sst 2.0.13 → 2.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/constructs/SsrSite.js +17 -24
- package/constructs/Stack.js +5 -2
- package/constructs/StaticSite.js +22 -29
- package/constructs/deprecated/NextjsSite.js +25 -31
- package/package.json +2 -1
- package/support/custom-resources/index.mjs +25448 -0
- package/support/base-site-custom-resource/cf-invalidate.py +0 -130
package/constructs/SsrSite.js
CHANGED
|
@@ -100,7 +100,7 @@ export class SsrSite extends Construct {
|
|
|
100
100
|
: this.createCloudFrontDistributionForRegional();
|
|
101
101
|
this.distribution.node.addDependency(s3deployCR);
|
|
102
102
|
// Invalidate CloudFront
|
|
103
|
-
const invalidationCR = this.createCloudFrontInvalidation(
|
|
103
|
+
const invalidationCR = this.createCloudFrontInvalidation();
|
|
104
104
|
invalidationCR.node.addDependency(this.distribution);
|
|
105
105
|
// Connect Custom Domain to CloudFront Distribution
|
|
106
106
|
this.createRoute53Records();
|
|
@@ -551,36 +551,29 @@ export class SsrSite extends Construct {
|
|
|
551
551
|
comment: "SST server response cache policy",
|
|
552
552
|
});
|
|
553
553
|
}
|
|
554
|
-
createCloudFrontInvalidation(
|
|
555
|
-
|
|
556
|
-
const
|
|
557
|
-
|
|
558
|
-
|
|
559
|
-
|
|
560
|
-
|
|
561
|
-
|
|
562
|
-
|
|
554
|
+
createCloudFrontInvalidation() {
|
|
555
|
+
const stack = Stack.of(this);
|
|
556
|
+
const resource = new CustomResource(this, "CloudFrontInvalidator", {
|
|
557
|
+
serviceToken: stack.customResourceHandler.functionArn,
|
|
558
|
+
resourceType: "Custom::CloudFrontInvalidator",
|
|
559
|
+
properties: {
|
|
560
|
+
buildId: this.generateBuildId(),
|
|
561
|
+
distributionId: this.distribution.distributionId,
|
|
562
|
+
paths: ["/*"],
|
|
563
|
+
waitForInvalidation: this.props.waitForInvalidation,
|
|
564
|
+
},
|
|
563
565
|
});
|
|
564
|
-
|
|
565
|
-
invalidator.addToRolePolicy(new PolicyStatement({
|
|
566
|
+
stack.customResourceHandler.role?.addToPrincipalPolicy(new PolicyStatement({
|
|
566
567
|
effect: Effect.ALLOW,
|
|
567
568
|
actions: [
|
|
568
569
|
"cloudfront:GetInvalidation",
|
|
569
570
|
"cloudfront:CreateInvalidation",
|
|
570
571
|
],
|
|
571
|
-
resources: [
|
|
572
|
+
resources: [
|
|
573
|
+
`arn:${stack.partition}:cloudfront::${stack.account}:distribution/${this.distribution.distributionId}`,
|
|
574
|
+
],
|
|
572
575
|
}));
|
|
573
|
-
return
|
|
574
|
-
serviceToken: invalidator.functionArn,
|
|
575
|
-
resourceType: "Custom::SSTCloudFrontInvalidation",
|
|
576
|
-
properties: {
|
|
577
|
-
BuildId: this.generateBuildId(),
|
|
578
|
-
DistributionId: this.distribution.distributionId,
|
|
579
|
-
// TODO: Ignore the browser build path as it may speed up invalidation
|
|
580
|
-
DistributionPaths: ["/*"],
|
|
581
|
-
WaitForInvalidation: this.props.waitForInvalidation,
|
|
582
|
-
},
|
|
583
|
-
});
|
|
576
|
+
return resource;
|
|
584
577
|
}
|
|
585
578
|
/////////////////////
|
|
586
579
|
// Custom Domain
|
package/constructs/Stack.js
CHANGED
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import fs from "fs";
|
|
