573,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio }, }, ], - "Image": "aws/codebuild/standard:6.0", + "Image": "aws/codebuild/standard:7.0", "ImagePullCredentialsType": "CODEBUILD", "PrivilegedMode": false, "Type": "LINUX_CONTAINER", @@ -597,7 +594,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "phases": { "install": { "runtime-versions": { - "nodejs": "16" + "nodejs": "18" }, "commands": [ "export current=$(pwd)", @@ -608,26 +605,26 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "commands": [ "cd $current", "pwd; ls -ltr", - "echo 'Download Network Firewall Solution Package'", + "echo 'Download Centralized Network Inspection Solution Package'", "aws s3 cp s3://", { "Ref": "CodeBuildStagesSourceCodeBucketFA98E7C7", }, - "/$sourceCodeKey/network-firewall-automation.zip $current || true", - "if [ -f $current/network-firewall-automation.zip ];then exit 0;else echo \\"Copy file to s3 bucket\\"; aws s3 cp s3://solutions-", + "/$sourceCodeKey/centralized-network-inspection.zip $current || true", + "if [ -f $current/centralized-network-inspection.zip ];then exit 0;else echo \\"Copy file to s3 bucket\\"; aws s3 cp s3://solutions-", { "Ref": "AWS::Region", }, - "/$sourceCodeKey/network-firewall-automation.zip s3://", + "/$sourceCodeKey/centralized-network-inspection.zip s3://", { "Ref": "CodeBuildStagesSourceCodeBucketFA98E7C7", }, - "/$sourceCodeKey/network-firewall-automation.zip --copy-props none; aws s3 cp s3://", + "/$sourceCodeKey/centralized-network-inspection.zip --copy-props none; aws s3 cp s3://", { "Ref": "CodeBuildStagesSourceCodeBucketFA98E7C7", }, - "/$sourceCodeKey/network-firewall-automation.zip $current; fi;", - "unzip -o $current/network-firewall-automation.zip -d $current", + "/$sourceCodeKey/centralized-network-inspection.zip $current; fi;", + "unzip -o $current/centralized-network-inspection.zip -d $current", "pwd; ls -ltr" ] }, @@ -755,7 +752,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Resource": [ { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketF2569455", + "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", "Arn", ], }, @@ -765,7 +762,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio [ { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketF2569455", + "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", "Arn", ], }, @@ -786,7 +783,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", "Arn", ], }, @@ -801,7 +798,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", "Arn", ], }, @@ -818,84 +815,248 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio }, "Type": "AWS::IAM::Policy", }, - "CloudWatchLogGroup": { - "Condition": "LoggingInCloudWatch", + "CentralizedNetworkInspectionCodePipeline757F698C": { + "DependsOn": [ + "CentralizedNetworkInspectionCodePipelineRoleDefaultPolicyBA0503B1", + "CentralizedNetworkInspectionCodePipelineRoleAB1E4DBC", + ], "Properties": { - "KmsKeyId": { + "ArtifactStore": { + "EncryptionKey": { + "Id": { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", + "Arn", + ], + }, + "Type": "KMS", + }, + "Location": { + "Ref": "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", + }, + "Type": "S3", + }, + "RoleArn": { "Fn::GetAtt": [ - "KMSKeyForNetworkFirewallBuckets73A57817", + "CentralizedNetworkInspectionCodePipelineRoleAB1E4DBC", "Arn", ], }, - "RetentionInDays": { - "Ref": "LogRetentionPeriod", - }, + "Stages": [ + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Source", + "Owner": "AWS", + "Provider": "CodeCommit", + "Version": "1", + }, + "Configuration": { + "BranchName": "main", + "PollForSourceChanges": false, + "RepositoryName": { + "Fn::GetAtt": [ + "NetworkFirewallCodeRepositoryF7BA0495", + "Name", + ], + }, + }, + "Name": "Source", + "OutputArtifacts": [ + { + "Name": "SourceArtifact", + }, + ], + "RoleArn": { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineSourceCodePipelineActionRole3D6B4FEA", + "Arn", + ], + }, + "RunOrder": 1, + }, + ], + "Name": "Source", + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Build", + "Owner": "AWS", + "Provider": "CodeBuild", + "Version": "1", + }, + "Configuration": { + "ProjectName": { + "Ref": "BuildProject097C5DB7", + }, + }, + "InputArtifacts": [ + { + "Name": "SourceArtifact", + }, + ], + "Name": "CodeBuild", + "OutputArtifacts": [ + { + "Name": "BuildArtifact", + }, + ], + "RoleArn": { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineValidationCodeBuildCodePipelineActionRole9701BECD", + "Arn", + ], + }, + "RunOrder": 1, + }, + ], + "Name": "Validation", + }, + { + "Actions": [ + { + "ActionTypeId": { + "Category": "Build", + "Owner": "AWS", + "Provider": "CodeBuild", + "Version": "1", + }, + "Configuration": { + "ProjectName": { + "Ref": "DeployProject1CF7CB79", + }, + }, + "InputArtifacts": [ + { + "Name": "BuildArtifact", + }, + ], + "Name": "CodeDeploy", + "RoleArn": { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineDeploymentCodeDeployCodePipelineActionRoleD0D66949", + "Arn", + ], + }, + "RunOrder": 1, + }, + ], + "Name": "Deployment", + }, + ], }, - "Type": "AWS::Logs::LogGroup", + "Type": "AWS::CodePipeline::Pipeline", }, - "CloudWatchLogsForNetworkFirewallBucketPolicy611AC31C": { - "Condition": "LoggingInS3", + "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501": { "DeletionPolicy": "Retain", - "Properties": { - "Bucket": { - "Ref": "Logs6819BB44", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W35", + "reason": "This S3 bucket is used as the destination for 'CentralizedNetworkInspectionCodePipelineArtifactsBucket'", + }, + ], }, - "PolicyDocument": { - "Statement": [ + }, + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ { - "Action": "s3:GetObject", - "Condition": { - "Bool": { - "aws:SecureTransport": false, + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", + "Arn", + ], }, + "SSEAlgorithm": "aws:kms", }, - "Effect": "Deny", + }, + ], + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true, + }, + }, + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Retain", + }, + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F": { + "DeletionPolicy": "Delete", + "Properties": { + "EnableKeyRotation": true, + "KeyPolicy": { + "Statement": [ + { + "Action": "kms:*", + "Effect": "Allow", "Principal": { - "AWS": "*", - }, - "Resource": [ - { + "AWS": { "Fn::Join": [ "", [ + "arn:", { - "Fn::GetAtt": [ - "Logs6819BB44", - "Arn", - ], + "Ref": "AWS::Partition", }, - "/*", + ":iam::1234:root", ], ], }, - { - "Fn::GetAtt": [ - "Logs6819BB44", - "Arn", - ], - }, - ], + }, + "Resource": "*", }, ], "Version": "2012-10-17", }, }, - "Type": "AWS::S3::BucketPolicy", - "UpdateReplacePolicy": "Retain", + "Type": "AWS::KMS::Key", + "UpdateReplacePolicy": "Delete", }, - "CodeBuildStageSourceCodeBucketPolicyF19BA2A0": { - "DeletionPolicy": "Retain", + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKeyAlias9DFA06B4": { + "DeletionPolicy": "Delete", + "Properties": { + "AliasName": { + "Fn::Join": [ + "", + [ + "alias/", + { + "Ref": "AWS::StackName", + }, + "-artifactBucket-EncryptionKeyAlias", + ], + ], + }, + "TargetKeyId": { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", + "Arn", + ], + }, + }, + "Type": "AWS::KMS::Alias", + "UpdateReplacePolicy": "Delete", + }, + "CentralizedNetworkInspectionCodePipelineArtifactsBucketPolicy5F0F855C": { "Properties": { "Bucket": { - "Ref": "CodeBuildStagesSourceCodeBucketFA98E7C7", + "Ref": "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", }, "PolicyDocument": { "Statement": [ { - "Action": "s3:GetObject", + "Action": "s3:*", "Condition": { "Bool": { - "aws:SecureTransport": false, + "aws:SecureTransport": "false", }, }, "Effect": "Deny", @@ -905,7 +1066,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Resource": [ { "Fn::GetAtt": [ - "CodeBuildStagesSourceCodeBucketFA98E7C7", + "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", "Arn", ], }, @@ -915,7 +1076,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio [ { "Fn::GetAtt": [ - "CodeBuildStagesSourceCodeBucketFA98E7C7", + "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", "Arn", ], }, @@ -930,378 +1091,101 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio }, }, "Type": "AWS::S3::BucketPolicy", - "UpdateReplacePolicy": "Retain", }, - "CodeBuildStagesSourceCodeBucketFA98E7C7": { - "DeletionPolicy": "Retain", - "Metadata": { - "cfn_nag": { - "rules_to_suppress": [ - { - "id": "W35", - "reason": "Source Code bucket bucket does not require logging configuration", - }, + "CentralizedNetworkInspectionCodePipelineDeploymentCodeDeployCodePipelineActionRoleD0D66949": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ { - "id": "W51", - "reason": "Source Code bucket is private and does not require a bucket policy", - }, - ], - }, - }, - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", - "Arn", + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":iam::1234:root", + ], ], }, - "SSEAlgorithm": "aws:kms", }, }, ], - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "DefaultRouteSpokeVPCTGWRouteTable": { - "Condition": "CreateDefaultRouteFirewallRT", - "DeletionPolicy": "Retain", - "Properties": { - "DestinationCidrBlock": { - "Fn::FindInMap": [ - "SolutionMapping", - "Route", - "QuadZero", - ], - }, - "TransitGatewayAttachmentId": { - "Ref": "VPCTGWATTACHMENT", - }, - "TransitGatewayRouteTableId": { - "Ref": "TransitGatewayRTIdForDefaultRoute", + "Version": "2012-10-17", }, }, - "Type": "AWS::EC2::TransitGatewayRoute", + "Type": "AWS::IAM::Role", }, - "DeployProject1CF7CB79": { + "CentralizedNetworkInspectionCodePipelineDeploymentCodeDeployCodePipelineActionRoleDefaultPolicy4ADCBB84": { "Properties": { - "Artifacts": { - "Type": "CODEPIPELINE", - }, - "Cache": { - "Type": "NO_CACHE", - }, - "EncryptionKey": { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", - "Arn", - ], - }, - "Environment": { - "ComputeType": "BUILD_GENERAL1_SMALL", - "EnvironmentVariables": [ - { - "Name": "LOG_LEVEL", - "Type": "PLAINTEXT", - "Value": { - "Fn::FindInMap": [ - "SolutionMapping", - "Log", - "Level", - ], - }, - }, - { - "Name": "VPC_ID", - "Type": "PLAINTEXT", - "Value": { - "Ref": "VPC", - }, - }, - { - "Name": "SUBNET_IDS", - "Type": "PLAINTEXT", - "Value": { - "Fn::Join": [ - "", - [ - { - "Ref": "NetworkFirewallSubnet1", - }, - ",", - { - "Ref": "NetworkFirewallSubnet2", - }, - ], - ], - }, - }, - { - "Name": "LOG_TYPE", - "Type": "PLAINTEXT", - "Value": { - "Ref": "logType", - }, - }, - { - "Name": "LOG_DESTINATION_TYPE", - "Type": "PLAINTEXT", - "Value": { - "Ref": "logDestinationType", - }, - }, - { - "Name": "S3_LOG_BUCKET_NAME", - "Type": "PLAINTEXT", - "Value": { - "Fn::If": [ - "LoggingInS3", - { - "Ref": "Logs6819BB44", - }, - "NotConfigured", - ], - }, - }, - { - "Name": "CLOUDWATCH_LOG_GROUP_NAME", - "Type": "PLAINTEXT", - "Value": { - "Fn::If": [ - "LoggingInCloudWatch", - { - "Ref": "CloudWatchLogGroup", - }, - "NotConfigured", - ], - }, - }, - { - "Name": "VPC_TGW_ATTACHMENT_AZ_1", - "Type": "PLAINTEXT", - "Value": { - "Fn::GetAtt": [ - "NetworkFirewallSubnet1", - "AvailabilityZone", - ], - }, - }, + "PolicyDocument": { + "Statement": [ { - "Name": "VPC_TGW_ATTACHMENT_AZ_2", - "Type": "PLAINTEXT", - "Value": { + "Action": [ + "codebuild:BatchGetBuilds", + "codebuild:StartBuild", + "codebuild:StopBuild", + ], + "Effect": "Allow", + "Resource": { "Fn::GetAtt": [ - "NetworkFirewallSubnet2", - "AvailabilityZone", - ], - }, - }, - { - "Name": "VPC_TGW_ATTACHMENT_ROUTE_TABLE_ID_1", - "Type": "PLAINTEXT", - "Value": { - "Ref": "VPCTGWRouteTable1", - }, - }, - { - "Name": "VPC_TGW_ATTACHMENT_ROUTE_TABLE_ID_2", - "Type": "PLAINTEXT", - "Value": { - "Ref": "VPCTGWRouteTable2", - }, - }, - { - "Name": "CODE_BUILD_SOURCE_CODE_S3_KEY", - "Type": "PLAINTEXT", - "Value": "network-firewall-automation/v1.0.3", - }, - { - "Name": "STACK_ID", - "Type": "PLAINTEXT", - "Value": { - "Ref": "AWS::StackId", - }, - }, - { - "Name": "SSM_PARAM_FOR_UUID", - "Type": "PLAINTEXT", - "Value": { - "Fn::Join": [ - "", - [ - "/", - { - "Fn::FindInMap": [ - "Send", - "ParameterKey", - "UniqueId", - ], - }, - ], - ], - }, - }, - { - "Name": "SEND_ANONYMOUS_METRICS", - "Type": "PLAINTEXT", - "Value": { - "Fn::FindInMap": [ - "Send", - "AnonymousUsage", - "Data", - ], - }, - }, - { - "Name": "SOLUTION_ID", - "Type": "PLAINTEXT", - "Value": { - "Fn::FindInMap": [ - "SolutionMapping", - "Solution", - "Identifier", - ], - }, - }, - { - "Name": "METRICS_URL", - "Type": "PLAINTEXT", - "Value": { - "Fn::FindInMap": [ - "SolutionMapping", - "Metrics", - "URL", - ], - }, - }, - { - "Name": "TRANSIT_GATEWAY_ATTACHMENT_ID", - "Type": "PLAINTEXT", - "Value": { - "Fn::If": [ - "CreateTransitGatewayAttachment", - { - "Ref": "VPCTGWATTACHMENT", - }, - "", - ], - }, - }, - { - "Name": "TRANSIT_GATEWAY_ATTACHMENT_APPLIANCE_MODE", - "Type": "PLAINTEXT", - "Value": { - "Fn::FindInMap": [ - "SolutionMapping", - "TransitGatewayAttachment", - "ApplianceMode", + "DeployProject1CF7CB79", + "Arn", ], }, }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "CentralizedNetworkInspectionCodePipelineDeploymentCodeDeployCodePipelineActionRoleDefaultPolicy4ADCBB84", + "Roles": [ + { + "Ref": "CentralizedNetworkInspectionCodePipelineDeploymentCodeDeployCodePipelineActionRoleD0D66949", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "CentralizedNetworkInspectionCodePipelineEventsRoleDefaultPolicy4012CA2D": { + "Properties": { + "PolicyDocument": { + "Statement": [ { - "Name": "CUSTOM_SDK_USER_AGENT", - "Type": "PLAINTEXT", - "Value": { + "Action": "codepipeline:StartPipelineExecution", + "Effect": "Allow", + "Resource": { "Fn::Join": [ "", [ - "AwsSolution/", + "arn:", { - "Fn::FindInMap": [ - "SolutionMapping", - "Solution", - "Identifier", - ], + "Ref": "AWS::Partition", }, - "/", + ":codepipeline:eu-west-1:1234:", { - "Fn::FindInMap": [ - "SolutionMapping", - "Solution", - "Version", - ], + "Ref": "CentralizedNetworkInspectionCodePipeline757F698C", }, ], ], }, }, ], - "Image": "aws/codebuild/standard:6.0", - "ImagePullCredentialsType": "CODEBUILD", - "PrivilegedMode": false, - "Type": "LINUX_CONTAINER", - }, - "ServiceRole": { - "Fn::GetAtt": [ - "DeployProjectRole588C8C1D", - "Arn", - ], + "Version": "2012-10-17", }, - "Source": { - "BuildSpec": { - "Fn::Join": [ - "", - [ - "{ - "version": "0.2", - "phases": { - "install": { - "runtime-versions": { - "nodejs": "16" - }, - "commands": [ - "export current=$(pwd)", - "export sourceCodeKey=$CODE_BUILD_SOURCE_CODE_S3_KEY" - ] - }, - "pre_build": { - "commands": [ - "cd $current", - "pwd; ls -ltr", - "echo 'Download Network Firewall Solution Package'", - "aws s3 cp s3://", - { - "Ref": "CodeBuildStagesSourceCodeBucketFA98E7C7", - }, - "/$sourceCodeKey/network-firewall-automation.zip $current", - "unzip -o $current/network-firewall-automation.zip -d $current", - "pwd; ls -ltr" - ] - }, - "build": { - "commands": [ - "echo \\"Initiating Network Firewall Automation\\"", - "node index.js" - ] - }, - "post_build": { - "commands": [] - } - }, - "artifacts": { - "files": "**/*" - } -}", - ], - ], + "PolicyName": "CentralizedNetworkInspectionCodePipelineEventsRoleDefaultPolicy4012CA2D", + "Roles": [ + { + "Ref": "CentralizedNetworkInspectionCodePipelineEventsRoleEAF3D937", }, - "Type": "CODEPIPELINE", - }, + ], }, - "Type": "AWS::CodeBuild::Project", + "Type": "AWS::IAM::Policy", }, - "DeployProjectRole588C8C1D": { + "CentralizedNetworkInspectionCodePipelineEventsRoleEAF3D937": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ @@ -1309,7 +1193,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "codebuild.amazonaws.com", + "Service": "events.amazonaws.com", }, }, ], @@ -1318,88 +1202,45 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio }, "Type": "AWS::IAM::Role", }, - "DeployProjectRoleDefaultPolicy52AEA98B": { + "CentralizedNetworkInspectionCodePipelineRoleAB1E4DBC": { "Properties": { - "PolicyDocument": { + "AssumeRolePolicyDocument": { "Statement": [ { - "Action": [ - "logs:CreateLogGroup", - "logs:CreateLogStream", - "logs:PutLogEvents", - ], - "Effect": "Allow", - "Resource": [ - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":logs:eu-west-1:1234:log-group:/aws/codebuild/", - { - "Ref": "DeployProject1CF7CB79", - }, - ], - ], - }, - { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":logs:eu-west-1:1234:log-group:/aws/codebuild/", - { - "Ref": "DeployProject1CF7CB79", - }, - ":*", - ], - ], - }, - ], - }, - { - "Action": [ - "codebuild:CreateReportGroup", - "codebuild:CreateReport", - "codebuild:UpdateReport", - "codebuild:BatchPutTestCases", - "codebuild:BatchPutCodeCoverages", - ], + "Action": "sts:AssumeRole", "Effect": "Allow", - "Resource": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":codebuild:eu-west-1:1234:report-group/", - { - "Ref": "DeployProject1CF7CB79", - }, - "-*", - ], - ], + "Principal": { + "Service": "codepipeline.amazonaws.com", }, }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "CentralizedNetworkInspectionCodePipelineRoleDefaultPolicyBA0503B1": { + "Properties": { + "PolicyDocument": { + "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging", + "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketF2569455", + "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", "Arn", ], }, @@ -1409,7 +1250,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio [ { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketF2569455", + "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", "Arn", ], }, @@ -1423,26 +1264,44 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Action": [ "kms:Decrypt", "kms:DescribeKey", + "kms:Encrypt", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", "Arn", ], }, }, { - "Action": [ - "kms:Decrypt", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineSourceCodePipelineActionRole3D6B4FEA", + "Arn", + ], + }, + }, + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineValidationCodeBuildCodePipelineActionRole9701BECD", + "Arn", + ], + }, + }, + { + "Action": "sts:AssumeRole", "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", + "CentralizedNetworkInspectionCodePipelineDeploymentCodeDeployCodePipelineActionRoleD0D66949", "Arn", ], }, @@ -1450,69 +1309,21 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio ], "Version": "2012-10-17", }, - "PolicyName": "DeployProjectRoleDefaultPolicy52AEA98B", + "PolicyName": "CentralizedNetworkInspectionCodePipelineRoleDefaultPolicyBA0503B1", "Roles": [ { - "Ref": "DeployProjectRole588C8C1D", + "Ref": "CentralizedNetworkInspectionCodePipelineRoleAB1E4DBC", }, ], }, "Type": "AWS::IAM::Policy", }, - "FirewallSubnetRouteTable": { - "DeletionPolicy": "Retain", - "Properties": { - "Tags": [ - { - "Key": "Name", - "Value": { - "Fn::Join": [ - "", - [ - { - "Ref": "AWS::StackName", - }, - "-FirewallSubnetRouteTable", - ], - ], - }, - }, - ], - "VpcId": { - "Ref": "VPC", - }, - }, - "Type": "AWS::EC2::RouteTable", - "UpdateReplacePolicy": "Retain", - }, - "FlowLog": { - "Properties": { - "DeliverLogsPermissionArn": { - "Fn::GetAtt": [ - "RoleFlowLogsCA794118", - "Arn", - ], - }, - "LogGroupName": { - "Ref": "AWS::StackName", - }, - "ResourceId": { - "Ref": "VPC", - }, - "ResourceType": "VPC", - "TrafficType": "ALL", - }, - "Type": "AWS::EC2::FlowLog", - }, - "KMSKeyForNetworkFirewallBuckets73A57817": { - "DeletionPolicy": "Retain", + "CentralizedNetworkInspectionCodePipelineSourceCodePipelineActionRole3D6B4FEA": { "Properties": { - "Description": "This key will be used for encrypting the vpc flow logs and firewall logs.", - "EnableKeyRotation": true, - "KeyPolicy": { + "AssumeRolePolicyDocument": { "Statement": [ { - "Action": "kms:*", + "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "AWS": { @@ -1520,269 +1331,112 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "", [ "arn:", - { - "Ref": "AWS::Partition", - }, - ":iam::1234:root", - ], - ], - }, - }, - "Resource": "*", - }, - { - "Action": "kms:GenerateDataKey*", - "Effect": "Allow", - "Principal": { - "Service": "delivery.logs.amazonaws.com", - }, - "Resource": "*", - }, - { - "Action": [ - "kms:Encrypt*", - "kms:Decrypt*", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - "kms:Describe*", - ], - "Effect": "Allow", - "Principal": { - "Service": { - "Fn::Join": [ - "", - [ - "logs.", - { - "Ref": "AWS::Region", - }, - ".amazonaws.com", - ], - ], - }, - }, - "Resource": "*", - }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Retain", - }, - "LogGroupFlowLogs": { - "Properties": { - "KmsKeyId": { - "Fn::GetAtt": [ - "KMSKeyForNetworkFirewallBuckets73A57817", - "Arn", - ], - }, - "LogGroupName": { - "Ref": "AWS::StackName", - }, - "RetentionInDays": { - "Ref": "LogRetentionPeriod", - }, - }, - "Type": "AWS::Logs::LogGroup", - }, - "Logs6819BB44": { - "Condition": "LoggingInS3", - "DeletionPolicy": "Retain", - "Metadata": { - "cfn_nag": { - "rules_to_suppress": [ - { - "id": "W35", - "reason": "Logs bucket does not require logging configuration", - }, - { - "id": "W51", - "reason": "Logs bucket is private and does not require a bucket policy", - }, - ], - }, - }, - "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ - { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { - "Fn::GetAtt": [ - "KMSKeyForNetworkFirewallBuckets73A57817", - "Arn", - ], - }, - "SSEAlgorithm": "aws:kms", - }, - }, - ], - }, - "LifecycleConfiguration": { - "Rules": [ - { - "ExpirationInDays": { - "Ref": "LogRetentionPeriod", - }, - "Status": "Enabled", - }, - ], - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, - }, - }, - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - }, - "NetworkFirewallCodePipelineA72E3ADD": { - "DependsOn": [ - "NetworkFirewallCodePipelineRoleDefaultPolicyF0142ABD", - "NetworkFirewallCodePipelineRoleDDD28B15", - ], - "Properties": { - "ArtifactStore": { - "EncryptionKey": { - "Id": { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", - "Arn", - ], - }, - "Type": "KMS", - }, - "Location": { - "Ref": "NetworkFirewallCodePipelineArtifactsBucketF2569455", - }, - "Type": "S3", - }, - "RoleArn": { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineRoleDDD28B15", - "Arn", - ], - }, - "Stages": [ - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Source", - "Owner": "AWS", - "Provider": "CodeCommit", - "Version": "1", - }, - "Configuration": { - "BranchName": "main", - "PollForSourceChanges": false, - "RepositoryName": { - "Fn::GetAtt": [ - "NetworkFirewallCodeRepositoryF7BA0495", - "Name", + { + "Ref": "AWS::Partition", + }, + ":iam::1234:root", ], - }, - }, - "Name": "Source", - "OutputArtifacts": [ - { - "Name": "SourceArtifact", - }, - ], - "RoleArn": { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineSourceCodePipelineActionRole67C89750", - "Arn", ], }, - "RunOrder": 1, }, - ], - "Name": "Source", - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1", - }, - "Configuration": { - "ProjectName": { - "Ref": "BuildProject097C5DB7", - }, - }, - "InputArtifacts": [ - { - "Name": "SourceArtifact", - }, - ], - "Name": "CodeBuild", - "OutputArtifacts": [ - { - "Name": "BuildArtifact", - }, - ], - "RoleArn": { + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::IAM::Role", + }, + "CentralizedNetworkInspectionCodePipelineSourceCodePipelineActionRoleDefaultPolicy57ADB0FA": { + "Properties": { + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetObject*", + "s3:GetBucket*", + "s3:List*", + "s3:DeleteObject*", + "s3:PutObject", + "s3:PutObjectLegalHold", + "s3:PutObjectRetention", + "s3:PutObjectTagging", + "s3:PutObjectVersionTagging", + "s3:Abort*", + ], + "Effect": "Allow", + "Resource": [ + { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineValidationCodeBuildCodePipelineActionRole2A3E8726", + "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", "Arn", ], }, - "RunOrder": 1, - }, - ], - "Name": "Validation", - }, - { - "Actions": [ - { - "ActionTypeId": { - "Category": "Build", - "Owner": "AWS", - "Provider": "CodeBuild", - "Version": "1", - }, - "Configuration": { - "ProjectName": { - "Ref": "DeployProject1CF7CB79", - }, - }, - "InputArtifacts": [ - { - "Name": "BuildArtifact", - }, - ], - "Name": "CodeDeploy", - "RoleArn": { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineDeploymentCodeDeployCodePipelineActionRole6EA7639D", - "Arn", + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", + "Arn", + ], + }, + "/*", + ], ], }, - "RunOrder": 1, + ], + }, + { + "Action": [ + "kms:Decrypt", + "kms:DescribeKey", + "kms:Encrypt", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", + "Arn", + ], }, - ], - "Name": "Deployment", + }, + { + "Action": [ + "codecommit:GetBranch", + "codecommit:GetCommit", + "codecommit:UploadArchive", + "codecommit:GetUploadArchiveStatus", + "codecommit:CancelUploadArchive", + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "NetworkFirewallCodeRepositoryF7BA0495", + "Arn", + ], + }, + }, + ], + "Version": "2012-10-17", + }, + "PolicyName": "CentralizedNetworkInspectionCodePipelineSourceCodePipelineActionRoleDefaultPolicy57ADB0FA", + "Roles": [ + { + "Ref": "CentralizedNetworkInspectionCodePipelineSourceCodePipelineActionRole3D6B4FEA", }, ], }, - "Type": "AWS::CodePipeline::Pipeline", + "Type": "AWS::IAM::Policy", }, - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060": { - "DeletionPolicy": "Delete", + "CentralizedNetworkInspectionCodePipelineValidationCodeBuildCodePipelineActionRole9701BECD": { "Properties": { - "EnableKeyRotation": true, - "KeyPolicy": { + "AssumeRolePolicyDocument": { "Statement": [ { - "Action": "kms:*", + "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "AWS": { @@ -1798,90 +1452,121 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio ], }, }, - "Resource": "*", }, ], "Version": "2012-10-17", }, }, - "Type": "AWS::KMS::Key", - "UpdateReplacePolicy": "Delete", + "Type": "AWS::IAM::Role", }, - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKeyAlias1704A536": { - "DeletionPolicy": "Delete", + "CentralizedNetworkInspectionCodePipelineValidationCodeBuildCodePipelineActionRoleDefaultPolicy24B30E4B": { "Properties": { - "AliasName": { - "Fn::Join": [ - "", - [ - "alias/", - { - "Ref": "AWS::StackName", + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "codebuild:BatchGetBuilds", + "codebuild:StartBuild", + "codebuild:StopBuild", + ], + "Effect": "Allow", + "Resource": { + "Fn::GetAtt": [ + "BuildProject097C5DB7", + "Arn", + ], }, - "-artifactBucket-EncryptionKeyAlias", - ], + }, ], + "Version": "2012-10-17", }, - "TargetKeyId": { + "PolicyName": "CentralizedNetworkInspectionCodePipelineValidationCodeBuildCodePipelineActionRoleDefaultPolicy24B30E4B", + "Roles": [ + { + "Ref": "CentralizedNetworkInspectionCodePipelineValidationCodeBuildCodePipelineActionRole9701BECD", + }, + ], + }, + "Type": "AWS::IAM::Policy", + }, + "CloudWatchLogGroup": { + "Condition": "LoggingInCloudWatch", + "Properties": { + "KmsKeyId": { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", + "KMSKeyForNetworkFirewallBuckets73A57817", "Arn", ], }, + "RetentionInDays": { + "Ref": "LogRetentionPeriod", + }, }, - "Type": "AWS::KMS::Alias", - "UpdateReplacePolicy": "Delete", + "Type": "AWS::Logs::LogGroup", }, - "NetworkFirewallCodePipelineArtifactsBucketF2569455": { + "CloudWatchLogsForNetworkFirewallBucketPolicy611AC31C": { + "Condition": "LoggingInS3", "DeletionPolicy": "Retain", - "Metadata": { - "cfn_nag": { - "rules_to_suppress": [ - { - "id": "W35", - "reason": "This S3 bucket is used as the destination for 'NetworkFirewallCodePipelineArtifactsBucket'", - }, - ], - }, - }, "Properties": { - "BucketEncryption": { - "ServerSideEncryptionConfiguration": [ + "Bucket": { + "Ref": "Logs6819BB44", + }, + "PolicyDocument": { + "Statement": [ { - "ServerSideEncryptionByDefault": { - "KMSMasterKeyID": { + "Action": "s3:GetObject", + "Condition": { + "Bool": { + "aws:SecureTransport": false, + }, + }, + "Effect": "Deny", + "Principal": { + "AWS": "*", + }, + "Resource": [ + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Logs6819BB44", + "Arn", + ], + }, + "/*", + ], + ], + }, + { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", + "Logs6819BB44", "Arn", ], }, - "SSEAlgorithm": "aws:kms", - }, + ], }, ], - }, - "PublicAccessBlockConfiguration": { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, + "Version": "2012-10-17", }, }, - "Type": "AWS::S3::Bucket", + "Type": "AWS::S3::BucketPolicy", "UpdateReplacePolicy": "Retain", }, - "NetworkFirewallCodePipelineArtifactsBucketPolicyA1DE12F9": { + "CodeBuildStageSourceCodeBucketPolicyF19BA2A0": { + "DeletionPolicy": "Retain", "Properties": { "Bucket": { - "Ref": "NetworkFirewallCodePipelineArtifactsBucketF2569455", + "Ref": "CodeBuildStagesSourceCodeBucketFA98E7C7", }, "PolicyDocument": { "Statement": [ { - "Action": "s3:*", + "Action": "s3:GetObject", "Condition": { "Bool": { - "aws:SecureTransport": "false", + "aws:SecureTransport": false, }, }, "Effect": "Deny", @@ -1891,7 +1576,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Resource": [ { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketF2569455", + "CodeBuildStagesSourceCodeBucketFA98E7C7", "Arn", ], }, @@ -1901,7 +1586,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio [ { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketF2569455", + "CodeBuildStagesSourceCodeBucketFA98E7C7", "Arn", ], }, @@ -1916,118 +1601,378 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio }, }, "Type": "AWS::S3::BucketPolicy", + "UpdateReplacePolicy": "Retain", }, - "NetworkFirewallCodePipelineDeploymentCodeDeployCodePipelineActionRole6EA7639D": { + "CodeBuildStagesSourceCodeBucketFA98E7C7": { + "DeletionPolicy": "Retain", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ + { + "id": "W35", + "reason": "Source Code bucket bucket does not require logging configuration", + }, + { + "id": "W51", + "reason": "Source Code bucket is private and does not require a bucket policy", + }, + ], + }, + }, "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { - "Fn::Join": [ - "", - [ - "arn:", - { - "Ref": "AWS::Partition", - }, - ":iam::1234:root", - ], + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", + "Arn", ], }, + "SSEAlgorithm": "aws:kms", + }, + }, + ], + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true, + }, + }, + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Retain", + }, + "DefaultRouteSpokeVPCTGWRouteTable": { + "Condition": "CreateDefaultRouteFirewallRT", + "DeletionPolicy": "Retain", + "Properties": { + "DestinationCidrBlock": { + "Fn::FindInMap": [ + "SolutionMapping", + "Route", + "QuadZero", + ], + }, + "TransitGatewayAttachmentId": { + "Ref": "VPCTGWATTACHMENT", + }, + "TransitGatewayRouteTableId": { + "Ref": "TransitGatewayRTIdForDefaultRoute", + }, + }, + "Type": "AWS::EC2::TransitGatewayRoute", + }, + "DeployProject1CF7CB79": { + "Properties": { + "Artifacts": { + "Type": "CODEPIPELINE", + }, + "Cache": { + "Type": "NO_CACHE", + }, + "EncryptionKey": { + "Fn::GetAtt": [ + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", + "Arn", + ], + }, + "Environment": { + "ComputeType": "BUILD_GENERAL1_SMALL", + "EnvironmentVariables": [ + { + "Name": "LOG_LEVEL", + "Type": "PLAINTEXT", + "Value": { + "Fn::FindInMap": [ + "SolutionMapping", + "Log", + "Level", + ], + }, + }, + { + "Name": "VPC_ID", + "Type": "PLAINTEXT", + "Value": { + "Ref": "VPC", + }, + }, + { + "Name": "SUBNET_IDS", + "Type": "PLAINTEXT", + "Value": { + "Fn::Join": [ + "", + [ + { + "Ref": "NetworkFirewallSubnet1", + }, + ",", + { + "Ref": "NetworkFirewallSubnet2", + }, + ], + ], + }, + }, + { + "Name": "LOG_TYPE", + "Type": "PLAINTEXT", + "Value": { + "Ref": "logType", + }, + }, + { + "Name": "LOG_DESTINATION_TYPE", + "Type": "PLAINTEXT", + "Value": { + "Ref": "logDestinationType", + }, + }, + { + "Name": "S3_LOG_BUCKET_NAME", + "Type": "PLAINTEXT", + "Value": { + "Fn::If": [ + "LoggingInS3", + { + "Ref": "Logs6819BB44", + }, + "NotConfigured", + ], + }, + }, + { + "Name": "CLOUDWATCH_LOG_GROUP_NAME", + "Type": "PLAINTEXT", + "Value": { + "Fn::If": [ + "LoggingInCloudWatch", + { + "Ref": "CloudWatchLogGroup", + }, + "NotConfigured", + ], + }, + }, + { + "Name": "VPC_TGW_ATTACHMENT_AZ_1", + "Type": "PLAINTEXT", + "Value": { + "Fn::GetAtt": [ + "NetworkFirewallSubnet1", + "AvailabilityZone", + ], + }, + }, + { + "Name": "VPC_TGW_ATTACHMENT_AZ_2", + "Type": "PLAINTEXT", + "Value": { + "Fn::GetAtt": [ + "NetworkFirewallSubnet2", + "AvailabilityZone", + ], + }, + }, + { + "Name": "VPC_TGW_ATTACHMENT_ROUTE_TABLE_ID_1", + "Type": "PLAINTEXT", + "Value": { + "Ref": "VPCTGWRouteTable1", + }, + }, + { + "Name": "VPC_TGW_ATTACHMENT_ROUTE_TABLE_ID_2", + "Type": "PLAINTEXT", + "Value": { + "Ref": "VPCTGWRouteTable2", + }, + }, + { + "Name": "CODE_BUILD_SOURCE_CODE_S3_KEY", + "Type": "PLAINTEXT", + "Value": "centralized-network-inspection/v1.0.3", + }, + { + "Name": "STACK_ID", + "Type": "PLAINTEXT", + "Value": { + "Ref": "AWS::StackId", + }, + }, + { + "Name": "SSM_PARAM_FOR_UUID", + "Type": "PLAINTEXT", + "Value": { + "Fn::Join": [ + "", + [ + "/", + { + "Fn::FindInMap": [ + "SolutionMapping", + "ParameterKey", + "UniqueId", + ], + }, + ], + ], + }, + }, + { + "Name": "SEND_ANONYMIZED_METRICS", + "Type": "PLAINTEXT", + "Value": { + "Fn::FindInMap": [ + "AnonymizedData", + "SendAnonymizedData", + "Data", + ], + }, + }, + { + "Name": "SOLUTION_ID", + "Type": "PLAINTEXT", + "Value": { + "Fn::FindInMap": [ + "SolutionMapping", + "Solution", + "Identifier", + ], }, }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "NetworkFirewallCodePipelineDeploymentCodeDeployCodePipelineActionRoleDefaultPolicyAB6FC4F9": { - "Properties": { - "PolicyDocument": { - "Statement": [ { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild", - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "DeployProject1CF7CB79", - "Arn", + "Name": "METRICS_URL", + "Type": "PLAINTEXT", + "Value": { + "Fn::FindInMap": [ + "SolutionMapping", + "Metrics", + "URL", ], }, }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "NetworkFirewallCodePipelineDeploymentCodeDeployCodePipelineActionRoleDefaultPolicyAB6FC4F9", - "Roles": [ - { - "Ref": "NetworkFirewallCodePipelineDeploymentCodeDeployCodePipelineActionRole6EA7639D", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "NetworkFirewallCodePipelineEventsRole94323A48": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "Service": "events.amazonaws.com", + "Name": "TRANSIT_GATEWAY_ATTACHMENT_ID", + "Type": "PLAINTEXT", + "Value": { + "Fn::If": [ + "CreateTransitGatewayAttachment", + { + "Ref": "VPCTGWATTACHMENT", + }, + "", + ], }, }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "NetworkFirewallCodePipelineEventsRoleDefaultPolicy5835E037": { - "Properties": { - "PolicyDocument": { - "Statement": [ { - "Action": "codepipeline:StartPipelineExecution", - "Effect": "Allow", - "Resource": { + "Name": "TRANSIT_GATEWAY_ATTACHMENT_APPLIANCE_MODE", + "Type": "PLAINTEXT", + "Value": { + "Fn::FindInMap": [ + "SolutionMapping", + "TransitGatewayAttachment", + "ApplianceMode", + ], + }, + }, + { + "Name": "CUSTOM_SDK_USER_AGENT", + "Type": "PLAINTEXT", + "Value": { "Fn::Join": [ "", [ - "arn:", + "AwsSolution/", { - "Ref": "AWS::Partition", + "Fn::FindInMap": [ + "SolutionMapping", + "Solution", + "Identifier", + ], }, - ":codepipeline:eu-west-1:1234:", + "/", { - "Ref": "NetworkFirewallCodePipelineA72E3ADD", + "Fn::FindInMap": [ + "SolutionMapping", + "Solution", + "Version", + ], }, ], ], }, }, ], - "Version": "2012-10-17", + "Image": "aws/codebuild/standard:7.0", + "ImagePullCredentialsType": "CODEBUILD", + "PrivilegedMode": false, + "Type": "LINUX_CONTAINER", }, - "PolicyName": "NetworkFirewallCodePipelineEventsRoleDefaultPolicy5835E037", - "Roles": [ - { - "Ref": "NetworkFirewallCodePipelineEventsRole94323A48", + "ServiceRole": { + "Fn::GetAtt": [ + "DeployProjectRole588C8C1D", + "Arn", + ], + }, + "Source": { + "BuildSpec": { + "Fn::Join": [ + "", + [ + "{ + "version": "0.2", + "phases": { + "install": { + "runtime-versions": { + "nodejs": "18" + }, + "commands": [ + "export current=$(pwd)", + "export sourceCodeKey=$CODE_BUILD_SOURCE_CODE_S3_KEY" + ] + }, + "pre_build": { + "commands": [ + "cd $current", + "pwd; ls -ltr", + "echo 'Download Centralized Network Inspection Solution Package'", + "aws s3 cp s3://", + { + "Ref": "CodeBuildStagesSourceCodeBucketFA98E7C7", + }, + "/$sourceCodeKey/centralized-network-inspection.zip $current", + "unzip -o $current/centralized-network-inspection.zip -d $current", + "pwd; ls -ltr" + ] + }, + "build": { + "commands": [ + "echo \\"Initiating Network Firewall Automation\\"", + "node index.js" + ] + }, + "post_build": { + "commands": [] + } + }, + "artifacts": { + "files": "**/*" + } +}", + ], + ], }, - ], + "Type": "CODEPIPELINE", + }, }, - "Type": "AWS::IAM::Policy", + "Type": "AWS::CodeBuild::Project", }, - "NetworkFirewallCodePipelineRoleDDD28B15": { + "DeployProjectRole588C8C1D": { "Properties": { "AssumeRolePolicyDocument": { "Statement": [ @@ -2035,7 +1980,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { - "Service": "codepipeline.amazonaws.com", + "Service": "codebuild.amazonaws.com", }, }, ], @@ -2044,114 +1989,34 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio }, "Type": "AWS::IAM::Role", }, - "NetworkFirewallCodePipelineRoleDefaultPolicyF0142ABD": { + "DeployProjectRoleDefaultPolicy52AEA98B": { "Properties": { "PolicyDocument": { "Statement": [ { "Action": [ - "s3:GetObject*", - "s3:GetBucket*", - "s3:List*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", ], "Effect": "Allow", "Resource": [ - { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketF2569455", - "Arn", - ], - }, { "Fn::Join": [ "", [ - { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketF2569455", - "Arn", - ], - }, - "/*", - ], - ], - }, - ], - }, - { - "Action": [ - "kms:Decrypt", - "kms:DescribeKey", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", - "Arn", - ], - }, - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineSourceCodePipelineActionRole67C89750", - "Arn", - ], - }, - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineValidationCodeBuildCodePipelineActionRole2A3E8726", - "Arn", - ], - }, - }, - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "NetworkFirewallCodePipelineDeploymentCodeDeployCodePipelineActionRole6EA7639D", - "Arn", - ], - }, - }, - ], - "Version": "2012-10-17", - }, - "PolicyName": "NetworkFirewallCodePipelineRoleDefaultPolicyF0142ABD", - "Roles": [ - { - "Ref": "NetworkFirewallCodePipelineRoleDDD28B15", - }, - ], - }, - "Type": "AWS::IAM::Policy", - }, - "NetworkFirewallCodePipelineSourceCodePipelineActionRole67C89750": { - "Properties": { - "AssumeRolePolicyDocument": { - "Statement": [ - { - "Action": "sts:AssumeRole", - "Effect": "Allow", - "Principal": { - "AWS": { + "arn:", + { + "Ref": "AWS::Partition", + }, + ":logs:eu-west-1:1234:log-group:/aws/codebuild/", + { + "Ref": "DeployProject1CF7CB79", + }, + ], + ], + }, + { "Fn::Join": [ "", [ @@ -2159,40 +2024,53 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio { "Ref": "AWS::Partition", }, - ":iam::1234:root", + ":logs:eu-west-1:1234:log-group:/aws/codebuild/", + { + "Ref": "DeployProject1CF7CB79", + }, + ":*", ], ], }, + ], + }, + { + "Action": [ + "codebuild:CreateReportGroup", + "codebuild:CreateReport", + "codebuild:UpdateReport", + "codebuild:BatchPutTestCases", + "codebuild:BatchPutCodeCoverages", + ], + "Effect": "Allow", + "Resource": { + "Fn::Join": [ + "", + [ + "arn:", + { + "Ref": "AWS::Partition", + }, + ":codebuild:eu-west-1:1234:report-group/", + { + "Ref": "DeployProject1CF7CB79", + }, + "-*", + ], + ], }, }, - ], - "Version": "2012-10-17", - }, - }, - "Type": "AWS::IAM::Role", - }, - "NetworkFirewallCodePipelineSourceCodePipelineActionRoleDefaultPolicyB01603D9": { - "Properties": { - "PolicyDocument": { - "Statement": [ { "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", - "s3:DeleteObject*", - "s3:PutObject", - "s3:PutObjectLegalHold", - "s3:PutObjectRetention", - "s3:PutObjectTagging", - "s3:PutObjectVersionTagging", - "s3:Abort*", ], "Effect": "Allow", "Resource": [ { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketF2569455", + "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", "Arn", ], }, @@ -2202,7 +2080,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio [ { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketF2569455", + "CentralizedNetworkInspectionCodePipelineArtifactsBucket20C04501", "Arn", ], }, @@ -2216,30 +2094,26 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Action": [ "kms:Decrypt", "kms:DescribeKey", - "kms:Encrypt", - "kms:ReEncrypt*", - "kms:GenerateDataKey*", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineArtifactsBucketEncryptionKey086ED060", + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", "Arn", ], }, }, { "Action": [ - "codecommit:GetBranch", - "codecommit:GetCommit", - "codecommit:UploadArchive", - "codecommit:GetUploadArchiveStatus", - "codecommit:CancelUploadArchive", + "kms:Decrypt", + "kms:Encrypt", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", ], "Effect": "Allow", "Resource": { "Fn::GetAtt": [ - "NetworkFirewallCodeRepositoryF7BA0495", + "CentralizedNetworkInspectionCodePipelineArtifactsBucketEncryptionKey03CCD69F", "Arn", ], }, @@ -2247,21 +2121,69 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio ], "Version": "2012-10-17", }, - "PolicyName": "NetworkFirewallCodePipelineSourceCodePipelineActionRoleDefaultPolicyB01603D9", + "PolicyName": "DeployProjectRoleDefaultPolicy52AEA98B", "Roles": [ { - "Ref": "NetworkFirewallCodePipelineSourceCodePipelineActionRole67C89750", + "Ref": "DeployProjectRole588C8C1D", }, ], }, "Type": "AWS::IAM::Policy", }, - "NetworkFirewallCodePipelineValidationCodeBuildCodePipelineActionRole2A3E8726": { + "FirewallSubnetRouteTable": { + "DeletionPolicy": "Retain", "Properties": { - "AssumeRolePolicyDocument": { + "Tags": [ + { + "Key": "Name", + "Value": { + "Fn::Join": [ + "", + [ + { + "Ref": "AWS::StackName", + }, + "-FirewallSubnetRouteTable", + ], + ], + }, + }, + ], + "VpcId": { + "Ref": "VPC", + }, + }, + "Type": "AWS::EC2::RouteTable", + "UpdateReplacePolicy": "Retain", + }, + "FlowLog": { + "Properties": { + "DeliverLogsPermissionArn": { + "Fn::GetAtt": [ + "RoleFlowLogsCA794118", + "Arn", + ], + }, + "LogGroupName": { + "Ref": "AWS::StackName", + }, + "ResourceId": { + "Ref": "VPC", + }, + "ResourceType": "VPC", + "TrafficType": "ALL", + }, + "Type": "AWS::EC2::FlowLog", + }, + "KMSKeyForNetworkFirewallBuckets73A57817": { + "DeletionPolicy": "Retain", + "Properties": { + "Description": "This key will be used for encrypting the vpc flow logs and firewall logs.", + "EnableKeyRotation": true, + "KeyPolicy": { "Statement": [ { - "Action": "sts:AssumeRole", + "Action": "kms:*", "Effect": "Allow", "Principal": { "AWS": { @@ -2277,42 +2199,117 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio ], }, }, + "Resource": "*", + }, + { + "Action": "kms:GenerateDataKey*", + "Effect": "Allow", + "Principal": { + "Service": "delivery.logs.amazonaws.com", + }, + "Resource": "*", + }, + { + "Action": [ + "kms:Encrypt*", + "kms:Decrypt*", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:Describe*", + ], + "Effect": "Allow", + "Principal": { + "Service": { + "Fn::Join": [ + "", + [ + "logs.", + { + "Ref": "AWS::Region", + }, + ".amazonaws.com", + ], + ], + }, + }, + "Resource": "*", }, ], "Version": "2012-10-17", }, }, - "Type": "AWS::IAM::Role", + "Type": "AWS::KMS::Key", + "UpdateReplacePolicy": "Retain", }, - "NetworkFirewallCodePipelineValidationCodeBuildCodePipelineActionRoleDefaultPolicyA4A71A44": { + "LogGroupFlowLogs": { "Properties": { - "PolicyDocument": { - "Statement": [ + "KmsKeyId": { + "Fn::GetAtt": [ + "KMSKeyForNetworkFirewallBuckets73A57817", + "Arn", + ], + }, + "LogGroupName": { + "Ref": "AWS::StackName", + }, + "RetentionInDays": { + "Ref": "LogRetentionPeriod", + }, + }, + "Type": "AWS::Logs::LogGroup", + }, + "Logs6819BB44": { + "Condition": "LoggingInS3", + "DeletionPolicy": "Retain", + "Metadata": { + "cfn_nag": { + "rules_to_suppress": [ { - "Action": [ - "codebuild:BatchGetBuilds", - "codebuild:StartBuild", - "codebuild:StopBuild", - ], - "Effect": "Allow", - "Resource": { - "Fn::GetAtt": [ - "BuildProject097C5DB7", - "Arn", - ], + "id": "W35", + "reason": "Logs bucket does not require logging configuration", + }, + { + "id": "W51", + "reason": "Logs bucket is private and does not require a bucket policy", + }, + ], + }, + }, + "Properties": { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "KMSMasterKeyID": { + "Fn::GetAtt": [ + "KMSKeyForNetworkFirewallBuckets73A57817", + "Arn", + ], + }, + "SSEAlgorithm": "aws:kms", }, }, ], - "Version": "2012-10-17", }, - "PolicyName": "NetworkFirewallCodePipelineValidationCodeBuildCodePipelineActionRoleDefaultPolicyA4A71A44", - "Roles": [ - { - "Ref": "NetworkFirewallCodePipelineValidationCodeBuildCodePipelineActionRole2A3E8726", - }, - ], + "LifecycleConfiguration": { + "Rules": [ + { + "ExpirationInDays": { + "Ref": "LogRetentionPeriod", + }, + "Status": "Enabled", + }, + ], + }, + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": true, + "BlockPublicPolicy": true, + "IgnorePublicAcls": true, + "RestrictPublicBuckets": true, + }, }, - "Type": "AWS::IAM::Policy", + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Retain", }, "NetworkFirewallCodeRepositoryF7BA0495": { "DeletionPolicy": "Retain", @@ -2320,22 +2317,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Code": { "S3": { "Bucket": "solutions-eu-west-1", - "Key": { - "Fn::Join": [ - "", - [ - "network-firewall-automation/", - { - "Fn::FindInMap": [ - "SolutionMapping", - "Version", - "Latest", - ], - }, - "/network-firewall-configuration.zip", - ], - ], - }, + "Key": "centralized-network-inspection/%%VERSION%%/centralized-network-inspection-configuration.zip", }, }, "RepositoryDescription": "This repository is created by the AWS Network Firewall solution for AWS Transit Gateway, to store and trigger changes to the network firewall rules and configurations.", @@ -2360,7 +2342,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Type": "AWS::CodeCommit::Repository", "UpdateReplacePolicy": "Retain", }, - "NetworkFirewallCodeRepositoryMyTestStackNetworkFirewallCodePipelineD8BFDC90mainEventRule334BD2D0": { + "NetworkFirewallCodeRepositoryMyTestStackCentralizedNetworkInspectionCodePipeline34E33763mainEventRuleA7DDE336": { "Properties": { "EventPattern": { "detail": { @@ -2400,7 +2382,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio }, ":codepipeline:eu-west-1:1234:", { - "Ref": "NetworkFirewallCodePipelineA72E3ADD", + "Ref": "CentralizedNetworkInspectionCodePipeline757F698C", }, ], ], @@ -2408,7 +2390,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Id": "Target0", "RoleArn": { "Fn::GetAtt": [ - "NetworkFirewallCodePipelineEventsRole94323A48", + "CentralizedNetworkInspectionCodePipelineEventsRoleEAF3D937", "Arn", ], }, @@ -2625,7 +2607,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "Tags": [ { "Key": "created-by", - "Value": "network-firewall-automation", + "Value": "centralized-network-inspection", }, { "Key": "Name", @@ -2907,7 +2889,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "arn:\${AWS::Partition}:s3:::\${CodeBucketName}/\${KeyName}/*", { "CodeBucketName": "solutions-eu-west-1", - "KeyName": "network-firewall-automation", + "KeyName": "centralized-network-inspection", }, ], }, @@ -2961,7 +2943,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio { "ParameterKey": { "Fn::FindInMap": [ - "Send", + "SolutionMapping", "ParameterKey", "UniqueId", ], @@ -3154,7 +3136,7 @@ exports[`Firewall Automation for Network Traffic on AWS NetworkFirewallAutomatio "arn:\${AWS::Partition}:s3:::\${CodeBucketName}/\${KeyName}/*", { "CodeBucketName": "solutions-eu-west-1", - "KeyName": "network-firewall-automation", + "KeyName": "centralized-network-inspection", }, ], }, diff --git a/source/test/network-firewall-automation-solution.test.ts b/source/test/centralized-network-inspection-solution.test.ts similarity index 56% rename from source/test/network-firewall-automation-solution.test.ts rename to source/test/centralized-network-inspection-solution.test.ts index 7d2bcae..b153ceb 100644 --- a/source/test/network-firewall-automation-solution.test.ts +++ b/source/test/centralized-network-inspection-solution.test.ts @@ -6,31 +6,31 @@ import { App, Stack } from 'aws-cdk-lib'; import { Template } from 'aws-cdk-lib/assertions'; import { - NetworkFirewallAutomationStack, - NetworkFirewallAutomationStackProps, -} from '../lib/network-firewall-automation-solution-stack'; + CentralizedNetworkInspectionStack, + CentralizedNetworkInspectionStackProps, +} from '../lib/centralized-network-inspection.stack'; function getTestStack(): Stack { const app = new App(); - const props: NetworkFirewallAutomationStackProps = { + const props: CentralizedNetworkInspectionStackProps = { env: { account: '1234', region: 'eu-west-1' }, solutionBucket: 'solutions', solutionId: 'SO0108', - solutionName: 'network-firewall-automation', + solutionName: 'centralized-network-inspection', solutionProvider: 'AWS Solutions Builders', - solutionTradeMarkName: 'network-firewall-automation', + solutionTradeMarkName: 'centralized-network-inspection', solutionVersion: 'v1.0.3', }; - return new NetworkFirewallAutomationStack(app, 'MyTestStack', props); + return new CentralizedNetworkInspectionStack(app, 'MyTestStack', props); } -describe('Firewall Automation for Network Traffic on AWS', () => { +describe('Centralized Network Inspection on AWS', () => { const stack = getTestStack(); const template = Template.fromStack(stack); /* * Snapshot test */ - test('NetworkFirewallAutomationStack Snapshot test', () => { + test('centralizedNetworkInspectionStack Snapshot test', () => { expect(template.toJSON()).toMatchSnapshot(); }); }); diff --git a/source/tsconfig.json b/source/tsconfig.json index 47007e6..efdeb9e 100644 --- a/source/tsconfig.json +++ b/source/tsconfig.json @@ -27,7 +27,7 @@ ], "exclude": [ "node_modules", - "networkFirewallAutomation" + "centralizedNetworkInspection" ], "_generated_by_jsii_": "Generated by jsii - safe to delete, and ideally should be in .gitignore" }