Fix more cfn_nag issues

biffgaut · biffgaut · commit 85346df30c14 · 2021-10-06T17:52:28.000-04:00
diff --git a/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.expected.json b/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.expected.json
@@ -666,7 +666,7 @@
         ]
       }
     },
-    "testroute53albtestroute53albalb7C171F50": {
+    "existingzonestackexistingzonestackalbCFB3D7E4": {
       "Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",
       "Properties": {
         "LoadBalancerAttributes": [
@@ -681,7 +681,7 @@
           {
             "Key": "access_logs.s3.bucket",
             "Value": {
-              "Ref": "testroute53albAC463A50"
+              "Ref": "existingzonestackEFB9F5B3"
             }
           },
           {
@@ -693,7 +693,7 @@
         "SecurityGroups": [
           {
             "Fn::GetAtt": [
-              "testroute53albtestroute53albalbSecurityGroupC3716E02",
+              "existingzonestackexistingzonestackalbSecurityGroup6F32DCA5",
               "GroupId"
             ]
           }
@@ -712,14 +712,14 @@
         "Type": "application"
       },
       "DependsOn": [
-        "testroute53albPolicy478FC0AF",
-        "testroute53albAC463A50"
+        "existingzonestackPolicyFEC9C88E",
+        "existingzonestackEFB9F5B3"
       ]
     },
-    "testroute53albtestroute53albalbSecurityGroupC3716E02": {
+    "existingzonestackexistingzonestackalbSecurityGroup6F32DCA5": {
       "Type": "AWS::EC2::SecurityGroup",
       "Properties": {
-        "GroupDescription": "Automatically created Security Group for ELB deployPrivateApiExistingZonetestroute53albtestroute53albalb73DF0A20",
+        "GroupDescription": "Automatically created Security Group for ELB deployPrivateApiExistingZoneexistingzonestackexistingzonestackalbFBEA12EB",
         "SecurityGroupEgress": [
           {
             "CidrIp": "255.255.255.255/32",
@@ -734,11 +734,21 @@
         }
       },
       "DependsOn": [
-        "testroute53albPolicy478FC0AF",
-        "testroute53albAC463A50"
-      ]
+        "existingzonestackPolicyFEC9C88E",
+        "existingzonestackEFB9F5B3"
+      ],
+      "Metadata": {
+        "cfn_nag": {
+          "rules_to_suppress": [
+            {
+              "id": "W29",
+              "reason": "CDK created rule that blocks all traffic."
+            }
+          ]
+        }
+      }
     },
-    "testroute53albAC463A50": {
+    "existingzonestackEFB9F5B3": {
       "Type": "AWS::S3::Bucket",
       "Properties": {
         "BucketEncryption": {
@@ -773,11 +783,11 @@
         }
       }
     },
-    "testroute53albPolicy478FC0AF": {
+    "existingzonestackPolicyFEC9C88E": {
       "Type": "AWS::S3::BucketPolicy",
       "Properties": {
         "Bucket": {
-          "Ref": "testroute53albAC463A50"
+          "Ref": "existingzonestackEFB9F5B3"
         },
         "PolicyDocument": {
           "Statement": [
@@ -799,7 +809,7 @@
                     [
                       {
                         "Fn::GetAtt": [
-                          "testroute53albAC463A50",
+                          "existingzonestackEFB9F5B3",
                           "Arn"
                         ]
                       },
@@ -809,7 +819,7 @@
                 },
                 {
                   "Fn::GetAtt": [
-                    "testroute53albAC463A50",
+                    "existingzonestackEFB9F5B3",
                     "Arn"
                   ]
                 }
@@ -842,7 +852,7 @@
                   [
                     {
                       "Fn::GetAtt": [
-                        "testroute53albAC463A50",
+                        "existingzonestackEFB9F5B3",
                         "Arn"
                       ]
                     },
@@ -860,7 +870,7 @@
         }
       }
     },
-    "testroute53albtestroute53albaliasCCC6DDF3": {
+    "existingzonestackexistingzonestackalias77D2E65D": {
       "Type": "AWS::Route53::RecordSet",
       "Properties": {
         "Name": "www.test-example.com.",
@@ -873,7 +883,7 @@
                 "dualstack.",
                 {
                   "Fn::GetAtt": [
-                    "testroute53albtestroute53albalb7C171F50",
+                    "existingzonestackexistingzonestackalbCFB3D7E4",
                     "DNSName"
                   ]
                 }
@@ -882,7 +892,7 @@
           },
           "HostedZoneId": {
             "Fn::GetAtt": [
-              "testroute53albtestroute53albalb7C171F50",
+              "existingzonestackexistingzonestackalbCFB3D7E4",
               "CanonicalHostedZoneID"
             ]
           }
diff --git a/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.ts b/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPrivateApiExistingZone.ts
@@ -16,11 +16,11 @@ import { App, Stack, Aws } from "@aws-cdk/core";
 import * as defaults from '@aws-solutions-constructs/core';
 import { PrivateHostedZone } from "@aws-cdk/aws-route53";
 import { Route53ToAlb, Route53ToAlbProps } from "../lib";
-import { generateIntegStackName } from '@aws-solutions-constructs/core';
+import { CfnSecurityGroup } from "@aws-cdk/aws-ec2";
 
