@gammarers/aws-secure-bucket 2.1.7 → 2.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +25 -5
- package/API.md +14 -0
- package/lib/index.d.ts +6 -0
- package/lib/index.js +28 -4
- package/package.json +1 -1
package/.jsii
CHANGED
|
@@ -3508,7 +3508,7 @@
|
|
|
3508
3508
|
},
|
|
3509
3509
|
"locationInModule": {
|
|
3510
3510
|
"filename": "src/index.ts",
|
|
3511
|
-
"line":
|
|
3511
|
+
"line": 23
|
|
3512
3512
|
},
|
|
3513
3513
|
"parameters": [
|
|
3514
3514
|
{
|
|
@@ -3535,7 +3535,7 @@
|
|
|
3535
3535
|
"kind": "class",
|
|
3536
3536
|
"locationInModule": {
|
|
3537
3537
|
"filename": "src/index.ts",
|
|
3538
|
-
"line":
|
|
3538
|
+
"line": 22
|
|
3539
3539
|
},
|
|
3540
3540
|
"name": "SecureBucket",
|
|
3541
3541
|
"symbolId": "src/index:SecureBucket"
|
|
@@ -3556,12 +3556,32 @@
|
|
|
3556
3556
|
"kind": "interface",
|
|
3557
3557
|
"locationInModule": {
|
|
3558
3558
|
"filename": "src/index.ts",
|
|
3559
|
-
"line":
|
|
3559
|
+
"line": 13
|
|
3560
3560
|
},
|
|
3561
3561
|
"name": "SecureBucketProps",
|
|
3562
|
+
"properties": [
|
|
3563
|
+
{
|
|
3564
|
+
"abstract": true,
|
|
3565
|
+
"docs": {
|
|
3566
|
+
"default": "false",
|
|
3567
|
+
"stability": "stable",
|
|
3568
|
+
"summary": "If you are setting a custom Qualifier and using it as the artifact bucket for the CDK pipeline, set it to true."
|
|
3569
|
+
},
|
|
3570
|
+
"immutable": true,
|
|
3571
|
+
"locationInModule": {
|
|
3572
|
+
"filename": "src/index.ts",
|
|
3573
|
+
"line": 19
|
|
3574
|
+
},
|
|
3575
|
+
"name": "isPipelineArtifactBucket",
|
|
3576
|
+
"optional": true,
|
|
3577
|
+
"type": {
|
|
3578
|
+
"primitive": "boolean"
|
|
3579
|
+
}
|
|
3580
|
+
}
|
|
3581
|
+
],
|
|
3562
3582
|
"symbolId": "src/index:SecureBucketProps"
|
|
3563
3583
|
}
|
|
3564
3584
|
},
|
|
3565
|
-
"version": "2.1
|
|
3566
|
-
"fingerprint": "
|
|
3585
|
+
"version": "2.2.1",
|
|
3586
|
+
"fingerprint": "SKsgLC6xVjM5Xr/6aGlWYrk7oZWTQTdzYkD3lWRQ8zQ="
|
|
3567
3587
|
}
|
package/API.md
CHANGED
|
@@ -1163,6 +1163,7 @@ const secureBucketProps: SecureBucketProps = { ... }
|
|
|
1163
1163
|
| <code><a href="#@gammarers/aws-secure-bucket.SecureBucketProps.property.websiteIndexDocument">websiteIndexDocument</a></code> | <code>string</code> | The name of the index document (e.g. "index.html") for the website. Enables static website hosting for this bucket. |
|
|
1164
1164
|
| <code><a href="#@gammarers/aws-secure-bucket.SecureBucketProps.property.websiteRedirect">websiteRedirect</a></code> | <code>aws-cdk-lib.aws_s3.RedirectTarget</code> | Specifies the redirect behavior of all requests to a website endpoint of a bucket. |
|
|
1165
1165
|
| <code><a href="#@gammarers/aws-secure-bucket.SecureBucketProps.property.websiteRoutingRules">websiteRoutingRules</a></code> | <code>aws-cdk-lib.aws_s3.RoutingRule[]</code> | Rules that define when a redirect is applied and the redirect behavior. |
|
|
1166
|
+
| <code><a href="#@gammarers/aws-secure-bucket.SecureBucketProps.property.isPipelineArtifactBucket">isPipelineArtifactBucket</a></code> | <code>boolean</code> | If you are setting a custom Qualifier and using it as the artifact bucket for the CDK pipeline, set it to true. |
|
|
1166
1167
|
|
|
1167
1168
|
---
|
|
1168
1169
|
|
|
@@ -1584,5 +1585,18 @@ Rules that define when a redirect is applied and the redirect behavior.
