sst 2.8.7 → 2.8.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/constructs/Bucket.d.ts
CHANGED
|
@@ -149,9 +149,8 @@ export interface BucketProps {
|
|
|
149
149
|
name?: string;
|
|
150
150
|
/**
|
|
151
151
|
* The CORS configuration of this bucket.
|
|
152
|
-
*
|
|
152
|
+
* @default true
|
|
153
153
|
* @example
|
|
154
|
-
*
|
|
155
154
|
* ```js
|
|
156
155
|
* new Bucket(stack, "Bucket", {
|
|
157
156
|
* cors: true,
|
|
@@ -170,6 +169,17 @@ export interface BucketProps {
|
|
|
170
169
|
* ```
|
|
171
170
|
*/
|
|
172
171
|
cors?: boolean | BucketCorsRule[];
|
|
172
|
+
/**
|
|
173
|
+
* Block public access to this bucket.
|
|
174
|
+
* @default false
|
|
175
|
+
* @example
|
|
176
|
+
* ```js
|
|
177
|
+
* new Bucket(stack, "Bucket", {
|
|
178
|
+
* blockPublicAccess: true,
|
|
179
|
+
* });
|
|
180
|
+
* ```
|
|
181
|
+
*/
|
|
182
|
+
blockPublicAccess?: boolean;
|
|
173
183
|
/**
|
|
174
184
|
* The default function props to be applied to all the Lambda functions in the API. The `environment`, `permissions` and `layers` properties will be merged with per route definitions if they are defined.
|
|
175
185
|
*
|
|
@@ -347,5 +357,6 @@ export declare class Bucket extends Construct implements SSTConstruct {
|
|
|
347
357
|
private addTopicNotification;
|
|
348
358
|
private addFunctionNotification;
|
|
349
359
|
private buildCorsConfig;
|
|
360
|
+
private buildBlockPublicAccessConfig;
|
|
350
361
|
}
|
|
351
362
|
export {};
|
package/constructs/Bucket.js
CHANGED
|
@@ -4,7 +4,7 @@ import { Topic } from "./Topic.js";
|
|
|
4
4
|
import { getFunctionRef, isCDKConstruct } from "./Construct.js";
|
|
5
5
|
import { Function as Fn, } from "./Function.js";
|
|
6
6
|
import { toCdkDuration } from "./util/duration.js";
|
|
7
|
-
import { Bucket as CDKBucket, EventType, HttpMethods, } from "aws-cdk-lib/aws-s3";
|
|
7
|
+
import { Bucket as CDKBucket, BlockPublicAccess, EventType, HttpMethods, } from "aws-cdk-lib/aws-s3";
|
|
8
8
|
import { LambdaDestination, SnsDestination, SqsDestination, } from "aws-cdk-lib/aws-s3-notifications";
|
|
9
9
|
/////////////////////
|
|
10
10
|
// Construct
|
|
@@ -171,7 +171,7 @@ export class Bucket extends Construct {
|
|
|
171
171
|
};
|
|
172
172
|
}
|
|
173
173
|
createBucket() {
|
|
174
|
-
const { name, cors, cdk } = this.props;
|
|
174
|
+
const { name, cors, blockPublicAccess, cdk } = this.props;
|
|
175
175
|
if (isCDKConstruct(cdk?.bucket)) {
|
|
176
176
|
if (cors !== undefined) {
|
|
177
177
|
throw new Error(`Cannot configure the "cors" when "cdk.bucket" is a construct`);
|
|
@@ -182,6 +182,7 @@ export class Bucket extends Construct {
|
|
|
182
182
|
this.cdk.bucket = new CDKBucket(this, "Bucket", {
|
|
183
183
|
bucketName: name,
|
|
184
184
|
cors: this.buildCorsConfig(cors),
|
|
185
|
+
blockPublicAccess: this.buildBlockPublicAccessConfig(blockPublicAccess),
|
|
185
186
|
...cdk?.bucket,
|
|
186
187
|
});
|
|
187
188
|
}
|
|
@@ -281,10 +282,10 @@ export class Bucket extends Construct {
|
|
|
281
282
|
fn.bind(this.bindingForAllNotifications);
|
|
282
283
|
}
|
|
283
284
|
buildCorsConfig(cors) {
|
|
284
|
-
if (cors ===
|
|
285
|
+
if (cors === false) {
|
|
285
286
|
return;
|
|
286
287
|
}
|
|
287
|
-
if (cors === true) {
|
|
288
|
+
if (cors === undefined || cors === true) {
|
|
288
289
|
return [
|
|
289
290
|
{
|
|
290
291
|
allowedHeaders: ["*"],
|
|
@@ -308,4 +309,14 @@ export class Bucket extends Construct {
|
|
|
308
309
|
maxAge: e.maxAge && toCdkDuration(e.maxAge).toSeconds(),
|
|
309
310
|
}));
|
|
310
311
|
}
|
|
312
|
+
buildBlockPublicAccessConfig(config) {
|
|
313
|
+
return config === true
|
|
314
|
+
? BlockPublicAccess.BLOCK_ALL
|
|
315
|
+
: new BlockPublicAccess({
|
|
316
|
+
blockPublicAcls: false,
|
|
317
|
+
