@aws-solutions-constructs/aws-cloudfront-oai-s3 2.79.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +4403 -0
- package/README.md +109 -0
- package/architecture.png +0 -0
- package/integ.config.json +7 -0
- package/lib/index.d.ts +118 -0
- package/lib/index.js +106 -0
- package/package.json +95 -0
- package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.d.ts +13 -0
- package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +56 -0
- package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
- package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cdk.out +1 -0
- package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.assets.json +32 -0
- package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json +1061 -0
- package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.assets.json +19 -0
- package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/cftoais3bucketencryptedwithmanagedkeyprovidedasexistingbucketIntegDefaultTestDeployAssert105E804F.template.json +36 -0
- package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/integ.json +12 -0
- package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/manifest.json +215 -0
- package/test/integ.cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js.snapshot/tree.json +1105 -0
- package/test/integ.cftoais3-custom-headers.d.ts +13 -0
- package/test/integ.cftoais3-custom-headers.js +71 -0
- package/test/integ.cftoais3-custom-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
- package/test/integ.cftoais3-custom-headers.js.snapshot/cdk.out +1 -0
- package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.assets.json +32 -0
- package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3-custom-headers.template.json +1116 -0
- package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.assets.json +19 -0
- package/test/integ.cftoais3-custom-headers.js.snapshot/cftoais3customheadersIntegDefaultTestDeployAssert5AA11BA9.template.json +36 -0
- package/test/integ.cftoais3-custom-headers.js.snapshot/integ.json +12 -0
- package/test/integ.cftoais3-custom-headers.js.snapshot/manifest.json +227 -0
- package/test/integ.cftoais3-custom-headers.js.snapshot/tree.json +1196 -0
- package/test/integ.cftoais3-custom-originPath.d.ts +13 -0
- package/test/integ.cftoais3-custom-originPath.js +48 -0
- package/test/integ.cftoais3-custom-originPath.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
- package/test/integ.cftoais3-custom-originPath.js.snapshot/cdk.out +1 -0
- package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.assets.json +32 -0
- package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3-custom-originPath.template.json +1085 -0
- package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.assets.json +19 -0
- package/test/integ.cftoais3-custom-originPath.js.snapshot/cftoais3customoriginPathIntegDefaultTestDeployAssert1C351914.template.json +36 -0
- package/test/integ.cftoais3-custom-originPath.js.snapshot/integ.json +12 -0
- package/test/integ.cftoais3-custom-originPath.js.snapshot/manifest.json +221 -0
- package/test/integ.cftoais3-custom-originPath.js.snapshot/tree.json +1147 -0
- package/test/integ.cftoais3-customLoggingBuckets.d.ts +13 -0
- package/test/integ.cftoais3-customLoggingBuckets.js +64 -0
- package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
- package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cdk.out +1 -0
- package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.assets.json +32 -0
- package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3-customLoggingBuckets.template.json +1109 -0
- package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.assets.json +19 -0
- package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/cftoais3customLoggingBucketsIntegDefaultTestDeployAssert8F33EF2A.template.json +36 -0
- package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/integ.json +12 -0
- package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/manifest.json +221 -0
- package/test/integ.cftoais3-customLoggingBuckets.js.snapshot/tree.json +1172 -0
- package/test/integ.cftoais3-existing-bucket.d.ts +13 -0
- package/test/integ.cftoais3-existing-bucket.js +59 -0
- package/test/integ.cftoais3-existing-bucket.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
- package/test/integ.cftoais3-existing-bucket.js.snapshot/cdk.out +1 -0
- package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.assets.json +32 -0
- package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3-existing-bucket.template.json +1131 -0
- package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.assets.json +19 -0
- package/test/integ.cftoais3-existing-bucket.js.snapshot/cftoais3existingbucketIntegDefaultTestDeployAssertB7627F26.template.json +36 -0
- package/test/integ.cftoais3-existing-bucket.js.snapshot/integ.json +12 -0
- package/test/integ.cftoais3-existing-bucket.js.snapshot/manifest.json +233 -0
- package/test/integ.cftoais3-existing-bucket.js.snapshot/tree.json +1240 -0
- package/test/integ.cftoais3-no-arguments.d.ts +13 -0
- package/test/integ.cftoais3-no-arguments.js +53 -0
- package/test/integ.cftoais3-no-arguments.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
- package/test/integ.cftoais3-no-arguments.js.snapshot/cdk.out +1 -0
- package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.assets.json +32 -0
- package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3-no-arguments.template.json +1094 -0
- package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.assets.json +19 -0
- package/test/integ.cftoais3-no-arguments.js.snapshot/cftoais3noargumentsIntegDefaultTestDeployAssert5CF03E3D.template.json +36 -0
- package/test/integ.cftoais3-no-arguments.js.snapshot/integ.json +12 -0
- package/test/integ.cftoais3-no-arguments.js.snapshot/manifest.json +356 -0
- package/test/integ.cftoais3-no-arguments.js.snapshot/tree.json +1146 -0
- package/test/integ.cftoais3-no-cloudfront-s3-access-logs.d.ts +13 -0
- package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js +60 -0
- package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
- package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cdk.out +1 -0
- package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.assets.json +32 -0
- package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3-no-cloudfront-s3-access-logs.template.json +743 -0
- package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.assets.json +19 -0
- package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/cftoais3nocloudfronts3accesslogsIntegDefaultTestDeployAssert6D810275.template.json +36 -0
- package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/integ.json +12 -0
- package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/manifest.json +185 -0
- package/test/integ.cftoais3-no-cloudfront-s3-access-logs.js.snapshot/tree.json +726 -0
- package/test/integ.cftoais3-no-logging.d.ts +13 -0
- package/test/integ.cftoais3-no-logging.js +56 -0
- package/test/integ.cftoais3-no-logging.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
- package/test/integ.cftoais3-no-logging.js.snapshot/cdk.out +1 -0
- package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.assets.json +32 -0
- package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3-no-logging.template.json +576 -0
- package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.assets.json +19 -0
- package/test/integ.cftoais3-no-logging.js.snapshot/cftoais3nologgingIntegDefaultTestDeployAssertCED06EE4.template.json +36 -0
- package/test/integ.cftoais3-no-logging.js.snapshot/integ.json +12 -0
- package/test/integ.cftoais3-no-logging.js.snapshot/manifest.json +167 -0
- package/test/integ.cftoais3-no-logging.js.snapshot/tree.json +542 -0
- package/test/integ.cftoais3-no-security-headers.d.ts +13 -0
- package/test/integ.cftoais3-no-security-headers.js +50 -0
- package/test/integ.cftoais3-no-security-headers.js.snapshot/asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6/index.js +1 -0
- package/test/integ.cftoais3-no-security-headers.js.snapshot/cdk.out +1 -0
- package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.assets.json +32 -0
- package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3-no-security-headers.template.json +1061 -0
- package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.assets.json +19 -0
- package/test/integ.cftoais3-no-security-headers.js.snapshot/cftoais3nosecurityheadersIntegDefaultTestDeployAssertAB4B2F28.template.json +36 -0
- package/test/integ.cftoais3-no-security-headers.js.snapshot/integ.json +12 -0
- package/test/integ.cftoais3-no-security-headers.js.snapshot/manifest.json +215 -0
- package/test/integ.cftoais3-no-security-headers.js.snapshot/tree.json +1105 -0
- package/test/test.cloudfront-oai-s3.test.d.ts +13 -0
- package/test/test.cloudfront-oai-s3.test.js +702 -0
package/README.md
ADDED
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
# aws-cloudfront-oai-s3 module
|
|
2
|
+
<!--BEGIN STABILITY BANNER-->
|
|
3
|
+
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+

|
|
7
|
+
|
|
8
|
+
---
|
|
9
|
+
<!--END STABILITY BANNER-->
|
|
10
|
+
|
|
11
|
+
| **Reference Documentation**:| <span style="font-weight: normal">https://docs.aws.amazon.com/solutions/latest/constructs/</span>|
|
|
12
|
+
|:-------------|:-------------|
|
|
13
|
+
<div style="height:8px"></div>
|
|
14
|
+
|
|
15
|
+
| **Language** | **Package** |
|
|
16
|
+
|:-------------|-----------------|
|
|
17
|
+
| Python|`aws_solutions_constructs.aws_cloudfront_oai_s3`|
|
|
18
|
+
| Typescript|`@aws-solutions-constructs/aws-cloudfront-oai-s3`|
|
|
19
|
+
| Java|`software.amazon.awsconstructs.services.cloudfrontoais3`|
|
|
20
|
+
|
|
21
|
+
## Overview
|
|
22
|
+
This AWS Solutions Construct provisions an Amazon CloudFront Distribution that serves objects from an AWS S3 Bucket via an Origin Access Identity (OAI).
|
|
23
|
+
|
|
24
|
+
IMPORTANT: The recommended architecture for this pattern is to use an Origin Access Control, which is available in aws-cloudfront-s3. This construct is provided to support China regions where Origin Access Controls are not available.
