@sitblueprint/website-construct 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +9 -0
  2. package/docs/CHANGELOG.md +6 -0
  3. package/lib/index.js +4 -1
  4. package/lib/index.ts +10 -7
  5. package/package.json +1 -1
package/README.md CHANGED
@@ -6,8 +6,17 @@ A reusable [AWS CDK](https://docs.aws.amazon.com/cdk/) construct to deploy a web
6
6
 
7
7
  - CDN caching via CloudFont
8
8
  - Deployment via S3
9
+ - Hardened S3 bucket defaults with bucket-owner-only ACLs and automatic SSE
9
10
  - Direct access to the underlying S3 bucket and CloudFront distribution for advanced customization
10
11
 
12
+ ### Bucket security hardening
13
+
14
+ The construct keeps the S3 bucket accessible for static website hosting while enforcing safer defaults:
15
+
16
+ - Bucket ACLs are blocked and ownership is enforced so only the account owner controls access.
17
+ - Objects are encrypted at rest with S3 managed keys.
18
+ - CloudFront OAI access is granted explicitly via a bucket policy instead of broad public access.
19
+
11
20
  ## Installation
12
21
 
13
22
  ```bash
package/docs/CHANGELOG.md CHANGED
@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ---
9
9
 
10
+ ## [v0.1.4] - 2025-09-30
11
+
12
+ ### Security
13
+
14
+ - Hardened the website bucket policy by blocking ACLs, enforcing bucket-owner full control, and retaining S3 managed encryption.
15
+
10
16
  ## [v0.1.3] - 2025-09-30
11
17
 
12
18
  ### Added
package/lib/index.js CHANGED
@@ -40,7 +40,10 @@ class Website extends constructs_1.Construct {
40
40
  this.bucket = new s3.Bucket(this, props.bucketName, {
41
41
  websiteIndexDocument: props.indexFile,
42
42
  websiteErrorDocument: props.errorFile,
43
+ publicReadAccess: true,
43
44
  removalPolicy: cdk.RemovalPolicy.DESTROY,
45
+ blockPublicAccess: s3.BlockPublicAccess.BLOCK_ACLS_ONLY,
46
+ accessControl: s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL,
44
47
  encryption: s3.BucketEncryption.S3_MANAGED,
45
48
  });
46
49
  const oai = new cloudfont.OriginAccessIdentity(this, `${props.bucketName}-OAI`);
@@ -108,4 +111,4 @@ class Website extends constructs_1.Construct {
108
111
  }
109
112
  }
110
113
  exports.Website = Website;
111
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDJDQUF1QztBQUN2Qyx1REFBeUM7QUFDekMsc0VBQXdEO0FBQ3hELDRFQUE4RDtBQUM5RCx1RkFBeUU7QUFDekUsaURBQW1DO0FBQ25DLHlEQUEyQztBQUMzQyxpRUFBbUQ7QUE4Qm5ELE1BQWEsT0FBUSxTQUFRLHNCQUFTO0lBQ3BCLE1BQU0sQ0FBWTtJQUNsQixZQUFZLENBQXlCO0lBRXJELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBbUI7UUFDM0QsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqQixJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsS0FBSyxDQUFDLFVBQVUsRUFBRTtZQUNsRCxvQkFBb0IsRUFBRSxLQUFLLENBQUMsU0FBUztZQUNyQyxvQkFBb0IsRUFBRSxLQUFLLENBQUMsU0FBUztZQUNyQyxhQUFhLEVBQUUsR0FBRyxDQUFDLGFBQWEsQ0FBQyxPQUFPO1lBQ3hDLFVBQVUsRUFBRSxFQUFFLENBQUMsZ0JBQWdCLENBQUMsVUFBVTtTQUMzQyxDQUFDLENBQUM7UUFDSCxNQUFNLEdBQUcsR0FBRyxJQUFJLFNBQVMsQ0FBQyxvQkFBb0IsQ0FDNUMsSUFBSSxFQUNKLEdBQUcsS0FBSyxDQUFDLFVBQVUsTUFBTSxDQUMxQixDQUFDO1FBQ0YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxtQkFBbUIsQ0FDN0IsSUFBSSxHQUFHLENBQUMsZUFBZSxDQUFDO1lBQ3RCLE9BQU8sRUFBRSxDQUFDLGNBQWMsQ0FBQztZQUN6QixTQUFTLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUMzQyxVQUFVLEVBQUU7Z0JBQ1