diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.asset-build-spec.js.snapshot/CodeBuildAssetBuildSpecStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.asset-build-spec.js.snapshot/CodeBuildAssetBuildSpecStack.template.json index c4231385ef554..ecc682e19a3e5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.asset-build-spec.js.snapshot/CodeBuildAssetBuildSpecStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.asset-build-spec.js.snapshot/CodeBuildAssetBuildSpecStack.template.json @@ -26,6 +26,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.caching.js.snapshot/aws-cdk-codebuild.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.caching.js.snapshot/aws-cdk-codebuild.template.json index bb229d9f143c6..542e17c5c0896 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.caching.js.snapshot/aws-cdk-codebuild.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.caching.js.snapshot/aws-cdk-codebuild.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-bucket.js.snapshot/aws-cdk-codebuild.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-bucket.js.snapshot/aws-cdk-codebuild.template.json index 2e7587aa97929..1936d7f043131 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-bucket.js.snapshot/aws-cdk-codebuild.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-bucket.js.snapshot/aws-cdk-codebuild.template.json @@ -31,6 +31,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-buildspec-artifacts.js.snapshot/aws-cdk-codebuild-buildspec-artifact-name.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-buildspec-artifacts.js.snapshot/aws-cdk-codebuild-buildspec-artifact-name.template.json index 5267ba939c5d5..8cf406cca010d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-buildspec-artifacts.js.snapshot/aws-cdk-codebuild-buildspec-artifact-name.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-buildspec-artifacts.js.snapshot/aws-cdk-codebuild-buildspec-artifact-name.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-secondary-sources-artifacts.js.snapshot/aws-cdk-codebuild-secondary-sources-artifacts.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-secondary-sources-artifacts.js.snapshot/aws-cdk-codebuild-secondary-sources-artifacts.template.json index 05e907f202018..c25aab78a7ae4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-secondary-sources-artifacts.js.snapshot/aws-cdk-codebuild-secondary-sources-artifacts.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-secondary-sources-artifacts.js.snapshot/aws-cdk-codebuild-secondary-sources-artifacts.template.json @@ -31,6 +31,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -63,6 +64,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codedeploy/test/server/integ.deployment-group.js.snapshot/aws-cdk-codedeploy-server-dg.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codedeploy/test/server/integ.deployment-group.js.snapshot/aws-cdk-codedeploy-server-dg.template.json index 4875a40c9139a..eee7773e28624 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codedeploy/test/server/integ.deployment-group.js.snapshot/aws-cdk-codedeploy-server-dg.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codedeploy/test/server/integ.deployment-group.js.snapshot/aws-cdk-codedeploy-server-dg.template.json @@ -445,6 +445,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/cloudformation/integ.stacksets.js.snapshot/StackSetPipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/cloudformation/integ.stacksets.js.snapshot/StackSetPipelineStack.template.json index fa3757f93ac36..40eac48b94faa 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/cloudformation/integ.stacksets.js.snapshot/StackSetPipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/cloudformation/integ.stacksets.js.snapshot/StackSetPipelineStack.template.json @@ -170,6 +170,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -392,6 +393,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -556,6 +558,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json index 15cbb079c47d0..c0d51abdd7a72 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json @@ -158,6 +158,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -433,6 +434,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -558,6 +560,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -668,6 +671,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.js.snapshot/PipelineStack.template.json index 3f2e680f53298..68b1c9684baae 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.js.snapshot/PipelineStack.template.json @@ -152,6 +152,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -497,6 +498,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -614,6 +616,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -923,6 +926,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1031,6 +1035,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1347,6 +1352,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1558,6 +1564,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-pipeline.js.snapshot/aws-cdk-codepipeline-lambda.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-pipeline.js.snapshot/aws-cdk-codepipeline-lambda.template.json index 4ce100cedd9f4..18165949185e2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-pipeline.js.snapshot/aws-cdk-codepipeline-lambda.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-pipeline.js.snapshot/aws-cdk-codepipeline-lambda.template.json @@ -152,6 +152,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -360,6 +361,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.js.snapshot/aws-cdk-codepipeline-alexa-deploy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.js.snapshot/aws-cdk-codepipeline-alexa-deploy.template.json index 04020db26c6bd..788098628cb16 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.js.snapshot/aws-cdk-codepipeline-alexa-deploy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.js.snapshot/aws-cdk-codepipeline-alexa-deploy.template.json @@ -162,6 +162,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -361,6 +362,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region.template.json index b2db804374e1e..f104bc125995d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region.template.json @@ -38,6 +38,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -233,6 +234,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -351,6 +353,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -438,6 +441,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region-with-action-role.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region-with-action-role.template.json index 54333dbbb4f01..f883b801913e1 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region-with-action-role.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region-with-action-role.template.json @@ -66,6 +66,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -163,6 +164,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -356,6 +358,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -453,6 +456,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json index f12bb1627bece..215070aa4ee9c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json @@ -152,6 +152,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -408,6 +409,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -535,6 +537,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -672,6 +675,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.js.snapshot/aws-cdk-codepipeline-codebuild-batch.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.js.snapshot/aws-cdk-codepipeline-codebuild-batch.template.json index 3a98cdabf9392..da473b93c7885 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.js.snapshot/aws-cdk-codepipeline-codebuild-batch.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.js.snapshot/aws-cdk-codepipeline-codebuild-batch.template.json @@ -109,6 +109,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -425,6 +426,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.js.snapshot/aws-cdk-codepipeline-codebuild-multiple-inputs-outputs.