aws-architect 6.7.142 → 6.7.144

package/index.d.ts

@@ -41,6 +41,7 @@ export interface StackSetConfiguration {
 }
 
 export interface OrganizationalStackSetConfiguration {
+  orgIds?: Array<string>;
   changeSetName: string;
   stackSetName: string;
   tags?: Record<string, string>;

package/lib/BucketManager.js

@@ -4,6 +4,7 @@ let path = require('path');
 const { createHash } = require('crypto');
 const { lookup } = require('mime-types');
 const { S3Client, HeadBucketCommand, CreateBucketCommand, PutPublicAccessBlockCommand, PutBucketLifecycleConfigurationCommand } = require('@aws-sdk/client-s3');
+const { STSClient, GetCallerIdentityCommand } = require('@aws-sdk/client-sts');
 
 const contentTypeMappingConst = {
   '.ico': 'image/x-icon',
@@ -157,6 +158,13 @@ class BucketManager {
   async ensureBucketExists(bucket) {
     const region = this.S3Manager.config.region;
     const s3Client = new S3Client({ region });
+    const stsClient = new STSClient({ region });
+
+    const { Account: accountId } = await stsClient.send(new GetCallerIdentityCommand({}));
+
+    if (!bucket.includes(accountId) || !bucket.includes(region)) {
+      throw { title: 'Bucket name must include both the AWS account ID and the region', bucket, accountId, region };
+    }
 
     const bucketLifecycleConfigurationParams = {
       Bucket: bucket,
@@ -174,6 +182,7 @@ class BucketManager {
 
     try {
       await s3Client.send(new HeadBucketCommand({ Bucket: bucket }));
+      return;
     } catch (error) {
       if (error.name !== 'NotFound') {
         throw { title: 'Failed to validate deployment bucket is available', error, bucket };
@@ -185,16 +194,18 @@ class BucketManager {
       params.CreateBucketConfiguration = { LocationConstraint: region };
     }
     try {
-      console.log(`[AWS Architect] (S3) - Cretaing deployment bucket because it does not exist exist: ${bucket}`);
+      console.log(`[AWS Architect] (S3) - Creating deployment bucket because it does not exist: ${bucket}`);
       await s3Client.send(new CreateBucketCommand(params));
     } catch (error) {
-      if (error.name === 'BucketAlreadyExists') {
+      if (error.name === 'BucketAlreadyExists' || error.name === 'BucketAlreadyOwnedByYou') {
         return;
       }
       throw error;
     }
     await s3Client.send(new PutPublicAccessBlockCommand({
-      Bucket: bucket, PublicAccessBlockConfiguration: { BlockPublicAcls: true, BlockPublicPolicy: true, IgnorePublicAcls: true, RestrictPublicBuckets: true }
+      Bucket: bucket,
+      PublicAccessBlockConfiguration: { BlockPublicAcls: true, BlockPublicPolicy: true, IgnorePublicAcls: true, RestrictPublicBuckets: true },
+      ExpectedBucketOwner: accountId
     }));
     await s3Client.send(new PutBucketLifecycleConfigurationCommand(bucketLifecycleConfigurationParams));
   }

package/lib/CloudFormationDeployer.js

@@ -553,7 +553,7 @@ class CloudFormationDeployer {
     const deployToAdditionalRegionsParams = {
       StackSetName: options.stackSetName,
       DeploymentTargets: {
-        OrganizationalUnitIds: rootOrgsInfo.Roots.map(org => org.Id)
+        OrganizationalUnitIds: options.orgIds || rootOrgsInfo.Roots.map(org => org.Id)
       },
       Regions: newRegions,
       OperationId: changeSetName,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aws-architect",
-  "version": "6.7.142",
+  "version": "6.7.144",
   "description": "AWS Architect is a node based tool to configure and deploy AWS-based microservices.",
   "main": "index.js",
   "types": "index.d.ts",
@@ -20,6 +20,7 @@
   "dependencies": {
     "@aws-sdk/client-cloudformation": "^3.1000.0",
     "@aws-sdk/client-s3": "^3.1000",
+    "@aws-sdk/client-sts": "^3.1000",
     "archiver": "^5.3.0",
     "body-parser": "^1.18.2",
     "commander": "^2.5.0",