sst 2.8.8 → 2.8.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/constructs/Bucket.d.ts +15 -2
- package/constructs/Bucket.js +19 -4
- package/package.json +1 -1
- package/support/bootstrap-metadata-function/index.mjs +238 -238
- package/support/custom-resources/index.mjs +238 -238
package/constructs/Bucket.d.ts
CHANGED
|
@@ -149,9 +149,8 @@ export interface BucketProps {
|
|
|
149
149
|
name?: string;
|
|
150
150
|
/**
|
|
151
151
|
* The CORS configuration of this bucket.
|
|
152
|
-
*
|
|
152
|
+
* @default true
|
|
153
153
|
* @example
|
|
154
|
-
*
|
|
155
154
|
* ```js
|
|
156
155
|
* new Bucket(stack, "Bucket", {
|
|
157
156
|
* cors: true,
|
|
@@ -170,6 +169,18 @@ export interface BucketProps {
|
|
|
170
169
|
* ```
|
|
171
170
|
*/
|
|
172
171
|
cors?: boolean | BucketCorsRule[];
|
|
172
|
+
/**
|
|
173
|
+
* Block public access to this bucket. Setting this to `true` alllows uploading objects with public ACLs.
|
|
174
|
+
* Note that setting to `true` does not necessarily mean that the bucket is completely accessible to the public. Rather, it enables the granting of public permissions through public ACLs.
|
|
175
|
+
* @default false
|
|
176
|
+
* @example
|
|
177
|
+
* ```js
|
|
178
|
+
* new Bucket(stack, "Bucket", {
|
|
179
|
+
* blockPublicACLs: true,
|
|
180
|
+
* });
|
|
181
|
+
* ```
|
|
182
|
+
*/
|
|
183
|
+
blockPublicACLs?: boolean;
|
|
173
184
|
/**
|
|
174
185
|
* The default function props to be applied to all the Lambda functions in the API. The `environment`, `permissions` and `layers` properties will be merged with per route definitions if they are defined.
|
|
175
186
|
*
|
|
@@ -347,5 +358,7 @@ export declare class Bucket extends Construct implements SSTConstruct {
|
|
|
347
358
|
private addTopicNotification;
|
|
348
359
|
private addFunctionNotification;
|
|
349
360
|
private buildCorsConfig;
|
|
361
|
+
private buildBlockPublicAccessConfig;
|
|
362
|
+
private buildObjectOwnershipConfig;
|
|
350
363
|
}
|
|
351
364
|
export {};
|
package/constructs/Bucket.js
CHANGED
|
@@ -4,7 +4,7 @@ import { Topic } from "./Topic.js";
|
|
|
4
4
|
import { getFunctionRef, isCDKConstruct } from "./Construct.js";
|
|
5
5
|
import { Function as Fn, } from "./Function.js";
|
|
6
6
|
import { toCdkDuration } from "./util/duration.js";
|
|
7
|
-
import { Bucket as CDKBucket, EventType, HttpMethods, } from "aws-cdk-lib/aws-s3";
|
|
7
|
+
import { Bucket as CDKBucket, BlockPublicAccess, EventType, HttpMethods, ObjectOwnership, } from "aws-cdk-lib/aws-s3";
|
|
8
8
|
import { LambdaDestination, SnsDestination, SqsDestination, } from "aws-cdk-lib/aws-s3-notifications";
|
|
9
9
|
/////////////////////
|
|
10
10
|
// Construct
|
|
@@ -171,7 +171,7 @@ export class Bucket extends Construct {
|
|
|
171
171
|
};
|
|
172
172
|
}
|
|
173
173
|
createBucket() {
|
|
174
|
-
const { name, cors, cdk } = this.props;
|
|
174
|
+
const { name, cors, blockPublicACLs, cdk } = this.props;
|
|
175
175
|
if (isCDKConstruct(cdk?.bucket)) {
|
|
176
176
|
if (cors !== undefined) {
|
|
177
177
|
throw new Error(`Cannot configure the "cors" when "cdk.bucket" is a construct`);
|
|
@@ -182,6 +182,8 @@ export class Bucket extends Construct {
|
|
|
182
182
|
this.cdk.bucket = new CDKBucket(this, "Bucket", {
|
|
183
183
|
bucketName: name,
|
|
184
184
|
cors: this.buildCorsConfig(cors),
|
|
185
|
+
blockPublicAccess: this.buildBlockPublicAccessConfig(blockPublicACLs),
|
|
186
|
+
objectOwnership: this.buildObjectOwnershipConfig(blockPublicACLs),
|
|
185
187
|
...cdk?.bucket,
|
|
186
188
|
});
|
|
187
189
|
}
|
|
@@ -281,10 +283,10 @@ export class Bucket extends Construct {
|
|
|
281
283
|
fn.bind(this.bindingForAllNotifications);
|
|
282
284
|
}
|
|
283
285
|
buildCorsConfig(cors) {
|
|
284
|
-
if (cors ===
|
|
286
|
+
if (cors === false) {
|
|
285
287
|
return;
|
|
286
288
|
}
|
|
287
|
-
if (cors === true) {
|
|
289
|
+
if (cors === undefined || cors === true) {
|
|
288
290
|
return [
|
|
289
291
|
{
|
|
290
292
|
allowedHeaders: ["*"],
|
|
@@ -308,4 +310,17 @@ export class Bucket extends Construct {
|
|
|
308
310
|
maxAge: e.maxAge && toCdkDuration(e.maxAge).toSeconds(),
|
|
309
311
|
}));
|
|
310
312
|
}
|
|
313
|
+
buildBlockPublicAccessConfig(config) {
|
|
314
|
+
return config === true
|
|
315
|
+
? BlockPublicAccess.BLOCK_ALL
|
|
316
|
+
: new BlockPublicAccess({
|
|
317
|
+
blockPublicAcls: false,
|
|
318
|
+
ignorePublicAcls: false,
|
|
319
|
+
});
|
|
320
|
+
}
|
|
321
|
+
buildObjectOwnershipConfig(config) {
|
|
322
|
+
return config === true
|
|
323
|
+
? ObjectOwnership.BUCKET_OWNER_ENFORCED
|
|
324
|
+
: ObjectOwnership.BUCKET_OWNER_PREFERRED;
|
|
325
|
+
}
|
|
311
326
|
}
|