|
|
|
1584
1585
|
|
|
1585
1586
|
---
|
|
1586
1587
|
|
|
1588
|
+
##### `isPipelineArtifactBucket`<sup>Optional</sup> <a name="isPipelineArtifactBucket" id="@gammarers/aws-secure-bucket.SecureBucketProps.property.isPipelineArtifactBucket"></a>
|
|
1589
|
+
|
|
1590
|
+
```typescript
|
|
1591
|
+
public readonly isPipelineArtifactBucket: boolean;
|
|
1592
|
+
```
|
|
1593
|
+
|
|
1594
|
+
- *Type:* boolean
|
|
1595
|
+
- *Default:* false
|
|
1596
|
+
|
|
1597
|
+
If you are setting a custom Qualifier and using it as the artifact bucket for the CDK pipeline, set it to true.
|
|
1598
|
+
|
|
1599
|
+
---
|
|
1600
|
+
|
|
1587
1601
|
|
|
1588
1602
|
|
package/lib/index.d.ts
CHANGED
|
@@ -7,6 +7,12 @@ import { Construct } from 'constructs';
|
|
|
7
7
|
* export interface CodePipelineStateChangeDetectionEventRuleProps extends Omit<s3.BucketProps, 'publicReadAccess'> {}
|
|
8
8
|
*/
|
|
9
9
|
export interface SecureBucketProps extends s3.BucketProps {
|
|
10
|
+
/**
|
|
11
|
+
* If you are setting a custom Qualifier and using it as the artifact bucket for the CDK pipeline, set it to true.
|
|
12
|
+
*
|
|
13
|
+
* @default false
|
|
14
|
+
*/
|
|
15
|
+
readonly isPipelineArtifactBucket?: boolean;
|
|
10
16
|
}
|
|
11
17
|
export declare class SecureBucket extends s3.Bucket {
|
|
12
18
|
constructor(scope: Construct, id: string, props?: SecureBucketProps);
|
package/lib/index.js
CHANGED
|
@@ -3,13 +3,14 @@ var _a;
|
|
|
3
3
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
4
|
exports.SecureBucket = void 0;
|
|
5
5
|
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
|
|
6
|
-
const
|
|
6
|
+
const aws_cdk_lib_1 = require("aws-cdk-lib");
|
|
7
|
+
const iam = require("aws-cdk-lib/aws-iam");
|
|
7
8
|
const s3 = require("aws-cdk-lib/aws-s3");
|
|
8
9
|
class SecureBucket extends s3.Bucket {
|
|
9
10
|
constructor(scope, id, props) {
|
|
10
11
|
super(scope, id, {
|
|
11
12
|
...props,
|
|
12
|
-
removalPolicy:
|
|
13
|
+
removalPolicy: aws_cdk_lib_1.RemovalPolicy.RETAIN,
|
|
13
14
|
encryption: props?.encryption || s3.BucketEncryption.KMS_MANAGED,
|
|
14
15
|
accessControl: (() => {
|
|
15
16
|
if (!props?.accessControl) {
|
|
@@ -34,9 +35,32 @@ class SecureBucket extends s3.Bucket {
|
|
|
34
35
|
if (props?.eventBridgeEnabled === true) {
|
|
35
36
|
cfnBucket.addPropertyOverride('NotificationConfiguration.EventBridgeConfiguration.EventBridgeEnabled', true);
|
|
36
37
|
}
|
|
38
|
+
// 👇 Get account & region
|
|
39
|
+
const account = aws_cdk_lib_1.Stack.of(this).account;
|
|
40
|
+