1
2
|
import url from "url";
|
|
2
3
|
import * as path from "path";
|
|
3
4
|
import * as cdk from "aws-cdk-lib";
|
|
@@ -172,9 +173,11 @@ export class Stack extends cdk.Stack {
|
|
|
172
173
|
});
|
|
173
174
|
}
|
|
174
175
|
createCustomResourceHandler() {
|
|
176
|
+
const dir = path.join(__dirname, "../support/custom-resources/");
|
|
175
177
|
return new lambda.Function(this, "CustomResourceHandler", {
|
|
176
|
-
code: lambda.Code.fromAsset(
|
|
177
|
-
assetHash: this.stackName + "-custom-resources-20230130",
|
|
178
|
+
code: lambda.Code.fromAsset(dir, {
|
|
179
|
+
//assetHash: this.stackName + "-custom-resources-20230130",
|
|
180
|
+
assetHash: this.stackName + fs.readFileSync(dir + "/index.mjs").toString(),
|
|
178
181
|
}),
|
|
179
182
|
handler: "index.handler",
|
|
180
183
|
runtime: lambda.Runtime.NODEJS_16_X,
|
package/constructs/StaticSite.js
CHANGED
|
@@ -7,7 +7,7 @@ import { Construct } from "constructs";
|
|
|
7
7
|
import { Token, Duration, CfnOutput, RemovalPolicy, CustomResource, } from "aws-cdk-lib";
|
|
8
8
|
import * as s3 from "aws-cdk-lib/aws-s3";
|
|
9
9
|
import * as s3Assets from "aws-cdk-lib/aws-s3-assets";
|
|
10
|
-
import
|
|
10
|
+
import { Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
11
11
|
import * as lambda from "aws-cdk-lib/aws-lambda";
|
|
12
12
|
import * as route53 from "aws-cdk-lib/aws-route53";
|
|
13
13
|
import * as route53Targets from "aws-cdk-lib/aws-route53-targets";
|
|
@@ -91,7 +91,7 @@ export class StaticSite extends Construct {
|
|
|
91
91
|
this.distribution = this.createCfDistribution();
|
|
92
92
|
this.distribution.node.addDependency(s3deployCR);
|
|
93
93
|
// Invalidate CloudFront
|
|
94
|
-
const invalidationCR = this.createCloudFrontInvalidation(
|
|
94
|
+
const invalidationCR = this.createCloudFrontInvalidation(assets);
|
|
95
95
|
invalidationCR.node.addDependency(this.distribution);
|
|
96
96
|
// Connect Custom Domain to CloudFront Distribution
|
|
97
97
|
this.createRoute53Records();
|
|
@@ -420,41 +420,34 @@ interface ImportMeta {
|
|
|
420
420
|
},
|
|
421
421
|
});
|
|
422
422
|
}
|
|
423
|
-
createCloudFrontInvalidation(
|
|
424
|
-
|
|
425
|
-
const invalidator = new lambda.Function(this, "CloudFrontInvalidator", {
|
|
426
|
-
code: lambda.Code.fromAsset(path.join(__dirname, "../support/base-site-custom-resource")),
|
|
427
|
-
layers: [cliLayer],
|
|
428
|
-
runtime: lambda.Runtime.PYTHON_3_7,
|
|
429
|
-
handler: "cf-invalidate.handler",
|
|
430
|
-
timeout: Duration.minutes(15),
|
|
431
|
-
memorySize: 1024,
|
|
432
|
-
});
|
|
433
|
-
// Grant permissions to invalidate CF Distribution
|
|
434
|
-
invalidator.addToRolePolicy(new iam.PolicyStatement({
|
|
435
|
-
effect: iam.Effect.ALLOW,
|
|
436
|
-
actions: [
|
|
437
|
-
"cloudfront:GetInvalidation",
|
|
438
|
-
"cloudfront:CreateInvalidation",
|
|
439
|
-
],
|
|
440
|
-
resources: ["*"],
|
|
441
|
-
}));
|
|
423
|
+
createCloudFrontInvalidation(assets) {
|
|
424
|
+
const stack = Stack.of(this);
|
|
442
425
|
// Need the AssetHash field so the CR gets updated on each deploy
|
|
443
