diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.caching.js.snapshot/aws-cdk-codebuild.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.caching.js.snapshot/aws-cdk-codebuild.template.json index bb229d9f143c6..542e17c5c0896 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.caching.js.snapshot/aws-cdk-codebuild.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.caching.js.snapshot/aws-cdk-codebuild.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-buildspec-artifacts.js.snapshot/aws-cdk-codebuild-buildspec-artifact-name.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-buildspec-artifacts.js.snapshot/aws-cdk-codebuild-buildspec-artifact-name.template.json index 5267ba939c5d5..8cf406cca010d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-buildspec-artifacts.js.snapshot/aws-cdk-codebuild-buildspec-artifact-name.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-buildspec-artifacts.js.snapshot/aws-cdk-codebuild-buildspec-artifact-name.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-secondary-sources-artifacts.js.snapshot/aws-cdk-codebuild-secondary-sources-artifacts.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-secondary-sources-artifacts.js.snapshot/aws-cdk-codebuild-secondary-sources-artifacts.template.json index 05e907f202018..9145c6c8d42af 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-secondary-sources-artifacts.js.snapshot/aws-cdk-codebuild-secondary-sources-artifacts.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codebuild/test/integ.project-secondary-sources-artifacts.js.snapshot/aws-cdk-codebuild-secondary-sources-artifacts.template.json @@ -63,6 +63,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/cloudformation/integ.stacksets.js.snapshot/StackSetPipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/cloudformation/integ.stacksets.js.snapshot/StackSetPipelineStack.template.json index fa3757f93ac36..2693bca066de9 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/cloudformation/integ.stacksets.js.snapshot/StackSetPipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/cloudformation/integ.stacksets.js.snapshot/StackSetPipelineStack.template.json @@ -170,6 +170,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json index 15cbb079c47d0..cdff981b943a7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.cfn-template-from-repo.lit.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json @@ -158,6 +158,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -433,6 +434,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.js.snapshot/PipelineStack.template.json index 3f2e680f53298..dfa7f3c5a12b8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-deployed-through-codepipeline.lit.js.snapshot/PipelineStack.template.json @@ -152,6 +152,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -497,6 +498,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -614,6 +616,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1347,6 +1350,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1558,6 +1562,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-pipeline.js.snapshot/aws-cdk-codepipeline-lambda.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-pipeline.js.snapshot/aws-cdk-codepipeline-lambda.template.json index 4ce100cedd9f4..1180687c2165c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-pipeline.js.snapshot/aws-cdk-codepipeline-lambda.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.lambda-pipeline.js.snapshot/aws-cdk-codepipeline-lambda.template.json @@ -152,6 +152,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.js.snapshot/aws-cdk-codepipeline-alexa-deploy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.js.snapshot/aws-cdk-codepipeline-alexa-deploy.template.json index 04020db26c6bd..23f934effbcdf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.js.snapshot/aws-cdk-codepipeline-alexa-deploy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-alexa-deploy.js.snapshot/aws-cdk-codepipeline-alexa-deploy.template.json @@ -162,6 +162,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region.template.json index b2db804374e1e..05d816e9be208 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-cross-region.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region.template.json @@ -38,6 +38,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region-with-action-role.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region-with-action-role.template.json index 54333dbbb4f01..d83e3ab9c832a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region-with-action-role.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn-with-action-role.js.snapshot/aws-cdk-codepipeline-cloudformation-cross-region-with-action-role.template.json @@ -163,6 +163,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json index f12bb1627bece..55bc684db24c0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-cfn.js.snapshot/aws-cdk-codepipeline-cloudformation.template.json @@ -152,6 +152,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.js.snapshot/aws-cdk-codepipeline-codebuild-batch.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.js.snapshot/aws-cdk-codepipeline-codebuild-batch.template.json index 3a98cdabf9392..6cbdc02090e7e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.js.snapshot/aws-cdk-codepipeline-codebuild-batch.