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.js.snapshot/aws-cdk-codepipeline-codebuild-multiple-inputs-outputs.template.json index 03592efd7cdfd..14ab6e2a8be7d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.js.snapshot/aws-cdk-codepipeline-codebuild-multiple-inputs-outputs.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.js.snapshot/aws-cdk-codepipeline-codebuild-multiple-inputs-outputs.template.json @@ -109,6 +109,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -170,6 +171,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -530,6 +532,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.js.snapshot/aws-cdk-codepipeline-codecommit-codebuild.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.js.snapshot/aws-cdk-codepipeline-codecommit-codebuild.template.json index 7ab7817439e35..86e155cbb057d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.js.snapshot/aws-cdk-codepipeline-codecommit-codebuild.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.js.snapshot/aws-cdk-codepipeline-codecommit-codebuild.template.json @@ -91,6 +91,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -358,6 +359,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -614,6 +616,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit.js.snapshot/aws-cdk-codepipeline-codecommit.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit.js.snapshot/aws-cdk-codepipeline-codecommit.template.json index 6a88f7d4af098..eb5211cb3b5a8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit.js.snapshot/aws-cdk-codepipeline-codecommit.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit.js.snapshot/aws-cdk-codepipeline-codecommit.template.json @@ -223,6 +223,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -431,6 +432,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.js.snapshot/aws-cdk-codepipeline-codedeploy-ecs.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.js.snapshot/aws-cdk-codepipeline-codedeploy-ecs.template.json index d48839f3050d7..919517508d92e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.js.snapshot/aws-cdk-codepipeline-codedeploy-ecs.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.js.snapshot/aws-cdk-codepipeline-codedeploy-ecs.template.json @@ -38,6 +38,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -230,6 +231,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -438,6 +440,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy.js.snapshot/aws-cdk-codepipeline-codedeploy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy.js.snapshot/aws-cdk-codepipeline-codedeploy.template.json index 3bcb10a14b4da..db00e99d10a16 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy.js.snapshot/aws-cdk-codepipeline-codedeploy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy.js.snapshot/aws-cdk-codepipeline-codedeploy.template.json @@ -112,6 +112,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -302,6 +303,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -505,6 +507,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecr-source.js.snapshot/aws-cdk-codepipeline-ecr-source.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecr-source.js.snapshot/aws-cdk-codepipeline-ecr-source.template.json index 43e63a1eaea6e..d3589288e8ed4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecr-source.js.snapshot/aws-cdk-codepipeline-ecr-source.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecr-source.js.snapshot/aws-cdk-codepipeline-ecr-source.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.js.snapshot/aws-cdk-codepipeline-ecs-deploy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.js.snapshot/aws-cdk-codepipeline-ecs-deploy.template.json index 67d54e84dc3e0..60586509dba79 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.js.snapshot/aws-cdk-codepipeline-ecs-deploy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.js.snapshot/aws-cdk-codepipeline-ecs-deploy.template.json @@ -444,6 +444,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -597,6 +598,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -833,6 +835,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1032,6 +1035,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.js.snapshot/aws-cdk-pipeline-ecs-separate-sources.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.js.snapshot/aws-cdk-pipeline-ecs-separate-sources.template.json index bfd16eae92f25..502779cf94763 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.js.snapshot/aws-cdk-pipeline-ecs-separate-sources.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.js.snapshot/aws-cdk-pipeline-ecs-separate-sources.template.json @@ -145,6 +145,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -384,6 +385,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -630,6 +632,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -943,6 +946,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1044,6 +1048,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1337,6 +1342,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1432,6 +1438,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json index a37d6bc6997d6..eda0364eafc4a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json @@ -227,6 +227,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -270,6 +271,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -476,6 +478,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -672,6 +675,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -809,6 +813,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-events.js.snapshot/aws-cdk-pipeline-event-target.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-events.js.snapshot/aws-cdk-pipeline-event-target.template.json index ca0a6faba2e5e..86c50d9c3a158 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-events.js.snapshot/aws-cdk-pipeline-event-target.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-events.js.snapshot/aws-cdk-pipeline-event-target.template.json @@ -152,6 +152,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -375,6 +376,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -766,6 +768,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-jenkins.js.snapshot/aws-cdk-codepipeline-jenkins.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-jenkins.js.snapshot/aws-cdk-codepipeline-jenkins.template.json index f32415ad85d69..78064d34b378f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-jenkins.js.snapshot/aws-cdk-codepipeline-jenkins.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-jenkins.js.snapshot/aws-cdk-codepipeline-jenkins.template.json @@ -38,6 +38,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -250,6 +251,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-manual-approval.js.snapshot/aws-cdk-codepipeline-manual-approval.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-manual-approval.js.snapshot/aws-cdk-codepipeline-manual-approval.template.json index cad0f8daf8000..ba7fe9e6911ab 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-manual-approval.js.snapshot/aws-cdk-codepipeline-manual-approval.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-manual-approval.js.snapshot/aws-cdk-codepipeline-manual-approval.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -215,6 +216,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.js.snapshot/aws-cdk-codepipeline-s3-deploy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.js.snapshot/aws-cdk-codepipeline-s3-deploy.template.json index 793c34ba09d50..5f3b15d03a8a8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.js.snapshot/aws-cdk-codepipeline-s3-deploy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.js.snapshot/aws-cdk-codepipeline-s3-deploy.template.json @@ -392,6 +392,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -658,6 +659,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -841,6 +843,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -969,6 +972,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.js.snapshot/aws-cdk-codepipeline-stepfunctions.