sst 2.0.14 → 2.0.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/constructs/Auth.js +13 -9
- package/constructs/EdgeFunction.d.ts +2 -2
- package/constructs/EdgeFunction.js +18 -14
- package/constructs/SsrFunction.js +9 -5
- package/constructs/SsrSite.js +14 -11
- package/constructs/StaticSite.js +13 -9
- package/package.json +1 -1
- package/support/bridge/bridge.mjs +1 -1
package/constructs/Auth.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import * as ssm from "aws-cdk-lib/aws-ssm";
|
|
2
|
-
import { Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
2
|
+
import { Effect, Policy, PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
3
3
|
import { Construct } from "constructs";
|
|
4
4
|
import { Stack } from "./Stack.js";
|
|
5
5
|
import { ENVIRONMENT_PLACEHOLDER, getEnvironmentKey, getParameterPath, } from "./util/functionBinding.js";
|
|
@@ -45,14 +45,18 @@ export class Auth extends Construct {
|
|
|
45
45
|
privatePath: getParameterPath(this, PRIVATE_KEY_PROP),
|
|
46
46
|
},
|
|
47
47
|
});
|
|
48
|
-
stack.customResourceHandler.role?.
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
48
|
+
stack.customResourceHandler.role?.attachInlinePolicy(new Policy(this, "CloudFrontInvalidatorPolicy", {
|
|
49
|
+
statements: [
|
|
50
|
+
new PolicyStatement({
|
|
51
|
+
actions: [
|
|
52
|
+
"ssm:GetParameter",
|
|
53
|
+
"ssm:PutParameter",
|
|
54
|
+
"ssm:DeleteParameter",
|
|
55
|
+
],
|
|
56
|
+
resources: [
|
|
57
|
+
`arn:${stack.partition}:ssm:${stack.region}:${stack.account}:parameter/*`,
|
|
58
|
+
],
|
|
59
|
+
}),
|
|
56
60
|
],
|
|
57
61
|
}));
|
|
58
62
|
}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { Construct, IConstruct } from "constructs";
|
|
2
|
-
import
|
|
2
|
+
import { Role } from "aws-cdk-lib/aws-iam";
|
|
3
3
|
import * as lambda from "aws-cdk-lib/aws-lambda";
|
|
4
4
|
import { Size } from "./util/size.js";
|
|
5
5
|
import { Duration } from "./util/duration.js";
|
|
@@ -23,7 +23,7 @@ export interface EdgeFunctionProps {
|
|
|
23
23
|
scopeOverride?: IConstruct;
|
|
24
24
|
}
|
|
25
25
|
export declare class EdgeFunction extends Construct {
|
|
26
|
-
role:
|
|
26
|
+
role: Role;
|
|
27
27
|
functionArn: string;
|
|
28
28
|
private scope;
|
|
29
29
|
private versionId;
|
|
@@ -3,7 +3,7 @@ import url from "url";
|
|
|
3
3
|
import path from "path";
|
|
4
4
|
import crypto from "crypto";
|
|
5
5
|
import { Construct } from "constructs";
|
|
6
|
-
import
|
|
6
|
+
import { Effect, Role, Policy, PolicyStatement, CompositePrincipal, ServicePrincipal, ManagedPolicy, } from "aws-cdk-lib/aws-iam";
|
|
7
7
|
import * as lambda from "aws-cdk-lib/aws-lambda";
|
|
8
8
|
import * as s3Assets from "aws-cdk-lib/aws-s3-assets";
|
|
9
9
|
import { Lazy, Duration as CdkDuration, CustomResource, } from "aws-cdk-lib";
|
|
@@ -95,10 +95,10 @@ ${exports}
|
|
|
95
95
|
createRole() {
|
|
96
96
|
const { permissions } = this.props;
|
|
97
97
|
// Create function role
|
|
98
|
-
const role = new
|
|
99
|
-
assumedBy: new
|
|
98
|
+
const role = new Role(this.scope, `ServerLambdaRole`, {
|
|
99
|
+
assumedBy: new CompositePrincipal(new ServicePrincipal("lambda.amazonaws.com"), new ServicePrincipal("edgelambda.amazonaws.com")),
|
|
100
100
|
managedPolicies: [
|
|
101
|
-
|
|
101
|
+
ManagedPolicy.fromManagedPolicyArn(this, "EdgeLambdaPolicy", `arn:${Stack.of(this).partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole`),
|
|
102
102
|
],
|
|
103
103
|
});
|
|
104
104
|
// Attach permission
|
|
@@ -159,10 +159,14 @@ ${exports}
|
|
|
159
159
|
replacements: this.getLambdaContentReplaceValues(),
|
|
160
160
|
},
|
|
161
161
|
});
|
|
162
|
-
stack.customResourceHandler.role?.
