sst 2.0.13 → 2.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -100,7 +100,7 @@ export class SsrSite extends Construct {
100
100
  : this.createCloudFrontDistributionForRegional();
101
101
  this.distribution.node.addDependency(s3deployCR);
102
102
  // Invalidate CloudFront
103
- const invalidationCR = this.createCloudFrontInvalidation(cliLayer);
103
+ const invalidationCR = this.createCloudFrontInvalidation();
104
104
  invalidationCR.node.addDependency(this.distribution);
105
105
  // Connect Custom Domain to CloudFront Distribution
106
106
  this.createRoute53Records();
@@ -551,36 +551,29 @@ export class SsrSite extends Construct {
551
551
  comment: "SST server response cache policy",
552
552
  });
553
553
  }
554
- createCloudFrontInvalidation(cliLayer) {
555
- // Create a Lambda function that will be doing the invalidation
556
- const invalidator = new Function(this, "CloudFrontInvalidator", {
557
- code: Code.fromAsset(path.join(__dirname, "../support/base-site-custom-resource")),
558
- layers: [cliLayer],
559
- runtime: Runtime.PYTHON_3_7,
560
- handler: "cf-invalidate.handler",
561
- timeout: CdkDuration.minutes(15),
562
- memorySize: 1024,
554
+ createCloudFrontInvalidation() {
555
+ const stack = Stack.of(this);
556
+ const resource = new CustomResource(this, "CloudFrontInvalidator", {
557
+ serviceToken: stack.customResourceHandler.functionArn,
558
+ resourceType: "Custom::CloudFrontInvalidator",
559
+ properties: {
560
+ buildId: this.generateBuildId(),
561
+ distributionId: this.distribution.distributionId,
562
+ paths: ["/*"],
563
+ waitForInvalidation: this.props.waitForInvalidation,
564
+ },
563
565
  });
564
- // Grant permissions to invalidate CF Distribution
565
- invalidator.addToRolePolicy(new PolicyStatement({
566
+ stack.customResourceHandler.role?.addToPrincipalPolicy(new PolicyStatement({
566
567
  effect: Effect.ALLOW,
567
568
  actions: [
568
569
  "cloudfront:GetInvalidation",
569
570
  "cloudfront:CreateInvalidation",
570
571
  ],
571
- resources: ["*"],
572
+ resources: [
573
+ `arn:${stack.partition}:cloudfront::${stack.account}:distribution/${this.distribution.distributionId}`,
574
+ ],
572
575
  }));
573
- return new CustomResource(this, "CloudFrontInvalidation", {
574
- serviceToken: invalidator.functionArn,
575
- resourceType: "Custom::SSTCloudFrontInvalidation",
576
- properties: {
577
- BuildId: this.generateBuildId(),
578
- DistributionId: this.distribution.distributionId,
579
- // TODO: Ignore the browser build path as it may speed up invalidation
580
- DistributionPaths: ["/*"],
581
- WaitForInvalidation: this.props.waitForInvalidation,
582
- },
583
- });
576
+ return resource;
584
577
  }
585
578
  /////////////////////
586
579
  // Custom Domain
@@ -1,3 +1,4 @@
1
+ import fs from "fs";
1
2
  import url from "url";
2
3
  import * as path from "path";
3
4
  import * as cdk from "aws-cdk-lib";
@@ -172,9 +173,11 @@ export class Stack extends cdk.Stack {
172
173
  });
173
174
  }
174
175
  createCustomResourceHandler() {
176
+ const dir = path.join(__dirname, "../support/custom-resources/");
175
177
  return new lambda.Function(this, "CustomResourceHandler", {
176
- code: lambda.Code.fromAsset(path.join(__dirname, "../support/custom-resources/"), {
177
- assetHash: this.stackName + "-custom-resources-20230130",
178
+ code: lambda.Code.fromAsset(dir, {
179
+ //assetHash: this.stackName + "-custom-resources-20230130",
180
+ assetHash: this.stackName + fs.readFileSync(dir + "/index.mjs").toString(),
178
181
  }),
179
182
  handler: "index.handler",
180
183
  runtime: lambda.Runtime.NODEJS_16_X,
@@ -7,7 +7,7 @@ import { Construct } from "constructs";
7
7
  import { Token, Duration, CfnOutput, RemovalPolicy, CustomResource, } from "aws-cdk-lib";
8
8
  import * as s3 from "aws-cdk-lib/aws-s3";
9
9
  import * as s3Assets from "aws-cdk-lib/aws-s3-assets";
10
- import * as iam from "aws-cdk-lib/aws-iam";
10
+ import { Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
11
11
  import * as lambda from "aws-cdk-lib/aws-lambda";