blockPublicPolicy: false,
|
|
318
|
+
ignorePublicAcls: false,
|
|
319
|
+
restrictPublicBuckets: false,
|
|
320
|
+
});
|
|
321
|
+
}
|
|
311
322
|
}
|
package/constructs/Cognito.d.ts
CHANGED
|
@@ -2,7 +2,7 @@ import { Construct } from "constructs";
|
|
|
2
2
|
import { SSTConstruct } from "./Construct.js";
|
|
3
3
|
import { Function as Fn, FunctionProps, FunctionDefinition } from "./Function.js";
|
|
4
4
|
import { Permissions } from "./util/permission.js";
|
|
5
|
-
import { CfnIdentityPool, CfnIdentityPoolProps, IUserPool, IUserPoolClient, UserPoolClientOptions, UserPoolProps } from "aws-cdk-lib/aws-cognito";
|
|
5
|
+
import { CfnIdentityPool, CfnIdentityPoolProps, CfnIdentityPoolRoleAttachment, IUserPool, IUserPoolClient, UserPoolClientOptions, UserPoolProps } from "aws-cdk-lib/aws-cognito";
|
|
6
6
|
import { Role } from "aws-cdk-lib/aws-iam";
|
|
7
7
|
export interface CognitoUserPoolTriggers {
|
|
8
8
|
createAuthChallenge?: FunctionDefinition;
|
|
@@ -136,6 +136,7 @@ export declare class Cognito extends Construct implements SSTConstruct {
|
|
|
136
136
|
userPool: IUserPool;
|
|
137
137
|
userPoolClient: IUserPoolClient;
|
|
138
138
|
cfnIdentityPool?: CfnIdentityPool;
|
|
139
|
+
cfnIdentityPoolRoleAttachment?: CfnIdentityPoolRoleAttachment;
|
|
139
140
|
authRole: Role;
|
|
140
141
|
unauthRole: Role;
|
|
141
142
|
};
|
package/constructs/Cognito.js
CHANGED
|
@@ -275,7 +275,7 @@ export class Cognito extends Construct {
|
|
|
275
275
|
this.cdk.authRole = this.createAuthRole(this.cdk.cfnIdentityPool);
|
|
276
276
|
this.cdk.unauthRole = this.createUnauthRole(this.cdk.cfnIdentityPool);
|
|
277
277
|
// Attach roles to Identity Pool
|
|
278
|
-
new CfnIdentityPoolRoleAttachment(this, "IdentityPoolRoleAttachment", {
|
|
278
|
+
this.cdk.cfnIdentityPoolRoleAttachment = new CfnIdentityPoolRoleAttachment(this, "IdentityPoolRoleAttachment", {
|
|
279
279
|
identityPoolId: this.cdk.cfnIdentityPool.ref,
|
|
280
280
|
roles: {
|
|
281
281
|
authenticated: this.cdk.authRole.roleArn,
|
package/constructs/SsrSite.js
CHANGED
|
@@ -8,7 +8,7 @@ import { execSync } from "child_process";
|
|
|
8
8
|
import { Construct } from "constructs";
|
|
9
9
|
import { Fn, Token, Duration as CdkDuration, RemovalPolicy, CustomResource, } from "aws-cdk-lib";
|
|
10
10
|
import { BlockPublicAccess, Bucket, } from "aws-cdk-lib/aws-s3";
|
|
11
|
-
import { Role, Effect, Policy, PolicyStatement, AccountPrincipal, } from "aws-cdk-lib/aws-iam";
|
|
11
|
+
import { Role, Effect, Policy, PolicyStatement, AccountPrincipal, ServicePrincipal, CompositePrincipal, } from "aws-cdk-lib/aws-iam";
|
|
12
12
|
import { Function as CdkFunction, Code, Runtime, FunctionUrlAuthType, } from "aws-cdk-lib/aws-lambda";
|
|
13
13
|
import { HostedZone, ARecord, AaaaRecord, RecordTarget, } from "aws-cdk-lib/aws-route53";
|
|
14
14
|
import { Asset } from "aws-cdk-lib/aws-s3-assets";
|
|
@@ -432,7 +432,7 @@ export class SsrSite extends Construct {
|
|
|
432
432
|
const { runtime, timeout, memorySize, permissions, environment, bind } = this.props;
|
|
433
433
|
const app = this.node.root;
|
|
434
434
|
const role = new Role(this, "ServerFunctionRole", {
|
|
435
|
-
assumedBy: new AccountPrincipal(app.account),
|
|
435
|
+
assumedBy: new CompositePrincipal(new AccountPrincipal(app.account), new ServicePrincipal("lambda.amazonaws.com")),
|
|
436
436
|
maxSessionDuration: CdkDuration.hours(12),
|
|
437
437
|
});
|
|
438
438
|
const ssrFn = new SsrFunction(this, `ServerFunction`, {
|
|
@@ -2,7 +2,7 @@ import { Construct } from "constructs";
|
|
|
2
2
|
import { Bucket, BucketProps, IBucket } from "aws-cdk-lib/aws-s3";
|
|
3
3
|
import { ICertificate } from "aws-cdk-lib/aws-certificatemanager";
|
|
4
4
|
import { IHostedZone } from "aws-cdk-lib/aws-route53";