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
162
|
+
stack.customResourceHandler.role?.attachInlinePolicy(new Policy(this, "AssetReplacerPolicy", {
|
|
163
|
+
statements: [
|
|
164
|
+
new PolicyStatement({
|
|
165
|
+
effect: Effect.ALLOW,
|
|
166
|
+
actions: ["s3:GetObject", "s3:PutObject"],
|
|
167
|
+
resources: [`arn:${stack.partition}:s3:::${asset.s3BucketName}/*`],
|
|
168
|
+
}),
|
|
169
|
+
],
|
|
166
170
|
}));
|
|
167
171
|
return resource;
|
|
168
172
|
}
|
|
@@ -183,8 +187,8 @@ ${exports}
|
|
|
183
187
|
timeout: CdkDuration.minutes(15),
|
|
184
188
|
memorySize: 1024,
|
|
185
189
|
initialPolicy: [
|
|
186
|
-
new
|
|
187
|
-
effect:
|
|
190
|
+
new PolicyStatement({
|
|
191
|
+
effect: Effect.ALLOW,
|
|
188
192
|
actions: ["s3:*"],
|
|
189
193
|
resources: ["*"],
|
|
190
194
|
}),
|
|
@@ -215,8 +219,8 @@ ${exports}
|
|
|
215
219
|
timeout: CdkDuration.minutes(15),
|
|
216
220
|
memorySize: 1024,
|
|
217
221
|
initialPolicy: [
|
|
218
|
-
new
|
|
219
|
-
effect:
|
|
222
|
+
new PolicyStatement({
|
|
223
|
+
effect: Effect.ALLOW,
|
|
220
224
|
actions: ["lambda:*", "s3:*"],
|
|
221
225
|
resources: ["*"],
|
|
222
226
|
}),
|
|
@@ -253,8 +257,8 @@ ${exports}
|
|
|
253
257
|
timeout: CdkDuration.minutes(15),
|
|
254
258
|
memorySize: 1024,
|
|
255
259
|
initialPolicy: [
|
|
256
|
-
new
|
|
257
|
-
effect:
|
|
260
|
+
new PolicyStatement({
|
|
261
|
+
effect: Effect.ALLOW,
|
|
258
262
|
actions: ["lambda:*"],
|
|
259
263
|
resources: ["*"],
|
|
260
264
|
}),
|
|
@@ -2,7 +2,7 @@ import url from "url";
|
|
|
2
2
|
import path from "path";
|
|
3
3
|
import spawn from "cross-spawn";
|
|
4
4
|
import { Construct } from "constructs";
|
|
5
|
-
import
|
|
5
|
+
import { Effect, Policy, PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
6
6
|
import * as logs from "aws-cdk-lib/aws-logs";
|
|
7
7
|
import * as lambda from "aws-cdk-lib/aws-lambda";
|
|
8
8
|
import * as s3Assets from "aws-cdk-lib/aws-s3-assets";
|
|
@@ -87,10 +87,14 @@ export class SsrFunction extends Construct {
|
|
|
87
87
|
replacements: this.getLambdaContentReplaceValues(),
|
|
88
88
|
},
|
|
89
89
|
});
|
|
90
|
-
stack.customResourceHandler.role?.
