@aws-solutions-constructs/aws-cloudfront-s3 2.47.0 → 2.49.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.eslintignore +2 -2
- package/.jsii +152 -35
- package/README.md +7 -6
- package/lib/index.d.ts +1 -0
- package/lib/index.js +70 -8
- package/package.json +7 -5
- package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.expected.json +960 -0
- package/test/integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.js +44 -0
- package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.expected.json +594 -0
- package/test/integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.js +39 -0
- package/test/integ.cfts3-bucket-with-http-origin.d.ts +13 -0
- package/test/integ.cfts3-bucket-with-http-origin.expected.json +559 -0
- package/test/integ.cfts3-bucket-with-http-origin.js +44 -0
- package/test/integ.cfts3-cmk-encryption.expected.json +527 -0
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.d.ts +13 -0
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.expected.json +960 -0
- package/test/integ.cfts3-cmk-provided-as-bucket-prop.js +41 -0
- package/test/integ.cfts3-custom-headers.expected.json +307 -25
- package/test/integ.cfts3-custom-headers.js +6 -2
- package/test/integ.cfts3-custom-originPath.expected.json +307 -25
- package/test/integ.cfts3-custom-originPath.js +6 -2
- package/test/integ.cfts3-customCloudFrontLoggingBucket.expected.json +54 -21
- package/test/integ.cfts3-customLoggingBuckets.d.ts +13 -0
- package/test/{integ.cfts3-customLoggingBucket.expected.json → integ.cfts3-customLoggingBuckets.expected.json} +285 -29
- package/test/integ.cfts3-customLoggingBuckets.js +58 -0
- package/test/integ.cfts3-existing-bucket.expected.json +493 -78
- package/test/integ.cfts3-existing-bucket.js +2 -2
- package/test/integ.cfts3-no-arguments.expected.json +430 -25
- package/test/integ.cfts3-no-arguments.js +5 -2
- package/test/integ.cfts3-no-security-headers.expected.json +307 -25
- package/test/integ.cfts3-no-security-headers.js +5 -1
- package/test/test.cloudfront-s3.test.js +160 -28
- package/test/integ.cfts3-customCloudFrontLoggingBucket.js +0 -39
- package/test/integ.cfts3-customLoggingBucket.js +0 -42
- /package/test/{integ.cfts3-customCloudFrontLoggingBucket.d.ts → integ.cfts3-bucket-encrypted-with-cmk-provided-as-existingbucket.d.ts} +0 -0
- /package/test/{integ.cfts3-customLoggingBucket.d.ts → integ.cfts3-bucket-encrypted-with-managed-key-provided-as-existingbucket.d.ts} +0 -0
|
@@ -25,7 +25,7 @@ const app = new aws_cdk_lib_1.App();
|
|
|
25
25
|
const stack = new aws_cdk_lib_1.Stack(app, core_1.generateIntegStackName(__filename));
|
|
26
26
|
stack.node.setContext("@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy", true);
|
|
27
27
|
let mybucket;
|
|
28
|
-
mybucket = defaults.CreateScrapBucket(stack, {
|
|
28
|
+
mybucket = defaults.CreateScrapBucket(stack, "scrapBucket", {
|
|
29
29
|
removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
|
|
30
30
|
autoDeleteObjects: true
|
|
31
31
|
});
|
|
@@ -50,4 +50,4 @@ _construct.cloudFrontWebDistribution.addBehavior('/images/*.jpg', new origins.S3
|
|
|
50
50
|
defaults.suppressAutoDeleteHandlerWarnings(stack);
|
|
51
51
|
// Synth
|
|
52
52
|
