diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/lib/index.ts index 14f09e23c..2ceec6366 100755 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/lib/index.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/lib/index.ts @@ -116,14 +116,14 @@ export class ApiGatewayToIot extends Construct { Action: [ "iot:UpdateThingShadow" ], - Resource: `arn:aws:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:thing/*`, + Resource: `arn:${cdk.Aws.PARTITION}:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:thing/*`, Effect: "Allow" }, { Action: [ "iot:Publish" ], - Resource: `arn:aws:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:topic/*`, + Resource: `arn:${cdk.Aws.PARTITION}:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:topic/*`, Effect: "Allow" } ] diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.overrideParams.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.overrideParams.ts index 9a0a8077c..daa355713 100755 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.overrideParams.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/integ.overrideParams.ts @@ -40,14 +40,14 @@ const policyJSON = { Action: [ "iot:UpdateThingShadow" ], - Resource: `arn:aws:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:thing/*`, + Resource: `arn:${cdk.Aws.PARTITION}:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:thing/*`, Effect: "Allow" }, { Action: [ "iot:Publish" ], - Resource: `arn:aws:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:topic/*`, + Resource: `arn:${arn:${Aws.PARTITION}:Aws.PARTITION}:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:topic/*`, Effect: "Allow" } ] diff --git a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/test.apigateway-iot.test.ts b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/test.apigateway-iot.test.ts index c08940e8a..e46570869 100755 --- a/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/test.apigateway-iot.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-apigateway-iot/test/test.apigateway-iot.test.ts @@ -302,14 +302,14 @@ test('Test for overriden IAM Role', () => { Action: [ "iot:UpdateThingShadow" ], - Resource: `arn:aws:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:thing/mything1`, + Resource: `arn:$${cdk.Aws.PARTITION}:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:thing/mything1`, Effect: "Allow" }, { Action: [ "iot:Publish" ], - Resource: `arn:aws:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:topic/topic-abc`, + Resource: `arn:${cdk.Aws.PARTITION}:iot:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:topic/topic-abc`, Effect: "Allow" } ] diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.overrideProperties.ts b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.overrideProperties.ts index aebdc7138..8a4d21068 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.overrideProperties.ts +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.overrideProperties.ts @@ -31,7 +31,7 @@ const mediaStoreContainerProps: mediastore.CfnContainerProps = { Effect: 'Allow', Principal: '*', Action: 'mediastore:*', - Resource: `arn:aws:mediastore:${Aws.REGION}:${Aws.ACCOUNT_ID}:container/MyOwnMediaStoreContainer/*`, + Resource: `arn:${Aws.PARTITION}:mediastore:${Aws.REGION}:${Aws.ACCOUNT_ID}:container/MyOwnMediaStoreContainer/*`, Condition: { Bool: { "aws:SecureTransport": "true" } } diff --git a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts index 87119c19e..2a68ec16a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-cloudfront-s3/test/test.cloudfront-s3.test.ts @@ -228,7 +228,7 @@ test('test cloudfront disable cloudfront logging', () => { test('test cloudfront with custom domain names', () => { const stack = new cdk.Stack(); - const certificate = acm.Certificate.fromCertificateArn(stack, 'Cert', 'arn:aws:acm:us-east-1:123456789012:certificate/11112222-3333-1234-1234-123456789012'); + const certificate = acm.Certificate.fromCertificateArn(stack, 'Cert', 'arn:${Aws.PARTITION}:acm:us-east-1:123456789012:certificate/11112222-3333-1234-1234-123456789012'); const props: CloudFrontToS3Props = { cloudFrontDistributionProps: { diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/integ.deploy-with-vpc.expected.json b/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/integ.deploy-with-vpc.expected.json index fe9e3b981..633ac7fb6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/integ.deploy-with-vpc.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/integ.deploy-with-vpc.expected.json @@ -494,7 +494,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -513,7 +517,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -581,8 +589,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json index 948af5a03..925cb2b0b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-dynamodbstreams-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json @@ -424,7 +424,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -443,7 +447,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -511,8 +519,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/fargate-opensearch.test.ts b/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/fargate-opensearch.test.ts index 4d86fc396..11298d431 100644 --- a/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/fargate-opensearch.test.ts +++ b/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/fargate-opensearch.test.ts @@ -119,7 +119,11 @@ test('Test cognito dashboard role IAM policy', () => { "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + Ref: "AWS::Partition" + }, + ":cognito-identity:", { Ref: "AWS::Region" }, @@ -138,7 +142,11 @@ test('Test cognito dashboard role IAM policy', () => { "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + Ref: "AWS::Partition" + }, + ":es:", { Ref: "AWS::Region" }, diff --git a/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/integ.existing-resources.expected.json b/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/integ.existing-resources.expected.json index 7979e0e49..0ef3d92f0 100644 --- a/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/integ.existing-resources.