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-batch.js.snapshot/aws-cdk-codepipeline-codebuild-batch.template.json @@ -109,6 +109,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.js.snapshot/aws-cdk-codepipeline-codebuild-multiple-inputs-outputs.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.js.snapshot/aws-cdk-codepipeline-codebuild-multiple-inputs-outputs.template.json index 03592efd7cdfd..32871dfe3c542 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.js.snapshot/aws-cdk-codepipeline-codebuild-multiple-inputs-outputs.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-build-multiple-inputs-outputs.js.snapshot/aws-cdk-codepipeline-codebuild-multiple-inputs-outputs.template.json @@ -109,6 +109,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -530,6 +531,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.js.snapshot/aws-cdk-codepipeline-codecommit-codebuild.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.js.snapshot/aws-cdk-codepipeline-codecommit-codebuild.template.json index 7ab7817439e35..86e155cbb057d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.js.snapshot/aws-cdk-codepipeline-codecommit-codebuild.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit-build.js.snapshot/aws-cdk-codepipeline-codecommit-codebuild.template.json @@ -91,6 +91,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -358,6 +359,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -614,6 +616,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit.js.snapshot/aws-cdk-codepipeline-codecommit.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit.js.snapshot/aws-cdk-codepipeline-codecommit.template.json index 6a88f7d4af098..eb5211cb3b5a8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit.js.snapshot/aws-cdk-codepipeline-codecommit.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-commit.js.snapshot/aws-cdk-codepipeline-codecommit.template.json @@ -223,6 +223,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -431,6 +432,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.js.snapshot/aws-cdk-codepipeline-codedeploy-ecs.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.js.snapshot/aws-cdk-codepipeline-codedeploy-ecs.template.json index d48839f3050d7..db99560bb51d3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.js.snapshot/aws-cdk-codepipeline-codedeploy-ecs.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy-ecs.js.snapshot/aws-cdk-codepipeline-codedeploy-ecs.template.json @@ -38,6 +38,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy.js.snapshot/aws-cdk-codepipeline-codedeploy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy.js.snapshot/aws-cdk-codepipeline-codedeploy.template.json index 3bcb10a14b4da..019479ebd3f99 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy.js.snapshot/aws-cdk-codepipeline-codedeploy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-code-deploy.js.snapshot/aws-cdk-codepipeline-codedeploy.template.json @@ -112,6 +112,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecr-source.js.snapshot/aws-cdk-codepipeline-ecr-source.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecr-source.js.snapshot/aws-cdk-codepipeline-ecr-source.template.json index 43e63a1eaea6e..d3589288e8ed4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecr-source.js.snapshot/aws-cdk-codepipeline-ecr-source.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecr-source.js.snapshot/aws-cdk-codepipeline-ecr-source.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.js.snapshot/aws-cdk-codepipeline-ecs-deploy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.js.snapshot/aws-cdk-codepipeline-ecs-deploy.template.json index 67d54e84dc3e0..27a7bf0071e7a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.js.snapshot/aws-cdk-codepipeline-ecs-deploy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-deploy.js.snapshot/aws-cdk-codepipeline-ecs-deploy.template.json @@ -444,6 +444,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -597,6 +598,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.js.snapshot/aws-cdk-pipeline-ecs-separate-sources.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.js.snapshot/aws-cdk-pipeline-ecs-separate-sources.template.json index bfd16eae92f25..1375fd4f24f3e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.js.snapshot/aws-cdk-pipeline-ecs-separate-sources.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-ecs-separate-source.lit.js.snapshot/aws-cdk-pipeline-ecs-separate-sources.template.json @@ -384,6 +384,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -630,6 +631,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -943,6 +945,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1044,6 +1047,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json index a37d6bc6997d6..8c53d0142f5f6 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json @@ -270,6 +270,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -476,6 +477,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-events.js.snapshot/aws-cdk-pipeline-event-target.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-events.js.snapshot/aws-cdk-pipeline-event-target.template.json index ca0a6faba2e5e..86c50d9c3a158 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-events.js.snapshot/aws-cdk-pipeline-event-target.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-events.js.snapshot/aws-cdk-pipeline-event-target.template.json @@ -152,6 +152,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -375,6 +376,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -766,6 +768,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-jenkins.js.snapshot/aws-cdk-codepipeline-jenkins.