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.js.snapshot/aws-cdk-codepipeline-stepfunctions.template.json index 567555af9ce77..138fd0a82319b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.js.snapshot/aws-cdk-codepipeline-stepfunctions.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.js.snapshot/aws-cdk-codepipeline-stepfunctions.template.json @@ -186,6 +186,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -396,6 +397,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.js.snapshot/integ-pipeline-consumer-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.js.snapshot/integ-pipeline-consumer-stack.template.json index 01c46d2b4fe2e..37a05d3db7569 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.js.snapshot/integ-pipeline-consumer-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.js.snapshot/integ-pipeline-consumer-stack.template.json @@ -148,6 +148,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -382,6 +383,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -761,6 +763,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/s3/integ.source-bucket-events-cross-stack-same-env.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/s3/integ.source-bucket-events-cross-stack-same-env.js.snapshot/PipelineStack.template.json index 5c9baff630942..50f7d17a513fc 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/s3/integ.source-bucket-events-cross-stack-same-env.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/s3/integ.source-bucket-events-cross-stack-same-env.js.snapshot/PipelineStack.template.json @@ -117,6 +117,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -355,6 +356,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -568,6 +570,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/integ-init.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/integ-init.template.json index 26b583d04e478..bc2131c94c226 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/integ-init.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.instance-init.js.snapshot/integ-init.template.json @@ -445,6 +445,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.template.json index 94d0972fad1da..bd500a75311e9 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.template.json @@ -1248,6 +1248,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1291,6 +1292,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.template.json index 9a70d0f6035ba..af48a16650997 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-imported.js.snapshot/aws-cdk-eks-import-cluster-test.template.json @@ -545,6 +545,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-ipv6.js.snapshot/aws-cdk-eks-cluster-ipv6-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-ipv6.js.snapshot/aws-cdk-eks-cluster-ipv6-test.template.json index e2feaf3af783f..781271a8b1208 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-ipv6.js.snapshot/aws-cdk-eks-cluster-ipv6-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster-ipv6.js.snapshot/aws-cdk-eks-cluster-ipv6-test.template.json @@ -723,6 +723,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.template.json index 48cbdeacf1e9f..e65a92eba98a3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-cluster.js.snapshot/aws-cdk-eks-cluster-test.template.json @@ -571,6 +571,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json index 34f22196836b3..33918897a2b22 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-eks/test/integ.eks-helm-asset.js.snapshot/aws-cdk-eks-helm-test.template.json @@ -544,6 +544,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/codepipeline/integ.pipeline-event-target.js.snapshot/pipeline-events.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/codepipeline/integ.pipeline-event-target.js.snapshot/pipeline-events.template.json index 99b4ce0e9452a..3f2debc2c7f22 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/codepipeline/integ.pipeline-event-target.js.snapshot/pipeline-events.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/codepipeline/integ.pipeline-event-target.js.snapshot/pipeline-events.template.json @@ -158,6 +158,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.js.snapshot/aws-cdk-firehose-event-target.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.js.snapshot/aws-cdk-firehose-event-target.template.json index 592f4eef1579f..bf2be6f908673 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.js.snapshot/aws-cdk-firehose-event-target.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.js.snapshot/aws-cdk-firehose-event-target.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.js.snapshot/aws-cdk-rds-s3-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.js.snapshot/aws-cdk-rds-s3-integ.template.json index 4e07f44f347c8..a7190500d87a2 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.js.snapshot/aws-cdk-rds-s3-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.js.snapshot/aws-cdk-rds-s3-integ.template.json @@ -518,6 +518,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -550,6 +551,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.mysql-8.js.snapshot/aws-cdk-rds-s3-mysql-8-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.mysql-8.js.snapshot/aws-cdk-rds-s3-mysql-8-integ.template.json index 2ac33a1ea212d..25376719dcd64 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.mysql-8.js.snapshot/aws-cdk-rds-s3-mysql-8-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.mysql-8.js.snapshot/aws-cdk-rds-s3-mysql-8-integ.template.json @@ -454,6 +454,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json index 0062655ad554e..8e591599f81e4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json @@ -421,6 +421,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -486,6 +487,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json index 044db26f317fb..314e2681a8bab 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json @@ -457,6 +457,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -489,6 +490,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json index 241b6f086f955..c7cdebd7967cb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json @@ -12,6 +12,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.directory.lit.js.snapshot/aws-cdk-asset-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.directory.lit.js.snapshot/aws-cdk-asset-test.template.json index 241b6f086f955..c7cdebd7967cb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.directory.lit.js.snapshot/aws-cdk-asset-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.directory.lit.js.snapshot/aws-cdk-asset-test.template.json @@ -12,6 +12,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file-bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file-bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json index 241b6f086f955..c7cdebd7967cb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file-bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file-bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json @@ -12,6 +12,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file.lit.js.snapshot/aws-cdk-asset-file-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file.lit.js.snapshot/aws-cdk-asset-file-test.template.json index 241b6f086f955..c7cdebd7967cb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file.lit.js.snapshot/aws-cdk-asset-file-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file.lit.js.snapshot/aws-cdk-asset-file-test.template.json @@ -12,6 +12,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.permissions.lit.js.snapshot/aws-cdk-asset-refs.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.permissions.lit.js.snapshot/aws-cdk-asset-refs.template.json index 20afa25c70cd8..369c90ccb4c1b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.permissions.lit.js.snapshot/aws-cdk-asset-refs.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.permissions.lit.js.snapshot/aws-cdk-asset-refs.template.json @@ -12,6 +12,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.refs.lit.js.snapshot/aws-cdk-asset-refs.