YsSUFBSSxHQUFHLENBQUMsc0JBQXNCLENBQzVCLEdBQUcsQ0FBQywrQ0FBK0MsQ0FDcEQ7YUFDRjtTQUNGLENBQUMsQ0FDSCxDQUFDO1FBRUYsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLFNBQVMsQ0FBQyxZQUFZLENBQzVDLElBQUksRUFDSixHQUFHLEtBQUssQ0FBQyxVQUFVLGVBQWUsRUFDbEM7WUFDRSxlQUFlLEVBQUU7Z0JBQ2YsTUFBTSxFQUFFLElBQUksT0FBTyxDQUFDLHFCQUFxQixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7Z0JBQ3RELG9CQUFvQixFQUNsQixTQUFTLENBQUMsb0JBQW9CLENBQUMsaUJBQWlCO2FBQ25EO1lBQ0QsY0FBYyxFQUFFO2dCQUNkO29CQUNFLFVBQVUsRUFBRSxHQUFHO29CQUNmLGtCQUFrQixFQUFFLEdBQUc7b0JBQ3ZCLGdCQUFnQixFQUFFLEtBQUssQ0FBQyx3QkFBd0IsSUFBSSxXQUFXO29CQUMvRCxHQUFHLEVBQUUsR0FBRyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2lCQUM5QjthQUNGO1lBQ0QsVUFBVSxFQUFFLFNBQVMsQ0FBQyxVQUFVLENBQUMsZUFBZTtZQUNoRCxHQUFHLENBQUMsS0FBSyxDQUFDLFlBQVk7Z0JBQ3BCLENBQUMsQ0FBQztvQkFDRSxXQUFXLEVBQUUsQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxDQUFDO29CQUMxRCxXQUFXLEVBQUUsSUFBSSxDQUFDLGVBQWUsQ0FDL0IsS0FBSyxDQUFDLFlBQVksQ0FBQyxjQUFjLENBQ2xDO2lCQUNGO2dCQUNILENBQUMsQ0FBQyxFQUFFLENBQUM7U0FDUixDQUNGLENBQUM7UUFFRixJQUFJLEtBQUssQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUN2QixNQUFNLFVBQVUsR0FBRyxPQUFPLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxJQUFJLEVBQUUsWUFBWSxFQUFFO2dCQUNuRSxVQUFVLEVBQUUsS0FBSyxDQUFDLFlBQVksQ0FBQyxVQUFVO2FBQzFDLENBQUMsQ0FBQztZQUNILE1BQU0sYUFBYSxHQUFHLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsZUFBZSxFQUFFO2dCQUMvRCxJQUFJLEVBQUUsVUFBVTtnQkFDaEIsVUFBVSxFQUFFLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDO2dCQUN2RCxNQUFNLEVBQUUsR0FBRyxDQUFDLFdBQVcsQ0FBQyxZQUFZLENBQUMsU0FBUyxDQUM1QyxJQUFJLEdBQUcsQ0FBQyxtQkFBbUIsQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQ2hFO2FBQ0YsQ0FBQyxDQUFDO1lBQ0gsYUFBYSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBQ3RELENBQUM7UUFFRCxJQUFJLEdBQUcsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLHdCQUF3QixFQUFFO1lBQ2hELEtBQUssRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLHNCQUFzQjtZQUMvQyxXQUFXLEVBQUUscUNBQXFDO1NBQ25ELENBQUMsQ0FBQztRQUVILElBQUksR0FBRyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsZ0JBQWdCLEVBQUU7WUFDeEMsS0FBSyxFQUFFLElBQUksQ0FBQyxNQUFNLENBQUMsZ0JBQWdCO1lBQ25DLFdBQVcsRUFBRSx1QkFBdUI7U0FDckMsQ0FBQyxDQUFDO1FBRUgsSUFBSSxLQUFLLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDdkIsSUFBSSxHQUFHLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxhQUFhLEVBQUU7Z0JBQ3JDLEtBQUssRUFBRSxJQUFJLENBQUMsWUFBWSxDQUFDLFVBQVU7Z0JBQ25DLFdBQVcsRUFBRSxhQUFhO2FBQzNCLENBQUMsQ0FBQztRQUNMLENBQUM7SUFDSCxDQUFDO0lBRU8sa0JBQWtCLENBQUMsWUFBMEI7UUFDbkQsT0FBTyxZQUFZLENBQUMsYUFBYTtZQUMvQixDQUFDLENBQUMsR0FBRyxZQUFZLENBQUMsYUFBYSxJQUFJLFlBQVksQ0FBQyxVQUFVLEVBQUU7WUFDNUQsQ0FBQyxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUM7SUFDOUIsQ0FBQztJQUVPLGVBQWUsQ0FBQyxHQUFXO1FBQ2pDLE9BQU8sa0JBQWtCLENBQUMsV0FBVyxDQUFDLGtCQUFrQixDQUN0RCxJQUFJLEVBQ0osY0FBYyxFQUNkLEdBQUcsQ0FDSixDQUFDO0lBQ0osQ0FBQztDQUNGO0FBdEdELDBCQXNHQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gXCJjb25zdHJ1Y3RzXCI7XG5pbXBvcnQgKiBhcyBzMyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXMzXCI7XG5pbXBvcnQgKiBhcyBjbG91ZGZvbnQgZnJvbSBcImF3cy1jZGstbGliL2F3cy1jbG91ZGZyb250XCI7XG5pbXBvcnQgKiBhcyBvcmlnaW5zIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtY2xvdWRmcm9udC1vcmlnaW5zXCI7XG5pbXBvcnQgKiBhcyBjZXJ0aWZpY2F0ZW1hbmFnZXIgZnJvbSBcImF3cy1jZGstbGliL2F3cy1jZXJ0aWZpY2F0ZW1hbmFnZXJcIjtcbmltcG9ydCAqIGFzIGNkayBmcm9tIFwiYXdzLWNkay1saWJcIjtcbmltcG9ydCAqIGFzIGlhbSBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWlhbVwiO1xuaW1wb3J0ICogYXMgcm91dGU1MyBmcm9tIFwiYXdzLWNkay1saWIvYXdzLXJvdXRlNTNcIjtcblxuZXhwb3J0IGludGVyZmFjZSBEb21haW5Db25maWcge1xuICAvKiogVGhlIHJvb3QgZG9tYWluIG5hbWUgKGUuZy4sIGV4YW1wbGUuY29tKS5cbiAgICogVGhlcmUgbXVzdCBiZSBhbiBhc3NvY2lhdGVkIGhvc3RlZCB6b25lIGluIFJvdXRlIDUzIGZvciB0aGlzIGRvbWFpbi5cbiAgICovXG4gIGRvbWFpbk5hbWU6IHN0cmluZztcbiAgLyoqIFRoZSBzdWJkb21haW4gbmFtZSAqL1xuICBzdWJkb21haW5OYW1lOiBzdHJpbmc7XG4gIC8qKiBUaGUgQVJOIG9mIHRoZSBTU0wgY2VydGlmaWNhdGUgdG8gdXNlIGZvciB0aGUgZG9tYWluLiAqL1xuICBjZXJ0aWZpY2F0ZUFybjogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFdlYnNpdGVQcm9wcyB7XG4gIC8qKiBUaGUgbmFtZSBvZiB0aGUgUzMgYnVja2V0IHRoYXQgd2lsbCBob3N0IHRoZSB3ZWJzaXRlIGNvbnRlbnQuICovXG4gIGJ1Y2tldE5hbWU6IHN0cmluZztcblxuICAvKiogVGhlIHBhdGggdG8gdGhlIGluZGV4IGRvY3VtZW50IHRoYXQgd2lsbCBiZSBzZXJ2ZWQgYXMgdGhlIGRlZmF1bHQgcGFnZS4gKi9cbiAgaW5kZXhGaWxlOiBzdHJpbmc7XG5cbiAgLyoqIFRoZSBwYXRoIHRvIHRoZSBlcnJvciBkb2N1bWVudCB0aGF0IHdpbGwgYmUgc2VydmVkIHdoZW4gYW4gZXJyb3Igb2NjdXJzLiAqL1xuICBlcnJvckZpbGU6IHN0cmluZztcblxuICAvKiogT3B0aW9uYWwgY29uZmlndXJhdGlvbiBmb3IgY3VzdG9tIGRvbWFpbiBzZXR1cC4gKi9cbiAgZG9tYWluQ29uZmlnPzogRG9tYWluQ29uZmlnO1xuXG4gIC8qKiBPcHRpb25hbCBwYXRoIHRvIGEgY3VzdG9tIDQwNCBwYWdlLiBJZiBub3Qgc3BlY2lmaWVkLCB0aGUgZXJyb3IgZmlsZSB3aWxsIGJlIHVzZWQuICovXG4gIG5vdEZvdW5kUmVzcG9uc2VQYWdlUGF0aD86IHN0cmluZztcbn1cblxuZXhwb3J0IGNsYXNzIFdlYnNpdGUgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBwdWJsaWMgcmVhZG9ubHkgYnVja2V0OiBzMy5CdWNrZXQ7XG4gIHB1YmxpYyByZWFkb25seSBkaXN0cmlidXRpb246IGNsb3VkZm9udC5EaXN0cmlidXRpb247XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IFdlYnNpdGVQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG4gICAgdGhpcy5idWNrZXQgPSBuZXcgczMuQnVja2V0KHRoaXMsIHByb3BzLmJ1Y2tldE5hbWUsIHtcbiAgICAgIHdlYnNpdGVJbmRleERvY3VtZW50OiBwcm9wcy5pbmRleEZpbGUsXG4gICAgICB3ZWJzaXRlRXJyb3JEb2N1bWVudDogcHJvcHMuZXJyb3JGaWxlLFxuICAgICAgcmVtb3ZhbFBvbGljeTogY2RrLlJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICAgIGVuY3J5cHRpb246IHMzLkJ1Y2tldEVuY3J5cHRpb24uUzNfTUFOQUdFRCxcbiAgICB9KTtcbiAgICBjb25zdCBvYWkgPSBuZXcgY2xvdWRmb250Lk9yaWdpbkFjY2Vzc0lkZW50aXR5KFxuICAgICAgdGhpcyxcbiAgICAgIGAke3Byb3BzLmJ1Y2tldE5hbWV9LU9BSWAsXG4gICAgKTtcbiAgICB0aGlzLmJ1Y2tldC5hZGRUb1Jlc291cmNlUG9saWN5KFxuICAgICAgbmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBhY3Rpb25zOiBbXCJzMzpHZXRPYmplY3RcIl0sXG4gICAgICAgIHJlc291cmNlczogW3RoaXMuYnVja2V0LmFybkZvck9iamVjdHMoXCIqXCIpXSxcbiAgICAgICAgcHJpbmNpcGFsczogW1xuICAgICAgICAgIG5ldyBpYW0uQ2Fub25pY2FsVXNlclByaW5jaXBhbChcbiAgICAgICAgICAgIG9haS5jbG91ZEZyb250T3JpZ2luQWNjZXNzSWRlbnRpdHlTM0Nhbm9uaWNhbFVzZXJJZCxcbiAgICAgICAgICApLFxuICAgICAgICBdLFxuICAgICAgfSksXG4gICAgKTtcblxuICAgIHRoaXMuZGlzdHJpYnV0aW9uID0gbmV3IGNsb3VkZm9udC5EaXN0cmlidXRpb24oXG4gICAgICB0aGlzLFxuICAgICAgYCR7cHJvcHMuYnVja2V0TmFtZX0tZGlzdHJpYnV0aW9uYCxcbiAgICAgIHtcbiAgICAgICAgZGVmYXVsdEJlaGF2aW9yOiB7XG4gICAgICAgICAgb3JpZ2luOiBuZXcgb3JpZ2lucy5TM1N0YXRpY1dlYnNpdGVPcmlnaW4odGhpcy5idWNrZXQpLFxuICAgICAgICAgIHZpZXdlclByb3RvY29sUG9saWN5OlxuICAgICAgICAgICAgY2xvdWRmb250LlZpZXdlclByb3RvY29sUG9saWN5LlJFRElSRUNUX1RPX0hUVFBTLFxuICAgICAgICB9LFxuICAgICAgICBlcnJvclJlc3BvbnNlczogW1xuICAgICAgICAgIHtcbiAgICAgICAgICAgIGh0dHBTdGF0dXM6IDQwNCxcbiAgICAgICAgICAgIHJlc3BvbnNlSHR0cFN0YXR1czogNDA0LFxuICAgICAgICAgICAgcmVzcG9uc2VQYWdlUGF0aDogcHJvcHMubm90Rm91bmRSZXNwb25zZVBhZ2VQYXRoIHx8IGAvNDA0Lmh0bWxgLFxuICAgICAgICAgICAgdHRsOiBjZGsuRHVyYXRpb24ubWludXRlcygzMCksXG4gICAgICAgICAgfSxcbiAgICAgICAgXSxcbiAgICAgICAgcHJpY2VDbGFzczogY2xvdWRmb250LlByaWNlQ2xhc3MuUFJJQ0VfQ0xBU1NfMTAwLFxuICAgICAgICAuLi4ocHJvcHMuZG9tYWluQ29uZmlnXG4gICAgICAgICAgPyB7XG4gICAgICAgICAgICAgIGRvbWFpbk5hbWVzOiBbdGhpcy5fZ2V0RnVsbERvbWFpbk5hbWUocHJvcHMuZG9tYWluQ29uZmlnKV0sXG4gICAgICAgICAgICAgIGNlcnRpZmljYXRlOiB0aGlzLl9nZXRDZXJ0aWZpY2F0ZShcbiAgICAgICAgICAgICAgICBwcm9wcy5kb21haW5Db25maWcuY2VydGlmaWNhdGVBcm4sXG4gICAgICAgICAgICAgICksXG4gICAgICAgICAgICB9XG4gICAgICAgICAgOiB7fSksXG4gICAgICB9LFxuICAgICk7XG5cbiAgICBpZiAocHJvcHMuZG9tYWluQ29uZmlnKSB7XG4gICAgICBjb25zdCBob3N0ZWRab25lID0gcm91dGU1My5Ib3N0ZWRab25lLmZyb21Mb29rdXAodGhpcywgXCJIb3N0ZWRab25lXCIsIHtcbiAgICAgICAgZG9tYWluTmFtZTogcHJvcHMuZG9tYWluQ29uZmlnLmRvbWFpbk5hbWUsXG4gICAgICB9KTtcbiAgICAgIGNvbnN0IGRvbWFpbkFSZWNvcmQgPSBuZXcgcm91dGU1My5BUmVjb3JkKHRoaXMsIFwiRG9tYWluQVJlY29yZFwiLCB7XG4gICAgICAgIHpvbmU6IGhvc3RlZFpvbmUsXG4gICAgICAgIHJlY29yZE5hbWU6IHRoaXMuX2dldEZ1bGxEb21haW5OYW1lKHByb3BzLmRvbWFpbkNvbmZpZyksXG4gICAgICAgIHRhcmdldDogY2RrLmF3c19yb3V0ZTUzLlJlY29yZFRhcmdldC5mcm9tQWxpYXMoXG4gICAgICAgICAgbmV3IGNkay5hd3Nfcm91dGU1M190YXJnZXRzLkNsb3VkRnJvbnRUYXJnZXQodGhpcy5kaXN0cmlidXRpb24pLFxuICAgICAgICApLFxuICAgICAgfSk7XG4gICAgICBkb21haW5BUmVjb3JkLm5vZGUuYWRkRGVwZW5kZW5jeSh0aGlzLmRpc3RyaWJ1dGlvbik7XG4gICAgfVxuXG4gICAgbmV3IGNkay5DZm5PdXRwdXQodGhpcywgXCJjbG91ZGZyb250LXdlYnNpdGUtdXJsXCIsIHtcbiAgICAgIHZhbHVlOiB0aGlzLmRpc3RyaWJ1dGlvbi5kaXN0cmlidXRpb25Eb21haW5OYW1lLFxuICAgICAgZGVzY3JpcHRpb246IFwiQ2xvdWRGcm9udCBEaXN0cmlidXRpb24gRG9tYWluIE5hbWVcIixcbiAgICB9KTtcblxuICAgIG5ldyBjZGsuQ2ZuT3V0cHV0KHRoaXMsIFwiczMtd2Vic2l0ZS11cmxcIiwge1xuICAgICAgdmFsdWU6IHRoaXMuYnVja2V0LmJ1Y2tldFdlYnNpdGVVcmwsXG4gICAgICBkZXNjcmlwdGlvbjogXCJTMyBCdWNrZXQgV2Vic2l0ZSBVUkxcIixcbiAgICB9KTtcblxuICAgIGlmIChwcm9wcy5kb21haW5Db25maWcpIHtcbiAgICAgIG5ldyBjZGsuQ2ZuT3V0cHV0KHRoaXMsIFwid2Vic2l0ZS11cmxcIiwge1xuICAgICAgICB2YWx1ZTogdGhpcy5kaXN0cmlidXRpb24uZG9tYWluTmFtZSxcbiAgICAgICAgZGVzY3JpcHRpb246IFwiV2Vic2l0ZSBVUkxcIixcbiAgICAgIH0pO1xuICAgIH1cbiAgfVxuXG4gIHByaXZhdGUgX2dldEZ1bGxEb21haW5OYW1lKGRvbWFpbkNvbmZpZzogRG9tYWluQ29uZmlnKTogc3RyaW5nIHtcbiAgICByZXR1cm4gZG9tYWluQ29uZmlnLnN1YmRvbWFpbk5hbWVcbiAgICAgID8gYCR7ZG9tYWluQ29uZmlnLnN1YmRvbWFpbk5hbWV9LiR7ZG9tYWluQ29uZmlnLmRvbWFpbk5hbWV9YFxuICAgICAgOiBkb21haW5Db25maWcuZG9tYWluTmFtZTtcbiAgfVxuXG4gIHByaXZhdGUgX2dldENlcnRpZmljYXRlKGFybjogc3RyaW5nKTogY2VydGlmaWNhdGVtYW5hZ2VyLklDZXJ0aWZpY2F0ZSB7XG4gICAgcmV0dXJuIGNlcnRpZmljYXRlbWFuYWdlci5DZXJ0aWZpY2F0ZS5mcm9tQ2VydGlmaWNhdGVBcm4oXG4gICAgICB0aGlzLFxuICAgICAgYHdlYnNpdGUtY2VydGAsXG4gICAgICBhcm4sXG4gICAgKTtcbiAgfVxufVxuIl19
114