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-jenkins.js.snapshot/aws-cdk-codepipeline-jenkins.template.json index f32415ad85d69..b884face3c2cc 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-jenkins.js.snapshot/aws-cdk-codepipeline-jenkins.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-jenkins.js.snapshot/aws-cdk-codepipeline-jenkins.template.json @@ -38,6 +38,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-manual-approval.js.snapshot/aws-cdk-codepipeline-manual-approval.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-manual-approval.js.snapshot/aws-cdk-codepipeline-manual-approval.template.json index cad0f8daf8000..421f3c18af8dc 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-manual-approval.js.snapshot/aws-cdk-codepipeline-manual-approval.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-manual-approval.js.snapshot/aws-cdk-codepipeline-manual-approval.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.js.snapshot/aws-cdk-codepipeline-s3-deploy.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.js.snapshot/aws-cdk-codepipeline-s3-deploy.template.json index 793c34ba09d50..2c3d8b9829844 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.js.snapshot/aws-cdk-codepipeline-s3-deploy.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-s3-deploy.js.snapshot/aws-cdk-codepipeline-s3-deploy.template.json @@ -392,6 +392,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.js.snapshot/aws-cdk-codepipeline-stepfunctions.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.js.snapshot/aws-cdk-codepipeline-stepfunctions.template.json index 567555af9ce77..489848022df35 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.js.snapshot/aws-cdk-codepipeline-stepfunctions.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-stepfunctions.js.snapshot/aws-cdk-codepipeline-stepfunctions.template.json @@ -186,6 +186,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.js.snapshot/integ-pipeline-consumer-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.js.snapshot/integ-pipeline-consumer-stack.template.json index 01c46d2b4fe2e..c70f3568afbde 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.js.snapshot/integ-pipeline-consumer-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-with-replication.js.snapshot/integ-pipeline-consumer-stack.template.json @@ -148,6 +148,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/s3/integ.source-bucket-events-cross-stack-same-env.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/s3/integ.source-bucket-events-cross-stack-same-env.js.snapshot/PipelineStack.template.json index 5c9baff630942..f0cadedb8069d 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/s3/integ.source-bucket-events-cross-stack-same-env.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/s3/integ.source-bucket-events-cross-stack-same-env.js.snapshot/PipelineStack.template.json @@ -355,6 +355,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.template.json index 94d0972fad1da..fff2a530ef451 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.template.json @@ -1291,6 +1291,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/codepipeline/integ.pipeline-event-target.js.snapshot/pipeline-events.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/codepipeline/integ.pipeline-event-target.js.snapshot/pipeline-events.template.json index 99b4ce0e9452a..3f2debc2c7f22 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/codepipeline/integ.pipeline-event-target.js.snapshot/pipeline-events.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/codepipeline/integ.pipeline-event-target.js.snapshot/pipeline-events.template.json @@ -158,6 +158,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.js.snapshot/aws-cdk-firehose-event-target.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.js.snapshot/aws-cdk-firehose-event-target.template.json index 592f4eef1579f..bf2be6f908673 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.js.snapshot/aws-cdk-firehose-event-target.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-events-targets/test/kinesis-firehose/integ.kinesis-firehose-stream.js.snapshot/aws-cdk-firehose-event-target.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.js.snapshot/aws-cdk-rds-s3-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.js.snapshot/aws-cdk-rds-s3-integ.template.json index 4e07f44f347c8..55dbbf6ace3a8 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.js.snapshot/aws-cdk-rds-s3-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.js.snapshot/aws-cdk-rds-s3-integ.template.json @@ -550,6 +550,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.mysql-8.js.snapshot/aws-cdk-rds-s3-mysql-8-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.mysql-8.js.snapshot/aws-cdk-rds-s3-mysql-8-integ.template.json index 2ac33a1ea212d..25376719dcd64 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.mysql-8.js.snapshot/aws-cdk-rds-s3-mysql-8-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.cluster-s3.mysql-8.js.snapshot/aws-cdk-rds-s3-mysql-8-integ.template.json @@ -454,6 +454,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json index 0062655ad554e..ff9ddc9566759 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3-postgres.js.snapshot/aws-cdk-rds-instance-s3-postgres-integ.template.json @@ -486,6 +486,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json index 044db26f317fb..863c53d69cd47 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-rds/test/integ.instance-s3.js.snapshot/aws-cdk-rds-instance-s3-integ.template.json @@ -489,6 +489,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json index 241b6f086f955..c7cdebd7967cb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json @@ -12,6 +12,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.directory.lit.js.snapshot/aws-cdk-asset-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.directory.lit.js.snapshot/aws-cdk-asset-test.template.json index 241b6f086f955..c7cdebd7967cb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.directory.lit.js.snapshot/aws-cdk-asset-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.directory.lit.js.snapshot/aws-cdk-asset-test.template.json @@ -12,6 +12,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file-bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file-bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json index 241b6f086f955..c7cdebd7967cb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file-bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file-bundling.lit.js.snapshot/cdk-integ-assets-bundling.template.json @@ -12,6 +12,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file.lit.js.snapshot/aws-cdk-asset-file-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file.lit.js.snapshot/aws-cdk-asset-file-test.template.json index 241b6f086f955..c7cdebd7967cb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file.lit.js.snapshot/aws-cdk-asset-file-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.file.lit.js.snapshot/aws-cdk-asset-file-test.template.json @@ -12,6 +12,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.permissions.lit.js.snapshot/aws-cdk-asset-refs.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.permissions.lit.js.snapshot/aws-cdk-asset-refs.template.json index 20afa25c70cd8..369c90ccb4c1b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.permissions.lit.js.snapshot/aws-cdk-asset-refs.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.permissions.lit.js.snapshot/aws-cdk-asset-refs.template.json @@ -12,6 +12,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.refs.lit.js.snapshot/aws-cdk-asset-refs.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.refs.lit.js.snapshot/aws-cdk-asset-refs.template.json index 855b59b64f45c..75193d8d0d39b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.refs.lit.js.snapshot/aws-cdk-asset-refs.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-assets/test/integ.assets.refs.lit.js.snapshot/aws-cdk-asset-refs.template.json @@ -32,6 +32,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.js.snapshot/test-bucket-deployments-1.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.js.snapshot/test-bucket-deployments-1.template.json index da66b0e50e4b2..7d4ca1b2e18b7 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.js.snapshot/test-bucket-deployments-1.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.js.snapshot/test-bucket-deployments-1.template.json @@ -278,6 +278,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -321,6 +322,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-data.js.snapshot/TestBucketDeploymentContent.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-data.js.snapshot/TestBucketDeploymentContent.template.json index b0e4fc31a8ca8..33577b4db6e3b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-data.js.snapshot/TestBucketDeploymentContent.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-data.js.snapshot/TestBucketDeploymentContent.template.json @@ -150,6 +150,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -193,6 +194,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.js.snapshot/test-bucket-deployment-deployed-bucket.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.js.snapshot/test-bucket-deployment-deployed-bucket.template.json index 115732d465c8c..d9fd1c66396ca 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.js.snapshot/test-bucket-deployment-deployed-bucket.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-deployed-bucket.js.snapshot/test-bucket-deployment-deployed-bucket.template.json @@ -29,6 +29,7 @@ "Action": [ "s3:DeleteObject*", "s3:GetBucket*", + "s3:HeadObject", "s3:List*", "s3:PutBucketPolicy" ], @@ -230,6 +231,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -273,6 +275,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-signcontent.js.snapshot/test-bucket-deployment-signobject.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-signcontent.js.snapshot/test-bucket-deployment-signobject.template.json index 03ca1cce00a89..f406e27b3f7b9 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-signcontent.js.snapshot/test-bucket-deployment-signobject.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-signcontent.js.snapshot/test-bucket-deployment-signobject.template.json @@ -257,6 +257,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -300,6 +301,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution-with-role.js.snapshot/cdk-s3-deploy-substitution-with-role.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution-with-role.js.snapshot/cdk-s3-deploy-substitution-with-role.template.json index 44198da1f0327..a99d3e9e971dc 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution-with-role.js.snapshot/cdk-s3-deploy-substitution-with-role.