|
|
25
|
+
|
|
26
|
+
Here is a minimal deployable pattern definition:
|
|
27
|
+
|
|
28
|
+
Typescript
|
|
29
|
+
``` typescript
|
|
30
|
+
import { Construct } from 'constructs';
|
|
31
|
+
import { Stack, StackProps } from 'aws-cdk-lib';
|
|
32
|
+
import { CloudFrontToOaiToS3 } from '@aws-solutions-constructs/aws-cloudfront-oai-s3';
|
|
33
|
+
|
|
34
|
+
new CloudFrontToOaiToS3(this, 'test-cloudfront-oai-s3', {});
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
Python
|
|
38
|
+
``` python
|
|
39
|
+
from aws_solutions_constructs.aws_cloudfront_oai_s3 import CloudFrontToOaiToS3
|
|
40
|
+
from aws_cdk import Stack
|
|
41
|
+
from constructs import Construct
|
|
42
|
+
|
|
43
|
+
CloudFrontToOaiToS3(self, 'test-cloudfront-oai-s3')
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
Java
|
|
47
|
+
``` java
|
|
48
|
+
import software.constructs.Construct;
|
|
49
|
+
|
|
50
|
+
import software.amazon.awscdk.Stack;
|
|
51
|
+
import software.amazon.awscdk.StackProps;
|
|
52
|
+
import software.amazon.awsconstructs.services.cloudfrontoais3.*;
|
|
53
|
+
|
|
54
|
+
new CloudFrontToOaiToS3(this, "test-cloudfront-oai-s3", new CloudFrontToOaiToS3Props.Builder()
|
|
55
|
+
.build());
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
## Pattern Construct Props
|
|
59
|
+
|
|
60
|
+
| **Name** | **Type** | **Description** |
|
|
61
|
+
|:-------------|:----------------|-----------------|
|
|
62
|
+
|cloudFrontDistributionProps?|[`cloudfront.DistributionProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.DistributionProps.html)|Optional user provided props to override the default props for CloudFront Distribution|
|
|
63
|
+
|insertHttpSecurityHeaders?|`boolean`|Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront|
|
|
64
|
+
|responseHeadersPolicyProps? | [`cloudfront.ResponseHeadersPolicyProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.ResponseHeadersPolicyProps.html) | Optional user provided configuration that cloudfront applies to all http responses.|
|
|
65
|
+
|originPath?|`string`|Optional user provided props to provide an[originPath](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront_origins.S3OriginProps.html#originpath) that CloudFront appends to the origin domain name when CloudFront requests content from the origin. The string should start with a `/`, for example: `/production`. Default value is `'/'`|
|
|
66
|
+
|existingBucketObj?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.IBucket.html)|Existing instance of S3 content bucket object or interface. If this is provided, then also providing bucketProps will cause an error. |
|
|
67
|
+
|bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketProps.html)|Optional user provided props to override the default props for the S3 content bucket. Note - to log S3 access for this bucket to an existing S3 bucket, put the existing log bucket in bucketProps: `serverAccessLogsBucket`|
|
|
68
|
+
|logS3AccessLogs?| boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true|
|
|
69
|
+
|loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.|
|
|
70
|
+
|cloudFrontLoggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketProps.html)|Optional user provided props to override the default props for the CloudFront Logging Bucket. Note: to use an existing bucketto hold CloudFront logs, pass the existing log bucket in |
|
|
71
|
+
|logCloudFrontAccessLog|`boolean`|Optional - Whether to maintain access logs for the CloudFront Logging bucket. Specifying false for this while providing info about the log bucket will cause an error. Default = true |
|
|
72
|
+
|cloudFrontLoggingBucketAccessLogBucketProps|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.BucketProps.html)|Optional user provided props to override the default props for the CloudFront Log Bucket Access Log bucket. Providing both this and `existingcloudFrontLoggingBucketAccessLogBucket` will cause an error. To provide an existing bucket to accept these logs, pass the existing bucket in `cloudFrontLoggingBucketProps::serverAccessLogBucket`|
|
|
73
|
+
|
|
74
|
+
## Pattern Properties
|
|
75
|
+
|
|
76
|
+
| **Name** | **Type** | **Description** |
|
|
77
|
+
|:-------------|:----------------|-----------------|
|
|
78
|
+
|cloudFrontWebDistribution|[`cloudfront.Distribution`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Distribution.html)|Returns an instance of cloudfront.Distribution created by the construct.|
|
|
79
|
+
|cloudFrontFunction?|[`cloudfront.Function`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_cloudfront.Function.html)|Returns an instance of the Cloudfront function created by the construct.|
|
|
80
|
+
|s3BucketInterface|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.IBucket.html)|Returns an instance of s3.IBucket created by the construct.|
|
|
81
|
+
|s3Bucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html)|Returns an instance of s3.Bucket created by the construct. IMPORTANT: If `existingBucketObj` was provided in Pattern Construct Props, this property will be `undefined`|
|
|
82
|
+
|s3LoggingBucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html)|Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket.|
|
|
83
|
+
|cloudFrontLoggingBucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html)|The S3 bucket created by the construct to hold CloudFront logs. Only populated if the construct creates the bucket (not if an existing bucket is passed in via DistributionProps)|
|
|
84
|
+
|cloudFrontLoggingBucketAccessLogBucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html)|The S3 bucket containing the S3 access logs for the CloudFront log bucket. Only populated if the construct creates the bucket (not if the bucket is passed in via `cloudFrontLoggingBucketProps::serverAccessLogBucket`|
|
|
85
|
+
|
|
86
|
+
## Default settings
|
|
87
|
+
|
|
88
|
+
Out of the box implementation of the Construct without any override will set the following defaults:
|
|
89
|
+
|
|
90
|
+
### Amazon CloudFront
|
|
91
|
+
* Configure Access logging for CloudFront Distribution
|
|
92
|
+
* Enable automatic injection of best practice HTTP security headers in all responses from CloudFront Distribution
|
|
93
|
+
* CloudFront originPath set to `'/'`
|
|
94
|
+
* Create an Origin Access Identity to access S3 bucket
|
|
95
|
+
|
|
96
|
+
### Amazon S3 Bucket
|
|
97
|
+
* Configure Access logging for S3 Bucket
|
|
98
|
+
* Enable server-side encryption for S3 Bucket using AWS managed KMS Key
|
|
99
|
+
* Enforce encryption of data in transit
|
|
100
|
+
* Turn on the versioning for S3 Bucket
|
|
101
|
+
* Block public access for S3 Bucket
|
|
102
|
+
* Retain the S3 Bucket when deleting the CloudFormation stack
|
|
103
|
+
* Applies Lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
|
|
104
|
+
|
|
105
|
+
## Architecture
|
|
106
|
+

|
|
107
|
+
|
|
108
|
+
***
|
|
109
|
+
© Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
package/architecture.png
ADDED
|
Binary file
|
package/lib/index.d.ts
ADDED
|
@@ -0,0 +1,118 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
3
|
+
*
|
|
4
|
+
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
|
|
5
|
+
* with the License. A copy of the License is located at
|
|
6
|
+
*
|
|
7
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
*
|
|
9
|
+
* or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
|
|
10
|
+
* OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
|
|
11
|
+
* and limitations under the License.
|
|
12
|
+
*/
|
|
13
|
+
import * as cloudfront from 'aws-cdk-lib/aws-cloudfront';
|
|
14
|
+
import * as s3 from 'aws-cdk-lib/aws-s3';
|
|
15
|
+
import { Construct } from 'constructs';
|
|
16
|
+
/**
|
|
17
|
+
* @summary The properties for the CloudFrontToOaiToS3 Construct
|
|
18
|
+
*/
|
|
19
|
+
export interface CloudFrontToOaiToS3Props {
|
|
20
|
+
/**
|
|
21
|
+
* Optional user provided props to override the default props
|
|
22
|
+
*
|
|
23
|
+
* @default - Default props are used
|
|
24
|
+
*/
|
|
25
|
+
readonly cloudFrontDistributionProps?: cloudfront.DistributionProps | any;
|
|
26
|
+
/**
|
|
27
|
+
* Optional user provided props to turn on/off the automatic injection of best practice HTTP
|
|
28
|
+
* security headers in all responses from cloudfront.
|
|
29
|
+
* Turning this on will inject default headers and is mutually exclusive with passing custom security headers
|
|
30
|
+
* via the responseHeadersPolicyProps parameter.
|
|
31
|
+
*
|
|
32
|
+
* @default - true
|
|
33
|
+
*/
|
|
34
|
+
readonly insertHttpSecurityHeaders?: boolean;
|
|
35
|
+
/**
|
|
36
|
+
* Optional user provided configuration that cloudfront applies to all http responses.
|
|
37
|
+
* Can be used to pass a custom ResponseSecurityHeadersBehavior, ResponseCustomHeadersBehavior or
|
|
38
|
+
* ResponseHeadersCorsBehavior to the cloudfront distribution.
|
|
39
|
+
*
|
|
40
|
+
* Passing a custom ResponseSecurityHeadersBehavior is mutually exclusive with turning on the default security headers
|
|
41
|
+
* via `insertHttpSecurityHeaders` prop. Will throw an error if both `insertHttpSecurityHeaders` is set to `true`
|
|
42
|
+
* and ResponseSecurityHeadersBehavior is passed.
|
|
43
|
+
*
|
|
44
|
+
* @default - undefined
|
|
45
|
+
*/
|
|
46
|
+
readonly responseHeadersPolicyProps?: cloudfront.ResponseHeadersPolicyProps;
|
|
47
|
+
/**
|
|
48
|
+
* Optional user provided props to provide an originPath that CloudFront appends to the
|
|
49
|
+
* origin domain name when CloudFront requests content from the origin.
|
|
50
|
+
* The string should start with a `/`, for example `/production`.
|
|
51
|
+
* @default = '/'
|
|
52
|
+
*/
|
|
53
|
+
readonly originPath?: string;
|
|
54
|
+
/**
|
|
55
|
+
* Existing instance of S3 Content Bucket object, providing both this and `bucketProps` will cause an error.
|
|
56
|
+
*
|
|
57
|
+
* @default - None
|
|
58
|
+
*/
|
|
59
|
+
readonly existingBucketObj?: s3.IBucket;
|
|
60
|
+
/**
|
|
61
|
+
* Optional user provided props to override the default props for the S3 Content Bucket.
|
|
62
|
+
*
|
|
63
|
+
* @default - Default props are used
|
|
64
|
+
*/
|
|
65
|
+
readonly bucketProps?: s3.BucketProps;
|
|
66
|
+
/**
|
|
67
|
+
* Optional - Whether to maintain access logs for the S3 Content bucket
|
|
68
|
+
*
|
|
69
|
+
* @default - true
|
|
70
|
+
*/
|
|
71
|
+
readonly logS3AccessLogs?: boolean;
|
|
72
|
+
/**
|
|
73
|
+
* Optional user provided props to override the default props for the S3 Content Bucket Access Log Bucket.
|
|
74
|
+
*
|
|
75
|
+
* @default - Default props are used
|
|
76
|
+
*/
|
|
77
|
+
readonly loggingBucketProps?: s3.BucketProps;
|
|
78
|
+
/**
|
|
79
|
+
* Optional user provided props to override the default props for the CloudFront Log Bucket.
|
|
80
|
+
*
|
|
81
|
+
* @default - Default props are used
|
|
82
|
+
*/
|
|
83
|
+
readonly cloudFrontLoggingBucketProps?: s3.BucketProps;
|
|
84
|
+
/**
|
|
85
|
+
* Optional - Whether to maintain access logs for the CloudFront Logging bucket. Specifying false for this
|
|
86
|
+
* while providing info about the log bucket will cause an error.