426
|
const assetsHash = crypto
|
|
444
427
|
.createHash("md5")
|
|
445
428
|
.update(assets.map(({ assetHash }) => assetHash).join(""))
|
|
446
429
|
.digest("hex");
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
resourceType: "Custom::SSTCloudFrontInvalidation",
|
|
430
|
+
const resource = new CustomResource(this, "CloudFrontInvalidator", {
|
|
431
|
+
serviceToken: stack.customResourceHandler.functionArn,
|
|
432
|
+
resourceType: "Custom::CloudFrontInvalidator",
|
|
451
433
|
properties: {
|
|
452
|
-
|
|
453
|
-
|
|
454
|
-
|
|
455
|
-
|
|
434
|
+
assetsHash,
|
|
435
|
+
distributionId: this.distribution.distributionId,
|
|
436
|
+
paths: ["/*"],
|
|
437
|
+
waitForInvalidation: this.props.waitForInvalidation,
|
|
456
438
|
},
|
|
457
439
|
});
|
|
440
|
+
stack.customResourceHandler.role?.addToPrincipalPolicy(new PolicyStatement({
|
|
441
|
+
effect: Effect.ALLOW,
|
|
442
|
+
actions: [
|
|
443
|
+
"cloudfront:GetInvalidation",
|
|
444
|
+
"cloudfront:CreateInvalidation",
|
|
445
|
+
],
|
|
446
|
+
resources: [
|
|
447
|
+
`arn:${stack.partition}:cloudfront::${stack.account}:distribution/${this.distribution.distributionId}`,
|
|
448
|
+
],
|
|
449
|
+
}));
|
|
450
|
+
return resource;
|
|
458
451
|
}
|
|
459
452
|
/////////////////////
|
|
460
453
|
// Custom Domain
|
|
@@ -6,7 +6,7 @@ import { execSync } from "child_process";
|
|
|
6
6
|
import { Construct } from "constructs";
|
|
7
7
|
import { Token, Duration, CfnOutput, RemovalPolicy, CustomResource, } from "aws-cdk-lib";
|
|
8
8
|
import * as s3 from "aws-cdk-lib/aws-s3";
|
|
9
|
-
import
|
|
9
|
+
import { Role, Effect, PolicyStatement, CompositePrincipal, ServicePrincipal, ManagedPolicy, } from "aws-cdk-lib/aws-iam";
|
|
10
10
|
import * as sqs from "aws-cdk-lib/aws-sqs";
|
|
11
11
|
import * as logs from "aws-cdk-lib/aws-logs";
|
|
12
12
|
import * as lambda from "aws-cdk-lib/aws-lambda";
|
|
@@ -388,10 +388,10 @@ export class NextjsSite extends Construct {
|
|
|
388
388
|
createEdgeFunctionRole() {
|
|
389
389
|
const { defaults } = this.props;
|
|
390
390
|
// Create function role
|
|
391
|
-
const role = new
|
|
392
|
-
assumedBy: new
|
|
391
|
+
const role = new Role(this, `EdgeLambdaRole`, {
|
|
392
|
+
assumedBy: new CompositePrincipal(new ServicePrincipal("lambda.amazonaws.com"), new ServicePrincipal("edgelambda.amazonaws.com")),
|
|
393
393
|
managedPolicies: [
|
|
394
|
-
|
|
394
|
+
ManagedPolicy.fromManagedPolicyArn(this, "EdgeLambdaPolicy", `arn:${Stack.of(this).partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole`),
|
|
395
395
|
],
|
|
396
396
|
});
|
|
397
397
|
// Attach permission
|
|
@@ -470,8 +470,8 @@ export class NextjsSite extends Construct {
|
|
|
470
470
|
});
|
|
471
471
|
}
|
|
472
472
|
// Allow provider to perform search/replace on the asset
|
|
473
|
-
provider.role?.addToPrincipalPolicy(new
|
|
474
|
-
effect:
|
|
473
|
+
provider.role?.addToPrincipalPolicy(new PolicyStatement({
|
|
474
|
+
effect: Effect.ALLOW,
|
|
475
475
|
actions: ["s3:*"],
|
|
476
476
|
resources: [
|
|
477
477
|