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.refs.lit.js.snapshot/aws-cdk-asset-refs.template.json index 855b59b64f45c..75193d8d0d39b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.refs.lit.js.snapshot/aws-cdk-asset-refs.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.refs.lit.js.snapshot/aws-cdk-asset-refs.template.json @@ -32,6 +32,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.js.snapshot/test-bucket-deployments-1.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.js.snapshot/test-bucket-deployments-1.template.json index da66b0e50e4b2..7d4ca1b2e18b7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.js.snapshot/test-bucket-deployments-1.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.js.snapshot/test-bucket-deployments-1.template.json @@ -278,6 +278,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -321,6 +322,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-data.js.snapshot/TestBucketDeploymentContent.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-data.js.snapshot/TestBucketDeploymentContent.template.json index b0e4fc31a8ca8..33577b4db6e3b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-data.js.snapshot/TestBucketDeploymentContent.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-data.js.snapshot/TestBucketDeploymentContent.template.json @@ -150,6 +150,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -193,6 +194,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.js.snapshot/test-bucket-deployment-deployed-bucket.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.js.snapshot/test-bucket-deployment-deployed-bucket.template.json index 115732d465c8c..3d1bb4a8c9240 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.js.snapshot/test-bucket-deployment-deployed-bucket.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.js.snapshot/test-bucket-deployment-deployed-bucket.template.json @@ -230,6 +230,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -273,6 +274,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-signcontent.js.snapshot/test-bucket-deployment-signobject.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-signcontent.js.snapshot/test-bucket-deployment-signobject.template.json index 03ca1cce00a89..f406e27b3f7b9 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-signcontent.js.snapshot/test-bucket-deployment-signobject.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-signcontent.js.snapshot/test-bucket-deployment-signobject.template.json @@ -257,6 +257,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -300,6 +301,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution-with-role.js.snapshot/cdk-s3-deploy-substitution-with-role.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution-with-role.js.snapshot/cdk-s3-deploy-substitution-with-role.template.json index 44198da1f0327..a99d3e9e971dc 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution-with-role.js.snapshot/cdk-s3-deploy-substitution-with-role.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution-with-role.js.snapshot/cdk-s3-deploy-substitution-with-role.template.json @@ -39,6 +39,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -82,6 +83,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution.js.snapshot/test-s3-deploy-substitution.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution.js.snapshot/test-s3-deploy-substitution.template.json index 93b685cc2d1ee..ef5eed4a95adf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution.js.snapshot/test-s3-deploy-substitution.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution.js.snapshot/test-s3-deploy-substitution.template.json @@ -151,6 +151,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -194,6 +195,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment.js.snapshot/test-bucket-deployments-2.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment.js.snapshot/test-bucket-deployments-2.template.json index d80d57e102eab..68f3285c915ec 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment.js.snapshot/test-bucket-deployments-2.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment.js.snapshot/test-bucket-deployments-2.template.json @@ -239,6 +239,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -282,6 +283,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1182,6 +1184,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1225,6 +1228,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-sharing.js.snapshot/ConsumerStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-sharing.js.snapshot/ConsumerStack.template.json index 906df6ecc3ff8..293e7cdc9d5c5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-sharing.js.snapshot/ConsumerStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-sharing.js.snapshot/ConsumerStack.template.json @@ -14,6 +14,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json index addecf1a07382..78ab63dfdc92a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json @@ -88,6 +88,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -139,6 +140,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.nested-stack-in-product-stack.js.snapshot/aws-cdk-nested-stack-in-product-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.nested-stack-in-product-stack.js.snapshot/aws-cdk-nested-stack-in-product-stack.template.json index 354f8a3602b44..d6086606484c5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.nested-stack-in-product-stack.js.snapshot/aws-cdk-nested-stack-in-product-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.nested-stack-in-product-stack.js.snapshot/aws-cdk-nested-stack-in-product-stack.template.json @@ -98,6 +98,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -134,6 +135,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.encrypted.asset.js.snapshot/integ-servicecatalog-product-encrypted-asset.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.encrypted.asset.js.snapshot/integ-servicecatalog-product-encrypted-asset.template.json index 15eaefe8acb9d..27ea4dca200e0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.encrypted.asset.js.snapshot/integ-servicecatalog-product-encrypted-asset.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.encrypted.asset.js.snapshot/integ-servicecatalog-product-encrypted-asset.template.json @@ -386,6 +386,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -422,6 +423,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.js.snapshot/integ-servicecatalog-product.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.js.snapshot/integ-servicecatalog-product.template.json index fb9e0740f7335..6435efcacbc9f 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.js.snapshot/integ-servicecatalog-product.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.js.snapshot/integ-servicecatalog-product.template.json @@ -246,6 +246,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -282,6 +283,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.two-products.js.snapshot/integ-servicecatalog-two-products.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.two-products.js.snapshot/integ-servicecatalog-two-products.template.json index a7a63627c886d..4fba990982455 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.two-products.js.snapshot/integ-servicecatalog-two-products.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.two-products.js.snapshot/integ-servicecatalog-two-products.template.json @@ -257,6 +257,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -293,6 +294,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json index cea9167958a72..58c677a74c37c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json @@ -1087,6 +1087,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json index 883741e07b733..714cfcf2fb6c0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.glue-task.js.snapshot/aws-stepfunctions-integ.template.json @@ -40,6 +40,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json index e054ff5a5c807..7066e276b5f68 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/glue/integ.start-job-run.js.snapshot/aws-stepfunctions-integ.template.json @@ -40,6 +40,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.js.snapshot/aws-stepfunctions-integ-sagemaker.