s3_website 3.0.0 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3e5dc3e5f8d46a22ed296aa8bd4a13a6dacd3b8a
-  data.tar.gz: 41f5bc55b289e55bad653dad55481d7e5116b253
+  metadata.gz: 46287f622fae5f7d6dd707ce8fbdd617060b46ae
+  data.tar.gz: 5f3d2f1c19f9c16695ce896ac52e5c9e6ae35d34
 SHA512:
-  metadata.gz: 42f2c57cfc5c19ddb65f4045a4691e4868b17033de2eb38bcc79180b37d82acedfb659b7df83b8cfea253bfd07ec9d4549c91a4279e48469f17e70189141a0bd
-  data.tar.gz: 75afbbd52b508bcd3bebfb1b138e1dd040af5baf5ae67eeec7a652b29428f5f878869a53111aa9c956f7df120097c6ab7d27e505c504f0d370a64e09d5654c0a
+  metadata.gz: 06835789338deb7cb5b93f173d9c840fb8a0d52683a059a5e56c9d13c596668155956cc21d11995010939e15ecaf1cdeb52b41ecbc8b85b8cf02d5519a455d37
+  data.tar.gz: 7212c008b7d0b6e90d89c04b0d736ef427f09e97312f5a7e1514bcfd17effd7f2fe5911b5fa53935f144d752de01232c641678e21278ddad4d2daf8708b567a5

data/README.md

@@ -66,7 +66,7 @@ s3_bucket: blog.example.com
 roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UsingIAM.html#UsingIAMrolesWithAmazonEC2Instances),
 you can omit the `s3_id` and `s3_secret` keys in the config file.)
 
-S3_website implements supports for reading environment variables from a file using
+S3_website implements support for reading environment variables from a file using
 the [dotenv](https://github.com/bkeepers/dotenv) gem. You can create a `.env` file
 in the project's root directory to take advantage of this feature. Please have
 a look at [dotenv's usage guide](https://github.com/bkeepers/dotenv#usage) for
@@ -74,8 +74,8 @@ syntax information.
 
 Your `.env` file should containing the following variables:
 
-    AWS_ACCESS_KEY_ID=FOO
-    AWS_SECRET_ACCESS_KEY=BAR
+    S3_ID=FOO
+    S3_SECRET=BAR
 
 ## Project goals
 
@@ -285,11 +285,11 @@ For example, like this you can define a your own TTL and CNAME:
 ```yaml
 cloudfront_distribution_config:
   default_cache_behavior:
-    min_TTL: <%= 60 * 60 * 24 %>
+    min_ttl: <%= 60 * 60 * 24 %>
   aliases:
     quantity: 1
     items:
-      CNAME: your.website.com
+      - your.website.com
 ```
 
 Once you've saved the configuration into `s3_website.yml`, you can apply them by
@@ -446,6 +446,16 @@ Define the subdirectory like so:
 s3_key_prefix: your-subdirectory
 ```
 
+### Temporary security credentials with Session Token
+
+[AWS temporary security credentials](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) (eg: when [assuming IAM roles](http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html))
+
+Usage: 
+
+```yaml
+session_token: your-token
+```
+
 ## Migrating from v1 to v2
 
 Please read the [release note](/changelog.md#200) on version 2. It contains
@@ -526,7 +536,7 @@ See the [Contributors](https://github.com/laurilehmijoki/s3_website/graphs/contr
 
 * [Deploying websites to FTP or Amazon S3 with BitBucket Pipelines](https://www.savjee.be/2016/06/Deploying-website-to-ftp-or-amazon-s3-with-BitBucket-Pipelines/)
 * [How To: Hosting on Amazon S3 with CloudFront](https://paulstamatiou.com/hosting-on-amazon-s3-with-cloudfront/)
-* [PageSpeed 100 with Jekyll, S3 and CloudFront](https://habd.as/pagespeed-100-with-jekyll-s3-and-cloudfront/)
+* [Zero to HTTP/2 with AWS and Hugo](https://habd.as/zero-to-http-2-aws-hugo/)
 
 ## Donations
 

data/additional-docs/example-configurations.md

@@ -19,6 +19,15 @@ s3_bucket: your.domain.net
 If you run `s3_website` on an EC2 instance with IAM roles, it is possible to omit
 the `s3_id` and `s3_secret`.
 
+## Minimal for temporary security credentials
+
+````yaml
+s3_id: abcd
+s3_secret: 2s+x92
+session_token: hex!xeh
+s3_bucket: your.domain.net
+````
+
 ## Optimised for speed
 
 Use CloudFront, gzip, cache headers and greater concurrency:
@@ -30,11 +39,11 @@ s3_bucket: your.domain.net
 cloudfront_distribution_id: <%= ENV['your_domain_net_cloudfront_distribution_id'] %>
 cloudfront_distribution_config:
   default_cache_behavior:
-    min_TTL: <%= 60 * 60 * 24 %>
+    min_ttl: <%= 60 * 60 * 24 %>
   aliases:
     quantity: 1
     items:
-      CNAME: your.domain.net
+      - your.domain.net
 max_age: 120
 gzip: true
 ````
@@ -44,6 +53,30 @@ environment variables. It's convenient, since you can keep the `s3_website.yml`
 in a public Git repo, and thus have your deployment configurations
 version-controlled.
 