`arn:${Stack.of(this).partition}:s3:::${asset.s3BucketName}/${asset.s3ObjectKey}`,
|
|
@@ -813,24 +813,7 @@ export class NextjsSite extends Construct {
|
|
|
813
813
|
return new cloudfront.OriginRequestPolicy(this, "ImageOriginRequest", NextjsSite.imageOriginRequestPolicyProps);
|
|
814
814
|
}
|
|
815
815
|
createCloudFrontInvalidation() {
|
|
816
|
-
|
|
817
|
-
const invalidator = new lambda.Function(this, "CloudFrontInvalidator", {
|
|
818
|
-
code: lambda.Code.fromAsset(path.join(__dirname, "../../support/base-site-custom-resource")),
|
|
819
|
-
layers: [this.awsCliLayer],
|
|
820
|
-
runtime: lambda.Runtime.PYTHON_3_7,
|
|
821
|
-
handler: "cf-invalidate.handler",
|
|
822
|
-
timeout: Duration.minutes(15),
|
|
823
|
-
memorySize: 1024,
|
|
824
|
-
});
|
|
825
|
-
// Grant permissions to invalidate CF Distribution
|
|
826
|
-
invalidator.addToRolePolicy(new iam.PolicyStatement({
|
|
827
|
-
effect: iam.Effect.ALLOW,
|
|
828
|
-
actions: [
|
|
829
|
-
"cloudfront:GetInvalidation",
|
|
830
|
-
"cloudfront:CreateInvalidation",
|
|
831
|
-
],
|
|
832
|
-
resources: ["*"],
|
|
833
|
-
}));
|
|
816
|
+
const stack = Stack.of(this);
|
|
834
817
|
// need the BuildId field so this CR gets updated on each deploy
|
|
835
818
|
let buildId;
|
|
836
819
|
if (this.isPlaceholder) {
|
|
@@ -846,16 +829,27 @@ export class NextjsSite extends Construct {
|
|
|
846
829
|
: this.props.waitForInvalidation === false
|
|
847
830
|
? false
|
|
848
831
|
: true;
|
|
849
|
-
|
|
850
|
-
serviceToken:
|
|
851
|
-
resourceType: "Custom::
|
|
832
|
+
const resource = new CustomResource(this, "CloudFrontInvalidator", {
|
|
833
|
+
serviceToken: stack.customResourceHandler.functionArn,
|
|
834
|
+
resourceType: "Custom::CloudFrontInvalidator",
|
|
852
835
|
properties: {
|
|
853
|
-
|
|
854
|
-
|
|
855
|
-
|
|
856
|
-
|
|
836
|
+
buildId,
|
|
837
|
+
distributionId: this.cdk.distribution.distributionId,
|
|
838
|
+
paths: ["/*"],
|
|
839
|
+
waitForInvalidation,
|
|
857
840
|
},
|
|
858
841
|
});
|
|
842
|
+
stack.customResourceHandler.role?.addToPrincipalPolicy(new PolicyStatement({
|
|
843
|
+
effect: Effect.ALLOW,
|
|
844
|
+
actions: [
|
|
845
|
+
"cloudfront:GetInvalidation",
|
|
846
|
+
"cloudfront:CreateInvalidation",
|
|
847
|
+
],
|
|
848
|
+
resources: [
|
|
849
|
+
`arn:${stack.partition}:cloudfront::${stack.account}:distribution/${this.cdk.distribution.distributionId}`,
|
|
850
|
+
],
|
|
851
|
+
}));
|
|
852
|
+
return resource;
|
|
859
853
|
}
|
|
860
854
|
/////////////////////
|
|
861
855
|
// Custom Domain
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "sst",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.14",
|
|
4
4
|
"bin": {
|
|
5
5
|
"sst": "cli/sst.js"
|
|
6
6
|
},
|
|
@@ -30,6 +30,7 @@
|
|
|
30
30
|
"@aws-cdk/cx-api": "2.62.2",
|
|
31
31
|
"@aws-cdk/region-info": "2.62.2",
|
|
32
32
|
"@aws-sdk/client-cloudformation": "3.208.0",
|
|
33
|
+
"@aws-sdk/client-cloudfront": "3.208.0",
|
|
33
34
|
"@aws-sdk/client-iot": "3.208.0",
|
|
34
35
|
"@aws-sdk/client-iot-data-plane": "3.208.0",
|
|
35
36
|
"@aws-sdk/client-lambda": "3.208.0",
|