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.js.snapshot/aws-stepfunctions-integ-sagemaker.template.json index b1f00c6fb8c47..aafd7db7895e0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.js.snapshot/aws-stepfunctions-integ-sagemaker.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.call-sagemaker.js.snapshot/aws-stepfunctions-integ-sagemaker.template.json @@ -105,6 +105,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job.js.snapshot/integ-stepfunctions-sagemaker.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job.js.snapshot/integ-stepfunctions-sagemaker.template.json index c3525778207e9..129bfaa822cb5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job.js.snapshot/integ-stepfunctions-sagemaker.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/sagemaker/integ.create-training-job.js.snapshot/integ-stepfunctions-sagemaker.template.json @@ -105,6 +105,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codebuild-logging.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codebuild-logging.js.snapshot/PipelineStack.template.json index 66eefea24034b..5dd43677474af 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codebuild-logging.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codebuild-logging.js.snapshot/PipelineStack.template.json @@ -68,6 +68,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -152,6 +153,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -2053,6 +2055,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -2410,6 +2413,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-cross-account-keys.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-cross-account-keys.js.snapshot/PipelineStack.template.json index bc3610a87c7cb..1e76b9a29c247 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-cross-account-keys.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-cross-account-keys.js.snapshot/PipelineStack.template.json @@ -157,6 +157,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -241,6 +242,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -2102,6 +2104,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -2405,6 +2408,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-file-system-locations.js.snapshot/PipelinesFileSystemLocations.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-file-system-locations.js.snapshot/PipelinesFileSystemLocations.template.json index f9db4786bc4a3..7429d4c73766c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-file-system-locations.js.snapshot/PipelinesFileSystemLocations.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-file-system-locations.js.snapshot/PipelinesFileSystemLocations.template.json @@ -601,6 +601,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -685,6 +686,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1006,6 +1008,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1273,6 +1276,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1687,6 +1691,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-vpc.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-vpc.js.snapshot/PipelineStack.template.json index 5144b7a84f1a8..631b00ea21fbd 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-vpc.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-vpc.js.snapshot/PipelineStack.template.json @@ -459,6 +459,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -543,6 +544,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1125,6 +1127,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1565,6 +1568,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1894,6 +1898,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline.js.snapshot/PipelineStack.template.json index 476a2b6f3ea0c..b07adfe1daa4c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline.js.snapshot/PipelineStack.template.json @@ -68,6 +68,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -152,6 +153,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1988,6 +1990,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -2270,6 +2273,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json index 31b8ac763d327..c98a018d86e70 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json @@ -298,6 +298,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -382,6 +383,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1555,6 +1557,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1822,6 +1825,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -2543,6 +2547,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -2887,6 +2892,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-artifact-bucket.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-artifact-bucket.js.snapshot/PipelineStack.template.json index 1490697d192bd..3c961b2f619bb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-artifact-bucket.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-artifact-bucket.js.snapshot/PipelineStack.template.json @@ -38,6 +38,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -266,6 +267,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -456,6 +458,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -738,6 +741,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json index 4bfa5d8e80181..d092e6c4fbf82 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json @@ -298,6 +298,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -382,6 +383,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -846,6 +848,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1113,6 +1116,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1454,6 +1458,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1691,6 +1696,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1894,6 +1900,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.js.snapshot/PipelineStack.template.json index 97408341b8cdb..a27d07f9c57b0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.js.snapshot/PipelineStack.template.json @@ -298,6 +298,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -382,6 +383,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -873,6 +875,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1140,6 +1143,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1481,6 +1485,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1718,6 +1723,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1921,6 +1927,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.js.snapshot/StackOutputPipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.js.snapshot/StackOutputPipelineStack.template.json index a6f1c9de03e0f..0fd2d313a8caf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.js.snapshot/StackOutputPipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.js.snapshot/StackOutputPipelineStack.template.json @@ -73,6 +73,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -157,6 +158,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -818,6 +820,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-variables.js.snapshot/VariablePipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-variables.js.snapshot/VariablePipelineStack.template.json index 811c2f4d1eb6a..e4a9253265f30 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-variables.js.snapshot/VariablePipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-variables.js.snapshot/VariablePipelineStack.template.json @@ -239,6 +239,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -493,6 +494,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -683,6 +685,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -783,6 +786,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -909,6 +913,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1017,6 +1022,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1143,6 +1149,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.js.snapshot/PreparelessPipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.js.snapshot/PreparelessPipelineStack.template.json