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution-with-role.js.snapshot/cdk-s3-deploy-substitution-with-role.template.json @@ -39,6 +39,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -82,6 +83,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution.js.snapshot/test-s3-deploy-substitution.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution.js.snapshot/test-s3-deploy-substitution.template.json index 93b685cc2d1ee..ef5eed4a95adf 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution.js.snapshot/test-s3-deploy-substitution.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-substitution.js.snapshot/test-s3-deploy-substitution.template.json @@ -151,6 +151,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -194,6 +195,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment.js.snapshot/test-bucket-deployments-2.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment.js.snapshot/test-bucket-deployments-2.template.json index d80d57e102eab..68f3285c915ec 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment.js.snapshot/test-bucket-deployments-2.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment.js.snapshot/test-bucket-deployments-2.template.json @@ -239,6 +239,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -282,6 +283,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1182,6 +1184,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", @@ -1225,6 +1228,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-sharing.js.snapshot/ConsumerStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-sharing.js.snapshot/ConsumerStack.template.json index 906df6ecc3ff8..293e7cdc9d5c5 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-sharing.js.snapshot/ConsumerStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket-sharing.js.snapshot/ConsumerStack.template.json @@ -14,6 +14,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json index addecf1a07382..78ab63dfdc92a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-s3/test/integ.bucket.js.snapshot/aws-cdk-s3.template.json @@ -88,6 +88,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -139,6 +140,7 @@ "Action": [ "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*" ], "Effect": "Allow", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.nested-stack-in-product-stack.js.snapshot/aws-cdk-nested-stack-in-product-stack.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.nested-stack-in-product-stack.js.snapshot/aws-cdk-nested-stack-in-product-stack.template.json index 354f8a3602b44..f9791f2ea5b7b 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.nested-stack-in-product-stack.js.snapshot/aws-cdk-nested-stack-in-product-stack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.nested-stack-in-product-stack.js.snapshot/aws-cdk-nested-stack-in-product-stack.template.json @@ -134,6 +134,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.encrypted.asset.js.snapshot/integ-servicecatalog-product-encrypted-asset.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.encrypted.asset.js.snapshot/integ-servicecatalog-product-encrypted-asset.template.json index 15eaefe8acb9d..8ed9f8e3f2b26 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.encrypted.asset.js.snapshot/integ-servicecatalog-product-encrypted-asset.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.encrypted.asset.js.snapshot/integ-servicecatalog-product-encrypted-asset.template.json @@ -422,6 +422,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.js.snapshot/integ-servicecatalog-product.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.js.snapshot/integ-servicecatalog-product.template.json index fb9e0740f7335..5a8ade0d3df97 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.js.snapshot/integ-servicecatalog-product.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.product.js.snapshot/integ-servicecatalog-product.template.json @@ -282,6 +282,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.two-products.js.snapshot/integ-servicecatalog-two-products.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.two-products.js.snapshot/integ-servicecatalog-two-products.template.json index a7a63627c886d..8e579e64b0f7c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.two-products.js.snapshot/integ-servicecatalog-two-products.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-servicecatalog/test/integ.two-products.js.snapshot/integ-servicecatalog-two-products.template.json @@ -293,6 +293,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json index cea9167958a72..58c677a74c37c 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-stepfunctions-tasks/test/emrcontainers/integ.job-submission-workflow.js.snapshot/aws-stepfunctions-tasks-emr-containers-all-services-test.template.json @@ -1087,6 +1087,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/custom-resources/test/provider-framework/integ.provider.js.snapshot/integ-provider-framework.template.json b/packages/@aws-cdk-testing/framework-integ/test/custom-resources/test/provider-framework/integ.provider.js.snapshot/integ-provider-framework.template.json index 248a8325d66d5..0619c077f68b3 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/custom-resources/test/provider-framework/integ.provider.js.snapshot/integ-provider-framework.