From e25b30b827606412a7437f092d15f80161d9f401 Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Sun, 5 Nov 2023 22:54:03 +0900
Subject: [PATCH 01/10] chore(integ-tests): move waiterProvider to IApiCall

---
 .../lib/assertions/api-call-base.ts           | 15 ++++++
 .../integ-tests-alpha/lib/assertions/sdk.ts   | 13 -----
 .../test/assertions/sdk.test.ts               | 50 +++++++++++++++++++
 3 files changed, 65 insertions(+), 13 deletions(-)

diff --git a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts
index 2ebeba78ff017..2c7d67541ed6b 100644
--- a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts
+++ b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts
@@ -22,6 +22,21 @@ export interface IApiCall extends IConstruct {
    */
   readonly provider: AssertionsProvider;
 
+  /**
+   * access the AssertionsProvider for the waiter state machine.
+   * This can be used to add additional IAM policies
+   * the the provider role policy
+   *
+   * @example
+   * declare const apiCall: AwsApiCall;
+   * apiCall.waiterProvider?.addToRolePolicy({
+   *   Effect: 'Allow',
+   *   Action: ['s3:GetObject'],
+   *   Resource: ['*'],
+   * });
+   */
+  readonly waiterProvider?: AssertionsProvider;
+
   /**
    * Returns the value of an attribute of the custom resource of an arbitrary
    * type. Attributes are returned from the custom resource provider through the
diff --git a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts
index 33f0e16d9343a..b3f34924fa289 100644
--- a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts
+++ b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts
@@ -50,19 +50,6 @@ export interface AwsApiCallProps extends AwsApiCallOptions { }
 export class AwsApiCall extends ApiCallBase {
   public readonly provider: AssertionsProvider;
 
-  /**
-   * access the AssertionsProvider for the waiter state machine.
-   * This can be used to add additional IAM policies
-   * the the provider role policy
-   *
-   * @example
-   * declare const apiCall: AwsApiCall;
-   * apiCall.waiterProvider?.addToRolePolicy({
-   *   Effect: 'Allow',
-   *   Action: ['s3:GetObject'],
-   *   Resource: ['*'],
-   * });
-   */
   public waiterProvider?: AssertionsProvider;
 
   protected readonly apiCallResource: CustomResource;
diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/sdk.test.ts b/packages/@aws-cdk/integ-tests-alpha/test/assertions/sdk.test.ts
index 1e97fc3fabf35..87a1f66b11a82 100644
--- a/packages/@aws-cdk/integ-tests-alpha/test/assertions/sdk.test.ts
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/sdk.test.ts
@@ -265,6 +265,56 @@ describe('AwsApiCall', () => {
       },
     });
   });
+  test('add policy to waiterProvider', () => {
+    // GIVEN
+    const app = new App();
+    const deplossert = new DeployAssert(app);
+
+    // WHEN
+    const apiCall = deplossert.awsApiCall('MyService', 'MyApi', {
+      param1: 'val1',
+      param2: 2,
+    }).expect(ExpectedResult.objectLike({
+      Key: 'Value',
+    })).waitForAssertions();
+    apiCall.waiterProvider?.addToRolePolicy({
+      Effect: 'Allow',
+      Action: ['s3:GetObject'],
+      Resource: ['*'],
+    });
+
+    // THEN
+    Template.fromStack(deplossert.scope).hasResourceProperties('AWS::IAM::Role', {
+      Policies: [
+        {
+          PolicyName: 'Inline',
+          PolicyDocument: {
+            Version: '2012-10-17',
+            Statement: [
+              {
+                Action: [
+                  'myservice:MyApi',
+                ],
+                Effect: 'Allow',
+                Resource: [
+                  '*',
+                ],
+              },
+              {
+                Action: [
+                  's3:GetObject',
+                ],
+                Effect: 'Allow',
+                Resource: [
+                  '*',
+                ],
+              },
+            ],
+          },
+        },
+      ],
+    });
+  });
 
   describe('get attribute', () => {
     test('getAttString', () => {

From f4458c7100f95a4a381cb2fcdbeb52da59a91772 Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Tue, 7 Nov 2023 19:33:26 +0900
Subject: [PATCH 02/10] change docs

---
 .../integ-tests-alpha/lib/assertions/api-call-base.ts     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts
index 2c7d67541ed6b..c6dc7960a2089 100644
--- a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts
+++ b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts
@@ -9,8 +9,8 @@ import { WaiterStateMachineOptions } from './waiter-state-machine';
  */
 export interface IApiCall extends IConstruct {
   /**
-   * access the AssertionsProvider. This can be used to add additional IAM policies
-   * the the provider role policy
+   * Access the AssertionsProvider. This can be used to add additional IAM policies
+   * to the the provider role policy.
    *
    * @example
    * declare const apiCall: AwsApiCall;
@@ -23,9 +23,9 @@ export interface IApiCall extends IConstruct {
   readonly provider: AssertionsProvider;
 
   /**
-   * access the AssertionsProvider for the waiter state machine.
+   * Access the AssertionsProvider for the waiter state machine.
    * This can be used to add additional IAM policies
-   * the the provider role policy
+   * to the the provider role policy.
    *
    * @example
    * declare const apiCall: AwsApiCall;

From eaf00746c8f308502333ba40b05b8b6d21b77336 Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Wed, 8 Nov 2023 15:07:11 +0900
Subject: [PATCH 03/10] add an integ test

