@gammarers/aws-secure-bucket/lib/index.js

This is a Simple S3 Secure Bucket.

"use strict";
var _a;
Object.defineProperty(exports, "__esModule", { value: true });
exports.SecureBucket = void 0;
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
const aws_cdk_lib_1 = require("aws-cdk-lib");
const iam = require("aws-cdk-lib/aws-iam");
const s3 = require("aws-cdk-lib/aws-s3");
class SecureBucket extends s3.Bucket {
    constructor(scope, id, props) {
        super(scope, id, {
            ...props,
            removalPolicy: aws_cdk_lib_1.RemovalPolicy.RETAIN,
            encryption: props?.encryption || s3.BucketEncryption.KMS_MANAGED,
            accessControl: (() => {
                if (!props?.accessControl) {
                    return s3.BucketAccessControl.PRIVATE;
                }
                return props.accessControl;
            })(),
            eventBridgeEnabled: undefined,
            publicReadAccess: false,
            blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
            enforceSSL: true,
            versioned: props?.versioned !== undefined ? props.versioned : true,
            objectOwnership: (() => {
                if (props?.objectOwnership) {
                    return props.objectOwnership;
                }
                return s3.ObjectOwnership.BUCKET_OWNER_ENFORCED;
            })(),
        });
        // Get CfnBucket
        const cfnBucket = this.node.defaultChild;
        if (props?.eventBridgeEnabled === true) {
            cfnBucket.addPropertyOverride('NotificationConfiguration.EventBridgeConfiguration.EventBridgeEnabled', true);
        }
        // 👇 Get account & region
        const account = aws_cdk_lib_1.Stack.of(this).account;
        const region = aws_cdk_lib_1.Stack.of(this).region;
        if (props?.isPipelineArtifactBucket) {
            // 👇 Get qualifier
            // const qualifier = Stack.of(this).synthesizer.bootstrapQualifier || defaultQualifier;
            const qualifier = aws_cdk_lib_1.Stack.of(this).synthesizer.bootstrapQualifier;
            // add resource policy when custom qualifier
            if (qualifier && (qualifier != aws_cdk_lib_1.DefaultStackSynthesizer.DEFAULT_QUALIFIER)) {
                this.addToResourcePolicy(new iam.PolicyStatement({
                    actions: [