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/custom-resources/test/provider-framework/integ.provider.js.snapshot/integ-provider-framework.template.json @@ -65,6 +65,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject*" ], diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codebuild-logging.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codebuild-logging.js.snapshot/PipelineStack.template.json index 66eefea24034b..5f623c56bf8e4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codebuild-logging.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-codebuild-logging.js.snapshot/PipelineStack.template.json @@ -152,6 +152,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -2053,6 +2054,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-cross-account-keys.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-cross-account-keys.js.snapshot/PipelineStack.template.json index bc3610a87c7cb..a3d6ac3c34b0a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-cross-account-keys.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-cross-account-keys.js.snapshot/PipelineStack.template.json @@ -241,6 +241,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -2102,6 +2103,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-file-system-locations.js.snapshot/PipelinesFileSystemLocations.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-file-system-locations.js.snapshot/PipelinesFileSystemLocations.template.json index f9db4786bc4a3..0b111015bbc22 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-file-system-locations.js.snapshot/PipelinesFileSystemLocations.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-file-system-locations.js.snapshot/PipelinesFileSystemLocations.template.json @@ -685,6 +685,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1273,6 +1274,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-vpc.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-vpc.js.snapshot/PipelineStack.template.json index 5144b7a84f1a8..133feb821c46a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-vpc.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline-with-vpc.js.snapshot/PipelineStack.template.json @@ -543,6 +543,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1125,6 +1126,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline.js.snapshot/PipelineStack.template.json index 476a2b6f3ea0c..69138e61bfd43 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.newpipeline.js.snapshot/PipelineStack.template.json @@ -152,6 +152,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1988,6 +1989,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json index 31b8ac763d327..0c3b13c66db9e 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-security.js.snapshot/PipelineSecurityStack.template.json @@ -382,6 +382,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1822,6 +1823,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-artifact-bucket.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-artifact-bucket.js.snapshot/PipelineStack.template.json index 1490697d192bd..996fa4b7267de 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-artifact-bucket.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-artifact-bucket.js.snapshot/PipelineStack.template.json @@ -38,6 +38,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -456,6 +457,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json index 4bfa5d8e80181..46f0f3e5b2388 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets-single-upload.js.snapshot/PipelineStack.template.json @@ -382,6 +382,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1113,6 +1114,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.js.snapshot/PipelineStack.template.json index 97408341b8cdb..b6c7c9e1f6ad4 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-assets.js.snapshot/PipelineStack.template.json @@ -382,6 +382,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1140,6 +1141,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.js.snapshot/StackOutputPipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.js.snapshot/StackOutputPipelineStack.template.json index a6f1c9de03e0f..320a25d8ccc52 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.js.snapshot/StackOutputPipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-stack-outputs-in-custom-step.js.snapshot/StackOutputPipelineStack.template.json @@ -157,6 +157,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -818,6 +819,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-variables.js.snapshot/VariablePipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-variables.js.snapshot/VariablePipelineStack.template.json index 811c2f4d1eb6a..bc253a48d16aa 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-variables.js.snapshot/VariablePipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-with-variables.js.snapshot/VariablePipelineStack.template.json @@ -239,6 +239,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -683,6 +684,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -783,6 +785,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1017,6 +1020,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.js.snapshot/PreparelessPipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.js.snapshot/PreparelessPipelineStack.template.json index 90ccb6edb4c14..3299bef5962ca 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.js.snapshot/PreparelessPipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline-without-prepare.js.snapshot/PreparelessPipelineStack.template.json @@ -294,6 +294,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -774,6 +775,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json index 77fe88343914b..209f33e7077e0 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/pipelines/test/integ.pipeline.js.snapshot/PipelineStack.template.json @@ -382,6 +382,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1075,6 +1076,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json index ca7bac420615b..5e66c5e65976e 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.js.