---
 .../lib/assertions/api-call-base.ts           |   4 +-
 .../WaiterProviderStack.assets.json           |  19 +
 .../WaiterProviderStack.template.json         |  64 +++
 ...efaultTestDeployAssertDADDA65F.assets.json |  32 ++
 ...aultTestDeployAssertDADDA65F.template.json | 397 ++++++++++++++++++
 .../integ.waiter-provider.js.snapshot/cdk.out |   1 +
 .../integ.json                                |  12 +
 .../manifest.json                             | 198 +++++++++
 .../tree.json                                 | 383 +++++++++++++++++
 .../lambda-handler/integ.waiter-provider.ts   |  31 ++
 10 files changed, 1139 insertions(+), 2 deletions(-)
 create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderStack.assets.json
 create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderStack.template.json
 create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderTestDefaultTestDeployAssertDADDA65F.assets.json
 create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderTestDefaultTestDeployAssertDADDA65F.template.json
 create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/cdk.out
 create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/integ.json
 create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/manifest.json
 create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/tree.json
 create mode 100644 packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts

diff --git a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts
index c6dc7960a2089..0fa683630d7e3 100644
--- a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts
+++ b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/api-call-base.ts
@@ -10,7 +10,7 @@ import { WaiterStateMachineOptions } from './waiter-state-machine';
 export interface IApiCall extends IConstruct {
   /**
    * Access the AssertionsProvider. This can be used to add additional IAM policies
-   * to the the provider role policy.
+   * to the provider role policy.
    *
    * @example
    * declare const apiCall: AwsApiCall;
@@ -25,7 +25,7 @@ export interface IApiCall extends IConstruct {
   /**
    * Access the AssertionsProvider for the waiter state machine.
    * This can be used to add additional IAM policies
-   * to the the provider role policy.
+   * to the provider role policy.
    *
    * @example
    * declare const apiCall: AwsApiCall;
diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderStack.assets.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderStack.assets.json
new file mode 100644
index 0000000000000..486fb37b598ce
--- /dev/null
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderStack.assets.json
@@ -0,0 +1,19 @@
+{
+  "version": "34.0.0",
+  "files": {
+    "bf8a3ed1d6bbc40361c4011469cf77f9b1255d4c57db12152d8455a04db4ca89": {
+      "source": {
+        "path": "WaiterProviderStack.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "bf8a3ed1d6bbc40361c4011469cf77f9b1255d4c57db12152d8455a04db4ca89.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderStack.template.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderStack.template.json
new file mode 100644
index 0000000000000..e58a9bfc29983
--- /dev/null
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderStack.template.json
@@ -0,0 +1,64 @@
+{
+ "Resources": {
+  "Bucket83908E77": {
+   "Type": "AWS::S3::Bucket",
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
+  }
+ },
+ "Outputs": {
+  "ExportsOutputRefBucket83908E7781C90AC0": {
+   "Value": {
+    "Ref": "Bucket83908E77"
+   },
+   "Export": {
+    "Name": "WaiterProviderStack:ExportsOutputRefBucket83908E7781C90AC0"
+   }
+  },
+  "ExportsOutputFnGetAttBucket83908E77Arn063C8555": {
+   "Value": {
+    "Fn::GetAtt": [
+     "Bucket83908E77",
+     "Arn"
+    ]
+   },
+   "Export": {
+    "Name": "WaiterProviderStack:ExportsOutputFnGetAttBucket83908E77Arn063C8555"
+   }
+  }
+ },
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderTestDefaultTestDeployAssertDADDA65F.assets.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderTestDefaultTestDeployAssertDADDA65F.assets.json
new file mode 100644
index 0000000000000..d43c0f66d9dc8
--- /dev/null
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderTestDefaultTestDeployAssertDADDA65F.assets.json
@@ -0,0 +1,32 @@
+{
+  "version": "34.0.0",
+  "files": {
+    "211bd8c514e07e047addb5c06afe6f8e85ce4e0b19b64ad78b28e84fc09aafe7": {
+      "source": {
+        "path": "asset.211bd8c514e07e047addb5c06afe6f8e85ce4e0b19b64ad78b28e84fc09aafe7.bundle",
+        "packaging": "zip"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "211bd8c514e07e047addb5c06afe6f8e85ce4e0b19b64ad78b28e84fc09aafe7.zip",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    },
+    "aea51b3ce0e0aaac7c022f2623feee44903ffbc78696fb1681924e6af0382d9e": {
+      "source": {
+        "path": "WaiterProviderTestDefaultTestDeployAssertDADDA65F.template.json",
+        "packaging": "file"
+      },
+      "destinations": {
+        "current_account-current_region": {
+          "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
+          "objectKey": "aea51b3ce0e0aaac7c022f2623feee44903ffbc78696fb1681924e6af0382d9e.json",
+          "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
+        }
+      }
+    }
+  },
+  "dockerImages": {}
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderTestDefaultTestDeployAssertDADDA65F.template.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderTestDefaultTestDeployAssertDADDA65F.template.json
new file mode 100644
index 0000000000000..13aeaa42e2397
--- /dev/null
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/WaiterProviderTestDefaultTestDeployAssertDADDA65F.template.json
@@ -0,0 +1,397 @@
+{
+ "Resources": {
+  "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7": {
+   "Type": "Custom::DeployAssert@SdkCallS3listObjectsV2",
+   "Properties": {
+    "ServiceToken": {
+     "Fn::GetAtt": [
+      "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F",
+      "Arn"
+     ]
+    },
+    "service": "S3",
+    "api": "listObjectsV2",
+    "expected": "{\"$ObjectLike\":{\"KeyCount\":0}}",
+    "stateMachineArn": {
+     "Ref": "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitFor44026F5B"
+    },
+    "parameters": {
+     "Bucket": {
+      "Fn::Join": [
+       "",
+       [
+        "\"",
+        {
+         "Fn::ImportValue": "WaiterProviderStack:ExportsOutputRefBucket83908E7781C90AC0"
+        },
+        "\""
+       ]
+      ]
+     },
+     "MaxKeys": "1"
+    },
+    "flattenResponse": "false",
+    "salt": "1699423327442"
+   },
+   "UpdateReplacePolicy": "Delete",
+   "DeletionPolicy": "Delete"
+  },
+  "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitForIsCompleteProviderInvokeAEF542F2": {
+   "Type": "AWS::Lambda::Permission",
+   "Properties": {
+    "Action": "lambda:InvokeFunction",
+    "FunctionName": {
+     "Fn::GetAtt": [
+      "SingletonFunction76b3e830a873425f8453eddd85c86925Handler81461ECE",
+      "Arn"
+     ]
+    },
+    "Principal": {
+     "Fn::GetAtt": [
+      "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitForRoleE87C1521",
+      "Arn"
+     ]
+    }
+   }
+  },
+  "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitForTimeoutProviderInvokeC73E31B9": {
+   "Type": "AWS::Lambda::Permission",
+   "Properties": {
+    "Action": "lambda:InvokeFunction",
+    "FunctionName": {
+     "Fn::GetAtt": [
+      "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aHandlerADF3E6EA",
+      "Arn"
+     ]
+    },
+    "Principal": {
+     "Fn::GetAtt": [
+      "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitForRoleE87C1521",
+      "Arn"
+     ]
+    }
+   }
+  },
+  "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitForRoleE87C1521": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Version": "2012-10-17",
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "states.amazonaws.com"
+       }
+      }
+     ]
+    },
+    "Policies": [
