fix (MediaStore policy fix to deny anonymous user-agents access aws-cloudfront-mediastore) (#253)

* Fix for issue #252 mediastore policy bug found in the aws-cloudfront-mediastore module

* Fix for issue #252 mediastore policy bug updated the integ.default.expected.json file for new policy output. Tested deploying and see that requests to MediaStore are not allowed directly, only requests to CloudFront now make it to MediaStore. How it should be working I presume.

* Update index.ts

Fix indent spaces.

* Updated integ tests

Author: eggoynes

Diff for: source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/lib/index.ts

@@ -95,8 +95,10 @@ export class CloudFrontToMediaStore extends Construct {
               ],
               Resource: `arn:${Aws.PARTITION}:mediastore:${Aws.REGION}:${Aws.ACCOUNT_ID}:container/${Aws.STACK_NAME}/*`,
               Condition: {
+                StringEquals: {
+                  'aws:UserAgent': this.cloudFrontOriginAccessIdentity.originAccessIdentityName
+                },
                 Bool: {
-                  'aws:UserAgent': this.cloudFrontOriginAccessIdentity.originAccessIdentityName,
                   'aws:SecureTransport': 'true'
                 }
               }

Diff for: source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/__snapshots__/cloudfront-mediastore.test.js.snap

@@ -285,11 +285,11 @@ Object {
               Object {
                 "Ref": "AWS::StackName",
               },
-              "/*\\",\\"Condition\\":{\\"Bool\\":{\\"aws:UserAgent\\":\\"",
+              "/*\\",\\"Condition\\":{\\"StringEquals\\":{\\"aws:UserAgent\\":\\"",
               Object {
                 "Ref": "testcloudfrontmediastoreCloudFrontOriginAccessIdentity966405A0",
               },
-              "\\",\\"aws:SecureTransport\\":\\"true\\"}}}]}",
+              "\\"},\\"Bool\\":{\\"aws:SecureTransport\\":\\"true\\"}}}]}",
             ],
           ],
         },

Diff for: source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.default.expected.json

@@ -71,11 +71,11 @@
               {
                 "Ref": "AWS::StackName"
               },
-              "/*\",\"Condition\":{\"Bool\":{\"aws:UserAgent\":\"",
+              "/*\",\"Condition\":{\"StringEquals\":{\"aws:UserAgent\":\"",
               {
                 "Ref": "testcloudfrontmediastoreCloudFrontOriginAccessIdentity966405A0"
               },
-              "\",\"aws:SecureTransport\":\"true\"}}}]}"
+              "\"},\"Bool\":{\"aws:SecureTransport\":\"true\"}}}]}"
             ]
           ]
         }

Diff for: source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.withoutHttpSecurityHeaders.expected.json

@@ -71,11 +71,11 @@
               {
                 "Ref": "AWS::StackName"
               },
-              "/*\",\"Condition\":{\"Bool\":{\"aws:UserAgent\":\"",
+              "/*\",\"Condition\":{\"StringEquals\":{\"aws:UserAgent\":\"",
               {
                 "Ref": "testcloudfrontmediastoreCloudFrontOriginAccessIdentity966405A0"
               },
-              "\",\"aws:SecureTransport\":\"true\"}}}]}"
+              "\"},\"Bool\":{\"aws:SecureTransport\":\"true\"}}}]}"
             ]
           ]
         }