|
|
87
|
+
*
|
|
88
|
+
* @default - true
|
|
89
|
+
*/
|
|
90
|
+
readonly logCloudFrontAccessLog?: boolean;
|
|
91
|
+
/**
|
|
92
|
+
* Optional user provided props to override the default props for the CloudFront Log Bucket Access Log bucket.
|
|
93
|
+
* Providing both this and `existingcloudFrontLoggingBucketAccessLogBucket` will cause an error
|
|
94
|
+
*
|
|
95
|
+
* @default - Default props are used
|
|
96
|
+
*/
|
|
97
|
+
readonly cloudFrontLoggingBucketAccessLogBucketProps?: s3.BucketProps;
|
|
98
|
+
}
|
|
99
|
+
export declare class CloudFrontToOaiToS3 extends Construct {
|
|
100
|
+
readonly cloudFrontWebDistribution: cloudfront.Distribution;
|
|
101
|
+
readonly cloudFrontFunction?: cloudfront.Function;
|
|
102
|
+
readonly cloudFrontLoggingBucket?: s3.Bucket;
|
|
103
|
+
readonly cloudFrontLoggingBucketAccessLogBucket?: s3.Bucket;
|
|
104
|
+
readonly s3BucketInterface: s3.IBucket;
|
|
105
|
+
readonly s3Bucket?: s3.Bucket;
|
|
106
|
+
readonly s3LoggingBucket?: s3.Bucket;
|
|
107
|
+
readonly originAccessControl?: cloudfront.CfnOriginAccessControl;
|
|
108
|
+
/**
|
|
109
|
+
* @summary Constructs a new instance of the CloudFrontToOaiToS3 class.
|
|
110
|
+
* @param {Construct} scope - represents the scope for all the resources.
|
|
111
|
+
* @param {string} id - this is a a scope-unique id.
|
|
112
|
+
* @param {CloudFrontToOaiToS3Props} props - user provided props for the construct
|
|
113
|
+
* @since 0.8.0
|
|
114
|
+
* @access public
|
|
115
|
+
*/
|
|
116
|
+
constructor(scope: Construct, id: string, props: CloudFrontToOaiToS3Props);
|
|
117
|
+
private checkForKmsKey;
|
|
118
|
+
}
|
package/lib/index.js
ADDED
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var _a;
|
|
3
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
+
exports.CloudFrontToOaiToS3 = void 0;
|
|
5
|
+
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
|
|
6
|
+
/**
|
|
7
|
+
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
8
|
+
*
|
|
9
|
+
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
|
|
10
|
+
* with the License. A copy of the License is located at
|
|
11
|
+
*
|
|
12
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
13
|
+
*
|
|
14
|
+
* or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
|
|
15
|
+
* OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
|
|
16
|
+
* and limitations under the License.
|
|
17
|
+
*/
|
|
18
|
+
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
19
|
+
const iam = require("aws-cdk-lib/aws-iam");
|
|
20
|
+
const defaults = require("@aws-solutions-constructs/core");
|
|
21
|
+
// import * as resources from '@aws-solutions-constructs/resources';
|
|
22
|
+
// import * as kms from 'aws-cdk-lib/aws-kms';
|
|
23
|
+
// Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate
|
|
24
|
+
const constructs_1 = require("constructs");
|
|
25
|
+
class CloudFrontToOaiToS3 extends constructs_1.Construct {
|
|
26
|
+
/**
|
|
27
|
+
* @summary Constructs a new instance of the CloudFrontToOaiToS3 class.
|
|
28
|
+
* @param {Construct} scope - represents the scope for all the resources.
|
|
29
|
+
* @param {string} id - this is a a scope-unique id.
|
|
30
|
+
* @param {CloudFrontToOaiToS3Props} props - user provided props for the construct
|
|
31
|
+
* @since 0.8.0
|
|
32
|
+
* @access public
|
|
33
|
+
*/
|
|
34
|
+
constructor(scope, id, props) {
|
|
35
|
+
super(scope, id);
|
|
36
|
+
defaults.printWarning(`This construct deploys a Cloudfront/S3 pattern connected with an Origin Access Identity,
|
|
37
|
+
the recommended architecture is to use an Origin Access Connector (provided in aws-cloudfront-oai-s3). This construct
|
|
38
|
+
is provided only for use in China regions, where OACs are not available.`);
|
|
39
|
+
// All our tests are based upon this behavior being on, so we're setting
|
|
40
|
+
// context here rather than assuming the client will set it
|
|
41
|
+
this.node.setContext("@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy", true);
|
|
42
|
+
defaults.CheckS3Props(props);
|
|
43
|
+
defaults.CheckCloudFrontProps(props);
|
|
44
|
+
defaults.CheckCloudfrontS3Props(props);
|
|
45
|
+
this.checkForKmsKey(props);
|
|
46
|
+
let originBucket;
|
|
47
|
+
if (!props.existingBucketObj) {
|
|
48
|
+
const buildS3BucketResponse = defaults.buildS3Bucket(this, {
|
|
49
|
+
bucketProps: props.bucketProps,
|
|
50
|
+
loggingBucketProps: props.loggingBucketProps,
|
|
51
|
+
logS3AccessLogs: props.logS3AccessLogs
|
|
52
|
+
});
|
|
53
|
+
this.s3Bucket = buildS3BucketResponse.bucket;
|
|
54
|
+
this.s3LoggingBucket = buildS3BucketResponse.loggingBucket;
|
|
55
|
+
originBucket = this.s3Bucket;
|
|
56
|
+
}
|
|
57
|
+
else {
|
|
58
|
+
originBucket = props.existingBucketObj;
|
|
59
|
+
}
|
|
60
|
+
this.s3BucketInterface = originBucket;
|
|
61
|
+
// Define the CloudFront Distribution
|
|
62
|
+
const cloudFrontOaiDistributionForS3Props = {
|
|
63
|
+
originPath: props.originPath,
|
|
64
|
+
sourceBucket: this.s3BucketInterface,
|
|
65
|
+
cloudFrontDistributionProps: props.cloudFrontDistributionProps,
|
|
66
|
+
httpSecurityHeaders: props.insertHttpSecurityHeaders,
|
|
67
|
+
cloudFrontLoggingBucketProps: props.cloudFrontLoggingBucketProps,
|
|
68
|
+
responseHeadersPolicyProps: props.responseHeadersPolicyProps,
|
|
69
|
+
cloudFrontLoggingBucketS3AccessLogBucketProps: props.cloudFrontLoggingBucketAccessLogBucketProps,
|
|
70
|
+
logCloudFrontAccessLog: props.logCloudFrontAccessLog
|
|
71
|
+
};
|
|
72
|
+
const cloudFrontDistributionForS3Response = defaults.createCloudFrontOaiDistributionForS3(this, cloudFrontOaiDistributionForS3Props);
|
|
73
|
+
this.cloudFrontWebDistribution = cloudFrontDistributionForS3Response.distribution;
|
|
74
|
+
this.cloudFrontFunction = cloudFrontDistributionForS3Response.cloudfrontFunction;
|
|
75
|
+
this.cloudFrontLoggingBucket = cloudFrontDistributionForS3Response.loggingBucket;
|
|
76
|
+
this.cloudFrontLoggingBucketAccessLogBucket = cloudFrontDistributionForS3Response.loggingBucketS3AccesssLogBucket;
|
|
77
|
+
// Grant CloudFront permission to get the objects from the s3 bucket origin
|
|
78
|
+
originBucket.addToResourcePolicy(new iam.PolicyStatement({
|
|
79
|
+
effect: iam.Effect.ALLOW,
|
|
80
|
+
actions: ['s3:GetObject'],
|
|
81
|
+
principals: [new iam.ServicePrincipal('cloudfront.amazonaws.com')],
|
|
82
|
+
resources: [originBucket.arnForObjects('*')],
|
|
83
|
+
conditions: {
|
|
84
|
+
StringEquals: {
|
|
85
|
+
'AWS:SourceArn': `arn:${aws_cdk_lib_1.Aws.PARTITION}:cloudfront::${aws_cdk_lib_1.Aws.ACCOUNT_ID}:distribution/${this.cloudFrontWebDistribution.distributionId}`