app.synth();
|
|
53
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
53
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0czMtZXhpc3RpbmctYnVja2V0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiaW50ZWcuY2Z0czMtZXhpc3RpbmctYnVja2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7R0FXRzs7QUFFSCxVQUFVO0FBQ1YsNkNBQXdEO0FBRXhELDJEQUEyRDtBQUMzRCxnQ0FBd0M7QUFDeEMsOERBQThEO0FBQzlELHlEQUF5RDtBQUN6RCw2Q0FBdUM7QUFDdkMseURBQXdFO0FBRXhFLFFBQVE7QUFDUixNQUFNLEdBQUcsR0FBRyxJQUFJLGlCQUFHLEVBQUUsQ0FBQztBQUN0QixNQUFNLEtBQUssR0FBRyxJQUFJLG1CQUFLLENBQUMsR0FBRyxFQUFFLDZCQUFzQixDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7QUFDakUsS0FBSyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsaURBQWlELEVBQUUsSUFBSSxDQUFDLENBQUM7QUFFL0UsSUFBSSxRQUFtQixDQUFDO0FBQ3hCLFFBQVEsR0FBRyxRQUFRLENBQUMsaUJBQWlCLENBQUMsS0FBSyxFQUFFLGFBQWEsRUFBRTtJQUMxRCxhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO0lBQ3BDLGlCQUFpQixFQUFFLElBQUk7Q0FDeEIsQ0FBQyxDQUFDO0FBRUgsTUFBTSxVQUFVLEdBQUcsSUFBSSxvQkFBYyxDQUFDLEtBQUssRUFBRSxvQkFBb0IsRUFBRTtJQUNqRSxpQkFBaUIsRUFBRSxRQUFRO0lBQzNCLDRCQUE0QixFQUFFO1FBQzVCLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE9BQU87UUFDcEMsaUJBQWlCLEVBQUUsSUFBSTtLQUN4QjtDQUNGLENBQUMsQ0FBQztBQUVILG1CQUFtQjtBQUNuQixNQUFNLGFBQWEsR0FBRyxJQUFJLFVBQVUsQ0FBQyxXQUFXLENBQUMsS0FBSyxFQUFFLGVBQWUsRUFBRTtJQUN2RSxlQUFlLEVBQUUsVUFBVTtJQUMzQixVQUFVLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO0lBQy9CLE1BQU0sRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDM0IsTUFBTSxFQUFFLHNCQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztDQUM1QixDQUFDLENBQUM7QUFFSCxlQUFlO0FBQ2YsVUFBVSxDQUFDLHlCQUF5QixDQUFDLFdBQVcsQ0FBQyxlQUFlLEVBQUUsSUFBSSxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUFFO0lBQ2hHLFdBQVcsRUFBRSxhQUFhO0NBQzNCLENBQUMsQ0FBQztBQUVILFFBQVEsQ0FBQyxpQ0FBaUMsQ0FBQyxLQUFLLENBQUMsQ0FBQztBQUNsRCxRQUFRO0FBQ1IsR0FBRyxDQUFDLEtBQUssRUFBRSxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuLy8gSW1wb3J0c1xuaW1wb3J0IHsgQXBwLCBTdGFjaywgUmVtb3ZhbFBvbGljeSB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0ICogYXMgczMgZnJvbSBcImF3cy1jZGstbGliL2F3cy1zM1wiO1xuaW1wb3J0ICogYXMgZGVmYXVsdHMgZnJvbSBcIkBhd3Mtc29sdXRpb25zLWNvbnN0cnVjdHMvY29yZVwiO1xuaW1wb3J0IHsgQ2xvdWRGcm9udFRvUzMgfSBmcm9tIFwiLi4vbGliXCI7XG5pbXBvcnQgKiBhcyBvcmlnaW5zIGZyb20gJ2F3cy1jZGstbGliL2F3cy1jbG91ZGZyb250LW9yaWdpbnMnO1xuaW1wb3J0ICogYXMgY2xvdWRmcm9udCBmcm9tICdhd3MtY2RrLWxpYi9hd3MtY2xvdWRmcm9udCc7XG5pbXBvcnQgeyBEdXJhdGlvbiB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgZ2VuZXJhdGVJbnRlZ1N0YWNrTmFtZSB9IGZyb20gJ0Bhd3Mtc29sdXRpb25zLWNvbnN0cnVjdHMvY29yZSc7XG5cbi8vIFNldHVwXG5jb25zdCBhcHAgPSBuZXcgQXBwKCk7XG5jb25zdCBzdGFjayA9IG5ldyBTdGFjayhhcHAsIGdlbmVyYXRlSW50ZWdTdGFja05hbWUoX19maWxlbmFtZSkpO1xuc3RhY2subm9kZS5zZXRDb250ZXh0KFwiQGF3cy1jZGsvYXdzLXMzOnNlcnZlckFjY2Vzc0xvZ3NVc2VCdWNrZXRQb2xpY3lcIiwgdHJ1ZSk7XG5cbmxldCBteWJ1Y2tldDogczMuQnVja2V0O1xubXlidWNrZXQgPSBkZWZhdWx0cy5DcmVhdGVTY3JhcEJ1Y2tldChzdGFjaywgXCJzY3JhcEJ1Y2tldFwiLCB7XG4gIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbn0pO1xuXG5jb25zdCBfY29uc3RydWN0ID0gbmV3IENsb3VkRnJvbnRUb1MzKHN0YWNrLCAndGVzdC1jbG91ZGZyb250LXMzJywge1xuICBleGlzdGluZ0J1Y2tldE9iajogbXlidWNrZXQsXG4gIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbn0pO1xuXG4vLyBBZGQgQ2FjaGUgUG9saWN5XG5jb25zdCBteUNhY2hlUG9saWN5ID0gbmV3IGNsb3VkZnJvbnQuQ2FjaGVQb2xpY3koc3RhY2ssICdteUNhY2hlUG9saWN5Jywge1xuICBjYWNoZVBvbGljeU5hbWU6ICdNeVBvbGljeScsXG4gIGRlZmF1bHRUdGw6IER1cmF0aW9uLm1pbnV0ZXMoMCksXG4gIG1pblR0bDogRHVyYXRpb24ubWludXRlcygwKSxcbiAgbWF4VHRsOiBEdXJhdGlvbi5taW51dGVzKDApLFxufSk7XG5cbi8vIEFkZCBiZWhhdmlvclxuX2NvbnN0cnVjdC5jbG91ZEZyb250V2ViRGlzdHJpYnV0aW9uLmFkZEJlaGF2aW9yKCcvaW1hZ2VzLyouanBnJywgbmV3IG9yaWdpbnMuUzNPcmlnaW4obXlidWNrZXQpLCB7XG4gIGNhY2hlUG9saWN5OiBteUNhY2hlUG9saWN5XG59KTtcblxuZGVmYXVsdHMuc3VwcHJlc3NBdXRvRGVsZXRlSGFuZGxlcldhcm5pbmdzKHN0YWNrKTtcbi8vIFN5bnRoXG5hcHAuc3ludGgoKTtcbiJdfQ==
|
|
@@ -1,6 +1,188 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Description": "Integration Test for aws-cloudfront-s3",
|
|
3
3
|
"Resources": {
|
|
4
|
+
"testcloudfronts3S3LoggingBucket90D239DD": {
|
|
5
|
+
"Type": "AWS::S3::Bucket",
|
|
6
|
+
"Properties": {
|
|
7
|
+
"BucketEncryption": {
|
|
8
|
+
"ServerSideEncryptionConfiguration": [
|
|
9
|
+
{
|
|
10
|
+
"ServerSideEncryptionByDefault": {
|
|
11
|
+
"SSEAlgorithm": "AES256"
|
|
12
|
+
}
|
|
13
|
+
}
|
|
14
|
+
]
|
|
15
|
+
},
|
|
16
|
+
"PublicAccessBlockConfiguration": {
|
|
17
|
+
"BlockPublicAcls": true,
|
|
18
|
+
"BlockPublicPolicy": true,
|
|
19
|
+
"IgnorePublicAcls": true,
|
|
20
|
+
"RestrictPublicBuckets": true
|
|
21
|
+
},
|
|
22
|
+
"Tags": [
|
|
23
|
+
{
|
|
24
|
+
"Key": "aws-cdk:auto-delete-objects",
|
|
25
|
+
"Value": "true"
|
|
26
|
+
}
|
|
27
|
+
],
|
|
28
|
+
"VersioningConfiguration": {
|
|
29
|
+
"Status": "Enabled"
|
|
30
|
+
}
|
|
31
|
+
},
|
|
32
|
+
"UpdateReplacePolicy": "Delete",
|
|
33
|
+
"DeletionPolicy": "Delete",
|
|
34
|
+
"Metadata": {
|
|
35
|
+
"cfn_nag": {
|
|
36
|
+
"rules_to_suppress": [
|
|
37
|
+
{
|
|
38
|
+
"id": "W35",
|
|
39
|
+
"reason": "This S3 bucket is used as the access logging bucket for another bucket"
|
|
40
|
+
}
|
|
41
|
+
]
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
},
|
|
45
|
+
"testcloudfronts3S3LoggingBucketPolicy529D4CFF": {
|
|
46
|
+
"Type": "AWS::S3::BucketPolicy",
|
|
47
|
+
"Properties": {
|
|
48
|
+
"Bucket": {
|
|
49
|
+
"Ref": "testcloudfronts3S3LoggingBucket90D239DD"
|
|
50
|
+
},
|
|
51
|
+
"PolicyDocument": {
|
|
52
|
+
"Statement": [
|
|
53
|
+
{
|
|
54
|
+
"Action": "s3:*",
|
|
55
|
+
"Condition": {
|
|
56
|
+
"Bool": {
|
|
57
|
+
"aws:SecureTransport": "false"
|
|
58
|
+
}
|
|
59
|
+
},
|
|
60
|
+
"Effect": "Deny",
|
|
61
|
+
"Principal": {
|
|
62
|
+
"AWS": "*"
|
|
63
|
+
},
|
|
64
|
+
"Resource": [
|
|
65
|
+
{
|
|
66
|
+
"Fn::GetAtt": [
|
|
67
|
+
"testcloudfronts3S3LoggingBucket90D239DD",
|
|
68
|
+
"Arn"
|
|
69
|
+
]
|
|
70
|
+
},
|
|
71
|
+
{
|
|
72
|
+
"Fn::Join": [
|
|
73
|
+
"",
|
|
74
|
+
[
|
|
75
|
+
{
|
|
76
|
+
"Fn::GetAtt": [
|
|
77
|
+
"testcloudfronts3S3LoggingBucket90D239DD",
|
|
78
|
+
"Arn"
|
|
79
|
+
]
|
|
80
|
+
},
|
|
81
|
+
"/*"
|
|
82
|
+
]
|
|
83
|
+
]
|
|
84
|
+
}
|
|
85
|
+
]
|
|
86
|
+
},
|
|
87
|
+
{
|
|
88
|
+
"Action": [
|
|
89
|
+
"s3:PutBucketPolicy",
|
|
90
|
+
"s3:GetBucket*",
|
|
91
|
+
"s3:List*",
|
|
92
|
+
"s3:DeleteObject*"
|
|
93
|
+
],
|
|
94
|
+
"Effect": "Allow",
|
|
95
|
+
"Principal": {
|
|
96
|
