@enfo/aws-cdkompliance/lib/s3.js

Tagging and compliant resources using the CDK

"use strict";
var _a;
Object.defineProperty(exports, "__esModule", { value: true });
exports.Bucket = exports.defaultBucketProps = void 0;
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
const aws_s3_1 = require("aws-cdk-lib/aws-s3");
/**
 * Compliant BucketProps. Can be manually spread into a Bucket constructor.
 *
 * See README for usage examples
 */
exports.defaultBucketProps = {
    enforceSSL: true,
    blockPublicAccess: aws_s3_1.BlockPublicAccess.BLOCK_ALL,
    encryption: aws_s3_1.BucketEncryption.S3_MANAGED
};
/**
 * Compliant S3 Bucket.
 *
 * See README for usage examples
 */
class Bucket extends aws_s3_1.Bucket {
    constructor(scope, id, props) {
        super(scope, id, {
            ...exports.defaultBucketProps,
            ...props
        });
        this.calculatedProps = {
            ...exports.defaultBucketProps,
            ...props
        };
        this.node.addValidation({
            validate: () => {
                return [
                    ...this.checkSsl(),
                    ...this.checkPublicAccess(),
                    ...this.checkEncryption()
                ];
            }
        });
    }
    checkSsl() {
        return this.calculatedProps.enforceSSL
            ? []
            : ['enforceSSL must be true'];
    }
    checkPublicAccess() {
        return this.calculatedProps.blockPublicAccess !== aws_s3_1.BlockPublicAccess.BLOCK_ALL
            ? ['blockPublicAccess must be BLOCK_ALL']
            : [];
    }
    checkEncryption() {
        return (!this.calculatedProps.encryption || this.calculatedProps.encryption === aws_s3_1.BucketEncryption.UNENCRYPTED)
            ? ['bucket must be encrypted']
            : [];
    }
}
exports.Bucket = Bucket;
_a = JSII_RTTI_SYMBOL_1;
Bucket[_a] = { fqn: "@enfo/aws-cdkompliance.Bucket", version: "1.1.0" };
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiczMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJzMy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLCtDQUsyQjtBQUczQjs7OztHQUlHO0FBQ1UsUUFBQSxrQkFBa0IsR0FBZ0I7SUFDN0MsVUFBVSxFQUFFLElBQUk7SUFDaEIsaUJBQWlCLEVBQUUsMEJBQWlCLENBQUMsU0FBUztJQUM5QyxVQUFVLEVBQUUseUJBQWdCLENBQUMsVUFBVTtDQUN4QyxDQUFBO0FBRUQ7Ozs7R0FJRztBQUNILE1BQWEsTUFBTyxTQUFRLGVBQVE7SUFFbEMsWUFBYSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUFtQjtRQUM1RCxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRTtZQUNmLEdBQUcsMEJBQWtCO1lBQ3JCLEdBQUcsS0FBSztTQUNULENBQUMsQ0FBQTtRQUNGLElBQUksQ0FBQyxlQUFlLEdBQUc7WUFDckIsR0FBRywwQkFBa0I7WUFDckIsR0FBRyxLQUFLO1NBQ1QsQ0FBQTtRQUVELElBQUksQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDO1lBQ3RCLFFBQVEsRUFBRSxHQUFHLEVBQUU7Z0JBQ2IsT0FBTztvQkFDTCxHQUFHLElBQUksQ0FBQyxRQUFRLEVBQUU7b0JBQ2xCLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixFQUFFO29CQUMzQixHQUFHLElBQUksQ0FBQyxlQUFlLEVBQUU7aUJBQzFCLENBQUE7WUFDSCxDQUFDO1NBQ0YsQ0FBQyxDQUFBO0lBQ0osQ0FBQztJQUVTLFFBQVE7UUFDaEIsT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDLFVBQVU7WUFDcEMsQ0FBQyxDQUFDLEVBQUU7WUFDSixDQUFDLENBQUMsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFBO0lBQ2pDLENBQUM7SUFFUyxpQkFBaUI7UUFDekIsT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDLGlCQUFpQixLQUFLLDBCQUFpQixDQUFDLFNBQVM7WUFDM0UsQ0FBQyxDQUFDLENBQUMscUNBQXFDLENBQUM7WUFDekMsQ0FBQyxDQUFDLEVBQUUsQ0FBQTtJQUNSLENBQUM7SUFFUyxlQUFlO1FBQ3ZCLE9BQU8sQ0FBQyxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsVUFBVSxJQUFJLElBQUksQ0FBQyxlQUFlLENBQUMsVUFBVSxLQUFLLHlCQUFnQixDQUFDLFdBQVcsQ0FBQztZQUMzRyxDQUFDLENBQUMsQ0FBQywwQkFBMEIsQ0FBQztZQUM5QixDQUFDLENBQUMsRUFBRSxDQUFBO0lBQ1IsQ0FBQzs7QUF2Q0gsd0JBd0NDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtcbiAgQmxvY2tQdWJsaWNBY2Nlc3MsXG4gIEJ1Y2tldEVuY3J5cHRpb24sXG4gIEJ1Y2tldFByb3BzLFxuICBCdWNrZXQgYXMgUzNCdWNrZXRcbn0gZnJvbSAnYXdzLWNkay1saWIvYXdzLXMzJ1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cydcblxuLyoqXG4gKiBDb21wbGlhbnQgQnVja2V0UHJvcHMuIENhbiBiZSBtYW51YWxseSBzcHJlYWQgaW50byBhIEJ1Y2tldCBjb25zdHJ1Y3Rvci5cbiAqXG4gKiBTZWUgUkVBRE1FIGZvciB1c2FnZSBleGFtcGxlc1xuICovXG5leHBvcnQgY29uc3QgZGVmYXVsdEJ1Y2tldFByb3BzOiBCdWNrZXRQcm9wcyA9IHtcbiAgZW5mb3JjZVNTTDogdHJ1ZSxcbiAgYmxvY2tQdWJsaWNBY2Nlc3M6IEJsb2NrUHVibGljQWNjZXNzLkJMT0NLX0FMTCxcbiAgZW5jcnlwdGlvbjogQnVja2V0RW5jcnlwdGlvbi5TM19NQU5BR0VEXG59XG5cbi8qKlxuICogQ29tcGxpYW50IFMzIEJ1Y2tldC5cbiAqXG4gKiBTZWUgUkVBRE1FIGZvciB1c2FnZSBleGFtcGxlc1xuICovXG5leHBvcnQgY2xhc3MgQnVja2V0IGV4dGVuZHMgUzNCdWNrZXQge1xuICBwcm90ZWN0ZWQgY2FsY3VsYXRlZFByb3BzOiBCdWNrZXRQcm9wc1xuICBjb25zdHJ1Y3RvciAoc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM/OiBCdWNrZXRQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCwge1xuICAgICAgLi4uZGVmYXVsdEJ1Y2tldFByb3BzLFxuICAgICAgLi4ucHJvcHNcbiAgICB9KVxuICAgIHRoaXMuY2FsY3VsYXRlZFByb3BzID0ge1xuICAgICAgLi4uZGVmYXVsdEJ1Y2tldFByb3BzLFxuICAgICAgLi4ucHJvcHNcbiAgICB9XG5cbiAgICB0aGlzLm5vZGUuYWRkVmFsaWRhdGlvbih7XG4gICAgICB2YWxpZGF0ZTogKCkgPT4ge1xuICAgICAgICByZXR1cm4gW1xuICAgICAgICAgIC4uLnRoaXMuY2hlY2tTc2woKSxcbiAgICAgICAgICAuLi50aGlzLmNoZWNrUHVibGljQWNjZXNzKCksXG4gICAgICAgICAgLi4udGhpcy5jaGVja0VuY3J5cHRpb24oKVxuICAgICAgICBdXG4gICAgICB9XG4gICAgfSlcbiAgfVxuXG4gIHByb3RlY3RlZCBjaGVja1NzbCAoKSB7XG4gICAgcmV0dXJuIHRoaXMuY2FsY3VsYXRlZFByb3BzLmVuZm9yY2VTU0xcbiAgICAgID8gW11cbiAgICAgIDogWydlbmZvcmNlU1NMIG11c3QgYmUgdHJ1ZSddXG4gIH1cblxuICBwcm90ZWN0ZWQgY2hlY2tQdWJsaWNBY2Nlc3MgKCkge1xuICAgIHJldHVybiB0aGlzLmNhbGN1bGF0ZWRQcm9wcy5ibG9ja1B1YmxpY0FjY2VzcyAhPT0gQmxvY2tQdWJsaWNBY2Nlc3MuQkxPQ0tfQUxMXG4gICAgICA/IFsnYmxvY2tQdWJsaWNBY2Nlc3MgbXVzdCBiZSBCTE9DS19BTEwnXVxuICAgICAgOiBbXVxuICB9XG5cbiAgcHJvdGVjdGVkIGNoZWNrRW5jcnlwdGlvbiAoKSB7XG4gICAgcmV0dXJuICghdGhpcy5jYWxjdWxhdGVkUHJvcHMuZW5jcnlwdGlvbiB8fCB0aGlzLmNhbGN1bGF0ZWRQcm9wcy5lbmNyeXB0aW9uID09PSBCdWNrZXRFbmNyeXB0aW9uLlVORU5DUllQVEVEKVxuICAgICAgPyBbJ2J1Y2tldCBtdXN0IGJlIGVuY3J5cHRlZCddXG4gICAgICA6IFtdXG4gIH1cbn1cbiJdfQ==