+     {
+      "PolicyName": "InlineInvokeFunctions",
+      "PolicyDocument": {
+       "Version": "2012-10-17",
+       "Statement": [
+        {
+         "Action": "lambda:InvokeFunction",
+         "Effect": "Allow",
+         "Resource": [
+          {
+           "Fn::GetAtt": [
+            "SingletonFunction76b3e830a873425f8453eddd85c86925Handler81461ECE",
+            "Arn"
+           ]
+          },
+          {
+           "Fn::GetAtt": [
+            "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aHandlerADF3E6EA",
+            "Arn"
+           ]
+          }
+         ]
+        }
+       ]
+      }
+     }
+    ]
+   }
+  },
+  "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitFor44026F5B": {
+   "Type": "AWS::StepFunctions::StateMachine",
+   "Properties": {
+    "DefinitionString": {
+     "Fn::Join": [
+      "",
+      [
+       "{\"StartAt\":\"framework-isComplete-task\",\"States\":{\"framework-isComplete-task\":{\"End\":true,\"Retry\":[{\"ErrorEquals\":[\"States.ALL\"],\"IntervalSeconds\":10,\"MaxAttempts\":18,\"BackoffRate\":1}],\"Catch\":[{\"ErrorEquals\":[\"States.ALL\"],\"Next\":\"framework-onTimeout-task\"}],\"Type\":\"Task\",\"Resource\":\"",
+       {
+        "Fn::GetAtt": [
+         "SingletonFunction76b3e830a873425f8453eddd85c86925Handler81461ECE",
+         "Arn"
+        ]
+       },
+       "\"},\"framework-onTimeout-task\":{\"End\":true,\"Type\":\"Task\",\"Resource\":\"",
+       {
+        "Fn::GetAtt": [
+         "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aHandlerADF3E6EA",
+         "Arn"
+        ]
+       },
+       "\"}}}"
+      ]
+     ]
+    },
+    "RoleArn": {
+     "Fn::GetAtt": [
+      "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitForRoleE87C1521",
+      "Arn"
+     ]
+    }
+   },
+   "DependsOn": [
+    "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitForRoleE87C1521"
+   ]
+  },
+  "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Version": "2012-10-17",
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "lambda.amazonaws.com"
+       }
+      }
+     ]
+    },
+    "ManagedPolicyArns": [
+     {
+      "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+     }
+    ],
+    "Policies": [
+     {
+      "PolicyName": "Inline",
+      "PolicyDocument": {
+       "Version": "2012-10-17",
+       "Statement": [
+        {
+         "Action": [
+          "s3:ListObjectsV2"
+         ],
+         "Effect": "Allow",
+         "Resource": [
+          "*"
+         ]
+        },
+        {
+         "Action": [
+          "states:StartExecution"
+         ],
+         "Effect": "Allow",
+         "Resource": [
+          "*"
+         ]
+        }
+       ]
+      }
+     }
+    ]
+   }
+  },
+  "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F": {
+   "Type": "AWS::Lambda::Function",
+   "Properties": {
+    "Runtime": "nodejs18.x",
+    "Code": {
+     "S3Bucket": {
+      "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+     },
+     "S3Key": "211bd8c514e07e047addb5c06afe6f8e85ce4e0b19b64ad78b28e84fc09aafe7.zip"
+    },
+    "Timeout": 120,
+    "Handler": "index.handler",
+    "Role": {
+     "Fn::GetAtt": [
+      "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73",
+      "Arn"
+     ]
+    }
+   }
+  },
+  "SingletonFunction76b3e830a873425f8453eddd85c86925Role918961BB": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Version": "2012-10-17",
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "lambda.amazonaws.com"
+       }
+      }
+     ]
+    },
+    "ManagedPolicyArns": [
+     {
+      "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+     }
+    ],
+    "Policies": [
+     {
+      "PolicyName": "Inline",
+      "PolicyDocument": {
+       "Version": "2012-10-17",
+       "Statement": [
+        {
+         "Action": [
+          "s3:ListObjectsV2"
+         ],
+         "Effect": "Allow",
+         "Resource": [
+          "*"
+         ]
+        },
+        {
+         "Effect": "Allow",
+         "Action": [
+          "s3:GetObject",
+          "s3:ListBucket"
+         ],
+         "Resource": [
+          {
+           "Fn::ImportValue": "WaiterProviderStack:ExportsOutputFnGetAttBucket83908E77Arn063C8555"
+          },
+          {
+           "Fn::Join": [
+            "",
+            [
+             {
+              "Fn::ImportValue": "WaiterProviderStack:ExportsOutputFnGetAttBucket83908E77Arn063C8555"
+             },
+             "/*"
+            ]
+           ]
+          }
+         ]
+        }
+       ]
+      }
+     }
+    ]
+   }
+  },
+  "SingletonFunction76b3e830a873425f8453eddd85c86925Handler81461ECE": {
+   "Type": "AWS::Lambda::Function",
+   "Properties": {
+    "Runtime": "nodejs18.x",
+    "Code": {
+     "S3Bucket": {
+      "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+     },
+     "S3Key": "211bd8c514e07e047addb5c06afe6f8e85ce4e0b19b64ad78b28e84fc09aafe7.zip"
+    },
+    "Timeout": 120,
+    "Handler": "index.isComplete",
+    "Role": {
+     "Fn::GetAtt": [
+      "SingletonFunction76b3e830a873425f8453eddd85c86925Role918961BB",
+      "Arn"
+     ]
+    }
+   }
+  },
+  "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aRoleB84BD8CE": {
+   "Type": "AWS::IAM::Role",
+   "Properties": {
+    "AssumeRolePolicyDocument": {
+     "Version": "2012-10-17",
+     "Statement": [
+      {
+       "Action": "sts:AssumeRole",
+       "Effect": "Allow",
+       "Principal": {
+        "Service": "lambda.amazonaws.com"
+       }
+      }
+     ]
+    },
+    "ManagedPolicyArns": [
+     {
+      "Fn::Sub": "arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+     }
+    ]
+   }
+  },
+  "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aHandlerADF3E6EA": {
+   "Type": "AWS::Lambda::Function",
+   "Properties": {
+    "Runtime": "nodejs18.x",
+    "Code": {
+     "S3Bucket": {
+      "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
+     },
+     "S3Key": "211bd8c514e07e047addb5c06afe6f8e85ce4e0b19b64ad78b28e84fc09aafe7.zip"
+    },
+    "Timeout": 120,
+    "Handler": "index.onTimeout",
+    "Role": {
+     "Fn::GetAtt": [
+      "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aRoleB84BD8CE",
+      "Arn"
+     ]
+    }
+   }
+  }
+ },
+ "Outputs": {
+  "AssertionResultsAwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7": {
+   "Value": {
+    "Fn::GetAtt": [
+     "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7",
+     "assertion"
+    ]
+   }
+  }
+ },
+ "Parameters": {
+  "BootstrapVersion": {
+   "Type": "AWS::SSM::Parameter::Value<String>",
+   "Default": "/cdk-bootstrap/hnb659fds/version",
+   "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
+  }
+ },
+ "Rules": {
+  "CheckBootstrapVersion": {
+   "Assertions": [
+    {
+     "Assert": {
+      "Fn::Not": [
+       {
+        "Fn::Contains": [
+         [
+          "1",
+          "2",
+          "3",
+          "4",
+          "5"
+         ],
+         {
+          "Ref": "BootstrapVersion"
+         }
+        ]
+       }
+      ]
+     },
+     "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
+    }
+   ]
+  }
+ }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/cdk.out b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/cdk.out
new file mode 100644
index 0000000000000..2313ab5436501
--- /dev/null
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/cdk.out
@@ -0,0 +1 @@
+{"version":"34.0.0"}
\ No newline at end of file
diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/integ.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/integ.json
new file mode 100644
index 0000000000000..396d7324c0e89
--- /dev/null
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/integ.json
@@ -0,0 +1,12 @@
+{
+  "version": "34.0.0",
+  "testCases": {
+    "WaiterProviderTest/DefaultTest": {
+      "stacks": [
+        "WaiterProviderStack"
+      ],
+      "assertionStack": "WaiterProviderTest/DefaultTest/DeployAssert",