+
"AWS": {
|
|
97
|
+
"Fn::GetAtt": [
|
|
98
|
+
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
|
|
99
|
+
"Arn"
|
|
100
|
+
]
|
|
101
|
+
}
|
|
102
|
+
},
|
|
103
|
+
"Resource": [
|
|
104
|
+
{
|
|
105
|
+
"Fn::GetAtt": [
|
|
106
|
+
"testcloudfronts3S3LoggingBucket90D239DD",
|
|
107
|
+
"Arn"
|
|
108
|
+
]
|
|
109
|
+
},
|
|
110
|
+
{
|
|
111
|
+
"Fn::Join": [
|
|
112
|
+
"",
|
|
113
|
+
[
|
|
114
|
+
{
|
|
115
|
+
"Fn::GetAtt": [
|
|
116
|
+
"testcloudfronts3S3LoggingBucket90D239DD",
|
|
117
|
+
"Arn"
|
|
118
|
+
]
|
|
119
|
+
},
|
|
120
|
+
"/*"
|
|
121
|
+
]
|
|
122
|
+
]
|
|
123
|
+
}
|
|
124
|
+
]
|
|
125
|
+
},
|
|
126
|
+
{
|
|
127
|
+
"Action": "s3:PutObject",
|
|
128
|
+
"Condition": {
|
|
129
|
+
"ArnLike": {
|
|
130
|
+
"aws:SourceArn": {
|
|
131
|
+
"Fn::GetAtt": [
|
|
132
|
+
"testcloudfronts3S3BucketE0C5F76E",
|
|
133
|
+
"Arn"
|
|
134
|
+
]
|
|
135
|
+
}
|
|
136
|
+
},
|
|
137
|
+
"StringEquals": {
|
|
138
|
+
"aws:SourceAccount": {
|
|
139
|
+
"Ref": "AWS::AccountId"
|
|
140
|
+
}
|
|
141
|
+
}
|
|
142
|
+
},
|
|
143
|
+
"Effect": "Allow",
|
|
144
|
+
"Principal": {
|
|
145
|
+
"Service": "logging.s3.amazonaws.com"
|
|
146
|
+
},
|
|
147
|
+
"Resource": {
|
|
148
|
+
"Fn::Join": [
|
|
149
|
+
"",
|
|
150
|
+
[
|
|
151
|
+
{
|
|
152
|
+
"Fn::GetAtt": [
|
|
153
|
+
"testcloudfronts3S3LoggingBucket90D239DD",
|
|
154
|
+
"Arn"
|
|
155
|
+
]
|
|
156
|
+
},
|
|
157
|
+
"/*"
|
|
158
|
+
]
|
|
159
|
+
]
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
],
|
|
163
|
+
"Version": "2012-10-17"
|
|
164
|
+
}
|
|
165
|
+
}
|
|
166
|
+
},
|
|
167
|
+
"testcloudfronts3S3LoggingBucketAutoDeleteObjectsCustomResource6EE37727": {
|
|
168
|
+
"Type": "Custom::S3AutoDeleteObjects",
|
|
169
|
+
"Properties": {
|
|
170
|
+
"ServiceToken": {
|
|
171
|
+
"Fn::GetAtt": [
|
|
172
|
+
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
|
|
173
|
+
"Arn"
|
|
174
|
+
]
|
|
175
|
+
},
|
|
176
|
+
"BucketName": {
|
|
177
|
+
"Ref": "testcloudfronts3S3LoggingBucket90D239DD"
|
|
178
|
+
}
|
|
179
|
+
},
|
|
180
|
+
"DependsOn": [
|
|
181
|
+
"testcloudfronts3S3LoggingBucketPolicy529D4CFF"
|
|
182
|
+
],
|
|
183
|
+
"UpdateReplacePolicy": "Delete",
|
|
184
|
+
"DeletionPolicy": "Delete"
|
|
185
|
+
},
|
|
4
186
|
"testcloudfronts3S3BucketE0C5F76E": {
|
|
5
187
|
"Type": "AWS::S3::Bucket",
|
|
6
188
|
"Properties": {
|
|
@@ -26,6 +208,11 @@
|
|
|
26
208
|
}
|
|
27
209
|
]
|
|
28
210
|
},
|
|
211
|
+
"LoggingConfiguration": {
|
|
212
|
+
"DestinationBucketName": {
|
|
213
|
+
"Ref": "testcloudfronts3S3LoggingBucket90D239DD"
|
|
214
|
+
}
|
|
215
|
+
},
|
|
29
216
|
"PublicAccessBlockConfiguration": {
|
|
30
217
|
"BlockPublicAcls": true,
|
|
31
218
|
"BlockPublicPolicy": true,
|
|
@@ -138,14 +325,28 @@
|
|
|
138
325
|
},
|
|
139
326
|
{
|
|
140
327
|
"Action": "s3:GetObject",
|
|
328
|
+
"Condition": {
|
|
329
|
+
"StringEquals": {
|
|
330
|
+
"AWS:SourceArn": {
|
|
331
|
+
"Fn::Join": [
|
|
332
|
+
"",
|
|
333
|
+
[
|
|
334
|
+
"arn:aws:cloudfront::",
|
|
335
|
+
{
|
|
336
|
+
"Ref": "AWS::AccountId"
|
|
337
|
+
},
|
|
338
|
+
":distribution/",
|
|
339
|
+
{
|
|
340
|
+
"Ref": "testcloudfronts3CloudFrontDistribution0565DEE8"
|
|
341
|
+