                        's3:*',
                    ],
                    resources: [
                        `${this.bucketArn}`,
                        `${this.bucketArn}/*`,
                    ],
                    principals: [
                        new iam.ArnPrincipal(`arn:aws:iam::${account}:role/cdk-${qualifier}-deploy-role-${account}-${region}`),
                    ],
                }));
            }
        }
    }
}
exports.SecureBucket = SecureBucket;
_a = JSII_RTTI_SYMBOL_1;
SecureBucket[_a] = { fqn: "@gammarers/aws-secure-bucket.SecureBucket", version: "2.2.6" };
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2Q0FBNEU7QUFDNUUsMkNBQTJDO0FBQzNDLHlDQUF5QztBQW1CekMsTUFBYSxZQUFhLFNBQVEsRUFBRSxDQUFDLE1BQU07SUFDekMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUF5QjtRQUNqRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRTtZQUNmLEdBQUcsS0FBSztZQUNSLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE1BQU07WUFDbkMsVUFBVSxFQUFFLEtBQUssRUFBRSxVQUFVLElBQUksRUFBRSxDQUFDLGdCQUFnQixDQUFDLFdBQVc7WUFDaEUsYUFBYSxFQUFFLENBQUMsR0FBRyxFQUFFO2dCQUNuQixJQUFJLENBQUMsS0FBSyxFQUFFLGFBQWEsRUFBRSxDQUFDO29CQUMxQixPQUFPLEVBQUUsQ0FBQyxtQkFBbUIsQ0FBQyxPQUFPLENBQUM7Z0JBQ3hDLENBQUM7Z0JBQ0QsT0FBTyxLQUFLLENBQUMsYUFBYSxDQUFDO1lBQzdCLENBQUMsQ0FBQyxFQUFFO1lBQ0osa0JBQWtCLEVBQUUsU0FBUztZQUM3QixnQkFBZ0IsRUFBRSxLQUFLO1lBQ3ZCLGlCQUFpQixFQUFFLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxTQUFTO1lBQ2pELFVBQVUsRUFBRSxJQUFJO1lBQ2hCLFNBQVMsRUFBRSxLQUFLLEVBQUUsU0FBUyxLQUFLLFNBQVMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsSUFBSTtZQUNsRSxlQUFlLEVBQUUsQ0FBQyxHQUFHLEVBQUU7Z0JBQ3JCLElBQUksS0FBSyxFQUFFLGVBQWUsRUFBRSxDQUFDO29CQUMzQixPQUFPLEtBQUssQ0FBQyxlQUFlLENBQUM7Z0JBQy9CLENBQUM7Z0JBQ0QsT0FBTyxFQUFFLENBQUMsZUFBZSxDQUFDLHFCQUFxQixDQUFDO1lBQ2xELENBQUMsQ0FBQyxFQUFFO1NBQ0wsQ0FBQyxDQUFDO1FBRUgsZ0JBQWdCO1FBQ2hCLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxJQUFJLENBQUMsWUFBNEIsQ0FBQztRQUN6RCxJQUFJLEtBQUssRUFBRSxrQkFBa0IsS0FBSyxJQUFJLEVBQUUsQ0FBQztZQUN2QyxTQUFTLENBQUMsbUJBQW1CLENBQUMsdUVBQXVFLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDL0csQ0FBQztRQUVELDBCQUEwQjtRQUMxQixNQUFNLE9BQU8sR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxPQUFPLENBQUM7UUFDdkMsTUFBTSxNQUFNLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsTUFBTSxDQUFDO1FBRXJDLElBQUksS0FBSyxFQUFFLHdCQUF3QixFQUFFLENBQUM7WUFFcEMsbUJBQW1CO1lBQ25CLHVGQUF1RjtZQUN2RixNQUFNLFNBQVMsR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxXQUFXLENBQUMsa0JBQWtCLENBQUM7WUFFaEUsNENBQTRDO1lBQzVDLElBQUksU0FBUyxJQUFJLENBQUMsU0FBUyxJQUFJLHFDQUF1QixDQUFDLGlCQUFpQixDQUFDLEVBQUUsQ0FBQztnQkFFMUUsSUFBSSxDQUFDLG1CQUFtQixDQUFDLElBQUksR0FBRyxDQUFDLGVBQWUsQ0FBQztvQkFDL0MsT0FBTyxFQUFFO3dCQUNQLE1BQU07cUJBQ1A7b0JBQ0QsU0FBUyxFQUFFO3dCQUNULEdBQUcsSUFBSSxDQUFDLFNBQVMsRUFBRTt3QkFDbkIsR0FBRyxJQUFJLENBQUMsU0FBUyxJQUFJO3FCQUN0QjtvQkFDRCxVQUFVLEVBQUU7d0JBQ1YsSUFBSSxHQUFHLENBQUMsWUFBWSxDQUFDLGdCQUFnQixPQUFPLGFBQWEsU0FBUyxnQkFBZ0IsT0FBTyxJQUFJLE1BQU0sRUFBRSxDQUFDO3FCQUN2RztpQkFDRixDQUFDLENBQUMsQ0FBQztZQUNOLENBQUM7UUFDSCxDQUFDO0lBQ0gsQ0FBQzs7QUExREgsb0NBMkRDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgRGVmYXVsdFN0YWNrU3ludGhlc2l6ZXIsIFJlbW92YWxQb2xpY3ksIFN0YWNrIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0ICogYXMgaWFtIGZyb20gJ2F3cy1jZGstbGliL2F3cy1pYW0nO1xuaW1wb3J0ICogYXMgczMgZnJvbSAnYXdzLWNkay1saWIvYXdzLXMzJztcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG4vKipcbiAqIEBUT0RPOiBOb3QgeWV0IHN1cHBvcnRlZFxuICogaHR0cHM6Ly9naXRodWIuY29tL2F3cy9qc2lpL2lzc3Vlcy80NDY4XG4gKiB0eXBlIG9taXRLZXlzID0gJ3B1YmxpY1JlYWRBY2Nlc3N8ZW5mb3JjZVNTTHxibG9ja1B1YmxpY0FjY2Vzcyc7XG4gKiBleHBvcnQgaW50ZXJmYWNlIENvZGVQaXBlbGluZVN0YXRlQ2hhbmdlRGV0ZWN0aW9uRXZlbnRSdWxlUHJvcHMgZXh0ZW5kcyBPbWl0PHMzLkJ1Y2tldFByb3BzLCAncHVibGljUmVhZEFjY2Vzcyc+IHt9XG4gKi9cblxuZXhwb3J0IGludGVyZmFjZSBTZWN1cmVCdWNrZXRQcm9wcyBleHRlbmRzIHMzLkJ1Y2tldFByb3BzIHtcbiAgLyoqXG4gICAqIElmIHlvdSBhcmUgc2V0dGluZyBhIGN1c3RvbSBRdWFsaWZpZXIgYW5kIHVzaW5nIGl0IGFzIHRoZSBhcnRpZmFjdCBidWNrZXQgZm9yIHRoZSBDREsgcGlwZWxpbmUsIHNldCBpdCB0byB0cnVlLlxuICAgKlxuICAgKiBAZGVmYXVsdCBmYWxzZVxuICAgKi9cbiAgcmVhZG9ubHkgaXNQaXBlbGluZUFydGlmYWN0QnVja2V0PzogYm9vbGVhbjtcbn1cblxuZXhwb3J0IGNsYXNzIFNlY3VyZUJ1Y2tldCBleHRlbmRzIHMzLkJ1Y2tldCB7XG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzPzogU2VjdXJlQnVja2V0UHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHtcbiAgICAgIC4uLnByb3BzLFxuICAgICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5SRVRBSU4sXG4gICAgICBlbmNyeXB0aW9uOiBwcm9wcz8uZW5jcnlwdGlvbiB8fCBzMy5CdWNrZXRFbmNyeXB0aW9uLktNU19NQU5BR0VELFxuICAgICAgYWNjZXNzQ29udHJvbDogKCgpID0+IHtcbiAgICAgICAgaWYgKCFwcm9wcz8uYWNjZXNzQ29udHJvbCkge1xuICAgICAgICAgIHJldHVybiBzMy5CdWNrZXRBY2Nlc3NDb250cm9sLlBSSVZBVEU7XG4gICAgICAgIH1cbiAgICAgICAgcmV0dXJuIHByb3BzLmFjY2Vzc0NvbnRyb2w7XG4gICAgICB9KSgpLFxuICAgICAgZXZlbnRCcmlkZ2VFbmFibGVkOiB1bmRlZmluZWQsXG4gICAgICBwdWJsaWNSZWFkQWNjZXNzOiBmYWxzZSxcbiAgICAgIGJsb2NrUHVibGljQWNjZXNzOiBzMy5CbG9ja1B1YmxpY0FjY2Vzcy5CTE9DS19BTEwsXG4gICAgICBlbmZvcmNlU1NMOiB0cnVlLFxuICAgICAgdmVyc2lvbmVkOiBwcm9wcz8udmVyc2lvbmVkICE9PSB1bmRlZmluZWQgPyBwcm9wcy52ZXJzaW9uZWQgOiB0cnVlLFxuICAgICAgb2JqZWN0T3duZXJzaGlwOiAoKCkgPT4ge1xuICAgICAgICBpZiAocHJvcHM/Lm9iamVjdE93bmVyc2hpcCkge1xuICAgICAgICAgIHJldHVybiBwcm9wcy5vYmplY3RPd25lcnNoaXA7XG4gICAgICAgIH1cbiAgICAgICAgcmV0dXJuIHMzLk9iamVjdE93bmVyc2hpcC5CVUNLRVRfT1dORVJfRU5GT1JDRUQ7XG4gICAgICB9KSgpLFxuICAgIH0pO1xuXG4gICAgLy8gR2V0IENmbkJ1Y2tldFxuICAgIGNvbnN0IGNmbkJ1Y2tldCA9IHRoaXMubm9kZS5kZWZhdWx0Q2hpbGQgYXMgczMuQ2ZuQnVja2V0O1xuICAgIGlmIChwcm9wcz8uZXZlbnRCcmlkZ2VFbmFibGVkID09PSB0cnVlKSB7XG4gICAgICBjZm5CdWNrZXQuYWRkUHJvcGVydHlPdmVycmlkZSgnTm90aWZpY2F0aW9uQ29uZmlndXJhdGlvbi5FdmVudEJyaWRnZUNvbmZpZ3VyYXRpb24uRXZlbnRCcmlkZ2VFbmFibGVkJywgdHJ1ZSk7XG4gICAgfVxuXG4gICAgLy8g8J+RhyBHZXQgYWNjb3VudCAmIHJlZ2lvblxuICAgIGNvbnN0IGFjY291bnQgPSBTdGFjay5vZih0aGlzKS5hY2NvdW50O1xuICAgIGNvbnN0IHJlZ2lvbiA9IFN0YWNrLm9mKHRoaXMpLnJlZ2lvbjtcblxuICAgIGlmIChwcm9wcz8uaXNQaXBlbGluZUFydGlmYWN0QnVja2V0KSB7XG5cbiAgICAgIC8vIPCfkYcgR2V0IHF1YWxpZmllclxuICAgICAgLy8gY29uc3QgcXVhbGlmaWVyID0gU3RhY2sub2YodGhpcykuc3ludGhlc2l6ZXIuYm9vdHN0cmFwUXVhbGlmaWVyIHx8IGRlZmF1bHRRdWFsaWZpZXI7XG4gICAgICBjb25zdCBxdWFsaWZpZXIgPSBTdGFjay5vZih0aGlzKS5zeW50aGVzaXplci5ib290c3RyYXBRdWFsaWZpZXI7XG5cbiAgICAgIC8vIGFkZCByZXNvdXJjZSBwb2xpY3kgd2hlbiBjdXN0b20gcXVhbGlmaWVyXG4gICAgICBpZiAocXVhbGlmaWVyICYmIChxdWFsaWZpZXIgIT0gRGVmYXVsdFN0YWNrU3ludGhlc2l6ZXIuREVGQVVMVF9RVUFMSUZJRVIpKSB7XG5cbiAgICAgICAgdGhpcy5hZGRUb1Jlc291cmNlUG9saWN5KG5ldyBpYW0uUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICAnczM6KicsXG4gICAgICAgICAgXSxcbiAgICAgICAgICByZXNvdXJjZXM6IFtcbiAgICAgICAgICAgIGAke3RoaXMuYnVja2V0QXJufWAsXG4gICAgICAgICAgICBgJHt0aGlzLmJ1Y2tldEFybn0vKmAsXG4gICAgICAgICAgXSxcbiAgICAgICAgICBwcmluY2lwYWxzOiBbXG4gICAgICAgICAgICBuZXcgaWFtLkFyblByaW5jaXBhbChgYXJuOmF3czppYW06OiR7YWNjb3VudH06cm9sZS9jZGstJHtxdWFsaWZpZXJ9LWRlcGxveS1yb2xlLSR7YWNjb3VudH0tJHtyZWdpb259YCksXG4gICAgICAgICAgXSxcbiAgICAgICAgfSkpO1xuICAgICAgfVxuICAgIH1cbiAgfVxufSJdfQ==