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
}));
|
|
89
|
+
}
|
|
90
|
+
checkForKmsKey(props) {
|
|
91
|
+
let errorMessages = '';
|
|
92
|
+
let errorFound = false;
|
|
93
|
+
if ((props.bucketProps && props.bucketProps.encryptionKey) ||
|
|
94
|
+
(props.existingBucketObj && props.existingBucketObj.encryptionKey)) {
|
|
95
|
+
errorMessages += 'Error - buckets cannot use CMKs with OAIs\n';
|
|
96
|
+
errorFound = true;
|
|
97
|
+
}
|
|
98
|
+
if (errorFound) {
|
|
99
|
+
throw new Error(errorMessages);
|
|
100
|
+
}
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
exports.CloudFrontToOaiToS3 = CloudFrontToOaiToS3;
|
|
104
|
+
_a = JSII_RTTI_SYMBOL_1;
|
|
105
|
+
CloudFrontToOaiToS3[_a] = { fqn: "@aws-solutions-constructs/aws-cloudfront-oai-s3.CloudFrontToOaiToS3", version: "2.79.0" };
|
|
106
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBOzs7Ozs7Ozs7OztHQVdHO0FBRUgsNkNBQWtDO0FBRWxDLDJDQUEyQztBQUUzQywyREFBMkQ7QUFDM0Qsb0VBQW9FO0FBQ3BFLDhDQUE4QztBQUM5Qyx3RkFBd0Y7QUFDeEYsMkNBQXVDO0FBc0d2QyxNQUFhLG1CQUFvQixTQUFRLHNCQUFTO0lBVWhEOzs7Ozs7O09BT0c7SUFDSCxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQStCO1FBQ3ZFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFFakIsUUFBUSxDQUFDLFlBQVksQ0FBQzs7K0VBRXFELENBQUMsQ0FBQztRQUU3RSx3RUFBd0U7UUFDeEUsMkRBQTJEO1FBQzNELElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLGlEQUFpRCxFQUFFLElBQUksQ0FBQyxDQUFDO1FBRTlFLFFBQVEsQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDN0IsUUFBUSxDQUFDLG9CQUFvQixDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ3JDLFFBQVEsQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN2QyxJQUFJLENBQUMsY0FBYyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRTNCLElBQUksWUFBd0IsQ0FBQztRQUU3QixJQUFJLENBQUMsS0FBSyxDQUFDLGlCQUFpQixFQUFFLENBQUM7WUFDN0IsTUFBTSxxQkFBcUIsR0FBRyxRQUFRLENBQUMsYUFBYSxDQUFDLElBQUksRUFBRTtnQkFDekQsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO2dCQUM5QixrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCO2dCQUM1QyxlQUFlLEVBQUUsS0FBSyxDQUFDLGVBQWU7YUFDdkMsQ0FBQyxDQUFDO1lBQ0gsSUFBSSxDQUFDLFFBQVEsR0FBRyxxQkFBcUIsQ0FBQyxNQUFNLENBQUM7WUFDN0MsSUFBSSxDQUFDLGVBQWUsR0FBRyxxQkFBcUIsQ0FBQyxhQUFhLENBQUM7WUFDM0QsWUFBWSxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUM7UUFDL0IsQ0FBQzthQUFNLENBQUM7WUFDTixZQUFZLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDO1FBQ3pDLENBQUM7UUFFRCxJQUFJLENBQUMsaUJBQWlCLEdBQUcsWUFBWSxDQUFDO1FBRXRDLHFDQUFxQztRQUNyQyxNQUFNLG1DQUFtQyxHQUF1RDtZQUM5RixVQUFVLEVBQUUsS0FBSyxDQUFDLFVBQVU7WUFDNUIsWUFBWSxFQUFFLElBQUksQ0FBQyxpQkFBaUI7WUFDcEMsMkJBQTJCLEVBQUUsS0FBSyxDQUFDLDJCQUEyQjtZQUM5RCxtQkFBbUIsRUFBRSxLQUFLLENBQUMseUJBQXlCO1lBQ3BELDRCQUE0QixFQUFFLEtBQUssQ0FBQyw0QkFBNEI7WUFDaEUsMEJBQTBCLEVBQUUsS0FBSyxDQUFDLDBCQUEwQjtZQUM1RCw2Q0FBNkMsRUFBRSxLQUFLLENBQUMsMkNBQTJDO1lBQ2hHLHNCQUFzQixFQUFFLEtBQUssQ0FBQyxzQkFBc0I7U0FDckQsQ0FBQztRQUNGLE1BQU0sbUNBQW1DLEdBQUcsUUFBUSxDQUFDLG9DQUFvQyxDQUFDLElBQUksRUFBRSxtQ0FBbUMsQ0FBQyxDQUFDO1FBQ3JJLElBQUksQ0FBQyx5QkFBeUIsR0FBRyxtQ0FBbUMsQ0FBQyxZQUFZLENBQUM7UUFDbEYsSUFBSSxDQUFDLGtCQUFrQixHQUFHLG1DQUFtQyxDQUFDLGtCQUFrQixDQUFDO1FBQ2pGLElBQUksQ0FBQyx1QkFBdUIsR0FBRyxtQ0FBbUMsQ0FBQyxhQUFhLENBQUM7UUFDakYsSUFBSSxDQUFDLHNDQUFzQyxHQUFHLG1DQUFtQyxDQUFDLCtCQUErQixDQUFDO1FBRWxILDJFQUEyRTtRQUMzRSxZQUFZLENBQUMsbUJBQW1CLENBQzlCLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQztZQUN0QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLO1lBQ3hCLE9BQU8sRUFBRSxDQUFDLGNBQWMsQ0FBQztZQUN6QixVQUFVLEVBQUUsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxnQkFBZ0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO1lBQ2xFLFNBQVMsRUFBRSxDQUFDLFlBQVksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDNUMsVUFBVSxFQUFFO2dCQUNWLFlBQVksRUFBRTtvQkFDWixlQUFlLEVBQUUsT0FBTyxpQkFBRyxDQUFDLFNBQVMsZ0JBQWdCLGlCQUFHLENBQUMsVUFBVSxpQkFBaUIsSUFBSSxDQUFDLHlCQUF5QixDQUFDLGNBQWMsRUFBRTtpQkFDcEk7YUFDRjtTQUNGLENBQUMsQ0FDSCxDQUFDO0lBRUosQ0FBQztJQUVPLGNBQWMsQ0FBQyxLQUErQjtRQUNwRCxJQUFJLGFBQWEsR0FBRyxFQUFFLENBQUM7UUFDdkIsSUFBSSxVQUFVLEdBQUcsS0FBSyxDQUFDO1FBRXZCLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxJQUFJLEtBQUssQ0FBQyxXQUFXLENBQUMsYUFBYSxDQUFDO1lBQ3hELENBQUMsS0FBSyxDQUFDLGlCQUFpQixJQUFJLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxhQUFhLENBQUMsRUFBRSxDQUFDO1lBQ3JFLGFBQWEsSUFBSSw2Q0FBNkMsQ0FBQztZQUMvRCxVQUFVLEdBQUcsSUFBSSxDQUFDO1FBQ3BCLENBQUM7UUFFRCxJQUFJLFVBQVUsRUFBRSxDQUFDO1lBQ2YsTUFBTSxJQUFJLEtBQUssQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUNqQyxDQUFDO0lBQ0gsQ0FBQzs7QUFsR0gsa0RBbUdDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuaW1wb3J0IHsgQXdzIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0ICogYXMgY2xvdWRmcm9udCBmcm9tICdhd3MtY2RrLWxpYi9hd3MtY2xvdWRmcm9udCc7XG5pbXBvcnQgKiBhcyBpYW0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWlhbSc7XG5pbXBvcnQgKiBhcyBzMyBmcm9tICdhd3MtY2RrLWxpYi9hd3MtczMnO1xuaW1wb3J0ICogYXMgZGVmYXVsdHMgZnJvbSAnQGF3cy1zb2x1dGlvbnMtY29uc3RydWN0cy9jb3JlJztcbi8vIGltcG9ydCAqIGFzIHJlc291cmNlcyBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL3Jlc291cmNlcyc7XG4vLyBpbXBvcnQgKiBhcyBrbXMgZnJvbSAnYXdzLWNkay1saWIvYXdzLWttcyc7XG4vLyBOb3RlOiBUbyBlbnN1cmUgQ0RLdjIgY29tcGF0aWJpbGl0eSwga2VlcCB0aGUgaW1wb3J0IHN0YXRlbWVudCBmb3IgQ29uc3RydWN0IHNlcGFyYXRlXG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcblxuLyoqXG4gKiBAc3VtbWFyeSBUaGUgcHJvcGVydGllcyBmb3IgdGhlIENsb3VkRnJvbnRUb09haVRvUzMgQ29uc3RydWN0XG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgQ2xvdWRGcm9udFRvT2FpVG9TM1Byb3BzIHtcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgcHJvcHMgdG8gb3ZlcnJpZGUgdGhlIGRlZmF1bHQgcHJvcHNcbiAgICpcbiAgICogQGRlZmF1bHQgLSBEZWZhdWx0IHByb3BzIGFyZSB1c2VkXG4gICAqL1xuICByZWFkb25seSBjbG91ZEZyb250RGlzdHJpYnV0aW9uUHJvcHM/OiBjbG91ZGZyb250LkRpc3RyaWJ1dGlvblByb3BzIHwgYW55LFxuICAvKipcbiAgICogT3B0aW9uYWwgdXNlciBwcm92aWRlZCBwcm9wcyB0byB0dXJuIG9uL29mZiB0aGUgYXV0b21hdGljIGluamVjdGlvbiBvZiBiZXN0IHByYWN0aWNlIEhUVFBcbiAgICogc2VjdXJpdHkgaGVhZGVycyBpbiBhbGwgcmVzcG9uc2VzIGZyb20gY2xvdWRmcm9udC5cbiAgICogVHVybmluZyB0aGlzIG9uIHdpbGwgaW5qZWN0IGRlZmF1bHQgaGVhZGVycyBhbmQgaXMgbXV0dWFsbHkgZXhjbHVzaXZlIHdpdGggcGFzc2luZyBjdXN0b20gc2VjdXJpdHkgaGVhZGVyc1xuICAgKiB2aWEgdGhlIHJlc3BvbnNlSGVhZGVyc1BvbGljeVByb3BzIHBhcmFtZXRlci5cbiAgICpcbiAgICogQGRlZmF1bHQgLSB0cnVlXG4gICAqL1xuICByZWFkb25seSBpbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzPzogYm9vbGVhbjtcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgY29uZmlndXJhdGlvbiB0aGF0IGNsb3VkZnJvbnQgYXBwbGllcyB0byBhbGwgaHR0cCByZXNwb25zZXMuXG4gICAqIENhbiBiZSB1c2VkIHRvIHBhc3MgYSBjdXN0b20gUmVzcG9uc2VTZWN1cml0eUhlYWRlcnNCZWhhdmlvciwgUmVzcG9uc2VDdXN0b21IZWFkZXJzQmVoYXZpb3Igb3JcbiAgICogUmVzcG9uc2VIZWFkZXJzQ29yc0JlaGF2aW9yIHRvIHRoZSBjbG91ZGZyb250IGRpc3RyaWJ1dGlvbi5cbiAgICpcbiAgICogUGFzc2luZyBhIGN1c3RvbSBSZXNwb25zZVNlY3VyaXR5SGVhZGVyc0JlaGF2aW9yIGlzIG11dHVhbGx5IGV4Y2x1c2l2ZSB3aXRoIHR1cm5pbmcgb24gdGhlIGRlZmF1bHQgc2VjdXJpdHkgaGVhZGVyc1xuICAgKiB2aWEgYGluc2VydEh0dHBTZWN1cml0eUhlYWRlcnNgIHByb3AuIFdpbGwgdGhyb3cgYW4gZXJyb3IgaWYgYm90aCBgaW5zZXJ0SHR0cFNlY3VyaXR5SGVhZGVyc2AgaXMgc2V0IHRvIGB0cnVlYFxuICAgKiBhbmQgUmVzcG9uc2VTZWN1cml0eUhlYWRlcnNCZWhhdmlvciBpcyBwYXNzZWQuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gdW5kZWZpbmVkXG4gICAqL1xuICByZWFkb25seSByZXNwb25zZUhlYWRlcnNQb2xpY3lQcm9wcz86IGNsb3VkZnJvbnQuUmVzcG9uc2VIZWFkZXJzUG9saWN5UHJvcHNcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgcHJvcHMgdG8gcHJvdmlkZSBhbiBvcmlnaW5QYXRoIHRoYXQgQ2xvdWRGcm9udCBhcHBlbmRzIHRvIHRoZVxuICAgKiBvcmlnaW4gZG9tYWluIG5hbWUgd2hlbiBDbG91ZEZyb250IHJlcXVlc3RzIGNvbnRlbnQgZnJvbSB0aGUgb3JpZ2luLlxuICAgKiBUaGUgc3RyaW5nIHNob3VsZCBzdGFydCB3aXRoIGEgYC9gLCBmb3IgZXhhbXBsZSBgL3Byb2R1Y3Rpb25gLlxuICAgKiBAZGVmYXVsdCA9ICcvJ1xuICAgKi9cbiAgcmVhZG9ubHkgb3JpZ2luUGF0aD86IHN0cmluZyxcblxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLy8gUzMgQ29udGVudCBCdWNrZXRcbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8qKlxuICAgKiBFeGlzdGluZyBpbnN0YW5jZSBvZiBTMyBDb250ZW50IEJ1Y2tldCBvYmplY3QsIHByb3ZpZGluZyBib3RoIHRoaXMgYW5kIGBidWNrZXRQcm9wc2Agd2lsbCBjYXVzZSBhbiBlcnJvci5cbiAgICpcbiAgICogQGRlZmF1bHQgLSBOb25lXG4gICAqL1xuICByZWFkb25seSBleGlzdGluZ0J1Y2tldE9iaj86IHMzLklCdWNrZXQsXG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIHByb3BzIHRvIG92ZXJyaWRlIHRoZSBkZWZhdWx0IHByb3BzIGZvciB0aGUgUzMgQ29udGVudCBCdWNrZXQuXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRGVmYXVsdCBwcm9wcyBhcmUgdXNlZFxuICAgKi9cbiAgcmVhZG9ubHkgYnVja2V0UHJvcHM/OiBzMy5CdWNrZXRQcm9wcyxcblxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLy8gUzMgQ29udGVudCBCdWNrZXQgQWNjZXNzIExvZ3MgQnVja2V0XG4gIC8vID09PT09PT09PT09PT09PT09PT09PVxuICAvKipcbiAgICogT3B0aW9uYWwgLSBXaGV0aGVyIHRvIG1haW50YWluIGFjY2VzcyBsb2dzIGZvciB0aGUgUzMgQ29udGVudCBidWNrZXRcbiAgICpcbiAgICogQGRlZmF1bHQgLSB0cnVlXG4gICAqL1xuICByZWFkb25seSBsb2dTM0FjY2Vzc0xvZ3M/OiBib29sZWFuLFxuICAvKipcbiAgICogT3B0aW9uYWwgdXNlciBwcm92aWRlZCBwcm9wcyB0byBvdmVycmlkZSB0aGUgZGVmYXVsdCBwcm9wcyBmb3IgdGhlIFMzIENvbnRlbnQgQnVja2V0IEFjY2VzcyBMb2cgQnVja2V0LlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIERlZmF1bHQgcHJvcHMgYXJlIHVzZWRcbiAgICovXG4gIHJlYWRvbmx5IGxvZ2dpbmdCdWNrZXRQcm9wcz86IHMzLkJ1Y2tldFByb3BzLFxuXG4gIC8vID09PT09PT09PT09PT09PT09PT09PVxuICAvLyBDbG91ZEZyb250IExvZyBCdWNrZXRcbiAgLy8gPT09PT09PT09PT09PT09PT09PT09XG4gIC8qKlxuICAgKiBPcHRpb25hbCB1c2VyIHByb3ZpZGVkIHByb3BzIHRvIG92ZXJyaWRlIHRoZSBkZWZhdWx0IHByb3BzIGZvciB0aGUgQ2xvdWRGcm9udCBMb2cgQnVja2V0LlxuICAgKlxuICAgKiBAZGVmYXVsdCAtIERlZmF1bHQgcHJvcHMgYXJlIHVzZWRcbiAgICovXG4gIHJlYWRvbmx5IGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM/OiBzMy5CdWNrZXRQcm9wcyxcblxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLy8gQ2xvdWRGcm9udCBMb2dzIEJ1Y2tldCBBY2Nlc3MgTG9nIEJ1Y2tldFxuICAvLyA9PT09PT09PT09PT09PT09PT09PT1cbiAgLyoqXG4gICAqIE9wdGlvbmFsIC0gV2hldGhlciB0byBtYWludGFpbiBhY2Nlc3MgbG9ncyBmb3IgdGhlIENsb3VkRnJvbnQgTG9nZ2luZyBidWNrZXQuIFNwZWNpZnlpbmcgZmFsc2UgZm9yIHRoaXNcbiAgICogd2hpbGUgcHJvdmlkaW5nIGluZm8gYWJvdXQgdGhlIGxvZyBidWNrZXQgd2lsbCBjYXVzZSBhbiBlcnJvci5cbiAgICpcbiAgICogQGRlZmF1bHQgLSB0cnVlXG4gICAqL1xuICByZWFkb25seSBsb2dDbG91ZEZyb250QWNjZXNzTG9nPzogYm9vbGVhbixcbiAgLyoqXG4gICAqIE9wdGlvbmFsIHVzZXIgcHJvdmlkZWQgcHJvcHMgdG8gb3ZlcnJpZGUgdGhlIGRlZmF1bHQgcHJvcHMgZm9yIHRoZSBDbG91ZEZyb250IExvZyBCdWNrZXQgQWNjZXNzIExvZyBidWNrZXQuXG4gICAqIFByb3ZpZGluZyBib3RoIHRoaXMgYW5kIGBleGlzdGluZ2Nsb3VkRnJvbnRMb2dnaW5nQnVja2V0QWNjZXNzTG9nQnVja2V0YCB3aWxsIGNhdXNlIGFuIGVycm9yXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gRGVmYXVsdCBwcm9wcyBhcmUgdXNlZFxuICAgKi9cbiAgcmVhZG9ubHkgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXRQcm9wcz86IHMzLkJ1Y2tldFByb3BzLFxufVxuXG5leHBvcnQgY2xhc3MgQ2xvdWRGcm9udFRvT2FpVG9TMyBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHB1YmxpYyByZWFkb25seSBjbG91ZEZyb250V2ViRGlzdHJpYnV0aW9uOiBjbG91ZGZyb250LkRpc3RyaWJ1dGlvbjtcbiAgcHVibGljIHJlYWRvbmx5IGNsb3VkRnJvbnRGdW5jdGlvbj86IGNsb3VkZnJvbnQuRnVuY3Rpb247XG4gIHB1YmxpYyByZWFkb25seSBjbG91ZEZyb250TG9nZ2luZ0J1Y2tldD86IHMzLkJ1Y2tldDtcbiAgcHVibGljIHJlYWRvbmx5IGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0QWNjZXNzTG9nQnVja2V0PzogczMuQnVja2V0O1xuICBwdWJsaWMgcmVhZG9ubHkgczNCdWNrZXRJbnRlcmZhY2U6IHMzLklCdWNrZXQ7XG4gIHB1YmxpYyByZWFkb25seSBzM0J1Y2tldD86IHMzLkJ1Y2tldDtcbiAgcHVibGljIHJlYWRvbmx5IHMzTG9nZ2luZ0J1Y2tldD86IHMzLkJ1Y2tldDtcbiAgcHVibGljIHJlYWRvbmx5IG9yaWdpbkFjY2Vzc0NvbnRyb2w/OiBjbG91ZGZyb250LkNmbk9yaWdpbkFjY2Vzc0NvbnRyb2w7XG5cbiAgLyoqXG4gICAqIEBzdW1tYXJ5IENvbnN0cnVjdHMgYSBuZXcgaW5zdGFuY2Ugb2YgdGhlIENsb3VkRnJvbnRUb09haVRvUzMgY2xhc3MuXG4gICAqIEBwYXJhbSB7Q29uc3RydWN0fSBzY29wZSAtIHJlcHJlc2VudHMgdGhlIHNjb3BlIGZvciBhbGwgdGhlIHJlc291cmNlcy5cbiAgICogQHBhcmFtIHtzdHJpbmd9IGlkIC0gdGhpcyBpcyBhIGEgc2NvcGUtdW5pcXVlIGlkLlxuICAgKiBAcGFyYW0ge0Nsb3VkRnJvbnRUb09haVRvUzNQcm9wc30gcHJvcHMgLSB1c2VyIHByb3ZpZGVkIHByb3BzIGZvciB0aGUgY29uc3RydWN0XG4gICAqIEBzaW5jZSAwLjguMFxuICAgKiBAYWNjZXNzIHB1YmxpY1xuICAgKi9cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IENsb3VkRnJvbnRUb09haVRvUzNQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICBkZWZhdWx0cy5wcmludFdhcm5pbmcoYFRoaXMgY29uc3RydWN0IGRlcGxveXMgYSBDbG91ZGZyb250L1MzIHBhdHRlcm4gY29ubmVjdGVkIHdpdGggYW4gT3JpZ2luIEFjY2VzcyBJZGVudGl0eSxcbiAgICAgIHRoZSByZWNvbW1lbmRlZCBhcmNoaXRlY3R1cmUgaXMgdG8gdXNlIGFuIE9yaWdpbiBBY2Nlc3MgQ29ubmVjdG9yIChwcm92aWRlZCBpbiBhd3MtY2xvdWRmcm9udC1vYWktczMpLiBUaGlzIGNvbnN0cnVjdFxuICAgICAgaXMgcHJvdmlkZWQgb25seSBmb3IgdXNlIGluIENoaW5hIHJlZ2lvbnMsIHdoZXJlIE9BQ3MgYXJlIG5vdCBhdmFpbGFibGUuYCk7XG5cbiAgICAvLyBBbGwgb3VyIHRlc3RzIGFyZSBiYXNlZCB1cG9uIHRoaXMgYmVoYXZpb3IgYmVpbmcgb24sIHNvIHdlJ3JlIHNldHRpbmdcbiAgICAvLyBjb250ZXh0IGhlcmUgcmF0aGVyIHRoYW4gYXNzdW1pbmcgdGhlIGNsaWVudCB3aWxsIHNldCBpdFxuICAgIHRoaXMubm9kZS5zZXRDb250ZXh0KFwiQGF3cy1jZGsvYXdzLXMzOnNlcnZlckFjY2Vzc0xvZ3NVc2VCdWNrZXRQb2xpY3lcIiwgdHJ1ZSk7XG5cbiAgICBkZWZhdWx0cy5DaGVja1MzUHJvcHMocHJvcHMpO1xuICAgIGRlZmF1bHRzLkNoZWNrQ2xvdWRGcm9udFByb3BzKHByb3BzKTtcbiAgICBkZWZhdWx0cy5DaGVja0Nsb3VkZnJvbnRTM1Byb3BzKHByb3BzKTtcbiAgICB0aGlzLmNoZWNrRm9yS21zS2V5KHByb3BzKTtcblxuICAgIGxldCBvcmlnaW5CdWNrZXQ6IHMzLklCdWNrZXQ7XG5cbiAgICBpZiAoIXByb3BzLmV4aXN0aW5nQnVja2V0T2JqKSB7XG4gICAgICBjb25zdCBidWlsZFMzQnVja2V0UmVzcG9uc2UgPSBkZWZhdWx0cy5idWlsZFMzQnVja2V0KHRoaXMsIHtcbiAgICAgICAgYnVja2V0UHJvcHM6IHByb3BzLmJ1Y2tldFByb3BzLFxuICAgICAgICBsb2dnaW5nQnVja2V0UHJvcHM6IHByb3BzLmxvZ2dpbmdCdWNrZXRQcm9wcyxcbiAgICAgICAgbG9nUzNBY2Nlc3NMb2dzOiBwcm9wcy5sb2dTM0FjY2Vzc0xvZ3NcbiAgICAgIH0pO1xuICAgICAgdGhpcy5zM0J1Y2tldCA9IGJ1aWxkUzNCdWNrZXRSZXNwb25zZS5idWNrZXQ7XG4gICAgICB0aGlzLnMzTG9nZ2luZ0J1Y2tldCA9IGJ1aWxkUzNCdWNrZXRSZXNwb25zZS5sb2dnaW5nQnVja2V0O1xuICAgICAgb3JpZ2luQnVja2V0ID0gdGhpcy5zM0J1Y2tldDtcbiAgICB9IGVsc2Uge1xuICAgICAgb3JpZ2luQnVja2V0ID0gcHJvcHMuZXhpc3RpbmdCdWNrZXRPYmo7XG4gICAgfVxuXG4gICAgdGhpcy5zM0J1Y2tldEludGVyZmFjZSA9IG9yaWdpbkJ1Y2tldDtcblxuICAgIC8vIERlZmluZSB0aGUgQ2xvdWRGcm9udCBEaXN0cmlidXRpb25cbiAgICBjb25zdCBjbG91ZEZyb250T2FpRGlzdHJpYnV0aW9uRm9yUzNQcm9wczogZGVmYXVsdHMuQ3JlYXRlQ2xvdWRGcm9udE9haURpc3RyaWJ1dGlvbkZvclMzUHJvcHMgPSB7XG4gICAgICBvcmlnaW5QYXRoOiBwcm9wcy5vcmlnaW5QYXRoLFxuICAgICAgc291cmNlQnVja2V0OiB0aGlzLnMzQnVja2V0SW50ZXJmYWNlLFxuICAgICAgY2xvdWRGcm9udERpc3RyaWJ1dGlvblByb3BzOiBwcm9wcy5jbG91ZEZyb250RGlzdHJpYnV0aW9uUHJvcHMsXG4gICAgICBodHRwU2VjdXJpdHlIZWFkZXJzOiBwcm9wcy5pbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzLFxuICAgICAgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRQcm9wczogcHJvcHMuY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRQcm9wcyxcbiAgICAgIHJlc3BvbnNlSGVhZGVyc1BvbGljeVByb3BzOiBwcm9wcy5yZXNwb25zZUhlYWRlcnNQb2xpY3lQcm9wcyxcbiAgICAgIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UzNBY2Nlc3NMb2dCdWNrZXRQcm9wczogcHJvcHMuY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXRQcm9wcyxcbiAgICAgIGxvZ0Nsb3VkRnJvbnRBY2Nlc3NMb2c6IHByb3BzLmxvZ0Nsb3VkRnJvbnRBY2Nlc3NMb2dcbiAgICB9O1xuICAgIGNvbnN0IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Jlc3BvbnNlID0gZGVmYXVsdHMuY3JlYXRlQ2xvdWRGcm9udE9haURpc3RyaWJ1dGlvbkZvclMzKHRoaXMsIGNsb3VkRnJvbnRPYWlEaXN0cmlidXRpb25Gb3JTM1Byb3BzKTtcbiAgICB0aGlzLmNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb24gPSBjbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNSZXNwb25zZS5kaXN0cmlidXRpb247XG4gICAgdGhpcy5jbG91ZEZyb250RnVuY3Rpb24gPSBjbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzNSZXNwb25zZS5jbG91ZGZyb250RnVuY3Rpb247XG4gICAgdGhpcy5jbG91ZEZyb250TG9nZ2luZ0J1Y2tldCA9IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Jlc3BvbnNlLmxvZ2dpbmdCdWNrZXQ7XG4gICAgdGhpcy5jbG91ZEZyb250TG9nZ2luZ0J1Y2tldEFjY2Vzc0xvZ0J1Y2tldCA9IGNsb3VkRnJvbnREaXN0cmlidXRpb25Gb3JTM1Jlc3BvbnNlLmxvZ2dpbmdCdWNrZXRTM0FjY2Vzc3NMb2dCdWNrZXQ7XG5cbiAgICAvLyBHcmFudCBDbG91ZEZyb250IHBlcm1pc3Npb24gdG8gZ2V0IHRoZSBvYmplY3RzIGZyb20gdGhlIHMzIGJ1Y2tldCBvcmlnaW5cbiAgICBvcmlnaW5CdWNrZXQuYWRkVG9SZXNvdXJjZVBvbGljeShcbiAgICAgIG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgZWZmZWN0OiBpYW0uRWZmZWN0LkFMTE9XLFxuICAgICAgICBhY3Rpb25zOiBbJ3MzOkdldE9iamVjdCddLFxuICAgICAgICBwcmluY2lwYWxzOiBbbmV3IGlhbS5TZXJ2aWNlUHJpbmNpcGFsKCdjbG91ZGZyb250LmFtYXpvbmF3cy5jb20nKV0sXG4gICAgICAgIHJlc291cmNlczogW29yaWdpbkJ1Y2tldC5hcm5Gb3JPYmplY3RzKCcqJyldLFxuICAgICAgICBjb25kaXRpb25zOiB7XG4gICAgICAgICAgU3RyaW5nRXF1YWxzOiB7XG4gICAgICAgICAgICAnQVdTOlNvdXJjZUFybic6IGBhcm46JHtBd3MuUEFSVElUSU9OfTpjbG91ZGZyb250Ojoke0F3cy5BQ0NPVU5UX0lEfTpkaXN0cmlidXRpb24vJHt0aGlzLmNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb24uZGlzdHJpYnV0aW9uSWR9YFxuICAgICAgICAgIH1cbiAgICAgICAgfVxuICAgICAgfSlcbiAgICApO1xuXG4gIH1cblxuICBwcml2YXRlIGNoZWNrRm9yS21zS2V5KHByb3BzOiBDbG91ZEZyb250VG9PYWlUb1MzUHJvcHMpIHtcbiAgICBsZXQgZXJyb3JNZXNzYWdlcyA9ICcnO1xuICAgIGxldCBlcnJvckZvdW5kID0gZmFsc2U7XG5cbiAgICBpZiAoKHByb3BzLmJ1Y2tldFByb3BzICYmIHByb3BzLmJ1Y2tldFByb3BzLmVuY3J5cHRpb25LZXkpIHx8XG4gICAgICAocHJvcHMuZXhpc3RpbmdCdWNrZXRPYmogJiYgcHJvcHMuZXhpc3RpbmdCdWNrZXRPYmouZW5jcnlwdGlvbktleSkpIHtcbiAgICAgIGVycm9yTWVzc2FnZXMgKz0gJ0Vycm9yIC0gYnVja2V0cyBjYW5ub3QgdXNlIENNS3Mgd2l0aCBPQUlzXFxuJztcbiAgICAgIGVycm9yRm91bmQgPSB0cnVlO1xuICAgIH1cblxuICAgIGlmIChlcnJvckZvdW5kKSB7XG4gICAgICB0aHJvdyBuZXcgRXJyb3IoZXJyb3JNZXNzYWdlcyk7XG4gICAgfVxuICB9XG59Il19
|
package/package.json
ADDED
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@aws-solutions-constructs/aws-cloudfront-oai-s3",
|
|
3
|
+
"version": "2.79.0",
|
|
4
|
+
"description": "CDK Constructs for AWS Cloudfront to AWS S3 integration.",
|
|
5
|
+
"main": "lib/index.js",
|
|
6
|
+
"types": "lib/index.d.ts",
|
|
7
|
+
"repository": {
|
|
8
|
+
"type": "git",
|
|
9
|
+
"url": "https://github.com/awslabs/aws-solutions-constructs.git",
|
|
10
|
+
"directory": "source/patterns/@aws-solutions-constructs/aws-cloudfront-oai-s3"
|
|
11
|
+
},
|
|
12
|
+
"author": {
|
|
13
|
+
"name": "Amazon Web Services",
|
|
14
|
+
"url": "https://aws.amazon.com",
|
|
15
|
+
"organization": true
|
|
16
|
+
},
|
|
17
|
+
"license": "Apache-2.0",
|
|
18
|
+
"scripts": {
|
|
19
|
+
"build": "tsc -b .",
|
|
20
|
+
"lint": "eslint --config ../eslintrc.config.mjs --no-warn-ignored .",
|
|
21
|
+
"lint-fix": "eslint --config ../eslintrc.config.mjs --ext=.js,.ts --fix .",
|
|
22
|
+
"test": "jest --coverage",
|
|
23
|
+
"clean": "tsc -b --clean",
|
|
24
|
+
"watch": "tsc -b -w",
|
|
25
|
+
"integ": "integ-runner --update-on-failed",
|
|
26
|
+
"integ-no-clean": "integ-runner --update-on-failed --no-clean",
|
|
27
|
+
"integ-assert": "integ-runner",
|
|
28
|
+
"jsii": "jsii",
|
|
29
|
+
"jsii-pacmak": "jsii-pacmak",
|
|
30
|
+
"build+lint+test": "npm run jsii && npm run lint && npm test && npm run integ-assert",
|
|
31
|
+
"blt": "npm run build+lint+test",
|
|
32
|
+
"snapshot-update": "npm run jsii && npm test -- -u && npm run integ-assert"
|
|
33
|
+
},
|
|
34
|
+
"jsii": {
|
|
35
|
+
"outdir": "dist",
|
|
36
|
+
"targets": {
|
|
37
|
+
"java": {
|
|
38
|
+
"package": "software.amazon.awsconstructs.services.cloudfrontoais3",
|
|
39
|
+
"maven": {
|
|
40
|
+
"groupId": "software.amazon.awsconstructs",
|
|
41
|
+
"artifactId": "cloudfrontoais3"
|
|
42
|
+
}
|
|
43
|
+
},
|
|
44
|
+
"dotnet": {
|
|
45
|
+
"namespace": "Amazon.SolutionsConstructs.AWS.CloudfrontOaiS3",
|
|
46
|
+
"packageId": "Amazon.SolutionsConstructs.AWS.CloudfrontOaiS3",
|
|
47
|
+
"signAssembly": true,
|
|
48
|
+
"iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png"
|
|
49
|
+
},
|
|
50
|
+
"python": {
|
|
51
|
+
"distName": "aws-solutions-constructs.aws-cloudfront-oai-s3",
|
|
52
|
+
"module": "aws_solutions_constructs.aws_cloudfront_oai_s3"
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
},
|
|
56
|
+
"dependencies": {
|
|
57
|
+
"@aws-solutions-constructs/core": "2.79.0",
|
|
58
|
+
"@aws-solutions-constructs/resources": "2.79.0",
|
|
59
|
+
"constructs": "^10.0.0"
|
|
60
|
+
},
|
|
61
|
+
"devDependencies": {
|
|
62
|
+
"@aws-cdk/integ-tests-alpha": "2.177.0-alpha.0",
|
|
63
|
+
"@types/node": "^10.3.0",
|
|
64
|
+
"constructs": "^10.0.0",
|
|
65
|
+
"aws-cdk-lib": "2.177.0"
|
|
66
|
+
},
|
|
67
|
+
"jest": {
|
|
68
|
+
"moduleFileExtensions": [
|
|
69
|
+
"js"
|
|
70
|
+
],
|
|
71
|
+
"coverageReporters": [
|
|
72
|
+
"text",
|
|
73
|
+
[
|
|
74
|
+
"lcov",
|
|
75
|
+
{
|
|
76
|
+
"projectRoot": "../../../../"
|
|
77
|
+
}
|
|
78
|
+
]
|
|
79
|
+
]
|
|
80
|
+