12
12
  import * as route53 from "aws-cdk-lib/aws-route53";
13
13
  import * as route53Targets from "aws-cdk-lib/aws-route53-targets";
@@ -91,7 +91,7 @@ export class StaticSite extends Construct {
91
91
  this.distribution = this.createCfDistribution();
92
92
  this.distribution.node.addDependency(s3deployCR);
93
93
  // Invalidate CloudFront
94
- const invalidationCR = this.createCloudFrontInvalidation(cliLayer, assets);
94
+ const invalidationCR = this.createCloudFrontInvalidation(assets);
95
95
  invalidationCR.node.addDependency(this.distribution);
96
96
  // Connect Custom Domain to CloudFront Distribution
97
97
  this.createRoute53Records();
@@ -420,41 +420,34 @@ interface ImportMeta {
420
420
  },
421
421
  });
422
422
  }
423
- createCloudFrontInvalidation(cliLayer, assets) {
424
- // Create a Lambda function that will be doing the invalidation
425
- const invalidator = new lambda.Function(this, "CloudFrontInvalidator", {
426
- code: lambda.Code.fromAsset(path.join(__dirname, "../support/base-site-custom-resource")),
427
- layers: [cliLayer],
428
- runtime: lambda.Runtime.PYTHON_3_7,
429
- handler: "cf-invalidate.handler",
430
- timeout: Duration.minutes(15),
431
- memorySize: 1024,
432
- });
433
- // Grant permissions to invalidate CF Distribution
434
- invalidator.addToRolePolicy(new iam.PolicyStatement({
435
- effect: iam.Effect.ALLOW,
436
- actions: [
437
- "cloudfront:GetInvalidation",
438
- "cloudfront:CreateInvalidation",
439
- ],
440
- resources: ["*"],
441
- }));
423
+ createCloudFrontInvalidation(assets) {
424
+ const stack = Stack.of(this);
442
425
  // Need the AssetHash field so the CR gets updated on each deploy
443
426
  const assetsHash = crypto
444
427
  .createHash("md5")
445
428
  .update(assets.map(({ assetHash }) => assetHash).join(""))
446
429
  .digest("hex");
447
- // Create custom resource
448
- return new CustomResource(this, "CloudFrontInvalidation", {
449
- serviceToken: invalidator.functionArn,
450
- resourceType: "Custom::SSTCloudFrontInvalidation",
430
+ const resource = new CustomResource(this, "CloudFrontInvalidator", {
431
+ serviceToken: stack.customResourceHandler.functionArn,
432
+ resourceType: "Custom::CloudFrontInvalidator",
451
433
  properties: {
452
- AssetsHash: assetsHash,
453
- DistributionId: this.distribution.distributionId,
454
- DistributionPaths: ["/*"],
455
- WaitForInvalidation: this.props.waitForInvalidation,
434
+ assetsHash,
435
+ distributionId: this.distribution.distributionId,
436
+ paths: ["/*"],
437
+ waitForInvalidation: this.props.waitForInvalidation,
456
438
  },
457
439
  });
440
+ stack.customResourceHandler.role?.addToPrincipalPolicy(new PolicyStatement({
441
+ effect: Effect.ALLOW,
442
+ actions: [
443
+ "cloudfront:GetInvalidation",
444
+ "cloudfront:CreateInvalidation",
445
+ ],
446
+ resources: [
447
+ `arn:${stack.partition}:cloudfront::${stack.account}:distribution/${this.distribution.distributionId}`,
448
+ ],
449
+ }));
450
+ return resource;
458
451
  }
459
452
  /////////////////////
460
453
  // Custom Domain
@@ -6,7 +6,7 @@ import { execSync } from "child_process";
6
6
  import { Construct } from "constructs";
7
7
  import { Token, Duration, CfnOutput, RemovalPolicy, CustomResource, } from "aws-cdk-lib";
8
8
  import * as s3 from "aws-cdk-lib/aws-s3";
9
- import * as iam from "aws-cdk-lib/aws-iam";
9
+ import { Role, Effect, PolicyStatement, CompositePrincipal, ServicePrincipal, ManagedPolicy, } from "aws-cdk-lib/aws-iam";
10
10
  import * as sqs from "aws-cdk-lib/aws-sqs";
11
11
  import * as logs from "aws-cdk-lib/aws-logs";
12
12
  import * as lambda from "aws-cdk-lib/aws-lambda";
@@ -388,10 +388,10 @@ export class NextjsSite extends Construct {
388
388
  createEdgeFunctionRole() {
389
389
  const { defaults } = this.props;
390
390
  // Create function role
391
- const role = new iam.Role(this, `EdgeLambdaRole`, {
392
- assumedBy: new iam.CompositePrincipal(new iam.ServicePrincipal("lambda.amazonaws.com"), new iam.ServicePrincipal("edgelambda.amazonaws.com")),