const region = aws_cdk_lib_1.Stack.of(this).region;
|
|
41
|
+
if (props?.isPipelineArtifactBucket) {
|
|
42
|
+
// 👇 Get qualifier
|
|
43
|
+
// const qualifier = Stack.of(this).synthesizer.bootstrapQualifier || defaultQualifier;
|
|
44
|
+
const qualifier = aws_cdk_lib_1.Stack.of(this).synthesizer.bootstrapQualifier;
|
|
45
|
+
// add resource policy when custom qualifier
|
|
46
|
+
if (qualifier && (qualifier != aws_cdk_lib_1.DefaultStackSynthesizer.DEFAULT_QUALIFIER)) {
|
|
47
|
+
this.addToResourcePolicy(new iam.PolicyStatement({
|
|
48
|
+
actions: [
|
|
49
|
+
's3:*',
|
|
50
|
+
],
|
|
51
|
+
resources: [
|
|
52
|
+
`${this.bucketArn}`,
|
|
53
|
+
`${this.bucketArn}/*`,
|
|
54
|
+
],
|
|
55
|
+
principals: [
|
|
56
|
+
new iam.ArnPrincipal(`arn:aws:iam::${account}:role/cdk-${qualifier}-deploy-role-${account}-${region}`),
|
|
57
|
+
],
|
|
58
|
+
}));
|
|
59
|
+
}
|
|
60
|
+
}
|
|
37
61
|
}
|
|
38
62
|
}
|
|
39
63
|
exports.SecureBucket = SecureBucket;
|
|
40
64
|
_a = JSII_RTTI_SYMBOL_1;
|
|
41
|
-
SecureBucket[_a] = { fqn: "@gammarers/aws-secure-bucket.SecureBucket", version: "2.1
|
|
42
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
65
|
+
SecureBucket[_a] = { fqn: "@gammarers/aws-secure-bucket.SecureBucket", version: "2.2.1" };
|
|
66
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2Q0FBNEU7QUFDNUUsMkNBQTJDO0FBQzNDLHlDQUF5QztBQW1CekMsTUFBYSxZQUFhLFNBQVEsRUFBRSxDQUFDLE1BQU07SUFDekMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUF5QjtRQUNqRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRTtZQUNmLEdBQUcsS0FBSztZQUNSLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE1BQU07WUFDbkMsVUFBVSxFQUFFLEtBQUssRUFBRSxVQUFVLElBQUksRUFBRSxDQUFDLGdCQUFnQixDQUFDLFdBQVc7WUFDaEUsYUFBYSxFQUFFLENBQUMsR0FBRyxFQUFFO2dCQUNuQixJQUFJLENBQUMsS0FBSyxFQUFFLGFBQWEsRUFBRSxDQUFDO29CQUMxQixPQUFPLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxPQUFPLENBQUM7Z0JBQ3hDLENBQUM7Z0JBQ0QsT0FBTyxLQUFLLENBQUMsYUFBYSxDQUFDO1lBQzdCLENBQUMsQ0FBQyxFQUFFO1lBQ0osa0JBQWtCLEVBQUUsU0FBUztZQUM3QixnQkFBZ0IsRUFBRSxLQUFLO1lBQ3ZCLGlCQUFpQixFQUFFLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxTQUFTO1lBQ2pELFVBQVUsRUFBRSxJQUFJO1lBQ2hCLFNBQVMsRUFBRSxLQUFLLEVBQUUsU0FBUyxLQUFLLFNBQVMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsSUFBSTtZQUNsRSxlQUFlLEVBQUUsQ0FBQyxHQUFHLEVBQUU7Z0JBQ3JCLElBQUksS0FBSyxFQUFFLGVBQWUsRUFBRSxDQUFDO29CQUMzQixPQUFPLEtBQUssQ0FBQyxlQUFlLENBQUM7Z0JBQy9CLENBQUM7Z0JBQ0QsT0FBTyxFQUFFLENBQUMsZUFBZSxDQUFDLHFCQUFxQixDQUFDO1lBQ2xELENBQUMsQ0FBQyxFQUFFO1NBQ0wsQ0FBQyxDQUFDO1FBRUgsZ0JBQWdCO1FBQ2hCLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsWUFBNEIsQ0FBQztRQUN6RCxJQUFJLEtBQUssRUFBRSxrQkFBa0IsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUN2QyxTQUFTLENBQUMsbUJBQW1CLENBQUMsdUVBQXVFLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDL0csQ0FBQztRQUVELDBCQUEwQjtRQUMxQixNQUFNLE9BQU8sR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxPQUFPLENBQUM7UUFDdkMsTUFBTSxNQUFNLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsTUFBTSxDQUFDO1FBRXJDLElBQUksS0FBSyxFQUFFLHdCQUF3QixFQUFFLENBQUM7WUFFcEMsbUJBQW1CO1lBQ25CLHVGQUF1RjtZQUN2RixNQUFNLFNBQVMsR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxXQUFXLENBQUMsa0JBQWtCLENBQUM7WUFFaEUsNENBQTRDO1lBQzVDLElBQUksU0FBUyxJQUFJLENBQUMsU0FBUyxJQUFJLHFDQUF1QixDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQztnQkFFMUUsSUFBSSxDQUFDLG1CQUFtQixDQUFDLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQztvQkFDL0MsT0FBTyxFQUFFO3dCQUNQLE1BQU07cUJBQ1A7b0JBQ0QsU0FBUyxFQUFFO3dCQUNULEdBQUcsSUFBSSxDQUFDLFNBQVMsRUFBRTt3QkFDbkIsR0FBRyxJQUFJLENBQUMsU0FBUyxJQUFJO3FCQUN0QjtvQkFDRCxVQUFVLEVBQUU7d0JBQ1YsSUFBSSxHQUFHLENBQUMsWUFBWSxDQUFDLGdCQUFnQixPQUFPLGFBQWEsU0FBUyxnQkFBZ0IsT0FBTyxJQUFJLE1BQU0sRUFBRSxDQUFDO3FCQUN2RztpQkFDRixDQUFDLENBQUMsQ0FBQztZQUNOLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQzs7QUExREgsb0NBMkRDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgRGVmYXVsdFN0YWNrU3ludGhlc2l6ZXIsIFJlbW92YWxQb2xpY3ksIFN0YWNrIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0ICogYXMgaWFtIGZyb20gJ2F3cy1jZGstbGliL2F3cy1pYW0nO1xuaW1wb3J0ICogYXMgczMgZnJvbSAnYXdzLWNkay1saWIvYXdzLXMzJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG4vKipcbiAqIEBUT0RPOiBOb3QgeWV0IHN1cHBvcnRlZFxuICogaHR0cHM6Ly9naXRodWIuY29tL2F3cy9qc2lpL2lzc3Vlcy80NDY4XG4gKiB0eXBlIG9taXRLZXlzID0gJ3B1YmxpY1JlYWRBY2Nlc3N8ZW5mb3JjZVNTTHxibG9ja1B1YmxpY0FjY2Vzcyc7XG4gKiBleHBvcnQgaW50ZXJmYWNlIENvZGVQaXBlbGluZVN0YXRlQ2hhbmdlRGV0ZWN0aW9uRXZlbnRSdWxlUHJvcHMgZXh0ZW5kcyBPbWl0PHMzLkJ1Y2tldFByb3BzLCAncHVibGljUmVhZEFjY2Vzcyc+IHt9XG4gKi9cblxuZXhwb3J0IGludGVyZmFjZSBTZWN1cmVCdWNrZXRQcm9wcyBleHRlbmRzIHMzLkJ1Y2tldFByb3BzIHtcbiAgLyoqXG4gICAqIElmIHlvdSBhcmUgc2V0dGluZyBhIGN1c3RvbSBRdWFsaWZpZXIgYW5kIHVzaW5nIGl0IGFzIHRoZSBhcnRpZmFjdCBidWNrZXQgZm9yIHRoZSBDREsgcGlwZWxpbmUsIHNldCBpdCB0byB0cnVlLlxuICAgKlxuICAgKiBAZGVmYXVsdCBmYWxzZVxuICAgKi9cbiAgcmVhZG9ubHkgaXNQaXBlbGluZUFydGlmYWN0QnVja2V0PzogYm9vbGVhbjtcbn1cblxuZXhwb3J0IGNsYXNzIFNlY3VyZUJ1Y2tldCBleHRlbmRzIHMzLkJ1Y2tldCB7XG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzPzogU2VjdXJlQnVja2V0UHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHtcbiAgICAgIC4uLnByb3BzLFxuICAgICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5SRVRBSU4sXG4gICAgICBlbmNyeXB0aW9uOiBwcm9wcz8uZW5jcnlwdGlvbiB8fCBzMy5CdWNrZXRFbmNyeXB0aW9uLktNU19NQU5BR0VELFxuICAgICAgYWNjZXNzQ29udHJvbDogKCgpID0+IHtcbiAgICAgICAgaWYgKCFwcm9wcz8uYWNjZXNzQ29udHJvbCkge1xuICAgICAgICAgIHJldHVybiBzMy5CdWNrZXRBY2Nlc3NDb250cm9sLlBSSVZBVEU7XG4gICAgICAgIH1cbiAgICAgICAgcmV0dXJuIHByb3BzLmFjY2Vzc0NvbnRyb2w7XG4gICAgICB9KSgpLFxuICAgICAgZXZlbnRCcmlkZ2VFbmFibGVkOiB1bmRlZmluZWQsXG4gICAgICBwdWJsaWNSZWFkQWNjZXNzOiBmYWxzZSxcbiAgICAgIGJsb2NrUHVibGljQWNjZXNzOiBzMy5CbG9ja1B1YmxpY0FjY2Vzcy5CTE9DS19BTEwsXG4gICAgICBlbmZvcmNlU1NMOiB0cnVlLFxuICAgICAgdmVyc2lvbmVkOiBwcm9wcz8udmVyc2lvbmVkICE9PSB1bmRlZmluZWQgPyBwcm9wcy52ZXJzaW9uZWQgOiB0cnVlLFxuICAgICAgb2JqZWN0T3duZXJzaGlwOiAoKCkgPT4ge1xuICAgICAgICBpZiAocHJvcHM/Lm9iamVjdE93bmVyc2hpcCkge1xuICAgICAgICAgIHJldHVybiBwcm9wcy5vYmplY3RPd25lcnNoaXA7XG4gICAgICAgIH1cbiAgICAgICAgcmV0dXJuIHMzLk9iamVjdE93bmVyc2hpcC5CVUNLRVRfT1dORVJfRU5GT1JDRUQ7XG4gICAgICB9KSgpLFxuICAgIH0pO1xuXG4gICAgLy8gR2V0IENmbkJ1Y2tldFxuICAgIGNvbnN0IGNmbkJ1Y2tldCA9IHRoaXMubm9kZS5kZWZhdWx0Q2hpbGQgYXMgczMuQ2ZuQnVja2V0O1xuICAgIGlmIChwcm9wcz8uZXZlbnRCcmlkZ2VFbmFibGVkID09PSB0cnVlKSB7XG4gICAgICBjZm5CdWNrZXQuYWRkUHJvcGVydHlPdmVycmlkZSgnTm90aWZpY2F0aW9uQ29uZmlndXJhdGlvbi5FdmVudEJyaWRnZUNvbmZpZ3VyYXRpb24uRXZlbnRCcmlkZ2VFbmFibGVkJywgdHJ1ZSk7XG4gICAgfVxuXG4gICAgLy8g8J+RhyBHZXQgYWNjb3VudCAmIHJlZ2lvblxuICAgIGNvbnN0IGFjY291bnQgPSBTdGFjay5vZih0aGlzKS5hY2NvdW50O1xuICAgIGNvbnN0IHJlZ2lvbiA9IFN0YWNrLm9mKHRoaXMpLnJlZ2lvbjtcblxuICAgIGlmIChwcm9wcz8uaXNQaXBlbGluZUFydGlmYWN0QnVja2V0KSB7XG5cbiAgICAgIC8vIPCfkYcgR2V0IHF1YWxpZmllclxuICAgICAgLy8gY29uc3QgcXVhbGlmaWVyID0gU3RhY2sub2YodGhpcykuc3ludGhlc2l6ZXIuYm9vdHN0cmFwUXVhbGlmaWVyIHx8IGRlZmF1bHRRdWFsaWZpZXI7XG4gICAgICBjb25zdCBxdWFsaWZpZXIgPSBTdGFjay5vZih0aGlzKS5zeW50aGVzaXplci5ib290c3RyYXBRdWFsaWZpZXI7XG5cbiAgICAgIC8vIGFkZCByZXNvdXJjZSBwb2xpY3kgd2hlbiBjdXN0b20gcXVhbGlmaWVyXG4gICAgICBpZiAocXVhbGlmaWVyICYmIChxdWFsaWZpZXIgIT0gRGVmYXVsdFN0YWNrU3ludGhlc2l6ZXIuREVGQVVMVF9RVUFMSUZJRVIpKSB7XG5cbiAgICAgICAgdGhpcy5hZGRUb1Jlc291cmNlUG9saWN5KG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAnczM6KicsXG4gICAgICAgICAgXSxcbiAgICAgICAgICByZXNvdXJjZXM6IFtcbiAgICAgICAgICAgIGAke3RoaXMuYnVja2V0QXJufWAsXG4gICAgICAgICAgICBgJHt0aGlzLmJ1Y2tldEFybn0vKmAsXG4gICAgICAgICAgXSxcbiAgICAgICAgICBwcmluY2lwYWxzOiBbXG4gICAgICAgICAgICBuZXcgaWFtLkFyblByaW5jaXBhbChgYXJuOmF3czppYW06OiR7YWNjb3VudH06cm9sZS9jZGstJHtxdWFsaWZpZXJ9LWRlcGxveS1yb2xlLSR7YWNjb3VudH0tJHtyZWdpb259YCksXG4gICAgICAgICAgXSxcbiAgICAgICAgfSkpO1xuICAgICAgfVxuICAgIH1cbiAgfVxufSJdfQ==
|