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/integ.existing-resources.expected.json @@ -1241,7 +1241,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -1260,7 +1264,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -1320,8 +1328,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/integ.new-resources.expected.json b/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/integ.new-resources.expected.json index d8b77ef9b..75a18dc14 100644 --- a/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/integ.new-resources.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-fargate-opensearch/test/integ.new-resources.expected.json @@ -219,7 +219,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -238,7 +242,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -298,8 +306,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithClusterConfig.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithClusterConfig.expected.json index 9b687d5be..26720a9d6 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithClusterConfig.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithClusterConfig.expected.json @@ -423,7 +423,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -442,7 +446,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -510,8 +518,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithExistingVpc.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithExistingVpc.expected.json index a3b86b904..6e418e3cf 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithExistingVpc.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithExistingVpc.expected.json @@ -1097,7 +1097,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -1116,7 +1120,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -1184,8 +1192,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithVpcProps.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithVpcProps.expected.json index 3a3b0ea81..bfed54f4a 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithVpcProps.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployFunctionWithVpcProps.expected.json @@ -425,7 +425,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -444,7 +448,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -512,8 +520,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployToFiveZones.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployToFiveZones.expected.json index 430146924..d346757a0 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployToFiveZones.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.deployToFiveZones.expected.json @@ -427,7 +427,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -446,7 +450,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -514,7 +522,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.disabledZoneAwareness.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.disabledZoneAwareness.expected.json index 952399fd2..ce86b279b 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.disabledZoneAwareness.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.disabledZoneAwareness.expected.json @@ -419,7 +419,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -438,7 +442,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -506,7 +514,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json index 207e58345..ce7e90443 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.domain-arguments.expected.json @@ -362,7 +362,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -381,7 +385,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -449,7 +457,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json index 37e2c00cd..3903f2ecc 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-elasticsearch-kibana/test/integ.no-arguments.expected.json @@ -362,7 +362,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -381,7 +385,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -449,7 +457,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json index 8624352f7..1396aaae4 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.cluster-config.expected.json @@ -423,7 +423,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -442,7 +446,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -510,8 +518,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json index e936bc551..dcd151ef3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.disabled-zone-awareness.expected.json @@ -419,7 +419,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -438,7 +442,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -506,8 +514,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json index 3bb455180..7b0282fa7 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.domain-arguments.expected.json @@ -362,7 +362,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -381,7 +385,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -449,8 +457,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json index d9eb71c21..52f57dba3 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.existing-vpc.expected.json @@ -1097,7 +1097,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -1116,7 +1120,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -1184,8 +1192,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json index 52cb2b7e0..3d7a7573f 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.no-arguments.expected.json @@ -362,7 +362,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -381,7 +385,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -449,8 +457,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json index d84589b6f..ed70a5689 100644 --- a/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json +++ b/source/patterns/@aws-solutions-constructs/aws-lambda-opensearch/test/integ.vpc-props.expected.json @@ -425,7 +425,11 @@ "Fn::Join": [ "", [ - "arn:aws:cognito-identity:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":cognito-identity:", { "Ref": "AWS::Region" }, @@ -444,7 +448,11 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + "Ref": "AWS::Partition" + }, + ":es:", { "Ref": "AWS::Region" }, @@ -512,8 +520,12 @@ "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", { + "Ref": "AWS::Partition" + }, + ":es:", + { "Ref": "AWS::Region" }, ":", diff --git a/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-defaults.ts b/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-defaults.ts index f1b6127c3..aba901cc4 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-defaults.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-defaults.ts @@ -64,7 +64,7 @@ export function DefaultCfnDomainProps(domainName: string, cognitoKibanaConfigure 'es:ESHttp*' ], resources: [ - `arn:aws:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${domainName}/*` + `arn:${cdk.Aws.PARTITION}:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${domainName}/*` ] }) ] diff --git a/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-helper.ts index f6acbc76c..73e8d2a02 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/elasticsearch-helper.ts @@ -284,8 +284,8 @@ function createKibanaCognitoRole( ], resources: [ userPool.userPoolArn, - `arn:aws:cognito-identity:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:identitypool/${identitypool.ref}`, - `arn:aws:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${domainName}`, + `arn:${cdk.Aws.PARTITION}:cognito-identity:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:identitypool/${identitypool.ref}`, + `arn:${cdk.Aws.PARTITION}:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${domainName}`, ], }), new iam.PolicyStatement({ diff --git a/source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts index 406506975..55742820d 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-defaults.ts @@ -67,7 +67,7 @@ export function DefaultOpenSearchCfnDomainProps(domainName: string, cognitoConfi 'es:ESHttp*' ], resources: [ - `arn:aws:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${domainName}/*` + `arn:${cdk.Aws.PARTITION}:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${domainName}/*` ] }) ] diff --git a/source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts index 613ea64bd..b3844204f 100644 --- a/source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts +++ b/source/patterns/@aws-solutions-constructs/core/lib/opensearch-helper.ts @@ -282,8 +282,8 @@ function createDashboardCognitoRole( ], resources: [ userPool.userPoolArn, - `arn:aws:cognito-identity:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:identitypool/${identitypool.ref}`, - `arn:aws:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${domainName}`, + `arn:${cdk.Aws.PARTITION}:cognito-identity:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:identitypool/${identitypool.ref}`, + `arn:${cdk.Aws.PARTITION}:es:${cdk.Aws.REGION}:${cdk.Aws.ACCOUNT_ID}:domain/${domainName}`, ], }), new iam.PolicyStatement({ diff --git a/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts index 9ef9e7eec..a9b238ced 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/elasticsearch-helper.test.ts @@ -87,7 +87,11 @@ test('Test override SnapshotOptions for buildElasticSearch', () => { "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + Ref: "AWS::Partition" + }, + ":es:", { Ref: "AWS::Region" }, @@ -319,7 +323,11 @@ test('Test override ES version for buildElasticSearch', () => { "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + Ref: "AWS::Partition" + }, + ":es:", { Ref: "AWS::Region" }, @@ -410,7 +418,11 @@ test('Test ES with lambdaRoleARN', () => { "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + Ref: "AWS::Partition" + }, + ":es:", { Ref: "AWS::Region" }, diff --git a/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts b/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts index a279045fe..632dd4c92 100644 --- a/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts +++ b/source/patterns/@aws-solutions-constructs/core/test/opensearch-helper.test.ts @@ -79,7 +79,11 @@ test('Test override SnapshotOptions for buildOpenSearch', () => { "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + Ref: "AWS::Partition" + }, + ":es:", { Ref: "AWS::Region" }, @@ -283,7 +287,11 @@ test('Test engine version override for buildOpenSearch', () => { "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + Ref: "AWS::Partition" + }, + ":es:", { Ref: "AWS::Region" }, @@ -370,7 +378,11 @@ test('Test deployment with lambdaRoleARN', () => { "Fn::Join": [ "", [ - "arn:aws:es:", + "arn:", + { + Ref: "AWS::Partition" + }, + ":es:", { Ref: "AWS::Region" },