 // Setup
 const app = new App();
-const stack = new Stack(app, generateIntegStackName(__filename), {
+const stack = new Stack(app, defaults.generateIntegStackName(__filename), {
   env: { account: Aws.ACCOUNT_ID, region: 'us-east-1' },
 });
 stack.templateOptions.description = 'Integration Test for aws-route53-alb';
@@ -46,7 +46,11 @@ const props: Route53ToAlbProps = {
   existingVpc: newVpc,
 };
 
-new Route53ToAlb(stack, 'test-route53-alb', props);
+const testConstruct = new Route53ToAlb(stack, 'existing-zone-stack', props);
+
+const newSecurityGroup = testConstruct.loadBalancer.connections.securityGroups[0].node.defaultChild as CfnSecurityGroup;
+defaults.addCfnSuppressRules(newSecurityGroup, [{ id: 'W29', reason: 'CDK created rule that blocks all traffic.'}]);
+
 
 // Synth
 app.synth();
diff --git a/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.expected.json b/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.expected.json
@@ -681,7 +681,6 @@
             "Value": ""
           }
         ],
-        "Name": "new-alb",
         "Scheme": "internet-facing",
         "SecurityGroups": [
           {
diff --git a/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.ts b/source/patterns/@aws-solutions-constructs/aws-route53-alb/test/integ.deployPublicApiNewAlb.ts
@@ -43,9 +43,6 @@ const props: Route53ToAlbProps = {
   publicApi: true,
   existingHostedZoneInterface: newZone,
   existingVpc: newVpc,
-  loadBalancerProps: {
-    loadBalancerName: 'new-alb',
-  }
 };
 
 const testConstruct = new Route53ToAlb(stack, 'new-alb-stack', props);