}
|
|
342
|
+
]
|
|
343
|
+
]
|
|
344
|
+
}
|
|
345
|
+
}
|
|
346
|
+
},
|
|
141
347
|
"Effect": "Allow",
|
|
142
348
|
"Principal": {
|
|
143
|
-
"
|
|
144
|
-
"Fn::GetAtt": [
|
|
145
|
-
"testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058",
|
|
146
|
-
"S3CanonicalUserId"
|
|
147
|
-
]
|
|
148
|
-
}
|
|
349
|
+
"Service": "cloudfront.amazonaws.com"
|
|
149
350
|
},
|
|
150
351
|
"Resource": {
|
|
151
352
|
"Fn::Join": [
|
|
@@ -208,10 +409,9 @@
|
|
|
208
409
|
"Name": "SetHttpSecurityHeadersc88b3e0fe5ebfb7f401b410752c35f74a3678d5cb1"
|
|
209
410
|
}
|
|
210
411
|
},
|
|
211
|
-
"
|
|
412
|
+
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58": {
|
|
212
413
|
"Type": "AWS::S3::Bucket",
|
|
213
414
|
"Properties": {
|
|
214
|
-
"AccessControl": "LogDeliveryWrite",
|
|
215
415
|
"BucketEncryption": {
|
|
216
416
|
"ServerSideEncryptionConfiguration": [
|
|
217
417
|
{
|
|
@@ -251,12 +451,197 @@
|
|
|
251
451
|
"rules_to_suppress": [
|
|
252
452
|
{
|
|
253
453
|
"id": "W35",
|
|
254
|
-
"reason": "This S3 bucket is used as the access logging bucket for
|
|
454
|
+
"reason": "This S3 bucket is used as the access logging bucket for another bucket"
|
|
255
455
|
}
|
|
256
456
|
]
|
|
257
457
|
}
|
|
258
458
|
}
|
|
259
459
|
},
|
|
460
|
+
"testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14": {
|
|
461
|
+
"Type": "AWS::S3::BucketPolicy",
|
|
462
|
+
"Properties": {
|
|
463
|
+
"Bucket": {
|
|
464
|
+
"Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
|
|
465
|
+
},
|
|
466
|
+
"PolicyDocument": {
|
|
467
|
+
"Statement": [
|
|
468
|
+
{
|
|
469
|
+
"Action": "s3:*",
|
|
470
|
+
"Condition": {
|
|
471
|
+
"Bool": {
|
|
472
|
+
"aws:SecureTransport": "false"
|
|
473
|
+
}
|
|
474
|
+
},
|
|
475
|
+
"Effect": "Deny",
|
|
476
|
+
"Principal": {
|
|
477
|
+
"AWS": "*"
|
|
478
|
+
},
|
|
479
|
+
"Resource": [
|
|
480
|
+
{
|
|
481
|
+
"Fn::GetAtt": [
|
|
482
|
+
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
|
|
483
|
+
"Arn"
|
|
484
|
+
]
|
|
485
|
+
},
|
|
486
|
+
{
|
|
487
|
+
"Fn::Join": [
|
|
488
|
+
"",
|
|
489
|
+
[
|
|
490
|
+
{
|
|
491
|
+
"Fn::GetAtt": [
|
|
492
|
+
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
|
|
493
|
+
"Arn"
|
|
494
|
+
]
|
|
495
|
+
},
|
|
496
|
+
"/*"
|
|
497
|
+
]
|
|
498
|
+
]
|
|
499
|
+
}
|
|
500
|
+
]
|
|
501
|
+
},
|
|
502
|
+
{
|
|
503
|
+
"Action": [
|
|
504
|
+
"s3:PutBucketPolicy",
|
|
505
|
+
"s3:GetBucket*",
|
|
506
|
+
"s3:List*",
|
|
507
|
+
"s3:DeleteObject*"
|
|
508
|
+
],
|
|
509
|
+
"Effect": "Allow",
|
|
510
|
+
"Principal": {
|
|
511
|
+
"AWS": {
|
|
512
|
+
"Fn::GetAtt": [
|
|
513
|
+
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
|
|
514
|
+
"Arn"
|
|
515
|
+
]
|
|
516
|
+
}
|
|
517
|
+
},
|
|
518
|
+
"Resource": [
|
|
519
|
+
{
|
|
520
|
+
"Fn::GetAtt": [
|
|
521
|
+
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
|
|
522
|
+
"Arn"
|
|
523
|
+
]
|
|
524
|
+
},
|
|
525
|
+
{
|
|
526
|
+
"Fn::Join": [
|
|
527
|
+
"",
|
|
528
|
+
[
|
|
529
|
+
{
|
|
530
|
+
"Fn::GetAtt": [
|
|
531
|
+
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
|
|
532
|
+
"Arn"
|
|
533
|
+
]
|
|
534
|
+
},
|
|
535
|
+
"/*"
|
|
536
|
+
]
|
|
537
|
+
]
|
|