},
|
|
81
|
+
"peerDependencies": {
|
|
82
|
+
"@aws-solutions-constructs/core": "2.79.0",
|
|
83
|
+
"@aws-solutions-constructs/resources": "2.79.0",
|
|
84
|
+
"constructs": "^10.0.0",
|
|
85
|
+
"aws-cdk-lib": "^2.177.0"
|
|
86
|
+
},
|
|
87
|
+
"keywords": [
|
|
88
|
+
"aws",
|
|
89
|
+
"cdk",
|
|
90
|
+
"awscdk",
|
|
91
|
+
"AWS Solutions Constructs",
|
|
92
|
+
"Amazon CloudFront",
|
|
93
|
+
"Amazon S3"
|
|
94
|
+
]
|
|
95
|
+
}
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
3
|
+
*
|
|
4
|
+
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
|
|
5
|
+
* with the License. A copy of the License is located at
|
|
6
|
+
*
|
|
7
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
8
|
+
*
|
|
9
|
+
* or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
|
|
10
|
+
* OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
|
|
11
|
+
* and limitations under the License.
|
|
12
|
+
*/
|
|
13
|
+
export {};
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
|
|
4
|
+
*
|
|
5
|
+
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
|
|
6
|
+
* with the License. A copy of the License is located at
|
|
7
|
+
*
|
|
8
|
+
* http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
+
*
|
|
10
|
+
* or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
|
|
11
|
+
* OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
|
|
12
|
+
* and limitations under the License.
|
|
13
|
+
*/
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
// Imports
|
|
16
|
+
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
17
|
+
const lib_1 = require("../lib");
|
|
18
|
+
const core_1 = require("@aws-solutions-constructs/core");
|
|
19
|
+
const aws_s3_1 = require("aws-cdk-lib/aws-s3");
|
|
20
|
+
const integ_tests_alpha_1 = require("@aws-cdk/integ-tests-alpha");
|
|
21
|
+
// Setup
|
|
22
|
+
const app = new aws_cdk_lib_1.App();
|
|
23
|
+
const stack = new aws_cdk_lib_1.Stack(app, (0, core_1.generateIntegStackName)(__filename));
|
|
24
|
+
stack.node.setContext("@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy", true);
|
|
25
|
+
stack.templateOptions.description = 'Integration Test for aws-cloudfront-oai-s3';
|
|
26
|
+
// Definitions
|
|
27
|
+
const existingBucketObj = (0, core_1.buildS3Bucket)(stack, {
|
|
28
|
+
bucketProps: {
|
|
29
|
+
encryption: aws_s3_1.BucketEncryption.S3_MANAGED,
|
|
30
|
+
removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
|
|
31
|
+
autoDeleteObjects: true
|
|
32
|
+
},
|
|
33
|
+
loggingBucketProps: {
|
|
34
|
+
removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
|
|
35
|
+
autoDeleteObjects: true
|
|
36
|
+
}
|
|
37
|
+
}, 'existing-s3-bucket-encrypted-with-s3-managed-key').bucket;
|
|
38
|
+
const props = {
|
|
39
|
+
existingBucketObj,
|
|
40
|
+
cloudFrontLoggingBucketProps: {
|
|
41
|
+
removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
|
|
42
|
+
autoDeleteObjects: true
|
|
43
|
+
},
|
|
44
|
+
cloudFrontLoggingBucketAccessLogBucketProps: {
|
|
45
|
+
removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
|
|
46
|
+
autoDeleteObjects: true
|
|
47
|
+
},
|
|
48
|
+
insertHttpSecurityHeaders: false
|
|
49
|
+
};
|
|
50
|
+
new lib_1.CloudFrontToOaiToS3(stack, 'test-cloudfront-oai-s3-managed-key', props);
|
|
51
|
+
(0, core_1.suppressCustomHandlerCfnNagWarnings)(stack, 'Custom::S3AutoDeleteObjectsCustomResourceProvider');
|
|
52
|
+
// Synth
|
|
53
|
+
new integ_tests_alpha_1.IntegTest(stack, 'Integ', { testCases: [
|
|
54
|
+
stack
|
|
55
|
+
] });
|
|
56
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0b2FpczMtYnVja2V0LWVuY3J5cHRlZC13aXRoLW1hbmFnZWQta2V5LXByb3ZpZGVkLWFzLWV4aXN0aW5nYnVja2V0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiaW50ZWcuY2Z0b2FpczMtYnVja2V0LWVuY3J5cHRlZC13aXRoLW1hbmFnZWQta2V5LXByb3ZpZGVkLWFzLWV4aXN0aW5nYnVja2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7R0FXRzs7QUFFSCxVQUFVO0FBQ1YsNkNBQXdEO0FBQ3hELGdDQUF1RTtBQUN2RSx5REFBNEg7QUFDNUgsK0NBQXNEO0FBQ3RELGtFQUF1RDtBQUV2RCxRQUFRO0FBQ1IsTUFBTSxHQUFHLEdBQUcsSUFBSSxpQkFBRyxFQUFFLENBQUM7QUFDdEIsTUFBTSxLQUFLLEdBQUcsSUFBSSxtQkFBSyxDQUFDLEdBQUcsRUFBRSxJQUFBLDZCQUFzQixFQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7QUFDakUsS0FBSyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsaURBQWlELEVBQUUsSUFBSSxDQUFDLENBQUM7QUFDL0UsS0FBSyxDQUFDLGVBQWUsQ0FBQyxXQUFXLEdBQUcsNENBQTRDLENBQUM7QUFFakYsY0FBYztBQUNkLE1BQU0saUJBQWlCLEdBQUcsSUFBQSxvQkFBYSxFQUFDLEtBQUssRUFBRTtJQUM3QyxXQUFXLEVBQUU7UUFDWCxVQUFVLEVBQUUseUJBQWdCLENBQUMsVUFBVTtRQUN2QyxhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCxrQkFBa0IsRUFBRTtRQUNsQixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7Q0FDRixFQUFFLGtEQUFrRCxDQUFDLENBQUMsTUFBTSxDQUFDO0FBRTlELE1BQU0sS0FBSyxHQUE2QjtJQUN0QyxpQkFBaUI7SUFDakIsNEJBQTRCLEVBQUU7UUFDNUIsYUFBYSxFQUFFLDJCQUFhLENBQUMsT0FBTztRQUNwQyxpQkFBaUIsRUFBRSxJQUFJO0tBQ3hCO0lBQ0QsMkNBQTJDLEVBQUU7UUFDM0MsYUFBYSxFQUFFLDJCQUFhLENBQUMsT0FBTztRQUNwQyxpQkFBaUIsRUFBRSxJQUFJO0tBQ3hCO0lBQ0QseUJBQXlCLEVBQUUsS0FBSztDQUNqQyxDQUFDO0FBRUYsSUFBSSx5QkFBbUIsQ0FBQyxLQUFLLEVBQUUsb0NBQW9DLEVBQUUsS0FBSyxDQUFDLENBQUM7QUFFNUUsSUFBQSwwQ0FBbUMsRUFBQyxLQUFLLEVBQUUsbURBQW1ELENBQUMsQ0FBQztBQUVoRyxRQUFRO0FBQ1IsSUFBSSw2QkFBUyxDQUFDLEtBQUssRUFBRSxPQUFPLEVBQUUsRUFBRSxTQUFTLEVBQUU7UUFDekMsS0FBSztLQUNOLEVBQUUsQ0FBQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuLy8gSW1wb3J0c1xuaW1wb3J0IHsgQXBwLCBSZW1vdmFsUG9saWN5LCBTdGFjayB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgQ2xvdWRGcm9udFRvT2FpVG9TMywgQ2xvdWRGcm9udFRvT2FpVG9TM1Byb3BzIH0gZnJvbSBcIi4uL2xpYlwiO1xuaW1wb3J0IHsgYnVpbGRTM0J1Y2tldCwgZ2VuZXJhdGVJbnRlZ1N0YWNrTmFtZSwgc3VwcHJlc3NDdXN0b21IYW5kbGVyQ2ZuTmFnV2FybmluZ3MgfSBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL2NvcmUnO1xuaW1wb3J0IHsgQnVja2V0RW5jcnlwdGlvbiB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczNcIjtcbmltcG9ydCB7IEludGVnVGVzdCB9IGZyb20gJ0Bhd3MtY2RrL2ludGVnLXRlc3RzLWFscGhhJztcblxuLy8gU2V0dXBcbmNvbnN0IGFwcCA9IG5ldyBBcHAoKTtcbmNvbnN0IHN0YWNrID0gbmV3IFN0YWNrKGFwcCwgZ2VuZXJhdGVJbnRlZ1N0YWNrTmFtZShfX2ZpbGVuYW1lKSk7XG5zdGFjay5ub2RlLnNldENvbnRleHQoXCJAYXdzLWNkay9hd3MtczM6c2VydmVyQWNjZXNzTG9nc1VzZUJ1Y2tldFBvbGljeVwiLCB0cnVlKTtcbnN0YWNrLnRlbXBsYXRlT3B0aW9ucy5kZXNjcmlwdGlvbiA9ICdJbnRlZ3JhdGlvbiBUZXN0IGZvciBhd3MtY2xvdWRmcm9udC1vYWktczMnO1xuXG4vLyBEZWZpbml0aW9uc1xuY29uc3QgZXhpc3RpbmdCdWNrZXRPYmogPSBidWlsZFMzQnVja2V0KHN0YWNrLCB7XG4gIGJ1Y2tldFByb3BzOiB7XG4gICAgZW5jcnlwdGlvbjogQnVja2V0RW5jcnlwdGlvbi5TM19NQU5BR0VELFxuICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICBhdXRvRGVsZXRlT2JqZWN0czogdHJ1ZVxuICB9LFxuICBsb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfVxufSwgJ2V4aXN0aW5nLXMzLWJ1Y2tldC1lbmNyeXB0ZWQtd2l0aC1zMy1tYW5hZ2VkLWtleScpLmJ1Y2tldDtcblxuY29uc3QgcHJvcHM6IENsb3VkRnJvbnRUb09haVRvUzNQcm9wcyA9IHtcbiAgZXhpc3RpbmdCdWNrZXRPYmosXG4gIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXRBY2Nlc3NMb2dCdWNrZXRQcm9wczoge1xuICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICBhdXRvRGVsZXRlT2JqZWN0czogdHJ1ZVxuICB9LFxuICBpbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzOiBmYWxzZVxufTtcblxubmV3IENsb3VkRnJvbnRUb09haVRvUzMoc3RhY2ssICd0ZXN0LWNsb3VkZnJvbnQtb2FpLXMzLW1hbmFnZWQta2V5JywgcHJvcHMpO1xuXG5zdXBwcmVzc0N1c3RvbUhhbmRsZXJDZm5OYWdXYXJuaW5ncyhzdGFjaywgJ0N1c3RvbTo6UzNBdXRvRGVsZXRlT2JqZWN0c0N1c3RvbVJlc291cmNlUHJvdmlkZXInKTtcblxuLy8gU3ludGhcbm5ldyBJbnRlZ1Rlc3Qoc3RhY2ssICdJbnRlZycsIHsgdGVzdENhc2VzOiBbXG4gIHN0YWNrXG5dIH0pO1xuIl19