+      "assertionStackName": "WaiterProviderTestDefaultTestDeployAssertDADDA65F"
+    }
+  }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/manifest.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/manifest.json
new file mode 100644
index 0000000000000..016a5fdde59b2
--- /dev/null
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/manifest.json
@@ -0,0 +1,198 @@
+{
+  "version": "34.0.0",
+  "artifacts": {
+    "WaiterProviderStack.assets": {
+      "type": "cdk:asset-manifest",
+      "properties": {
+        "file": "WaiterProviderStack.assets.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+      }
+    },
+    "WaiterProviderStack": {
+      "type": "aws:cloudformation:stack",
+      "environment": "aws://unknown-account/unknown-region",
+      "properties": {
+        "templateFile": "WaiterProviderStack.template.json",
+        "terminationProtection": false,
+        "validateOnSynth": false,
+        "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
+        "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/bf8a3ed1d6bbc40361c4011469cf77f9b1255d4c57db12152d8455a04db4ca89.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
+        "additionalDependencies": [
+          "WaiterProviderStack.assets"
+        ],
+        "lookupRole": {
+          "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
+          "requiresBootstrapStackVersion": 8,
+          "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+        }
+      },
+      "dependencies": [
+        "WaiterProviderStack.assets"
+      ],
+      "metadata": {
+        "/WaiterProviderStack/Bucket/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "Bucket83908E77"
+          }
+        ],
+        "/WaiterProviderStack/Exports/Output{\"Ref\":\"Bucket83908E77\"}": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "ExportsOutputRefBucket83908E7781C90AC0"
+          }
+        ],
+        "/WaiterProviderStack/Exports/Output{\"Fn::GetAtt\":[\"Bucket83908E77\",\"Arn\"]}": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "ExportsOutputFnGetAttBucket83908E77Arn063C8555"
+          }
+        ],
+        "/WaiterProviderStack/BootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "BootstrapVersion"
+          }
+        ],
+        "/WaiterProviderStack/CheckBootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "CheckBootstrapVersion"
+          }
+        ]
+      },
+      "displayName": "WaiterProviderStack"
+    },
+    "WaiterProviderTestDefaultTestDeployAssertDADDA65F.assets": {
+      "type": "cdk:asset-manifest",
+      "properties": {
+        "file": "WaiterProviderTestDefaultTestDeployAssertDADDA65F.assets.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+      }
+    },
+    "WaiterProviderTestDefaultTestDeployAssertDADDA65F": {
+      "type": "aws:cloudformation:stack",
+      "environment": "aws://unknown-account/unknown-region",
+      "properties": {
+        "templateFile": "WaiterProviderTestDefaultTestDeployAssertDADDA65F.template.json",
+        "terminationProtection": false,
+        "validateOnSynth": false,
+        "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}",
+        "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}",
+        "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/aea51b3ce0e0aaac7c022f2623feee44903ffbc78696fb1681924e6af0382d9e.json",
+        "requiresBootstrapStackVersion": 6,
+        "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version",
+        "additionalDependencies": [
+          "WaiterProviderTestDefaultTestDeployAssertDADDA65F.assets"
+        ],
+        "lookupRole": {
+          "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}",
+          "requiresBootstrapStackVersion": 8,
+          "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version"
+        }
+      },
+      "dependencies": [
+        "WaiterProviderStack",
+        "WaiterProviderTestDefaultTestDeployAssertDADDA65F.assets"
+      ],
+      "metadata": {
+        "/WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/Default/Default": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/IsCompleteProvider/Invoke": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitForIsCompleteProviderInvokeAEF542F2"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/TimeoutProvider/Invoke": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitForTimeoutProviderInvokeC73E31B9"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/Role": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitForRoleE87C1521"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/Resource": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7WaitFor44026F5B"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/AssertionResults": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "AssertionResultsAwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Role": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "SingletonFunction1488541a7b23466481b69b4408076b81Role37ABCE73"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Handler": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "SingletonFunction1488541a7b23466481b69b4408076b81HandlerCD40AE9F"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Role": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "SingletonFunction76b3e830a873425f8453eddd85c86925Role918961BB"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Handler": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "SingletonFunction76b3e830a873425f8453eddd85c86925Handler81461ECE"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Role": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aRoleB84BD8CE"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Handler": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41aHandlerADF3E6EA"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/BootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "BootstrapVersion"
+          }
+        ],
+        "/WaiterProviderTest/DefaultTest/DeployAssert/CheckBootstrapVersion": [
+          {
+            "type": "aws:cdk:logicalId",
+            "data": "CheckBootstrapVersion"
+          }
+        ]
+      },
+      "displayName": "WaiterProviderTest/DefaultTest/DeployAssert"
+    },
+    "Tree": {
+      "type": "cdk:tree",
+      "properties": {
+        "file": "tree.json"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/tree.json b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/tree.json
new file mode 100644
index 0000000000000..666d734e76ee2
--- /dev/null
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.js.snapshot/tree.json
@@ -0,0 +1,383 @@
+{
+  "version": "tree-0.1",
+  "tree": {
+    "id": "App",
+    "path": "",
+    "children": {
+      "WaiterProviderStack": {
+        "id": "WaiterProviderStack",
+        "path": "WaiterProviderStack",
+        "children": {
+          "Bucket": {
+            "id": "Bucket",
+            "path": "WaiterProviderStack/Bucket",
+            "children": {
+              "Resource": {
+                "id": "Resource",
+                "path": "WaiterProviderStack/Bucket/Resource",
+                "attributes": {
+                  "aws:cdk:cloudformation:type": "AWS::S3::Bucket",
+                  "aws:cdk:cloudformation:props": {}
+                },
+                "constructInfo": {
+                  "fqn": "aws-cdk-lib.aws_s3.CfnBucket",
+                  "version": "0.0.0"
+                }
+              }
+            },
+            "constructInfo": {
+              "fqn": "aws-cdk-lib.aws_s3.Bucket",
+              "version": "0.0.0"
+            }
+          },
+          "Exports": {
+            "id": "Exports",
+            "path": "WaiterProviderStack/Exports",
+            "children": {
+              "Output{\"Ref\":\"Bucket83908E77\"}": {
+                "id": "Output{\"Ref\":\"Bucket83908E77\"}",