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json @@ -54,6 +54,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json index ca7bac420615b..5e66c5e65976e 100644 --- a/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json +++ b/packages/@aws-cdk/app-staging-synthesizer-alpha/test/integ.synth-default-resources.ts.snapshot/StagingStack-default-resourcesmax-ACCOUNT-REGION.template.json @@ -54,6 +54,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-appconfig-alpha/test/integ.configuration.js.snapshot/aws-appconfig-configuration.template.json b/packages/@aws-cdk/aws-appconfig-alpha/test/integ.configuration.js.snapshot/aws-appconfig-configuration.template.json index 6dbdcb9b930ac..b48f53596a36b 100644 --- a/packages/@aws-cdk/aws-appconfig-alpha/test/integ.configuration.js.snapshot/aws-appconfig-configuration.template.json +++ b/packages/@aws-cdk/aws-appconfig-alpha/test/integ.configuration.js.snapshot/aws-appconfig-configuration.template.json @@ -633,6 +633,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -1237,6 +1238,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json index e524ee21d34da..5aedccae6b214 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.job.js.snapshot/aws-glue-job.template.json @@ -42,6 +42,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -400,6 +401,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -758,6 +760,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-glue-alpha/test/integ.table.js.snapshot/aws-cdk-glue.template.json b/packages/@aws-cdk/aws-glue-alpha/test/integ.table.js.snapshot/aws-cdk-glue.template.json index 75020f0d007ad..a6af791ac5366 100644 --- a/packages/@aws-cdk/aws-glue-alpha/test/integ.table.js.snapshot/aws-cdk-glue.template.json +++ b/packages/@aws-cdk/aws-glue-alpha/test/integ.table.js.snapshot/aws-cdk-glue.template.json @@ -774,6 +774,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", @@ -966,6 +967,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json index 0b0c7bce3882d..5f46a30499f75 100644 --- a/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json +++ b/packages/@aws-cdk/aws-iot-actions-alpha/test/kinesis-firehose/integ.firehose-put-record-action.js.snapshot/test-stack.template.json @@ -105,6 +105,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json index 224216bc4fb4c..9a9541300dbb6 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.js.snapshot/aws-cdk-firehose-delivery-stream.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json index cbf990668d7bf..b777fc68955f2 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-alpha/test/integ.delivery-stream.source-stream.js.snapshot/aws-cdk-firehose-delivery-stream-source-stream.template.json @@ -33,6 +33,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json index bcb74d8545e22..d3fa5e0ac99f8 100644 --- a/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json +++ b/packages/@aws-cdk/aws-kinesisfirehose-destinations-alpha/test/integ.s3-bucket.lit.js.snapshot/aws-cdk-firehose-delivery-stream-s3-all-properties.template.json @@ -401,6 +401,7 @@ "s3:DeleteObject*", "s3:GetBucket*", "s3:GetObject*", + "s3:HeadObject", "s3:List*", "s3:PutObject", "s3:PutObjectLegalHold", diff --git a/packages/aws-cdk-lib/aws-s3/lib/perms.ts b/packages/aws-cdk-lib/aws-s3/lib/perms.ts index dcebbd92a0333..e809cc39fec91 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/perms.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/perms.ts @@ -1,6 +1,7 @@ export const BUCKET_READ_ACTIONS = [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ]; diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts index 88cc9d33dd97d..19bb2935335f4 100644 --- a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts +++ b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts @@ -1400,6 +1400,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Resource': [{ @@ -1539,6 +1540,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', @@ -1611,6 +1613,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', @@ -1673,7 +1676,7 @@ describe('bucket', () => { 'Version': '2012-10-17', 'Statement': [ { - 'Action': ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], + 'Action': ['s3:GetObject*', 's3:GetBucket*', 's3:HeadObject', 's3:List*'], 'Condition': { 'StringEquals': { 'aws:PrincipalOrgID': 'o-1234' } }, 'Effect': 'Allow', 'Principal': { AWS: '*' }, @@ -1717,6 +1720,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', 's3:DeleteObject*', 's3:PutObject', @@ -2040,6 +2044,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', @@ -2099,6 +2104,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow', @@ -2128,6 +2134,7 @@ describe('bucket', () => { 'Action': [ 's3:GetObject*', 's3:GetBucket*', + 's3:HeadObject', 's3:List*', ], 'Effect': 'Allow',