sst 2.8.9 → 2.8.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/constructs/Bucket.d.ts
CHANGED
|
@@ -170,16 +170,17 @@ export interface BucketProps {
|
|
|
170
170
|
*/
|
|
171
171
|
cors?: boolean | BucketCorsRule[];
|
|
172
172
|
/**
|
|
173
|
-
* Block public access to this bucket.
|
|
173
|
+
* Block public access to this bucket. Setting this to `true` alllows uploading objects with public ACLs.
|
|
174
|
+
* Note that setting to `true` does not necessarily mean that the bucket is completely accessible to the public. Rather, it enables the granting of public permissions through public ACLs.
|
|
174
175
|
* @default false
|
|
175
176
|
* @example
|
|
176
177
|
* ```js
|
|
177
178
|
* new Bucket(stack, "Bucket", {
|
|
178
|
-
*
|
|
179
|
+
* blockPublicACLs: true,
|
|
179
180
|
* });
|
|
180
181
|
* ```
|
|
181
182
|
*/
|
|
182
|
-
|
|
183
|
+
blockPublicACLs?: boolean;
|
|
183
184
|
/**
|
|
184
185
|
* The default function props to be applied to all the Lambda functions in the API. The `environment`, `permissions` and `layers` properties will be merged with per route definitions if they are defined.
|
|
185
186
|
*
|
|
@@ -358,5 +359,6 @@ export declare class Bucket extends Construct implements SSTConstruct {
|
|
|
358
359
|
private addFunctionNotification;
|
|
359
360
|
private buildCorsConfig;
|
|
360
361
|
private buildBlockPublicAccessConfig;
|
|
362
|
+
private buildObjectOwnershipConfig;
|
|
361
363
|
}
|
|
362
364
|
export {};
|
package/constructs/Bucket.js
CHANGED
|
@@ -4,7 +4,7 @@ import { Topic } from "./Topic.js";
|
|
|
4
4
|
import { getFunctionRef, isCDKConstruct } from "./Construct.js";
|
|
5
5
|
import { Function as Fn, } from "./Function.js";
|
|
6
6
|
import { toCdkDuration } from "./util/duration.js";
|
|
7
|
-
import { Bucket as CDKBucket, BlockPublicAccess, EventType, HttpMethods, } from "aws-cdk-lib/aws-s3";
|
|
7
|
+
import { Bucket as CDKBucket, BlockPublicAccess, EventType, HttpMethods, ObjectOwnership, } from "aws-cdk-lib/aws-s3";
|
|
8
8
|
import { LambdaDestination, SnsDestination, SqsDestination, } from "aws-cdk-lib/aws-s3-notifications";
|
|
9
9
|
/////////////////////
|
|
10
10
|
// Construct
|
|
@@ -171,7 +171,7 @@ export class Bucket extends Construct {
|
|
|
171
171
|
};
|
|
172
172
|
}
|
|
173
173
|
createBucket() {
|
|
174
|
-
const { name, cors,
|
|
174
|
+
const { name, cors, blockPublicACLs, cdk } = this.props;
|
|
175
175
|
if (isCDKConstruct(cdk?.bucket)) {
|
|
176
176
|
if (cors !== undefined) {
|
|
177
177
|
throw new Error(`Cannot configure the "cors" when "cdk.bucket" is a construct`);
|
|
@@ -182,7 +182,8 @@ export class Bucket extends Construct {
|
|
|
182
182
|
this.cdk.bucket = new CDKBucket(this, "Bucket", {
|
|
183
183
|
bucketName: name,
|
|
184
184
|
cors: this.buildCorsConfig(cors),
|
|
185
|
-
blockPublicAccess: this.buildBlockPublicAccessConfig(
|
|
185
|
+
blockPublicAccess: this.buildBlockPublicAccessConfig(blockPublicACLs),
|
|
186
|
+
objectOwnership: this.buildObjectOwnershipConfig(blockPublicACLs),
|
|
186
187
|
...cdk?.bucket,
|
|
187
188
|
});
|
|
188
189
|
}
|
|
@@ -314,9 +315,12 @@ export class Bucket extends Construct {
|
|
|
314
315
|
? BlockPublicAccess.BLOCK_ALL
|
|
315
316
|
: new BlockPublicAccess({
|
|
316
317
|
blockPublicAcls: false,
|
|
317
|
-
blockPublicPolicy: false,
|
|
318
318
|
ignorePublicAcls: false,
|
|
319
|
-
restrictPublicBuckets: false,
|
|
320
319
|
});
|
|
321
320
|
}
|
|
321
|
+
buildObjectOwnershipConfig(config) {
|
|
322
|
+
return config === true
|
|
323
|
+
? ObjectOwnership.BUCKET_OWNER_ENFORCED
|
|
324
|
+
: ObjectOwnership.BUCKET_OWNER_PREFERRED;
|
|
325
|
+
}
|
|
322
326
|
}
|