+                "path": "WaiterProviderStack/Exports/Output{\"Ref\":\"Bucket83908E77\"}",
+                "constructInfo": {
+                  "fqn": "aws-cdk-lib.CfnOutput",
+                  "version": "0.0.0"
+                }
+              },
+              "Output{\"Fn::GetAtt\":[\"Bucket83908E77\",\"Arn\"]}": {
+                "id": "Output{\"Fn::GetAtt\":[\"Bucket83908E77\",\"Arn\"]}",
+                "path": "WaiterProviderStack/Exports/Output{\"Fn::GetAtt\":[\"Bucket83908E77\",\"Arn\"]}",
+                "constructInfo": {
+                  "fqn": "aws-cdk-lib.CfnOutput",
+                  "version": "0.0.0"
+                }
+              }
+            },
+            "constructInfo": {
+              "fqn": "constructs.Construct",
+              "version": "10.2.70"
+            }
+          },
+          "BootstrapVersion": {
+            "id": "BootstrapVersion",
+            "path": "WaiterProviderStack/BootstrapVersion",
+            "constructInfo": {
+              "fqn": "aws-cdk-lib.CfnParameter",
+              "version": "0.0.0"
+            }
+          },
+          "CheckBootstrapVersion": {
+            "id": "CheckBootstrapVersion",
+            "path": "WaiterProviderStack/CheckBootstrapVersion",
+            "constructInfo": {
+              "fqn": "aws-cdk-lib.CfnRule",
+              "version": "0.0.0"
+            }
+          }
+        },
+        "constructInfo": {
+          "fqn": "aws-cdk-lib.Stack",
+          "version": "0.0.0"
+        }
+      },
+      "WaiterProviderTest": {
+        "id": "WaiterProviderTest",
+        "path": "WaiterProviderTest",
+        "children": {
+          "DefaultTest": {
+            "id": "DefaultTest",
+            "path": "WaiterProviderTest/DefaultTest",
+            "children": {
+              "Default": {
+                "id": "Default",
+                "path": "WaiterProviderTest/DefaultTest/Default",
+                "constructInfo": {
+                  "fqn": "constructs.Construct",
+                  "version": "10.2.70"
+                }
+              },
+              "DeployAssert": {
+                "id": "DeployAssert",
+                "path": "WaiterProviderTest/DefaultTest/DeployAssert",
+                "children": {
+                  "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7": {
+                    "id": "AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7",
+                    "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7",
+                    "children": {
+                      "SdkProvider": {
+                        "id": "SdkProvider",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/SdkProvider",
+                        "children": {
+                          "AssertionsProvider": {
+                            "id": "AssertionsProvider",
+                            "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/SdkProvider/AssertionsProvider",
+                            "constructInfo": {
+                              "fqn": "constructs.Construct",
+                              "version": "10.2.70"
+                            }
+                          }
+                        },
+                        "constructInfo": {
+                          "fqn": "constructs.Construct",
+                          "version": "10.2.70"
+                        }
+                      },
+                      "Default": {
+                        "id": "Default",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/Default",
+                        "children": {
+                          "Default": {
+                            "id": "Default",
+                            "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/Default/Default",
+                            "constructInfo": {
+                              "fqn": "aws-cdk-lib.CfnResource",
+                              "version": "0.0.0"
+                            }
+                          }
+                        },
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.CustomResource",
+                          "version": "0.0.0"
+                        }
+                      },
+                      "WaitFor": {
+                        "id": "WaitFor",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor",
+                        "children": {
+                          "IsCompleteProvider": {
+                            "id": "IsCompleteProvider",
+                            "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/IsCompleteProvider",
+                            "children": {
+                              "AssertionsProvider": {
+                                "id": "AssertionsProvider",
+                                "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/IsCompleteProvider/AssertionsProvider",
+                                "constructInfo": {
+                                  "fqn": "constructs.Construct",
+                                  "version": "10.2.70"
+                                }
+                              },
+                              "Invoke": {
+                                "id": "Invoke",
+                                "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/IsCompleteProvider/Invoke",
+                                "constructInfo": {
+                                  "fqn": "aws-cdk-lib.CfnResource",
+                                  "version": "0.0.0"
+                                }
+                              }
+                            },
+                            "constructInfo": {
+                              "fqn": "constructs.Construct",
+                              "version": "10.2.70"
+                            }
+                          },
+                          "TimeoutProvider": {
+                            "id": "TimeoutProvider",
+                            "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/TimeoutProvider",
+                            "children": {
+                              "AssertionsProvider": {
+                                "id": "AssertionsProvider",
+                                "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/TimeoutProvider/AssertionsProvider",
+                                "constructInfo": {
+                                  "fqn": "constructs.Construct",
+                                  "version": "10.2.70"
+                                }
+                              },
+                              "Invoke": {
+                                "id": "Invoke",
+                                "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/TimeoutProvider/Invoke",
+                                "constructInfo": {
+                                  "fqn": "aws-cdk-lib.CfnResource",
+                                  "version": "0.0.0"
+                                }
+                              }
+                            },
+                            "constructInfo": {
+                              "fqn": "constructs.Construct",
+                              "version": "10.2.70"
+                            }
+                          },
+                          "Role": {
+                            "id": "Role",
+                            "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/Role",
+                            "constructInfo": {
+                              "fqn": "aws-cdk-lib.CfnResource",
+                              "version": "0.0.0"
+                            }
+                          },
+                          "Resource": {
+                            "id": "Resource",
+                            "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/WaitFor/Resource",
+                            "constructInfo": {
+                              "fqn": "aws-cdk-lib.CfnResource",