538
|
+
}
|
|
539
|
+
]
|
|
540
|
+
},
|
|
541
|
+
{
|
|
542
|
+
"Action": "s3:PutObject",
|
|
543
|
+
"Condition": {
|
|
544
|
+
"ArnLike": {
|
|
545
|
+
"aws:SourceArn": {
|
|
546
|
+
"Fn::GetAtt": [
|
|
547
|
+
"testcloudfronts3CloudfrontLoggingBucket985C0FE8",
|
|
548
|
+
"Arn"
|
|
549
|
+
]
|
|
550
|
+
}
|
|
551
|
+
},
|
|
552
|
+
"StringEquals": {
|
|
553
|
+
"aws:SourceAccount": {
|
|
554
|
+
"Ref": "AWS::AccountId"
|
|
555
|
+
}
|
|
556
|
+
}
|
|
557
|
+
},
|
|
558
|
+
"Effect": "Allow",
|
|
559
|
+
"Principal": {
|
|
560
|
+
"Service": "logging.s3.amazonaws.com"
|
|
561
|
+
},
|
|
562
|
+
"Resource": {
|
|
563
|
+
"Fn::Join": [
|
|
564
|
+
"",
|
|
565
|
+
[
|
|
566
|
+
{
|
|
567
|
+
"Fn::GetAtt": [
|
|
568
|
+
"testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58",
|
|
569
|
+
"Arn"
|
|
570
|
+
]
|
|
571
|
+
},
|
|
572
|
+
"/*"
|
|
573
|
+
]
|
|
574
|
+
]
|
|
575
|
+
}
|
|
576
|
+
}
|
|
577
|
+
],
|
|
578
|
+
"Version": "2012-10-17"
|
|
579
|
+
}
|
|
580
|
+
}
|
|
581
|
+
},
|
|
582
|
+
"testcloudfronts3CloudfrontLoggingBucketAccessLogAutoDeleteObjectsCustomResourceE16E063D": {
|
|
583
|
+
"Type": "Custom::S3AutoDeleteObjects",
|
|
584
|
+
"Properties": {
|
|
585
|
+
"ServiceToken": {
|
|
586
|
+
"Fn::GetAtt": [
|
|
587
|
+
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
|
|
588
|
+
"Arn"
|
|
589
|
+
]
|
|
590
|
+
},
|
|
591
|
+
"BucketName": {
|
|
592
|
+
"Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
|
|
593
|
+
}
|
|
594
|
+
},
|
|
595
|
+
"DependsOn": [
|
|
596
|
+
"testcloudfronts3CloudfrontLoggingBucketAccessLogPolicy526F2E14"
|
|
597
|
+
],
|
|
598
|
+
"UpdateReplacePolicy": "Delete",
|
|
599
|
+
"DeletionPolicy": "Delete"
|
|
600
|
+
},
|
|
601
|
+
"testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
|
|
602
|
+
"Type": "AWS::S3::Bucket",
|
|
603
|
+
"Properties": {
|
|
604
|
+
"AccessControl": "LogDeliveryWrite",
|
|
605
|
+
"BucketEncryption": {
|
|
606
|
+
"ServerSideEncryptionConfiguration": [
|
|
607
|
+
{
|
|
608
|
+
"ServerSideEncryptionByDefault": {
|
|
609
|
+
"SSEAlgorithm": "AES256"
|
|
610
|
+
}
|
|
611
|
+
}
|
|
612
|
+
]
|
|
613
|
+
},
|
|
614
|
+
"LoggingConfiguration": {
|
|
615
|
+
"DestinationBucketName": {
|
|
616
|
+
"Ref": "testcloudfronts3CloudfrontLoggingBucketAccessLog2E738D58"
|
|
617
|
+
}
|
|
618
|
+
},
|
|
619
|
+
"OwnershipControls": {
|
|
620
|
+
"Rules": [
|
|
621
|
+
{
|
|
622
|
+
"ObjectOwnership": "ObjectWriter"
|
|
623
|
+
}
|
|
624
|
+
]
|
|
625
|
+
},
|
|
626
|
+
"PublicAccessBlockConfiguration": {
|
|
627
|
+
"BlockPublicAcls": true,
|
|
628
|
+
"BlockPublicPolicy": true,
|
|
629
|
+
"IgnorePublicAcls": true,
|
|
630
|
+
"RestrictPublicBuckets": true
|
|
631
|
+
},
|
|
632
|
+
"Tags": [
|
|
633
|
+
{
|
|
634
|
+
"Key": "aws-cdk:auto-delete-objects",
|
|
635
|
+
"Value": "true"
|
|
636
|
+
}
|
|
637
|
+
],
|
|
638
|
+
"VersioningConfiguration": {
|
|
639
|
+
"Status": "Enabled"
|
|
640
|
+
}
|
|
641
|
+
},
|
|
642
|
+
"UpdateReplacePolicy": "Delete",
|
|
643
|
+
"DeletionPolicy": "Delete"
|
|
644
|
+
},
|
|
260
645
|
"testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
|
|
261
646
|
"Type": "AWS::S3::BucketPolicy",
|
|
262
647
|
"Properties": {
|
|