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
"use strict";var f=Object.create,i=Object.defineProperty,I=Object.getOwnPropertyDescriptor,C=Object.getOwnPropertyNames,w=Object.getPrototypeOf,P=Object.prototype.hasOwnProperty,A=(t,e)=>{for(var o in e)i(t,o,{get:e[o],enumerable:!0})},d=(t,e,o,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let s of C(e))!P.call(t,s)&&s!==o&&i(t,s,{get:()=>e[s],enumerable:!(r=I(e,s))||r.enumerable});return t},l=(t,e,o)=>(o=t!=null?f(w(t)):{},d(e||!t||!t.__esModule?i(o,"default",{value:t,enumerable:!0}):o,t)),B=t=>d(i({},"__esModule",{value:!0}),t),q={};A(q,{autoDeleteHandler:()=>S,handler:()=>H}),module.exports=B(q);var h=require("@aws-sdk/client-s3"),y=l(require("https")),m=l(require("url")),a={sendHttpRequest:D,log:T,includeStackTraces:!0,userHandlerIndex:"./index"},p="AWSCDK::CustomResourceProviderFramework::CREATE_FAILED",L="AWSCDK::CustomResourceProviderFramework::MISSING_PHYSICAL_ID";function R(t){return async(e,o)=>{let r={...e,ResponseURL:"..."};if(a.log(JSON.stringify(r,void 0,2)),e.RequestType==="Delete"&&e.PhysicalResourceId===p){a.log("ignoring DELETE event caused by a failed CREATE event"),await u("SUCCESS",e);return}try{let s=await t(r,o),n=k(e,s);await u("SUCCESS",n)}catch(s){let n={...e,Reason:a.includeStackTraces?s.stack:s.message};n.PhysicalResourceId||(e.RequestType==="Create"?(a.log("CREATE failed, responding with a marker physical resource id so that the subsequent DELETE will be ignored"),n.PhysicalResourceId=p):a.log(`ERROR: Malformed event. "PhysicalResourceId" is required: ${JSON.stringify(e)}`)),await u("FAILED",n)}}}function k(t,e={}){let o=e.PhysicalResourceId??t.PhysicalResourceId??t.RequestId;if(t.RequestType==="Delete"&&o!==t.PhysicalResourceId)throw new Error(`DELETE: cannot change the physical resource ID from "${t.PhysicalResourceId}" to "${e.PhysicalResourceId}" during deletion`);return{...t,...e,PhysicalResourceId:o}}async function u(t,e){let o={Status:t,Reason:e.Reason??t,StackId:e.StackId,RequestId:e.RequestId,PhysicalResourceId:e.PhysicalResourceId||L,LogicalResourceId:e.LogicalResourceId,NoEcho:e.NoEcho,Data:e.Data},r=m.parse(e.ResponseURL),s=`${r.protocol}//${r.hostname}/${r.pathname}?***`;a.log("submit response to cloudformation",s,o);let n=JSON.stringify(o),E={hostname:r.hostname,path:r.path,method:"PUT",headers:{"content-type":"","content-length":Buffer.byteLength(n,"utf8")}};await O({attempts:5,sleep:1e3},a.sendHttpRequest)(E,n)}async function D(t,e){return new Promise((o,r)=>{try{let s=y.request(t,n=>{n.resume(),!n.statusCode||n.statusCode>=400?r(new Error(`Unsuccessful HTTP response: ${n.statusCode}`)):o()});s.on("error",r),s.write(e),s.end()}catch(s){r(s)}})}function T(t,...e){console.log(t,...e)}function O(t,e){return async(...o)=>{let r=t.attempts,s=t.sleep;for(;;)try{return await e(...o)}catch(n){if(r--<=0)throw n;await b(Math.floor(Math.random()*s)),s*=2}}}async function b(t){return new Promise(e=>setTimeout(e,t))}var g="aws-cdk:auto-delete-objects",x=JSON.stringify({Version:"2012-10-17",Statement:[]}),c=new h.S3({}),H=R(S);async function S(t){switch(t.RequestType){case"Create":return;case"Update":return{PhysicalResourceId:(await F(t)).PhysicalResourceId};case"Delete":return N(t.ResourceProperties?.BucketName)}}async function F(t){let e=t,o=e.OldResourceProperties?.BucketName;return{PhysicalResourceId:e.ResourceProperties?.BucketName??o}}async function _(t){try{let e=(await c.getBucketPolicy({Bucket:t}))?.Policy??x,o=JSON.parse(e);o.Statement.push({Principal:"*",Effect:"Deny",Action:["s3:PutObject"],Resource:[`arn:aws:s3:::${t}/*`]}),await c.putBucketPolicy({Bucket:t,Policy:JSON.stringify(o)})}catch(e){if(e.name==="NoSuchBucket")throw e;console.log(`Could not set new object deny policy on bucket '${t}' prior to deletion.`)}}async function U(t){let e;do{e=await c.listObjectVersions({Bucket:t});let o=[...e.Versions??[],...e.DeleteMarkers??[]];if(o.length===0)return;let r=o.map(s=>({Key:s.Key,VersionId:s.VersionId}));await c.deleteObjects({Bucket:t,Delete:{Objects:r}})}while(e?.IsTruncated)}async function N(t){if(!t)throw new Error("No BucketName was provided.");try{if(!await W(t)){console.log(`Bucket does not have '${g}' tag, skipping cleaning.`);return}await _(t),await U(t)}catch(e){if(e.name==="NoSuchBucket"){console.log(`Bucket '${t}' does not exist.`);return}throw e}}async function W(t){return(await c.getBucketTagging({Bucket:t})).TagSet?.some(o=>o.Key===g&&o.Value==="true")}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":"39.0.0"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
{
|
|
2
|
+
"version": "39.0.0",
|
|
3
|
+
"files": {
|
|
4
|
+
"faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6": {
|
|
5
|
+
"source": {
|
|
6
|
+
"path": "asset.faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6",
|
|
7
|
+
"packaging": "zip"
|
|
8
|
+
},
|
|
9
|
+
"destinations": {
|
|
10
|
+
"current_account-current_region": {
|
|
11
|
+
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
|
|
12
|
+
"objectKey": "faa95a81ae7d7373f3e1f242268f904eb748d8d0fdd306e8a6fe515a1905a7d6.zip",
|
|
13
|
+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
|
|
14
|
+
}
|
|
15
|
+
}
|
|
16
|
+
},
|
|
17
|
+
"273b549d5f2d60c470693f400d06f286190b06247ddd3868a46a3ff76654c6b8": {
|
|
18
|
+
"source": {
|
|
19
|
+
"path": "cftoais3-bucket-encrypted-with-managed-key-provided-as-existingbucket.template.json",
|
|
20
|
+
"packaging": "file"
|
|
21
|
+
},
|
|
22
|
+
"destinations": {
|
|
23
|
+
"current_account-current_region": {
|
|
24
|
+
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
|
|
25
|
+
"objectKey": "273b549d5f2d60c470693f400d06f286190b06247ddd3868a46a3ff76654c6b8.json",
|
|
26
|
+
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
|
|
27
|
+
}
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
},
|
|
31
|
+
"dockerImages": {}
|
|
32
|
+
}
|