+                              "version": "0.0.0"
+                            }
+                          }
+                        },
+                        "constructInfo": {
+                          "fqn": "constructs.Construct",
+                          "version": "10.2.70"
+                        }
+                      },
+                      "AssertionResults": {
+                        "id": "AssertionResults",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/AwsApiCallS3listObjectsV29ecd8f92611a4d8b5ce59acec0cde0a7/AssertionResults",
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.CfnOutput",
+                          "version": "0.0.0"
+                        }
+                      }
+                    },
+                    "constructInfo": {
+                      "fqn": "constructs.Construct",
+                      "version": "10.2.70"
+                    }
+                  },
+                  "SingletonFunction1488541a7b23466481b69b4408076b81": {
+                    "id": "SingletonFunction1488541a7b23466481b69b4408076b81",
+                    "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81",
+                    "children": {
+                      "Staging": {
+                        "id": "Staging",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Staging",
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.AssetStaging",
+                          "version": "0.0.0"
+                        }
+                      },
+                      "Role": {
+                        "id": "Role",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Role",
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.CfnResource",
+                          "version": "0.0.0"
+                        }
+                      },
+                      "Handler": {
+                        "id": "Handler",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction1488541a7b23466481b69b4408076b81/Handler",
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.CfnResource",
+                          "version": "0.0.0"
+                        }
+                      }
+                    },
+                    "constructInfo": {
+                      "fqn": "constructs.Construct",
+                      "version": "10.2.70"
+                    }
+                  },
+                  "SingletonFunction76b3e830a873425f8453eddd85c86925": {
+                    "id": "SingletonFunction76b3e830a873425f8453eddd85c86925",
+                    "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925",
+                    "children": {
+                      "Staging": {
+                        "id": "Staging",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Staging",
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.AssetStaging",
+                          "version": "0.0.0"
+                        }
+                      },
+                      "Role": {
+                        "id": "Role",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Role",
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.CfnResource",
+                          "version": "0.0.0"
+                        }
+                      },
+                      "Handler": {
+                        "id": "Handler",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction76b3e830a873425f8453eddd85c86925/Handler",
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.CfnResource",
+                          "version": "0.0.0"
+                        }
+                      }
+                    },
+                    "constructInfo": {
+                      "fqn": "constructs.Construct",
+                      "version": "10.2.70"
+                    }
+                  },
+                  "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a": {
+                    "id": "SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a",
+                    "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a",
+                    "children": {
+                      "Staging": {
+                        "id": "Staging",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Staging",
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.AssetStaging",
+                          "version": "0.0.0"
+                        }
+                      },
+                      "Role": {
+                        "id": "Role",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Role",
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.CfnResource",
+                          "version": "0.0.0"
+                        }
+                      },
+                      "Handler": {
+                        "id": "Handler",
+                        "path": "WaiterProviderTest/DefaultTest/DeployAssert/SingletonFunction5c1898e096fb4e3e95d5f6c67f3ce41a/Handler",
+                        "constructInfo": {
+                          "fqn": "aws-cdk-lib.CfnResource",
+                          "version": "0.0.0"
+                        }
+                      }
+                    },
+                    "constructInfo": {
+                      "fqn": "constructs.Construct",
+                      "version": "10.2.70"
+                    }
+                  },
+                  "BootstrapVersion": {
+                    "id": "BootstrapVersion",
+                    "path": "WaiterProviderTest/DefaultTest/DeployAssert/BootstrapVersion",
+                    "constructInfo": {
+                      "fqn": "aws-cdk-lib.CfnParameter",
+                      "version": "0.0.0"
+                    }
+                  },
+                  "CheckBootstrapVersion": {
+                    "id": "CheckBootstrapVersion",
+                    "path": "WaiterProviderTest/DefaultTest/DeployAssert/CheckBootstrapVersion",
+                    "constructInfo": {
+                      "fqn": "aws-cdk-lib.CfnRule",
+                      "version": "0.0.0"
+                    }
+                  }
+                },
+                "constructInfo": {
+                  "fqn": "aws-cdk-lib.Stack",
+                  "version": "0.0.0"
+                }
+              }
+            },
+            "constructInfo": {
+              "fqn": "constructs.Construct",
+              "version": "10.2.70"
+            }
+          }
+        },
+        "constructInfo": {
+          "fqn": "constructs.Construct",
+          "version": "10.2.70"
+        }
+      },
+      "Tree": {
+        "id": "Tree",
+        "path": "Tree",
+        "constructInfo": {
+          "fqn": "constructs.Construct",
+          "version": "10.2.70"
+        }
+      }
+    },
+    "constructInfo": {
+      "fqn": "aws-cdk-lib.App",
+      "version": "0.0.0"
+    }
+  }
+}
\ No newline at end of file
diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts
new file mode 100644
index 0000000000000..71aca9c03733d
--- /dev/null
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts
@@ -0,0 +1,31 @@
+import { App, Duration, RemovalPolicy, Stack } from 'aws-cdk-lib';
+import { ExpectedResult, IntegTest } from '../../../../lib';
+import { Bucket } from 'aws-cdk-lib/aws-s3';
+
+const app = new App();
+const stack = new Stack(app, 'WaiterProviderStack');
+
+const bucket = new Bucket(stack, 'Bucket', {
+  removalPolicy: RemovalPolicy.DESTROY,
+});
+
+const integ = new IntegTest(app, 'WaiterProviderTest', {
+  testCases: [stack],
+});
+
+integ.assertions.awsApiCall('S3', 'listObjectsV2', {
+  Bucket: bucket.bucketName,
+  MaxKeys: 1,
+}).expect(ExpectedResult.objectLike({
+  KeyCount: 0,
+})).waitForAssertions({
+  interval: Duration.seconds(10),
+  totalTimeout: Duration.minutes(3),
+}).waiterProvider?.addToRolePolicy({
+  Effect: 'Allow',
+  Action: ['s3:GetObject', 's3:ListBucket'],
+  Resource: [
+    `${bucket.bucketArn}`,
+    `${bucket.bucketArn}/*`,
+  ],
+});
\ No newline at end of file