+## Setup for HTTP2 and Custom SNI SSL Certificate
+
+To fully utilize HTTP2 you'll need to setup SSL for your distribution. While HTTP/2 does
+not mandate the use of encryption, it turns out that [all of the common web browsers 
+require the use of HTTPS connections in conjunction with HTTP/2](http://caniuse.com/#feat=http2).
+Therefore, you may need to make some changes to your site or application in order 
+to take full advantage of HTTP/2. While you can test the site by using the Default
+CloudFront Certificate you will likely want to use a custom SSL Certificate. 
+This isn't yet automated by s3_website, [but is a few manual steps](https://medium.com/@richardkall/setup-lets-encrypt-ssl-certificate-on-amazon-cloudfront-b217669987b2#.7jyust8os), 
+which is now free thanks to Let's Encrypt. 
+
+````yaml
+s3_id: <%= ENV['your_domain_net_aws_key'] %>
+s3_secret: <%= ENV['your_domain_net_aws_secret'] %>
+s3_bucket: your.domain.net
+cloudfront_distribution_id: <%= ENV['your_domain_net_cloudfront_distribution_id'] %>
+cloudfront_distribution_config:
+  default_cache_behavior:
+    min_ttl: <%= 60 * 60 * 24 %>
+  http_version: http2
+max_age: 120
+gzip: true
+````
+
 ## Multiple CNAMEs
 