|
|
5
|
-
import { Distribution } from "aws-cdk-lib/aws-cloudfront";
|
|
5
|
+
import { Distribution, IDistribution } from "aws-cdk-lib/aws-cloudfront";
|
|
6
6
|
import { BaseSiteDomainProps, BaseSiteReplaceProps, BaseSiteCdkDistributionProps } from "./BaseSite.js";
|
|
7
7
|
import { SSTConstruct } from "./Construct.js";
|
|
8
8
|
import { FunctionBindingProps } from "./util/functionBinding.js";
|
|
@@ -242,7 +242,7 @@ export interface StaticSiteProps {
|
|
|
242
242
|
*/
|
|
243
243
|
bucket?: BucketProps | IBucket;
|
|
244
244
|
/**
|
|
245
|
-
* Configure the internally created CDK `Distribution` instance
|
|
245
|
+
* Configure the internally created CDK `Distribution` instance or provide an existing distribution
|
|
246
246
|
*
|
|
247
247
|
* @example
|
|
248
248
|
* ```js
|
|
@@ -256,7 +256,7 @@ export interface StaticSiteProps {
|
|
|
256
256
|
* });
|
|
257
257
|
* ```
|
|
258
258
|
*/
|
|
259
|
-
distribution?: StaticSiteCdkDistributionProps;
|
|
259
|
+
distribution?: IDistribution | StaticSiteCdkDistributionProps;
|
|
260
260
|
};
|
|
261
261
|
}
|
|
262
262
|
export interface StaticSiteDomainProps extends BaseSiteDomainProps {
|
|
@@ -322,7 +322,6 @@ export declare class StaticSite extends Construct implements SSTConstruct {
|
|
|
322
322
|
private bundleFilenamesAsset;
|
|
323
323
|
private createS3Bucket;
|
|
324
324
|
private createS3Deployment;
|
|
325
|
-
private validateCloudFrontDistributionSettings;
|
|
326
325
|
private createCfDistribution;
|
|
327
326
|
private createCloudFrontInvalidation;
|
|
328
327
|
protected buildDistributionDomainNames(): string[];
|
package/constructs/StaticSite.js
CHANGED
|
@@ -86,7 +86,6 @@ export class StaticSite extends Construct {
|
|
|
86
86
|
// Create S3 Deployment
|
|
87
87
|
const s3deployCR = this.createS3Deployment(cliLayer, assets, filenamesAsset);
|
|
88
88
|
// Create CloudFront
|
|
89
|
-
this.validateCloudFrontDistributionSettings();
|
|
90
89
|
this.distribution = this.createCfDistribution();
|
|
91
90
|
this.distribution.node.addDependency(s3deployCR);
|
|
92
91
|
// Invalidate CloudFront
|
|
@@ -372,8 +371,16 @@ interface ImportMeta {
|
|
|
372
371
|
/////////////////////
|
|
373
372
|
// CloudFront Distribution
|
|
374
373
|
/////////////////////
|
|
375
|
-
|
|
374
|
+
createCfDistribution() {
|
|
376
375
|
const { cdk, errorPage } = this.props;
|
|
376
|
+
const isImportedCloudFrontDistribution = (distribution) => {
|
|
377
|
+
return distribution !== undefined && isCDKConstruct(distribution);
|
|
378
|
+
};
|
|
379
|
+
// cdk.distribution is an imported construct
|
|
380
|
+
if (isImportedCloudFrontDistribution(cdk?.distribution)) {
|
|
381
|
+
return cdk?.distribution;
|
|
382
|
+
}
|
|
383
|
+
// Validate input
|
|
377
384
|
if (cdk?.distribution?.certificate) {
|
|
378
385
|
throw new Error(`Do not configure the "cfDistribution.certificate". Use the "customDomain" to configure the domain certificate.`);
|
|
379
386
|
}
|
|
@@ -383,11 +390,8 @@ interface ImportMeta {
|
|
|
383
390
|
if (errorPage && cdk?.distribution?.errorResponses) {
|
|
384
391
|
throw new Error(`Cannot configure the "cfDistribution.errorResponses" when "errorPage" is passed in. Use one or the other to configure the behavior for error pages.`);
|
|
385
392
|
}
|
|
386
|
-
}
|
|
387
|
-
createCfDistribution() {
|
|
388
|
-
const { cdk, errorPage } = this.props;
|
|
389
|
-
const indexPage = this.props.indexPage || "index.html";
|
|
390
393
|
// Create CloudFront distribution
|
|
394
|
+
const indexPage = this.props.indexPage || "index.html";
|
|
391
395
|
return new Distribution(this, "Distribution", {
|
|
392
396
|
// these values can be overwritten by cfDistributionProps
|
|
393
397
|
defaultRootObject: indexPage,
|