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
90
|
+
stack.customResourceHandler.role?.attachInlinePolicy(new Policy(this, "AssetReplacerPolicy", {
|
|
91
|
+
statements: [
|
|
92
|
+
new PolicyStatement({
|
|
93
|
+
effect: Effect.ALLOW,
|
|
94
|
+
actions: ["s3:GetObject", "s3:PutObject"],
|
|
95
|
+
resources: [`arn:${stack.partition}:s3:::${asset.s3BucketName}/*`],
|
|
96
|
+
}),
|
|
97
|
+
],
|
|
94
98
|
}));
|
|
95
99
|
return resource;
|
|
96
100
|
}
|
package/constructs/SsrSite.js
CHANGED
|
@@ -8,7 +8,7 @@ import { execSync } from "child_process";
|
|
|
8
8
|
import { Construct } from "constructs";
|
|
9
9
|
import { Fn, Token, Duration as CdkDuration, CfnOutput, RemovalPolicy, CustomResource, } from "aws-cdk-lib";
|
|
10
10
|
import { Bucket } from "aws-cdk-lib/aws-s3";
|
|
11
|
-
import { Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
11
|
+
import { Effect, Policy, PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
12
12
|
import { Function, Code, Runtime, FunctionUrlAuthType, } from "aws-cdk-lib/aws-lambda";
|
|
13
13
|
import { HostedZone, ARecord, AaaaRecord, RecordTarget, } from "aws-cdk-lib/aws-route53";
|
|
14
14
|
import { Asset } from "aws-cdk-lib/aws-s3-assets";
|
|
@@ -100,8 +100,7 @@ export class SsrSite extends Construct {
|
|
|
100
100
|
: this.createCloudFrontDistributionForRegional();
|
|
101
101
|
this.distribution.node.addDependency(s3deployCR);
|
|
102
102
|
// Invalidate CloudFront
|
|
103
|
-
|
|
104
|
-
invalidationCR.node.addDependency(this.distribution);
|
|
103
|
+
this.createCloudFrontInvalidation();
|
|
105
104
|
// Connect Custom Domain to CloudFront Distribution
|
|
106
105
|
this.createRoute53Records();
|
|
107
106
|
}
|
|
@@ -563,14 +562,18 @@ export class SsrSite extends Construct {
|
|
|
563
562
|
waitForInvalidation: this.props.waitForInvalidation,
|
|
564
563
|
},
|
|
565
564
|
});
|
|
566
|
-
stack.customResourceHandler.role?.
|
|
567
|
-
|
|
568
|
-
|
|
569
|
-
|
|
570
|
-
|
|
571
|
-
|
|
572
|
-
|
|
573
|
-
|
|
565
|
+
stack.customResourceHandler.role?.attachInlinePolicy(new Policy(this, "CloudFrontInvalidatorPolicy", {
|
|
566
|
+
statements: [
|
|
567
|
+
new PolicyStatement({
|
|
568
|
+
effect: Effect.ALLOW,
|
|
569
|
+
actions: [
|
|
570
|
+
"cloudfront:GetInvalidation",
|
|
571
|
+
"cloudfront:CreateInvalidation",
|
|
572
|
+
],
|
|
573
|
+
resources: [
|
|
574
|
+
`arn:${stack.partition}:cloudfront::${stack.account}:distribution/${this.distribution.distributionId}`,
|
|
575
|
+
],
|
|
576
|
+
}),
|
|
574
577
|
],
|
|
575
578
|
}));
|
|
576
579
|
return resource;
|
package/constructs/StaticSite.js
CHANGED
|
@@ -7,7 +7,7 @@ import { Construct } from "constructs";
|
|
|
7
7
|
import { Token, Duration, CfnOutput, RemovalPolicy, CustomResource, } from "aws-cdk-lib";
|
|
8
8
|
import * as s3 from "aws-cdk-lib/aws-s3";
|
|
9
9
|
import * as s3Assets from "aws-cdk-lib/aws-s3-assets";
|
|
10
|
-
import { Effect, PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
10
|
+
import { Effect, Policy, PolicyStatement } from "aws-cdk-lib/aws-iam";
|
|
11
11
|
import * as lambda from "aws-cdk-lib/aws-lambda";
|
|
12
12
|
import * as route53 from "aws-cdk-lib/aws-route53";
|
|
13
13
|
import * as route53Targets from "aws-cdk-lib/aws-route53-targets";
|
|
@@ -437,14 +437,18 @@ interface ImportMeta {
|
|
|
437
437
|
waitForInvalidation: this.props.waitForInvalidation,
|
|
438
438
|
},
|
|
439
439
|
});
|
|
440
|
-
stack.customResourceHandler.role?.
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
440
|
+
stack.customResourceHandler.role?.attachInlinePolicy(new Policy(this, "CloudFrontInvalidatorPolicy", {
|
|
441
|
+
statements: [
|
|
442
|
+
new PolicyStatement({
|
|
443
|
+
effect: Effect.ALLOW,
|
|
444
|
+
actions: [
|
|
445
|
+
"cloudfront:GetInvalidation",
|
|
446
|
+
"cloudfront:CreateInvalidation",
|
|
447
|
+
],
|
|
448
|
+
resources: [
|
|
449
|
+
`arn:${stack.partition}:cloudfront::${stack.account}:distribution/${this.distribution.distributionId}`,
|
|
450
|
+
],
|
|
451
|
+
}),
|
|
448
452
|
],
|
|
449
453
|
}));
|
|
450
454
|
return resource;
|