From 2e9c8664a55cc7074e5a763c5200dd28de03616f Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Wed, 8 Nov 2023 18:52:41 +0900
Subject: [PATCH 04/10] fix for the review

---
 .../providers/lambda-handler/integ.waiter-provider.ts        | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts
index 71aca9c03733d..5d1d2f9645739 100644
--- a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts
@@ -13,7 +13,7 @@ const integ = new IntegTest(app, 'WaiterProviderTest', {
   testCases: [stack],
 });
 
-integ.assertions.awsApiCall('S3', 'listObjectsV2', {
+const listObjectsCall = integ.assertions.awsApiCall('S3', 'listObjectsV2', {
   Bucket: bucket.bucketName,
   MaxKeys: 1,
 }).expect(ExpectedResult.objectLike({
@@ -21,7 +21,8 @@ integ.assertions.awsApiCall('S3', 'listObjectsV2', {
 })).waitForAssertions({
   interval: Duration.seconds(10),
   totalTimeout: Duration.minutes(3),
-}).waiterProvider?.addToRolePolicy({
+});
+listObjectsCall.waiterProvider?.addToRolePolicy({
   Effect: 'Allow',
   Action: ['s3:GetObject', 's3:ListBucket'],
   Resource: [

From b7db4a812c2a640925bb8db971d0498493948661 Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Wed, 8 Nov 2023 18:54:32 +0900
Subject: [PATCH 05/10] fix for the review

---
 .../assertions/providers/lambda-handler/integ.waiter-provider.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts
index 5d1d2f9645739..2b620eca4cd5c 100644
--- a/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts
+++ b/packages/@aws-cdk/integ-tests-alpha/test/assertions/providers/lambda-handler/integ.waiter-provider.ts
@@ -22,6 +22,7 @@ const listObjectsCall = integ.assertions.awsApiCall('S3', 'listObjectsV2', {
   interval: Duration.seconds(10),
   totalTimeout: Duration.minutes(3),
 });
+
 listObjectsCall.waiterProvider?.addToRolePolicy({
   Effect: 'Allow',
   Action: ['s3:GetObject', 's3:ListBucket'],

From b9bb4ddb94749d3715661aab932b3205073ccb75 Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Wed, 8 Nov 2023 19:21:11 +0900
Subject: [PATCH 06/10] change README