@@ -362,11 +747,35 @@
|
|
|
362
747
|
"UpdateReplacePolicy": "Delete",
|
|
363
748
|
"DeletionPolicy": "Delete"
|
|
364
749
|
},
|
|
365
|
-
"
|
|
366
|
-
"Type": "AWS::CloudFront::
|
|
750
|
+
"testcloudfronts3CloudFrontOac7A951AA6": {
|
|
751
|
+
"Type": "AWS::CloudFront::OriginAccessControl",
|
|
367
752
|
"Properties": {
|
|
368
|
-
"
|
|
369
|
-
"
|
|
753
|
+
"OriginAccessControlConfig": {
|
|
754
|
+
"Description": "Origin access control provisioned by aws-cloudfront-s3",
|
|
755
|
+
"Name": {
|
|
756
|
+
"Fn::Join": [
|
|
757
|
+
"",
|
|
758
|
+
[
|
|
759
|
+
"aws-cloudfront-s3-testnt-s3-",
|
|
760
|
+
{
|
|
761
|
+
"Fn::Select": [
|
|
762
|
+
2,
|
|
763
|
+
{
|
|
764
|
+
"Fn::Split": [
|
|
765
|
+
"/",
|
|
766
|
+
{
|
|
767
|
+
"Ref": "AWS::StackId"
|
|
768
|
+
}
|
|
769
|
+
]
|
|
770
|
+
}
|
|
771
|
+
]
|
|
772
|
+
}
|
|
773
|
+
]
|
|
774
|
+
]
|
|
775
|
+
},
|
|
776
|
+
"OriginAccessControlOriginType": "s3",
|
|
777
|
+
"SigningBehavior": "always",
|
|
778
|
+
"SigningProtocol": "sigv4"
|
|
370
779
|
}
|
|
371
780
|
}
|
|
372
781
|
},
|
|
@@ -412,18 +821,14 @@
|
|
|
412
821
|
]
|
|
413
822
|
},
|
|
414
823
|
"Id": "cfts3noargumentstestcloudfronts3CloudFrontDistributionOrigin1203032D1",
|
|
824
|
+
"OriginAccessControlId": {
|
|
825
|
+
"Fn::GetAtt": [
|
|
826
|
+
"testcloudfronts3CloudFrontOac7A951AA6",
|
|
827
|
+
"Id"
|
|
828
|
+
]
|
|
829
|
+
},
|
|
415
830
|
"S3OriginConfig": {
|
|
416
|
-
"OriginAccessIdentity":
|
|
417
|
-
"Fn::Join": [
|
|
418
|
-
"",
|
|
419
|
-
[
|
|
420
|
-
"origin-access-identity/cloudfront/",
|
|
421
|
-
{
|
|
422
|
-
"Ref": "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058"
|
|
423
|
-
}
|
|
424
|
-
]
|
|
425
|
-
]
|
|
426
|
-
}
|
|
831
|
+
"OriginAccessIdentity": ""
|
|
427
832
|
}
|
|
428
833
|
}
|
|
429
834
|
]
|
|
@@ -487,7 +892,7 @@
|
|
|
487
892
|
[
|
|
488
893
|
"Lambda function for auto-deleting objects in ",
|
|
489
894
|
{
|
|
490
|
-
"Ref": "
|
|
895
|
+
"Ref": "testcloudfronts3S3LoggingBucket90D239DD"
|
|
491
896
|
},
|
|
492
897
|
" S3 bucket."
|
|
493
898
|
]
|
|
@@ -30,7 +30,10 @@ const construct = new lib_1.CloudFrontToS3(stack, 'test-cloudfront-s3', {
|
|
|
30
30
|
removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
|
|
31
31
|
autoDeleteObjects: true
|
|
32
32
|
},
|
|
33
|
-
|
|
33
|
+
loggingBucketProps: {
|
|
34
|
+
removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
|
|
35
|
+
autoDeleteObjects: true
|
|
36
|
+
},
|
|
34
37
|
});
|
|
35
38
|
const s3Bucket = construct.s3Bucket;
|
|
36
39
|
defaults.addCfnSuppressRules(s3Bucket, [
|
|
@@ -40,4 +43,4 @@ defaults.addCfnSuppressRules(s3Bucket, [
|
|
|
40
43
|
defaults.suppressAutoDeleteHandlerWarnings(stack);
|
|
41
44
|
// Synth
|
|
42
45
|
app.synth();
|
|
43
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
46