 Sometimes you want to use multiple CNAMEs aliases in your CloudFront distribution:
@@ -55,13 +88,13 @@ s3_bucket: your.domain.net
 cloudfront_distribution_id: <%= ENV['your_domain_net_cloudfront_distribution_id'] %>
 cloudfront_distribution_config:
   default_cache_behavior:
-    min_TTL: <%= 60 * 60 * 24 %>
+    min_ttl: <%= 60 * 60 * 24 %>
   aliases:
     quantity: 3
     items:
-      CNAME0: your1.domain.net
-      CNAME1: your2.domain.net
-      CNAME2: your3.domain.net
+      - your1.domain.net
+      - your2.domain.net
+      - your3.domain.net
 max_age: 120
 gzip: true
 ````

data/changelog.md

@@ -2,6 +2,10 @@
 
 This project uses [Semantic Versioning](http://semver.org).
 
+## 3.1.0
+
+Support for [session tokens](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)
+
 ## 3.0.0
 
 The CloudFront client now uses the official AWS SDK. If your `s3_website.yml`

data/lib/s3_website/version.rb

@@ -1,3 +1,3 @@
 module S3Website
-  VERSION = '3.0.0'
+  VERSION = '3.1.0'
 end

data/resources/configuration_file_template.yml

@@ -2,6 +2,9 @@ s3_id: YOUR_AWS_S3_ACCESS_KEY_ID
 s3_secret: YOUR_AWS_S3_SECRET_ACCESS_KEY
 s3_bucket: your.blog.bucket.com
 
+# set s3_token if using temporary credentials with a session token (eg: when assuming a role)
+# s3_token: YOUR_AWS_S3_SESSION_TOKEN
+
 # Below are examples of all the available configurations.
 # See README for more detailed info on each of them.
 
@@ -35,11 +38,11 @@ s3_bucket: your.blog.bucket.com
 
 # cloudfront_distribution_config:
 #   default_cache_behavior:
-#     min_TTL: <%= 60 * 60 * 24 %>
+#     min_ttl: <%= 60 * 60 * 24 %>
 #   aliases:
 #     quantity: 1
 #     items:
-#       CNAME: your.website.com
+#       - your.website.com
 
 # cloudfront_invalidate_root: true
 

data/s3_website.gemspec

@@ -24,6 +24,7 @@ Gem::Specification.new do |s|
 
   s.add_development_dependency 'rake', '10.1.1'
   s.add_development_dependency 'octokit', '3.1.0'
+  s.add_development_dependency 'mime-types'
 
   s.files         = `git ls-files`
                       .split("\n")

data/src/main/scala/s3/website/model/Config.scala

@@ -8,11 +8,12 @@ import scala.util.{Failure, Try}
 import scala.collection.JavaConversions._
 import s3.website.Ruby.rubyRuntime
 import s3.website._
-import com.amazonaws.auth.{AWSCredentialsProvider, BasicAWSCredentials, DefaultAWSCredentialsProviderChain}
+import com.amazonaws.auth.{AWSCredentialsProvider, BasicAWSCredentials, BasicSessionCredentials, DefaultAWSCredentialsProviderChain}
 
 case class Config(
   s3_id:                                  Option[String], // If undefined, use IAM Roles (http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html)
   s3_secret:                              Option[String], // If undefined, use IAM Roles (http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html)
+  session_token:                          Option[String], // If defined, the AWS Security Token Service session token (http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html)
   s3_bucket:                              String,
   s3_endpoint:                            S3Endpoint,
   site:                                   Option[String],
@@ -36,10 +37,19 @@ case class Config(
 object Config {
 
   def awsCredentials(config: Config): AWSCredentialsProvider = {
-    val credentialsFromConfigFile = for {
-      s3_id <- config.s3_id
-      s3_secret <- config.s3_secret
-    } yield new BasicAWSCredentials(s3_id, s3_secret)
+    val credentialsFromConfigFile =
+      if (config.session_token.isEmpty) {
+        for {
+          s3_id <- config.s3_id
+          s3_secret <- config.s3_secret
+        } yield new BasicAWSCredentials(s3_id, s3_secret)
+      } else {
+        for {
+          s3_id <- config.s3_id
+          s3_secret <- config.s3_secret
+          session_token <- config.session_token
+        } yield new BasicSessionCredentials(s3_id, s3_secret, session_token)
+      }
     credentialsFromConfigFile.fold(new DefaultAWSCredentialsProviderChain: AWSCredentialsProvider)(credentials =>
       new AWSCredentialsProvider {
         def getCredentials = credentials

data/src/main/scala/s3/website/model/Site.scala

@@ -35,6 +35,7 @@ object Site {
         for {
           s3_id <- loadOptionalString("s3_id").right
           s3_secret <- loadOptionalString("s3_secret").right
+          session_token <- loadOptionalString("session_token").right
           s3_bucket <- loadRequiredString("s3_bucket").right
           s3_endpoint <- loadEndpoint.right
           site <- loadOptionalString("site").right
@@ -65,6 +66,7 @@ object Site {
           Config(
             s3_id,
             s3_secret,
+            session_token,
             s3_bucket,
             s3_endpoint getOrElse S3Endpoint.defaultEndpoint,
             site,

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: s3_website
 version: !ruby/object:Gem::Version
-  version: 3.0.0
+  version: 3.1.0
 platform: ruby
 authors:
 - Lauri Lehmijoki
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-12-22 00:00:00.000000000 Z
+date: 2017-03-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -94,6 +94,20 @@ dependencies:
     - - '='
       - !ruby/object:Gem::Version
         version: 3.1.0
+- !ruby/object:Gem::Dependency
+  name: mime-types
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: "\n    Sync website files, set redirects, use HTTP performance optimisations,
   deliver via\n    CloudFront.\n  "
 email:
@@ -166,7 +180,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Manage your S3 website