Original file line number	Diff line number	Diff line change
`@@ -666,7 +666,7 @@`
`666`	`666`	`]`
`667`	`667`	`}`
`668`	`668`	`},`
`669`		`- "testroute53albtestroute53albalb7C171F50": {`
	`669`	`+ "existingzonestackexistingzonestackalbCFB3D7E4": {`
`670`	`670`	`"Type": "AWS::ElasticLoadBalancingV2::LoadBalancer",`
`671`	`671`	`"Properties": {`
`672`	`672`	`"LoadBalancerAttributes": [`
`@@ -681,7 +681,7 @@`
`681`	`681`	`{`
`682`	`682`	`"Key": "access_logs.s3.bucket",`
`683`	`683`	`"Value": {`
`684`		`- "Ref": "testroute53albAC463A50"`
	`684`	`+ "Ref": "existingzonestackEFB9F5B3"`
`685`	`685`	`}`
`686`	`686`	`},`
`687`	`687`	`{`
`@@ -693,7 +693,7 @@`
`693`	`693`	`"SecurityGroups": [`
`694`	`694`	`{`
`695`	`695`	`"Fn::GetAtt": [`
`696`		`- "testroute53albtestroute53albalbSecurityGroupC3716E02",`
	`696`	`+ "existingzonestackexistingzonestackalbSecurityGroup6F32DCA5",`
`697`	`697`	`"GroupId"`
`698`	`698`	`]`
`699`	`699`	`}`
`@@ -712,14 +712,14 @@`
`712`	`712`	`"Type": "application"`
`713`	`713`	`},`
`714`	`714`	`"DependsOn": [`
`715`		`- "testroute53albPolicy478FC0AF",`
`716`		`- "testroute53albAC463A50"`
	`715`	`+ "existingzonestackPolicyFEC9C88E",`
	`716`	`+ "existingzonestackEFB9F5B3"`
`717`	`717`	`]`
`718`	`718`	`},`
`719`		`- "testroute53albtestroute53albalbSecurityGroupC3716E02": {`
	`719`	`+ "existingzonestackexistingzonestackalbSecurityGroup6F32DCA5": {`
`720`	`720`	`"Type": "AWS::EC2::SecurityGroup",`
`721`	`721`	`"Properties": {`
`722`		`- "GroupDescription": "Automatically created Security Group for ELB deployPrivateApiExistingZonetestroute53albtestroute53albalb73DF0A20",`
	`722`	`+ "GroupDescription": "Automatically created Security Group for ELB deployPrivateApiExistingZoneexistingzonestackexistingzonestackalbFBEA12EB",`
`723`	`723`	`"SecurityGroupEgress": [`
`724`	`724`	`{`
`725`	`725`	`"CidrIp": "255.255.255.255/32",`
`@@ -734,11 +734,21 @@`
`734`	`734`	`}`
`735`	`735`	`},`
`736`	`736`	`"DependsOn": [`
`737`		`- "testroute53albPolicy478FC0AF",`
`738`		`- "testroute53albAC463A50"`
`739`		`- ]`
	`737`	`+ "existingzonestackPolicyFEC9C88E",`
	`738`	`+ "existingzonestackEFB9F5B3"`
	`739`	`+ ],`
	`740`	`+ "Metadata": {`
	`741`	`+ "cfn_nag": {`
	`742`	`+ "rules_to_suppress": [`
	`743`	`+ {`
	`744`	`+ "id": "W29",`
	`745`	`+ "reason": "CDK created rule that blocks all traffic."`
	`746`	`+ }`
	`747`	`+ ]`
	`748`	`+ }`
	`749`	`+ }`
`740`	`750`	`},`
`741`		`- "testroute53albAC463A50": {`
	`751`	`+ "existingzonestackEFB9F5B3": {`
`742`	`752`	`"Type": "AWS::S3::Bucket",`
`743`	`753`	`"Properties": {`
`744`	`754`	`"BucketEncryption": {`
`@@ -773,11 +783,11 @@`
`773`	`783`	`}`
`774`	`784`	`}`
`775`	`785`	`},`
`776`		`- "testroute53albPolicy478FC0AF": {`
	`786`	`+ "existingzonestackPolicyFEC9C88E": {`
`777`	`787`	`"Type": "AWS::S3::BucketPolicy",`
`778`	`788`	`"Properties": {`
`779`	`789`	`"Bucket": {`
`780`		`- "Ref": "testroute53albAC463A50"`
	`790`	`+ "Ref": "existingzonestackEFB9F5B3"`
`781`	`791`	`},`
`782`	`792`	`"PolicyDocument": {`
`783`	`793`	`"Statement": [`
`@@ -799,7 +809,7 @@`
`799`	`809`	`[`
`800`	`810`	`{`
`801`	`811`	`"Fn::GetAtt": [`
`802`		`- "testroute53albAC463A50",`
	`812`	`+ "existingzonestackEFB9F5B3",`
`803`	`813`	`"Arn"`
`804`	`814`	`]`
`805`	`815`	`},`
`@@ -809,7 +819,7 @@`
`809`	`819`	`},`
`810`	`820`	`{`
`811`	`821`	`"Fn::GetAtt": [`
`812`		`- "testroute53albAC463A50",`
	`822`	`+ "existingzonestackEFB9F5B3",`
`813`	`823`	`"Arn"`
`814`	`824`	`]`
`815`	`825`	`}`
`@@ -842,7 +852,7 @@`
`842`	`852`	`[`
`843`	`853`	`{`
`844`	`854`	`"Fn::GetAtt": [`
`845`		`- "testroute53albAC463A50",`
	`855`	`+ "existingzonestackEFB9F5B3",`
`846`	`856`	`"Arn"`
`847`	`857`	`]`
`848`	`858`	`},`
`@@ -860,7 +870,7 @@`
`860`	`870`	`}`
`861`	`871`	`}`
`862`	`872`	`},`
`863`		`- "testroute53albtestroute53albaliasCCC6DDF3": {`
	`873`	`+ "existingzonestackexistingzonestackalias77D2E65D": {`
`864`	`874`	`"Type": "AWS::Route53::RecordSet",`
`865`	`875`	`"Properties": {`
`866`	`876`	`"Name": "www.test-example.com.",`
`@@ -873,7 +883,7 @@`
`873`	`883`	`"dualstack.",`
`874`	`884`	`{`
`875`	`885`	`"Fn::GetAtt": [`
`876`		`- "testroute53albtestroute53albalb7C171F50",`
	`886`	`+ "existingzonestackexistingzonestackalbCFB3D7E4",`
`877`	`887`	`"DNSName"`
`878`	`888`	`]`
`879`	`889`	`}`
`@@ -882,7 +892,7 @@`
`882`	`892`	`},`
`883`	`893`	`"HostedZoneId": {`
`884`	`894`	`"Fn::GetAtt": [`
`885`		`- "testroute53albtestroute53albalb7C171F50",`
	`895`	`+ "existingzonestackexistingzonestackalbCFB3D7E4",`
`886`	`896`	`"CanonicalHostedZoneID"`
`887`	`897`	`]`
`888`	`898`	`}`
Original file line number	Diff line number	Diff line change
`@@ -681,7 +681,6 @@`
`681`	`681`	`"Value": ""`
`682`	`682`	`}`
`683`	`683`	`],`
`684`		`- "Name": "new-alb",`
`685`	`684`	`"Scheme": "internet-facing",`
`686`	`685`	`"SecurityGroups": [`
`687`	`686`	`{`