index 90ccb6edb4c14..c71f77f851a42 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.js.snapshot/PreparelessPipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.js.snapshot/PreparelessPipelineStack.template.json @@ -210,6 +210,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -294,6 +295,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -584,6 +586,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -774,6 +777,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json index 77fe88343914b..e3e2f396ad8ba 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json @@ -298,6 +298,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -382,6 +383,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -808,6 +810,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1075,6 +1078,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1416,6 +1420,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1653,6 +1658,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json index ca7bac420615b..5e66c5e65976e 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json @@ -54,6 +54,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json index ca7bac420615b..72c93cb35d17e 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json @@ -54,6 +54,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -343,6 +344,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-appconfig-alpha/test/integ.configuration.js.snapshot/aws-appconfig-configuration.template.json b/packages/@aws-cdk/aws-appconfig-alpha/test/integ.configuration.js.snapshot/aws-appconfig-configuration.template.json index 6dbdcb9b930ac..d7abb505cc66f 100644 --- a/packages/@aws-cdk/aws-appconfig-alpha/test/integ.configuration.js.snapshot/aws-appconfig-configuration.template.json +++ b/packages/@aws-cdk/aws-appconfig-alpha/test/integ.configuration.js.snapshot/aws-appconfig-configuration.template.json @@ -590,6 +590,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -633,6 +634,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1237,6 +1239,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1450,6 +1453,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1611,6 +1615,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-apprunner-alpha/test/service.test.ts b/packages/@aws-cdk/aws-apprunner-alpha/test/service.test.ts index d73b9cf0d7a16..ed1e2801c0068 100644 --- a/packages/@aws-cdk/aws-apprunner-alpha/test/service.test.ts +++ b/packages/@aws-cdk/aws-apprunner-alpha/test/service.test.ts @@ -1301,6 +1301,7 @@ test('Service is grantable', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], Resource: [ diff --git a/packages/@aws-cdk/aws-glue-alpha/test/code.test.ts b/packages/@aws-cdk/aws-glue-alpha/test/code.test.ts index f67d6f71526b4..20283841aaf94 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/code.test.ts +++ b/packages/@aws-cdk/aws-glue-alpha/test/code.test.ts @@ -43,6 +43,7 @@ describe('Code', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], Effect: 'Allow', @@ -152,6 +153,7 @@ describe('Code', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], Effect: 'Allow', diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job-python-shell.js.snapshot/aws-glue-job-python-shell.template.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.job-python-shell.js.snapshot/aws-glue-job-python-shell.template.json index dece180ae8219..27710430569eb 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job-python-shell.js.snapshot/aws-glue-job-python-shell.template.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job-python-shell.js.snapshot/aws-glue-job-python-shell.template.json @@ -40,6 +40,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -166,6 +167,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json index e524ee21d34da..038577fa9674b 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json @@ -42,6 +42,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -77,6 +78,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -271,6 +273,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -400,6 +403,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -435,6 +439,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -629,6 +634,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -758,6 +764,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -793,6 +800,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -987,6 +995,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1114,6 +1123,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1239,6 +1249,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1364,6 +1375,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1492,6 +1504,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.table.js.snapshot/aws-cdk-glue.template.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.table.js.snapshot/aws-cdk-glue.template.json index 75020f0d007ad..a6af791ac5366 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.table.js.snapshot/aws-cdk-glue.template.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.table.js.snapshot/aws-cdk-glue.template.json @@ -774,6 +774,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -966,6 +967,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts b/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts index cfea34c396147..9b2dcc7fc0378 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts +++ b/packages/@aws-cdk/aws-glue-alpha/test/job.test.ts @@ -68,6 +68,7 @@ describe('Job', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], Effect: 'Allow', @@ -484,6 +485,7 @@ describe('Job', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', @@ -573,6 +575,7 @@ describe('Job', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', @@ -672,6 +675,7 @@ describe('Job', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', diff --git a/packages/@aws-cdk/aws-glue-alpha/test/s3-table.test.ts b/packages/@aws-cdk/aws-glue-alpha/test/s3-table.test.ts index c5e498ad61c41..3283dab446f4c 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/s3-table.test.ts +++ b/packages/@aws-cdk/aws-glue-alpha/test/s3-table.test.ts @@ -792,6 +792,7 @@ describe('grants', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], Effect: 'Allow', @@ -1001,6 +1002,7 @@ describe('grants', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', diff --git a/packages/@aws-cdk/aws-glue-alpha/test/table-deprecated.test.ts b/packages/@aws-cdk/aws-glue-alpha/test/table-deprecated.test.ts index 9803d72a36240..62d803f079b5a 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/table-deprecated.test.ts +++ b/packages/@aws-cdk/aws-glue-alpha/test/table-deprecated.test.ts @@ -1118,6 +1118,7 @@ describe('grants', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], Effect: 'Allow', @@ -1327,6 +1328,7 @@ describe('grants', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json index 0b0c7bce3882d..5f46a30499f75 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json @@ -105,6 +105,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/application.test.ts b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/application.test.ts index 996a018649db7..8381ca7f1a852 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/application.test.ts +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/application.test.ts @@ -81,7 +81,7 @@ describe('Application', () => { { Action: 'cloudwatch:PutMetricData', Effect: 'Allow', Resource: '*' }, // Access to read from the code bucket { - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], Effect: 'Allow', Resource: Match.anyValue(), }, @@ -209,7 +209,7 @@ describe('Application', () => { PolicyDocument: { Version: '2012-10-17', Statement: Match.arrayWith([ - Match.objectLike({ Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'] }), + Match.objectLike({ Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'] }), ]), }, }); diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application-code-from-bucket.lit.js.snapshot/FlinkAppCodeFromBucketTest.template.json b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application-code-from-bucket.lit.js.snapshot/FlinkAppCodeFromBucketTest.template.json index f7ddc667eef74..91c82e63ebc2a 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application-code-from-bucket.lit.js.snapshot/FlinkAppCodeFromBucketTest.template.