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZWcuY2Z0czMtbm8tYXJndW1lbnRzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiaW50ZWcuY2Z0czMtbm8tYXJndW1lbnRzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQTs7Ozs7Ozs7Ozs7R0FXRzs7QUFFSCxVQUFVO0FBQ1YsNkNBQXdEO0FBQ3hELGdDQUF3QztBQUN4Qyx5REFBd0U7QUFFeEUsMkRBQTJEO0FBRTNELFFBQVE7QUFDUixNQUFNLEdBQUcsR0FBRyxJQUFJLGlCQUFHLEVBQUUsQ0FBQztBQUN0QixNQUFNLEtBQUssR0FBRyxJQUFJLG1CQUFLLENBQUMsR0FBRyxFQUFFLDZCQUFzQixDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7QUFDakUsS0FBSyxDQUFDLGVBQWUsQ0FBQyxXQUFXLEdBQUcsd0NBQXdDLENBQUM7QUFFN0UsTUFBTSxTQUFTLEdBQUcsSUFBSSxvQkFBYyxDQUFDLEtBQUssRUFBRSxvQkFBb0IsRUFBRTtJQUNoRSw0QkFBNEIsRUFBRTtRQUM1QixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCxXQUFXLEVBQUU7UUFDWCxhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7SUFDRCxrQkFBa0IsRUFBRTtRQUNsQixhQUFhLEVBQUUsMkJBQWEsQ0FBQyxPQUFPO1FBQ3BDLGlCQUFpQixFQUFFLElBQUk7S0FDeEI7Q0FDRixDQUFDLENBQUM7QUFFSCxNQUFNLFFBQVEsR0FBRyxTQUFTLENBQUMsUUFBcUIsQ0FBQztBQUVqRCxRQUFRLENBQUMsbUJBQW1CLENBQUMsUUFBUSxFQUFFO0lBQ3JDLEVBQUUsRUFBRSxFQUFFLEtBQUs7UUFDVCxNQUFNLEVBQUUsd0VBQXdFLEVBQUU7Q0FDckYsQ0FBQyxDQUFDO0FBRUgsUUFBUSxDQUFDLGlDQUFpQyxDQUFDLEtBQUssQ0FBQyxDQUFDO0FBQ2xELFFBQVE7QUFDUixHQUFHLENBQUMsS0FBSyxFQUFFLENBQUMiLCJzb3VyY2VzQ29udGVudCI6WyIvKipcbiAqICBDb3B5cmlnaHQgQW1hem9uLmNvbSwgSW5jLiBvciBpdHMgYWZmaWxpYXRlcy4gQWxsIFJpZ2h0cyBSZXNlcnZlZC5cbiAqXG4gKiAgTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uIDIuMCAodGhlIFwiTGljZW5zZVwiKS4gWW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZVxuICogIHdpdGggdGhlIExpY2Vuc2UuIEEgY29weSBvZiB0aGUgTGljZW5zZSBpcyBsb2NhdGVkIGF0XG4gKlxuICogICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjBcbiAqXG4gKiAgb3IgaW4gdGhlICdsaWNlbnNlJyBmaWxlIGFjY29tcGFueWluZyB0aGlzIGZpbGUuIFRoaXMgZmlsZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAnQVMgSVMnIEJBU0lTLCBXSVRIT1VUIFdBUlJBTlRJRVNcbiAqICBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBleHByZXNzIG9yIGltcGxpZWQuIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9uc1xuICogIGFuZCBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS5cbiAqL1xuXG4vLyBJbXBvcnRzXG5pbXBvcnQgeyBBcHAsIFN0YWNrLCBSZW1vdmFsUG9saWN5IH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBDbG91ZEZyb250VG9TMyB9IGZyb20gXCIuLi9saWJcIjtcbmltcG9ydCB7IGdlbmVyYXRlSW50ZWdTdGFja05hbWUgfSBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL2NvcmUnO1xuaW1wb3J0ICogYXMgczMgZnJvbSBcImF3cy1jZGstbGliL2F3cy1zM1wiO1xuaW1wb3J0ICogYXMgZGVmYXVsdHMgZnJvbSAnQGF3cy1zb2x1dGlvbnMtY29uc3RydWN0cy9jb3JlJztcblxuLy8gU2V0dXBcbmNvbnN0IGFwcCA9IG5ldyBBcHAoKTtcbmNvbnN0IHN0YWNrID0gbmV3IFN0YWNrKGFwcCwgZ2VuZXJhdGVJbnRlZ1N0YWNrTmFtZShfX2ZpbGVuYW1lKSk7XG5zdGFjay50ZW1wbGF0ZU9wdGlvbnMuZGVzY3JpcHRpb24gPSAnSW50ZWdyYXRpb24gVGVzdCBmb3IgYXdzLWNsb3VkZnJvbnQtczMnO1xuXG5jb25zdCBjb25zdHJ1Y3QgPSBuZXcgQ2xvdWRGcm9udFRvUzMoc3RhY2ssICd0ZXN0LWNsb3VkZnJvbnQtczMnLCB7XG4gIGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgYnVja2V0UHJvcHM6IHtcbiAgICByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LkRFU1RST1ksXG4gICAgYXV0b0RlbGV0ZU9iamVjdHM6IHRydWVcbiAgfSxcbiAgbG9nZ2luZ0J1Y2tldFByb3BzOiB7XG4gICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuICAgIGF1dG9EZWxldGVPYmplY3RzOiB0cnVlXG4gIH0sXG59KTtcblxuY29uc3QgczNCdWNrZXQgPSBjb25zdHJ1Y3QuczNCdWNrZXQgYXMgczMuQnVja2V0O1xuXG5kZWZhdWx0cy5hZGRDZm5TdXBwcmVzc1J1bGVzKHMzQnVja2V0LCBbXG4gIHsgaWQ6ICdXMzUnLFxuICAgIHJlYXNvbjogJ1RoaXMgUzMgYnVja2V0IGlzIGNyZWF0ZWQgZm9yIHVuaXQvIGludGVncmF0aW9uIHRlc3RpbmcgcHVycG9zZXMgb25seS4nIH0sXG5dKTtcblxuZGVmYXVsdHMuc3VwcHJlc3NBdXRvRGVsZXRlSGFuZGxlcldhcm5pbmdzKHN0YWNrKTtcbi8vIFN5bnRoXG5hcHAuc3ludGgoKTtcbiJdfQ==
|