391
+ const role = new Role(this, `EdgeLambdaRole`, {
392
+ assumedBy: new CompositePrincipal(new ServicePrincipal("lambda.amazonaws.com"), new ServicePrincipal("edgelambda.amazonaws.com")),
393
393
  managedPolicies: [
394
- iam.ManagedPolicy.fromManagedPolicyArn(this, "EdgeLambdaPolicy", `arn:${Stack.of(this).partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole`),
394
+ ManagedPolicy.fromManagedPolicyArn(this, "EdgeLambdaPolicy", `arn:${Stack.of(this).partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole`),
395
395
  ],
396
396
  });
397
397
  // Attach permission
@@ -470,8 +470,8 @@ export class NextjsSite extends Construct {
470
470
  });
471
471
  }
472
472
  // Allow provider to perform search/replace on the asset
473
- provider.role?.addToPrincipalPolicy(new iam.PolicyStatement({
474
- effect: iam.Effect.ALLOW,
473
+ provider.role?.addToPrincipalPolicy(new PolicyStatement({
474
+ effect: Effect.ALLOW,
475
475
  actions: ["s3:*"],
476
476
  resources: [
477
477
  `arn:${Stack.of(this).partition}:s3:::${asset.s3BucketName}/${asset.s3ObjectKey}`,
@@ -813,24 +813,7 @@ export class NextjsSite extends Construct {
813
813
  return new cloudfront.OriginRequestPolicy(this, "ImageOriginRequest", NextjsSite.imageOriginRequestPolicyProps);
814
814
  }
815
815
  createCloudFrontInvalidation() {
816
- // Create a Lambda function that will be doing the invalidation
817
- const invalidator = new lambda.Function(this, "CloudFrontInvalidator", {
818
- code: lambda.Code.fromAsset(path.join(__dirname, "../../support/base-site-custom-resource")),
819
- layers: [this.awsCliLayer],
820
- runtime: lambda.Runtime.PYTHON_3_7,
821
- handler: "cf-invalidate.handler",
822
- timeout: Duration.minutes(15),
823
- memorySize: 1024,
824
- });
825
- // Grant permissions to invalidate CF Distribution
826
- invalidator.addToRolePolicy(new iam.PolicyStatement({
827
- effect: iam.Effect.ALLOW,
828
- actions: [
829
- "cloudfront:GetInvalidation",
830
- "cloudfront:CreateInvalidation",
831
- ],
832
- resources: ["*"],
833
- }));
816
+ const stack = Stack.of(this);
834
817
  // need the BuildId field so this CR gets updated on each deploy
835
818
  let buildId;
836
819
  if (this.isPlaceholder) {
@@ -846,16 +829,27 @@ export class NextjsSite extends Construct {
846
829
  : this.props.waitForInvalidation === false
847
830
  ? false
848
831
  : true;
849
- return new CustomResource(this, "CloudFrontInvalidation", {
850
- serviceToken: invalidator.functionArn,
851
- resourceType: "Custom::SSTCloudFrontInvalidation",
832
+ const resource = new CustomResource(this, "CloudFrontInvalidator", {
833
+ serviceToken: stack.customResourceHandler.functionArn,
834
+ resourceType: "Custom::CloudFrontInvalidator",
852
835
  properties: {
853
- BuildId: buildId,
854
- DistributionId: this.cdk.distribution.distributionId,
855
- DistributionPaths: ["/*"],
856
- WaitForInvalidation: waitForInvalidation,
836
+ buildId,
837
+ distributionId: this.cdk.distribution.distributionId,
838
+ paths: ["/*"],
839
+ waitForInvalidation,
857
840
  },
858
841
  });
842
+ stack.customResourceHandler.role?.addToPrincipalPolicy(new PolicyStatement({
843
+ effect: Effect.ALLOW,
844
+ actions: [
845
+ "cloudfront:GetInvalidation",
846
+ "cloudfront:CreateInvalidation",
847
+ ],
848
+ resources: [
849
+ `arn:${stack.partition}:cloudfront::${stack.account}:distribution/${this.cdk.distribution.distributionId}`,
850
+ ],
851
+ }));
852
+ return resource;
859
853
  }
860
854
  /////////////////////
861
855
  // Custom Domain
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "sst",
3
- "version": "2.0.13",
3
+ "version": "2.0.14",
4
4
  "bin": {
5
5
  "sst": "cli/sst.js"
6
6
  },
@@ -30,6 +30,7 @@
30
30
  "@aws-cdk/cx-api": "2.62.2",
31
31
  "@aws-cdk/region-info": "2.62.2",
32
32
  "@aws-sdk/client-cloudformation": "3.208.0",
33
+ "@aws-sdk/client-cloudfront": "3.208.0",
33
34
  "@aws-sdk/client-iot": "3.208.0",
34
35
  "@aws-sdk/client-iot-data-plane": "3.208.0",
35
36
  "@aws-sdk/client-lambda": "3.208.0",