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application-code-from-bucket.lit.js.snapshot/FlinkAppCodeFromBucketTest.template.json @@ -31,6 +31,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.template.json b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.template.json index b9c3e751700b7..c3638a20fca12 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.template.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.application.lit.js.snapshot/FlinkAppTest.template.json @@ -31,6 +31,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.vpc-application.js.snapshot/FlinkAppTest.template.json b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.vpc-application.js.snapshot/FlinkAppTest.template.json index b2ab7859cf42a..26c53685899b1 100644 --- a/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.vpc-application.js.snapshot/FlinkAppTest.template.json +++ b/packages/@aws-cdk/aws-kinesisanalytics-flink-alpha/test/integ.vpc-application.js.snapshot/FlinkAppTest.template.json @@ -432,6 +432,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json index 224216bc4fb4c..9a9541300dbb6 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json index cbf990668d7bf..b777fc68955f2 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json index bcb74d8545e22..d3fa5e0ac99f8 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json @@ -401,6 +401,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/s3-bucket.test.ts b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/s3-bucket.test.ts index 18404c284ce2b..34344c59c702e 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/s3-bucket.test.ts +++ b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/s3-bucket.test.ts @@ -85,6 +85,7 @@ describe('S3 destination', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', @@ -121,6 +122,7 @@ describe('S3 destination', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint-config.js.snapshot/aws-cdk-sagemaker-endpointconfig.template.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint-config.js.snapshot/aws-cdk-sagemaker-endpointconfig.template.json index f4258769bc2b2..78dae142573d1 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint-config.js.snapshot/aws-cdk-sagemaker-endpointconfig.template.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint-config.js.snapshot/aws-cdk-sagemaker-endpointconfig.template.json @@ -483,6 +483,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.alarms.js.snapshot/aws-cdk-sagemaker-endpoint-alarms.template.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.alarms.js.snapshot/aws-cdk-sagemaker-endpoint-alarms.template.json index 3aa1523256cb9..220a434d34fbb 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.alarms.js.snapshot/aws-cdk-sagemaker-endpoint-alarms.template.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.alarms.js.snapshot/aws-cdk-sagemaker-endpoint-alarms.template.json @@ -76,6 +76,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.js.snapshot/aws-cdk-sagemaker-endpoint.template.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.js.snapshot/aws-cdk-sagemaker-endpoint.template.json index c8ee42be60b0f..074de5842ea59 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.js.snapshot/aws-cdk-sagemaker-endpoint.template.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.endpoint.js.snapshot/aws-cdk-sagemaker-endpoint.template.json @@ -76,6 +76,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json index 30d465357b949..f5aac644145f0 100644 --- a/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json +++ b/packages/@aws-cdk/aws-sagemaker-alpha/test/integ.model.js.snapshot/aws-cdk-sagemaker-model.template.json @@ -483,6 +483,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -685,6 +686,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/aws-cdk-lib/aws-codebuild/test/codebuild.test.ts b/packages/aws-cdk-lib/aws-codebuild/test/codebuild.test.ts index 3827705d56195..535d857b11400 100644 --- a/packages/aws-cdk-lib/aws-codebuild/test/codebuild.test.ts +++ b/packages/aws-cdk-lib/aws-codebuild/test/codebuild.test.ts @@ -393,6 +393,7 @@ describe('default properties', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-pipeline-actions.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-pipeline-actions.test.ts index 9d75c0279720a..879ef29a9cc21 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-pipeline-actions.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-pipeline-actions.test.ts @@ -243,6 +243,7 @@ describe('CloudFormation Pipeline Actions', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', @@ -672,6 +673,7 @@ describe('CloudFormation Pipeline Actions', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', @@ -687,6 +689,7 @@ describe('CloudFormation Pipeline Actions', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-stackset-pipeline-actions.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-stackset-pipeline-actions.test.ts index cfa43a665baea..e5cc5441a37a4 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-stackset-pipeline-actions.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/cloudformation/cloudformation-stackset-pipeline-actions.test.ts @@ -166,6 +166,7 @@ describe('StackSetAction', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/lambda/lambda-invoke-action.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/lambda/lambda-invoke-action.test.ts index 2798fed1e27b5..a37055b23e1bb 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/lambda/lambda-invoke-action.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/lambda/lambda-invoke-action.test.ts @@ -140,6 +140,7 @@ describe('', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', @@ -224,6 +225,7 @@ describe('', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/pipeline.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/pipeline.test.ts index fac873b4ba4fd..66df8321769ff 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/pipeline.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/pipeline.test.ts @@ -927,6 +927,7 @@ describe('pipeline', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', diff --git a/packages/aws-cdk-lib/aws-codepipeline-actions/test/s3/s3-deploy-action.test.ts b/packages/aws-cdk-lib/aws-codepipeline-actions/test/s3/s3-deploy-action.test.ts index a2d362a9602e0..d70e58dd0deb6 100644 --- a/packages/aws-cdk-lib/aws-codepipeline-actions/test/s3/s3-deploy-action.test.ts +++ b/packages/aws-cdk-lib/aws-codepipeline-actions/test/s3/s3-deploy-action.test.ts @@ -57,6 +57,7 @@ describe('S3 Deploy Action', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', diff --git a/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts b/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts index bf6823a598988..62f0a35bd08e1 100644 --- a/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts +++ b/packages/aws-cdk-lib/aws-ec2/test/cfn-init.test.ts @@ -302,7 +302,7 @@ describe('userdata', () => { }); const ASSET_STATEMENT = { - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], Effect: 'Allow', Resource: [ { @@ -446,7 +446,7 @@ describe('assets n buckets', () => { Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { PolicyDocument: { Statement: Match.arrayWith([{ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], Effect: 'Allow', Resource: [ { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':s3:::my-bucket']] }, @@ -489,7 +489,7 @@ describe('assets n buckets', () => { Template.fromStack(stack).hasResourceProperties('AWS::IAM::Policy', { PolicyDocument: { Statement: Match.arrayWith([{ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], Effect: 'Allow', Resource: [ { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':s3:::my-bucket']] }, diff --git a/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts b/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts index a759faa15ffdb..b887624aa9891 100644 --- a/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/cluster.test.ts @@ -2414,6 +2414,7 @@ describe('cluster', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], Effect: 'Allow', @@ -2663,6 +2664,7 @@ describe('cluster', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', diff --git a/packages/aws-cdk-lib/aws-rds/test/instance.test.ts b/packages/aws-cdk-lib/aws-rds/test/instance.test.ts index 3e791f2a0ab81..d7a46d4012f82 100644 --- a/packages/aws-cdk-lib/aws-rds/test/instance.test.ts +++ b/packages/aws-cdk-lib/aws-rds/test/instance.test.ts @@ -1519,6 +1519,7 @@ describe('instance', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], Effect: 'Allow', @@ -1531,6 +1532,7 @@ describe('instance', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', diff --git a/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts b/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts index 4aa70b59bf24d..44e3e1aa686bc 100644 --- a/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts +++ b/packages/aws-cdk-lib/aws-s3-assets/test/asset.test.ts @@ -131,7 +131,7 @@ test('"readers" or "grantRead" can be used to grant read permissions on the asse Version: '2012-10-17', Statement: [ { - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], Effect: 'Allow', Resource: [ { 'Fn::Join': ['', ['arn:', { Ref: 'AWS::Partition' }, ':s3:::', { Ref: 'AssetParameters6b84b87243a4a01c592d78e1fd3855c4bfef39328cd0a450cc97e81717fea2a2S3Bucket50B5A10B' }]] }, diff --git a/packages/aws-cdk-lib/aws-s3-deployment/test/bucket-deployment.test.ts b/packages/aws-cdk-lib/aws-s3-deployment/test/bucket-deployment.test.ts index f4cb9b8807678..a5b0448df6322 100644 --- a/packages/aws-cdk-lib/aws-s3-deployment/test/bucket-deployment.test.ts +++ b/packages/aws-cdk-lib/aws-s3-deployment/test/bucket-deployment.test.ts @@ -661,6 +661,7 @@ test('lambda execution role gets permissions to read from the source bucket and Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], Effect: 'Allow', @@ -691,6 +692,7 @@ test('lambda execution role gets permissions to read from the source bucket and Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', diff --git a/packages/aws-cdk-lib/aws-s3/lib/perms.ts b/packages/aws-cdk-lib/aws-s3/lib/perms.ts index dcebbd92a0333..e809cc39fec91 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/perms.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/perms.ts @@ -1,6 +1,7 @@ export const BUCKET_READ_ACTIONS = [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ]; diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts index 88cc9d33dd97d..19bb2935335f4 100644 --- a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts +++ b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts @@ -1400,6 +1400,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Resource': [{ @@ -1539,6 +1540,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', @@ -1611,6 +1613,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', @@ -1673,7 +1676,7 @@ describe('bucket', () => { 'Version': '2012-10-17', 'Statement': [ { - 'Action': ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + 'Action': ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], 'Condition': { 'StringEquals': { 'aws:PrincipalOrgID': 'o-1234' } }, 'Effect': 'Allow', 'Principal': { AWS: '*' }, @@ -1717,6 +1720,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', @@ -2040,6 +2044,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', @@ -2099,6 +2104,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', @@ -2128,6 +2134,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', diff --git a/packages/aws-cdk-lib/aws-servicecatalog/test/portfolio.test.ts b/packages/aws-cdk-lib/aws-servicecatalog/test/portfolio.test.ts index a7034e5e1689f..304920dff38e2 100644 --- a/packages/aws-cdk-lib/aws-servicecatalog/test/portfolio.test.ts +++ b/packages/aws-cdk-lib/aws-servicecatalog/test/portfolio.test.ts @@ -231,7 +231,7 @@ describe('Portfolio', () => { PolicyDocument: { Statement: [{ Effect: 'Allow', - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], Principal: { AWS: { 'Fn::Join': [ diff --git a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts index 67f37ba04e8a1..8606a2c67f505 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions-tasks/test/emrcontainers/start-job-run.test.ts @@ -245,6 +245,7 @@ describe('Invoke EMR Containers Start Job Run with ', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', @@ -390,6 +391,7 @@ describe('Invoke EMR Containers Start Job Run with ', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', diff --git a/packages/aws-cdk-lib/aws-stepfunctions/test/state-machine.test.ts b/packages/aws-cdk-lib/aws-stepfunctions/test/state-machine.test.ts index df71c7d4fa392..b6ff3aa16d916 100644 --- a/packages/aws-cdk-lib/aws-stepfunctions/test/state-machine.test.ts +++ b/packages/aws-cdk-lib/aws-stepfunctions/test/state-machine.test.ts @@ -323,6 +323,7 @@ describe('State Machine', () => { Action: [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], Effect: 'Allow', diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts index 047963afb84ec..8d064e28dae97 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/assets.test.ts @@ -951,7 +951,7 @@ function expectedAssetRolePolicy(assumeRolePattern: string | string[], attachedR Resource: unsingleton(assumeRolePattern.map(arn => { return { 'Fn::Sub': arn }; })), }, { - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], Effect: 'Allow', Resource: [ { 'Fn::GetAtt': ['CdkPipelineArtifactsBucket7B46C7BF', 'Arn'] }, diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts index 777ffb83a0d2c..dc468d20e2043 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/environments.test.ts @@ -77,7 +77,7 @@ behavior('action has right settings for same-env deployment', (suite) => { Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { PolicyDocument: { Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], Principal: { AWS: roleArn('deploy-role'), }, @@ -156,7 +156,7 @@ behavior('action has right settings for cross-account deployment', (suite) => { Template.fromStack(pipelineStack).hasResourceProperties('AWS::S3::BucketPolicy', { PolicyDocument: { Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], Principal: { AWS: { 'Fn::Join': ['', [ @@ -332,7 +332,7 @@ behavior('action has right settings for cross-account/cross-region deployment', Template.fromStack(supportStack!).hasResourceProperties('AWS::S3::BucketPolicy', { PolicyDocument: { Statement: Match.arrayWith([Match.objectLike({ - Action: Match.arrayWith(['s3:GetObject*', 's3:GetBucket*', 's3:List*']), + Action: Match.arrayWith(['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*']), Principal: { AWS: { 'Fn::Join': ['', [ diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts index 30cbed9db1faf..9970814b9a2aa 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/synths.test.ts @@ -786,7 +786,7 @@ behavior('Synth CodeBuild project role can be granted permissions', (suite) => { Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { PolicyDocument: { Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], })]), }, diff --git a/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts b/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts index f1a560fdae911..23681a8f1dfce 100644 --- a/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts +++ b/packages/aws-cdk-lib/pipelines/test/compliance/validations.test.ts @@ -504,7 +504,7 @@ behavior('can grant permissions to shell script action', (suite) => { Template.fromStack(pipelineStack).hasResourceProperties('AWS::IAM::Policy', { PolicyDocument: { Statement: Match.arrayWith([Match.objectLike({ - Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + Action: ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], })]), },