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDJDQUF1QztBQUN2Qyx1REFBeUM7QUFDekMsc0VBQXdEO0FBQ3hELDRFQUE4RDtBQUM5RCx1RkFBeUU7QUFDekUsaURBQW1DO0FBQ25DLHlEQUEyQztBQUMzQyxpRUFBbUQ7QUE4Qm5ELE1BQWEsT0FBUSxTQUFRLHNCQUFTO0lBQ3BCLE1BQU0sQ0FBWTtJQUNsQixZQUFZLENBQXlCO0lBRXJELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBbUI7UUFDM0QsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqQixJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksRUFBRSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsS0FBSyxDQUFDLFVBQVUsRUFBRTtZQUNsRCxvQkFBb0IsRUFBRSxLQUFLLENBQUMsU0FBUztZQUNyQyxvQkFBb0IsRUFBRSxLQUFLLENBQUMsU0FBUztZQUNyQyxnQkFBZ0IsRUFBRSxJQUFJO1lBQ3RCLGFBQWEsRUFBRSxHQUFHLENBQUMsYUFBYSxDQUFDLE9BQU87WUFDeEMsaUJBQWlCLEVBQUUsRUFBRSxDQUFDLGlCQUFpQixDQUFDLGVBQWU7WUFDdkQsYUFBYSxFQUFFLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyx5QkFBeUI7WUFDL0QsVUFBVSxFQUFFLEVBQUUsQ0FBQyxnQkFBZ0IsQ0FBQyxVQUFVO1NBQzNDLENBQUMsQ0FBQztRQUNILE1BQU0sR0FBRyxHQUFHLElBQUksU0FBUyxDQUFDLG9CQUFvQixDQUM1QyxJQUFJLEVBQ0osR0FBRyxLQUFLLENBQUMsVUFBVSxNQUFNLENBQzFCLENBQUM7UUFDRixJQUFJLENBQUMsTUFBTSxDQUFDLG1CQUFtQixDQUM3QixJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7WUFDdEIsT0FBTyxFQUFFLENBQUMsY0FBYyxDQUFDO1lBQ3pCLFNBQVMsRUFBRSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQzNDLFVBQVUsRUFBRTtnQkFDVixJQUFJLEdBQUcsQ0FBQyxzQkFBc0IsQ0FDNUIsR0FBRyxDQUFDLCtDQUErQyxDQUNwRDthQUNGO1NBQ0YsQ0FBQyxDQUNILENBQUM7UUFFRixJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksU0FBUyxDQUFDLFlBQVksQ0FDNUMsSUFBSSxFQUNKLEdBQUcsS0FBSyxDQUFDLFVBQVUsZUFBZSxFQUNsQztZQUNFLGVBQWUsRUFBRTtnQkFDZixNQUFNLEVBQUUsSUFBSSxPQUFPLENBQUMscUJBQXFCLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQztnQkFDdEQsb0JBQW9CLEVBQ2xCLFNBQVMsQ0FBQyxvQkFBb0IsQ0FBQyxpQkFBaUI7YUFDbkQ7WUFDRCxjQUFjLEVBQUU7Z0JBQ2Q7b0JBQ0UsVUFBVSxFQUFFLEdBQUc7b0JBQ2Ysa0JBQWtCLEVBQUUsR0FBRztvQkFDdkIsZ0JBQWdCLEVBQUUsS0FBSyxDQUFDLHdCQUF3QixJQUFJLFdBQVc7b0JBQy9ELEdBQUcsRUFBRSxHQUFHLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7aUJBQzlCO2FBQ0Y7WUFDRCxVQUFVLEVBQUUsU0FBUyxDQUFDLFVBQVUsQ0FBQyxlQUFlO1lBQ2hELEdBQUcsQ0FBQyxLQUFLLENBQUMsWUFBWTtnQkFDcEIsQ0FBQyxDQUFDO29CQUNFLFdBQVcsRUFBRSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7b0JBQzFELFdBQVcsRUFBRSxJQUFJLENBQUMsZUFBZSxDQUMvQixLQUFLLENBQUMsWUFBWSxDQUFDLGNBQWMsQ0FDbEM7aUJBQ0Y7Z0JBQ0gsQ0FBQyxDQUFDLEVBQUUsQ0FBQztTQUNSLENBQ0YsQ0FBQztRQUVGLElBQUksS0FBSyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sVUFBVSxHQUFHLE9BQU8sQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxZQUFZLEVBQUU7Z0JBQ25FLFVBQVUsRUFBRSxLQUFLLENBQUMsWUFBWSxDQUFDLFVBQVU7YUFDMUMsQ0FBQyxDQUFDO1lBQ0gsTUFBTSxhQUFhLEdBQUcsSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxlQUFlLEVBQUU7Z0JBQy9ELElBQUksRUFBRSxVQUFVO2dCQUNoQixVQUFVLEVBQUUsSUFBSSxDQUFDLGtCQUFrQixDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUM7Z0JBQ3ZELE1BQU0sRUFBRSxHQUFHLENBQUMsV0FBVyxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQzVDLElBQUksR0FBRyxDQUFDLG1CQUFtQixDQUFDLGdCQUFnQixDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FDaEU7YUFDRixDQUFDLENBQUM7WUFDSCxhQUFhLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDdEQsQ0FBQztRQUVELElBQUksR0FBRyxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsd0JBQXdCLEVBQUU7WUFDaEQsS0FBSyxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsc0JBQXNCO1lBQy9DLFdBQVcsRUFBRSxxQ0FBcUM7U0FDbkQsQ0FBQyxDQUFDO1FBRUgsSUFBSSxHQUFHLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxnQkFBZ0IsRUFBRTtZQUN4QyxLQUFLLEVBQUUsSUFBSSxDQUFDLE1BQU0sQ0FBQyxnQkFBZ0I7WUFDbkMsV0FBVyxFQUFFLHVCQUF1QjtTQUNyQyxDQUFDLENBQUM7UUFFSCxJQUFJLEtBQUssQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUN2QixJQUFJLEdBQUcsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLGFBQWEsRUFBRTtnQkFDckMsS0FBSyxFQUFFLElBQUksQ0FBQyxZQUFZLENBQUMsVUFBVTtnQkFDbkMsV0FBVyxFQUFFLGFBQWE7YUFDM0IsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztJQUNILENBQUM7SUFFTyxrQkFBa0IsQ0FBQyxZQUEwQjtRQUNuRCxPQUFPLFlBQVksQ0FBQyxhQUFhO1lBQy9CLENBQUMsQ0FBQyxHQUFHLFlBQVksQ0FBQyxhQUFhLElBQUksWUFBWSxDQUFDLFVBQVUsRUFBRTtZQUM1RCxDQUFDLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQztJQUM5QixDQUFDO0lBRU8sZUFBZSxDQUFDLEdBQVc7UUFDakMsT0FBTyxrQkFBa0IsQ0FBQyxXQUFXLENBQUMsa0JBQWtCLENBQ3RELElBQUksRUFDSixjQUFjLEVBQ2QsR0FBRyxDQUNKLENBQUM7SUFDSixDQUFDO0NBQ0Y7QUF6R0QsMEJBeUdDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSBcImNvbnN0cnVjdHNcIjtcbmltcG9ydCAqIGFzIHMzIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtczNcIjtcbmltcG9ydCAqIGFzIGNsb3VkZm9udCBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWNsb3VkZnJvbnRcIjtcbmltcG9ydCAqIGFzIG9yaWdpbnMgZnJvbSBcImF3cy1jZGstbGliL2F3cy1jbG91ZGZyb250LW9yaWdpbnNcIjtcbmltcG9ydCAqIGFzIGNlcnRpZmljYXRlbWFuYWdlciBmcm9tIFwiYXdzLWNkay1saWIvYXdzLWNlcnRpZmljYXRlbWFuYWdlclwiO1xuaW1wb3J0ICogYXMgY2RrIGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0ICogYXMgaWFtIGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQgKiBhcyByb3V0ZTUzIGZyb20gXCJhd3MtY2RrLWxpYi9hd3Mtcm91dGU1M1wiO1xuXG5leHBvcnQgaW50ZXJmYWNlIERvbWFpbkNvbmZpZyB7XG4gIC8qKiBUaGUgcm9vdCBkb21haW4gbmFtZSAoZS5nLiwgZXhhbXBsZS5jb20pLlxuICAgKiBUaGVyZSBtdXN0IGJlIGFuIGFzc29jaWF0ZWQgaG9zdGVkIHpvbmUgaW4gUm91dGUgNTMgZm9yIHRoaXMgZG9tYWluLlxuICAgKi9cbiAgZG9tYWluTmFtZTogc3RyaW5nO1xuICAvKiogVGhlIHN1YmRvbWFpbiBuYW1lICovXG4gIHN1YmRvbWFpbk5hbWU6IHN0cmluZztcbiAgLyoqIFRoZSBBUk4gb2YgdGhlIFNTTCBjZXJ0aWZpY2F0ZSB0byB1c2UgZm9yIHRoZSBkb21haW4uICovXG4gIGNlcnRpZmljYXRlQXJuOiBzdHJpbmc7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgV2Vic2l0ZVByb3BzIHtcbiAgLyoqIFRoZSBuYW1lIG9mIHRoZSBTMyBidWNrZXQgdGhhdCB3aWxsIGhvc3QgdGhlIHdlYnNpdGUgY29udGVudC4gKi9cbiAgYnVja2V0TmFtZTogc3RyaW5nO1xuXG4gIC8qKiBUaGUgcGF0aCB0byB0aGUgaW5kZXggZG9jdW1lbnQgdGhhdCB3aWxsIGJlIHNlcnZlZCBhcyB0aGUgZGVmYXVsdCBwYWdlLiAqL1xuICBpbmRleEZpbGU6IHN0cmluZztcblxuICAvKiogVGhlIHBhdGggdG8gdGhlIGVycm9yIGRvY3VtZW50IHRoYXQgd2lsbCBiZSBzZXJ2ZWQgd2hlbiBhbiBlcnJvciBvY2N1cnMuICovXG4gIGVycm9yRmlsZTogc3RyaW5nO1xuXG4gIC8qKiBPcHRpb25hbCBjb25maWd1cmF0aW9uIGZvciBjdXN0b20gZG9tYWluIHNldHVwLiAqL1xuICBkb21haW5Db25maWc/OiBEb21haW5Db25maWc7XG5cbiAgLyoqIE9wdGlvbmFsIHBhdGggdG8gYSBjdXN0b20gNDA0IHBhZ2UuIElmIG5vdCBzcGVjaWZpZWQsIHRoZSBlcnJvciBmaWxlIHdpbGwgYmUgdXNlZC4gKi9cbiAgbm90Rm91bmRSZXNwb25zZVBhZ2VQYXRoPzogc3RyaW5nO1xufVxuXG5leHBvcnQgY2xhc3MgV2Vic2l0ZSBleHRlbmRzIENvbnN0cnVjdCB7XG4gIHB1YmxpYyByZWFkb25seSBidWNrZXQ6IHMzLkJ1Y2tldDtcbiAgcHVibGljIHJlYWRvbmx5IGRpc3RyaWJ1dGlvbjogY2xvdWRmb250LkRpc3RyaWJ1dGlvbjtcblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogV2Vic2l0ZVByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkKTtcbiAgICB0aGlzLmJ1Y2tldCA9IG5ldyBzMy5CdWNrZXQodGhpcywgcHJvcHMuYnVja2V0TmFtZSwge1xuICAgICAgd2Vic2l0ZUluZGV4RG9jdW1lbnQ6IHByb3BzLmluZGV4RmlsZSxcbiAgICAgIHdlYnNpdGVFcnJvckRvY3VtZW50OiBwcm9wcy5lcnJvckZpbGUsXG4gICAgICBwdWJsaWNSZWFkQWNjZXNzOiB0cnVlLFxuICAgICAgcmVtb3ZhbFBvbGljeTogY2RrLlJlbW92YWxQb2xpY3kuREVTVFJPWSxcbiAgICAgIGJsb2NrUHVibGljQWNjZXNzOiBzMy5CbG9ja1B1YmxpY0FjY2Vzcy5CTE9DS19BQ0xTX09OTFksXG4gICAgICBhY2Nlc3NDb250cm9sOiBzMy5CdWNrZXRBY2Nlc3NDb250cm9sLkJVQ0tFVF9PV05FUl9GVUxMX0NPTlRST0wsXG4gICAgICBlbmNyeXB0aW9uOiBzMy5CdWNrZXRFbmNyeXB0aW9uLlMzX01BTkFHRUQsXG4gICAgfSk7XG4gICAgY29uc3Qgb2FpID0gbmV3IGNsb3VkZm9udC5PcmlnaW5BY2Nlc3NJZGVudGl0eShcbiAgICAgIHRoaXMsXG4gICAgICBgJHtwcm9wcy5idWNrZXROYW1lfS1PQUlgXG4gICAgKTtcbiAgICB0aGlzLmJ1Y2tldC5hZGRUb1Jlc291cmNlUG9saWN5KFxuICAgICAgbmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICBhY3Rpb25zOiBbXCJzMzpHZXRPYmplY3RcIl0sXG4gICAgICAgIHJlc291cmNlczogW3RoaXMuYnVja2V0LmFybkZvck9iamVjdHMoXCIqXCIpXSxcbiAgICAgICAgcHJpbmNpcGFsczogW1xuICAgICAgICAgIG5ldyBpYW0uQ2Fub25pY2FsVXNlclByaW5jaXBhbChcbiAgICAgICAgICAgIG9haS5jbG91ZEZyb250T3JpZ2luQWNjZXNzSWRlbnRpdHlTM0Nhbm9uaWNhbFVzZXJJZFxuICAgICAgICAgICksXG4gICAgICAgIF0sXG4gICAgICB9KVxuICAgICk7XG5cbiAgICB0aGlzLmRpc3RyaWJ1dGlvbiA9IG5ldyBjbG91ZGZvbnQuRGlzdHJpYnV0aW9uKFxuICAgICAgdGhpcyxcbiAgICAgIGAke3Byb3BzLmJ1Y2tldE5hbWV9LWRpc3RyaWJ1dGlvbmAsXG4gICAgICB7XG4gICAgICAgIGRlZmF1bHRCZWhhdmlvcjoge1xuICAgICAgICAgIG9yaWdpbjogbmV3IG9yaWdpbnMuUzNTdGF0aWNXZWJzaXRlT3JpZ2luKHRoaXMuYnVja2V0KSxcbiAgICAgICAgICB2aWV3ZXJQcm90b2NvbFBvbGljeTpcbiAgICAgICAgICAgIGNsb3VkZm9udC5WaWV3ZXJQcm90b2NvbFBvbGljeS5SRURJUkVDVF9UT19IVFRQUyxcbiAgICAgICAgfSxcbiAgICAgICAgZXJyb3JSZXNwb25zZXM6IFtcbiAgICAgICAgICB7XG4gICAgICAgICAgICBodHRwU3RhdHVzOiA0MDQsXG4gICAgICAgICAgICByZXNwb25zZUh0dHBTdGF0dXM6IDQwNCxcbiAgICAgICAgICAgIHJlc3BvbnNlUGFnZVBhdGg6IHByb3BzLm5vdEZvdW5kUmVzcG9uc2VQYWdlUGF0aCB8fCBgLzQwNC5odG1sYCxcbiAgICAgICAgICAgIHR0bDogY2RrLkR1cmF0aW9uLm1pbnV0ZXMoMzApLFxuICAgICAgICAgIH0sXG4gICAgICAgIF0sXG4gICAgICAgIHByaWNlQ2xhc3M6IGNsb3VkZm9udC5QcmljZUNsYXNzLlBSSUNFX0NMQVNTXzEwMCxcbiAgICAgICAgLi4uKHByb3BzLmRvbWFpbkNvbmZpZ1xuICAgICAgICAgID8ge1xuICAgICAgICAgICAgICBkb21haW5OYW1lczogW3RoaXMuX2dldEZ1bGxEb21haW5OYW1lKHByb3BzLmRvbWFpbkNvbmZpZyldLFxuICAgICAgICAgICAgICBjZXJ0aWZpY2F0ZTogdGhpcy5fZ2V0Q2VydGlmaWNhdGUoXG4gICAgICAgICAgICAgICAgcHJvcHMuZG9tYWluQ29uZmlnLmNlcnRpZmljYXRlQXJuXG4gICAgICAgICAgICAgICksXG4gICAgICAgICAgICB9XG4gICAgICAgICAgOiB7fSksXG4gICAgICB9XG4gICAgKTtcblxuICAgIGlmIChwcm9wcy5kb21haW5Db25maWcpIHtcbiAgICAgIGNvbnN0IGhvc3RlZFpvbmUgPSByb3V0ZTUzLkhvc3RlZFpvbmUuZnJvbUxvb2t1cCh0aGlzLCBcIkhvc3RlZFpvbmVcIiwge1xuICAgICAgICBkb21haW5OYW1lOiBwcm9wcy5kb21haW5Db25maWcuZG9tYWluTmFtZSxcbiAgICAgIH0pO1xuICAgICAgY29uc3QgZG9tYWluQVJlY29yZCA9IG5ldyByb3V0ZTUzLkFSZWNvcmQodGhpcywgXCJEb21haW5BUmVjb3JkXCIsIHtcbiAgICAgICAgem9uZTogaG9zdGVkWm9uZSxcbiAgICAgICAgcmVjb3JkTmFtZTogdGhpcy5fZ2V0RnVsbERvbWFpbk5hbWUocHJvcHMuZG9tYWluQ29uZmlnKSxcbiAgICAgICAgdGFyZ2V0OiBjZGsuYXdzX3JvdXRlNTMuUmVjb3JkVGFyZ2V0LmZyb21BbGlhcyhcbiAgICAgICAgICBuZXcgY2RrLmF3c19yb3V0ZTUzX3RhcmdldHMuQ2xvdWRGcm9udFRhcmdldCh0aGlzLmRpc3RyaWJ1dGlvbilcbiAgICAgICAgKSxcbiAgICAgIH0pO1xuICAgICAgZG9tYWluQVJlY29yZC5ub2RlLmFkZERlcGVuZGVuY3kodGhpcy5kaXN0cmlidXRpb24pO1xuICAgIH1cblxuICAgIG5ldyBjZGsuQ2ZuT3V0cHV0KHRoaXMsIFwiY2xvdWRmcm9udC13ZWJzaXRlLXVybFwiLCB7XG4gICAgICB2YWx1ZTogdGhpcy5kaXN0cmlidXRpb24uZGlzdHJpYnV0aW9uRG9tYWluTmFtZSxcbiAgICAgIGRlc2NyaXB0aW9uOiBcIkNsb3VkRnJvbnQgRGlzdHJpYnV0aW9uIERvbWFpbiBOYW1lXCIsXG4gICAgfSk7XG5cbiAgICBuZXcgY2RrLkNmbk91dHB1dCh0aGlzLCBcInMzLXdlYnNpdGUtdXJsXCIsIHtcbiAgICAgIHZhbHVlOiB0aGlzLmJ1Y2tldC5idWNrZXRXZWJzaXRlVXJsLFxuICAgICAgZGVzY3JpcHRpb246IFwiUzMgQnVja2V0IFdlYnNpdGUgVVJMXCIsXG4gICAgfSk7XG5cbiAgICBpZiAocHJvcHMuZG9tYWluQ29uZmlnKSB7XG4gICAgICBuZXcgY2RrLkNmbk91dHB1dCh0aGlzLCBcIndlYnNpdGUtdXJsXCIsIHtcbiAgICAgICAgdmFsdWU6IHRoaXMuZGlzdHJpYnV0aW9uLmRvbWFpbk5hbWUsXG4gICAgICAgIGRlc2NyaXB0aW9uOiBcIldlYnNpdGUgVVJMXCIsXG4gICAgICB9KTtcbiAgICB9XG4gIH1cblxuICBwcml2YXRlIF9nZXRGdWxsRG9tYWluTmFtZShkb21haW5Db25maWc6IERvbWFpbkNvbmZpZyk6IHN0cmluZyB7XG4gICAgcmV0dXJuIGRvbWFpbkNvbmZpZy5zdWJkb21haW5OYW1lXG4gICAgICA/IGAke2RvbWFpbkNvbmZpZy5zdWJkb21haW5OYW1lfS4ke2RvbWFpbkNvbmZpZy5kb21haW5OYW1lfWBcbiAgICAgIDogZG9tYWluQ29uZmlnLmRvbWFpbk5hbWU7XG4gIH1cblxuICBwcml2YXRlIF9nZXRDZXJ0aWZpY2F0ZShhcm46IHN0cmluZyk6IGNlcnRpZmljYXRlbWFuYWdlci5JQ2VydGlmaWNhdGUge1xuICAgIHJldHVybiBjZXJ0aWZpY2F0ZW1hbmFnZXIuQ2VydGlmaWNhdGUuZnJvbUNlcnRpZmljYXRlQXJuKFxuICAgICAgdGhpcyxcbiAgICAgIGB3ZWJzaXRlLWNlcnRgLFxuICAgICAgYXJuXG4gICAgKTtcbiAgfVxufVxuIl19
package/lib/index.ts CHANGED
@@ -44,12 +44,15 @@ export class Website extends Construct {
44
44
  this.bucket = new s3.Bucket(this, props.bucketName, {
45
45
  websiteIndexDocument: props.indexFile,
46
46
  websiteErrorDocument: props.errorFile,
47
+ publicReadAccess: true,
47
48
  removalPolicy: cdk.RemovalPolicy.DESTROY,
49
+ blockPublicAccess: s3.BlockPublicAccess.BLOCK_ACLS_ONLY,
50
+ accessControl: s3.BucketAccessControl.BUCKET_OWNER_FULL_CONTROL,
48
51
  encryption: s3.BucketEncryption.S3_MANAGED,
49
52
  });
50
53
  const oai = new cloudfont.OriginAccessIdentity(
51
54
  this,
52
- `${props.bucketName}-OAI`,
55
+ `${props.bucketName}-OAI`
53
56
  );
54
57
  this.bucket.addToResourcePolicy(
55
58
  new iam.PolicyStatement({
@@ -57,10 +60,10 @@ export class Website extends Construct {
57
60
  resources: [this.bucket.arnForObjects("*")],
58
61
  principals: [
59
62
  new iam.CanonicalUserPrincipal(
60
- oai.cloudFrontOriginAccessIdentityS3CanonicalUserId,
63
+ oai.cloudFrontOriginAccessIdentityS3CanonicalUserId
61
64
  ),
62
65
  ],
63
- }),
66
+ })
64
67
  );
65
68
 
66
69
  this.distribution = new cloudfont.Distribution(
@@ -85,11 +88,11 @@ export class Website extends Construct {
85
88
  ? {
86
89
  domainNames: [this._getFullDomainName(props.domainConfig)],
87
90
  certificate: this._getCertificate(
88
- props.domainConfig.certificateArn,
91
+ props.domainConfig.certificateArn
89
92
  ),
90
93
  }
91
94
  : {}),
92
- },
95
+ }
93
96
  );
94
97
 
95
98
  if (props.domainConfig) {
@@ -100,7 +103,7 @@ export class Website extends Construct {
100
103
  zone: hostedZone,
101
104
  recordName: this._getFullDomainName(props.domainConfig),
102
105
  target: cdk.aws_route53.RecordTarget.fromAlias(
103
- new cdk.aws_route53_targets.CloudFrontTarget(this.distribution),
106
+ new cdk.aws_route53_targets.CloudFrontTarget(this.distribution)
104
107
  ),
105
108
  });
106
109
  domainARecord.node.addDependency(this.distribution);
@@ -134,7 +137,7 @@ export class Website extends Construct {
134
137
  return certificatemanager.Certificate.fromCertificateArn(
135
138
  this,
136
139
  `website-cert`,
137
- arn,
140
+ arn
138
141
  );
139
142
  }
140
143
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sitblueprint/website-construct",
3
- "version": "0.1.3",
3
+ "version": "0.1.4",
4
4
  "description": "A reusable AWS CDK construct for deploying static websites with optional custom domain support.",
5
5
  "author": "Miguel Merlin <mmerlin@stevens.edu>",
6
6
  "license": "MIT",