---
 packages/@aws-cdk/integ-tests-alpha/README.md | 30 +++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/packages/@aws-cdk/integ-tests-alpha/README.md b/packages/@aws-cdk/integ-tests-alpha/README.md
index 3972bcff72645..9d822e5d6e80d 100644
--- a/packages/@aws-cdk/integ-tests-alpha/README.md
+++ b/packages/@aws-cdk/integ-tests-alpha/README.md
@@ -522,3 +522,33 @@ const describe = testCase.assertions.awsApiCall('StepFunctions', 'describeExecut
 });
 ```
 
+In cases where the `waitForAssertions()` is used for the `awsApiCall`, the actual API call is executed by the `waiterProvider`.
+
+Same as `provider`, by default, the `AwsApiCall` construct will automatically add the correct IAM policies
+to allow the Lambda function to make the API call. It does this based on the `service`
+and `api` that is provided. In the above example the service is `SQS` and the api is
+`receiveMessage` so it will create a policy with `Action: 'sqs:ReceiveMessage`.
+
+There are some cases where the permissions do not exactly match the service/api call, for
+example the S3 `listObjectsV2` api. In these cases it is possible to add the correct policy
+by accessing the `waiterProvider` object.
+
+```ts
+declare const app: App;
+declare const stack: Stack;
+declare const integ: IntegTest;
+
+const apiCall = integ.assertions.awsApiCall('S3', 'listObjectsV2', {
+  Bucket: 'mybucket',
+}).waitForAssertions({
+  totalTimeout: Duration.minutes(5),
+  interval: Duration.seconds(15),
+  backoffRate: 3,
+});
+
+apiCall?.waiterProvider.addToRolePolicy({
+  Effect: 'Allow',
+  Action: ['s3:GetObject', 's3:ListBucket'],
+  Resource: ['*'],
+});
+```

From 0e1cec3b0a5128cc5530a1a8f0666d5c17e243dd Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Wed, 8 Nov 2023 19:28:15 +0900
Subject: [PATCH 07/10] change codes in README

---
 packages/@aws-cdk/integ-tests-alpha/README.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/packages/@aws-cdk/integ-tests-alpha/README.md b/packages/@aws-cdk/integ-tests-alpha/README.md
index 9d822e5d6e80d..5d24da73fc8d0 100644
--- a/packages/@aws-cdk/integ-tests-alpha/README.md
+++ b/packages/@aws-cdk/integ-tests-alpha/README.md
@@ -534,8 +534,6 @@ example the S3 `listObjectsV2` api. In these cases it is possible to add the cor
 by accessing the `waiterProvider` object.
 
 ```ts
-declare const app: App;
-declare const stack: Stack;
 declare const integ: IntegTest;
 
 const apiCall = integ.assertions.awsApiCall('S3', 'listObjectsV2', {

From 00ae81a55d78c0faf91ce58cbfb811397b103619 Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Wed, 8 Nov 2023 19:29:34 +0900
Subject: [PATCH 08/10] style for README

---
 packages/@aws-cdk/integ-tests-alpha/README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/packages/@aws-cdk/integ-tests-alpha/README.md b/packages/@aws-cdk/integ-tests-alpha/README.md
index 5d24da73fc8d0..69d2d67b73d93 100644
--- a/packages/@aws-cdk/integ-tests-alpha/README.md
+++ b/packages/@aws-cdk/integ-tests-alpha/README.md
@@ -522,7 +522,8 @@ const describe = testCase.assertions.awsApiCall('StepFunctions', 'describeExecut
 });
 ```
 
-In cases where the `waitForAssertions()` is used for the `awsApiCall`, the actual API call is executed by the `waiterProvider`.
+In cases where the `waitForAssertions()` is used for the `awsApiCall`, the actual API call is executed
+by the `waiterProvider`.
 
 Same as `provider`, by default, the `AwsApiCall` construct will automatically add the correct IAM policies
 to allow the Lambda function to make the API call. It does this based on the `service`

From f6491fcc953641108fda3077e75bb48b254507a4 Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Wed, 8 Nov 2023 20:05:15 +0900
Subject: [PATCH 09/10] change for the review

---
 packages/@aws-cdk/integ-tests-alpha/README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/packages/@aws-cdk/integ-tests-alpha/README.md b/packages/@aws-cdk/integ-tests-alpha/README.md
index 69d2d67b73d93..1169f52d030db 100644
--- a/packages/@aws-cdk/integ-tests-alpha/README.md
+++ b/packages/@aws-cdk/integ-tests-alpha/README.md
@@ -522,10 +522,10 @@ const describe = testCase.assertions.awsApiCall('StepFunctions', 'describeExecut
 });
 ```
 
-In cases where the `waitForAssertions()` is used for the `awsApiCall`, the actual API call is executed
-by the `waiterProvider`.
+When `waitForAssertions()` is used for the `awsApiCall`, the actual API call is executed
+by the `waiterProvider` assertion provider.
 
-Same as `provider`, by default, the `AwsApiCall` construct will automatically add the correct IAM policies
+By default, the `AwsApiCall` construct will automatically add the correct IAM policies
 to allow the Lambda function to make the API call. It does this based on the `service`
 and `api` that is provided. In the above example the service is `SQS` and the api is
 `receiveMessage` so it will create a policy with `Action: 'sqs:ReceiveMessage`.
@@ -545,7 +545,7 @@ const apiCall = integ.assertions.awsApiCall('S3', 'listObjectsV2', {
   backoffRate: 3,
 });
 
-apiCall?.waiterProvider.addToRolePolicy({
+apiCall.waiterProvider?.addToRolePolicy({
   Effect: 'Allow',
   Action: ['s3:GetObject', 's3:ListBucket'],
   Resource: ['*'],

From a66b911946aef4dbab885d597ace0f2d3e575ce3 Mon Sep 17 00:00:00 2001
From: go-to-k <24818752+go-to-k@users.noreply.github.com>
Date: Thu, 21 Dec 2023 12:24:06 +0900
Subject: [PATCH 10/10] fix to add docstring

---
 .../integ-tests-alpha/lib/assertions/sdk.ts         | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts
index 491e513989061..fff9f88cc8f0e 100644
--- a/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts
+++ b/packages/@aws-cdk/integ-tests-alpha/lib/assertions/sdk.ts
@@ -50,6 +50,19 @@ export interface AwsApiCallProps extends AwsApiCallOptions { }
 export class AwsApiCall extends ApiCallBase {
   public readonly provider: AssertionsProvider;
 
+  /**
+   * access the AssertionsProvider for the waiter state machine.
+   * This can be used to add additional IAM policies
+   * the the provider role policy
+   *
+   * @example
+   * declare const apiCall: AwsApiCall;
+   * apiCall.waiterProvider?.addToRolePolicy({
+   *   Effect: 'Allow',
+   *   Action: ['s3:GetObject'],
+   *   Resource: ['*'],
+   * });
+   */
   public waiterProvider?: AssertionsProvider;
 
   protected readonly apiCallResource: CustomResource;