UNPKG

@gammarers/aws-secure-bucket

Version:

This is a Simple S3 Secure Bucket.

github.com/gammarers/aws-secure-bucket

gammarers/aws-secure-bucket

72 lines 10.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
"use strict"; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.SecureBucket = void 0; const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti"); const aws_cdk_lib_1 = require("aws-cdk-lib"); const iam = require("aws-cdk-lib/aws-iam"); const s3 = require("aws-cdk-lib/aws-s3"); class SecureBucket extends s3.Bucket { constructor(scope, id, props) { super(scope, id, { ...props, removalPolicy: aws_cdk_lib_1.RemovalPolicy.RETAIN, // encryption: props?.encryption || s3.BucketEncryption.KMS_MANAGED, encryption: (() => { if (props?.isCloudFrontOriginBucket === true) { return s3.BucketEncryption.S3_MANAGED; } return props?.encryption || s3.BucketEncryption.KMS_MANAGED; })(), accessControl: (() => { if (!props?.accessControl) { return s3.BucketAccessControl.PRIVATE; } return props.accessControl; })(), eventBridgeEnabled: undefined, publicReadAccess: false, blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL, enforceSSL: true, versioned: props?.versioned !== undefined ? props.versioned : true, objectOwnership: (() => { if (props?.objectOwnership) { return props.objectOwnership; } return s3.ObjectOwnership.BUCKET_OWNER_ENFORCED; })(), }); // Get CfnBucket const cfnBucket = this.node.defaultChild; if (props?.eventBridgeEnabled === true) { cfnBucket.addPropertyOverride('NotificationConfiguration.EventBridgeConfiguration.EventBridgeEnabled', true); } // 👇 Get account & region const account = aws_cdk_lib_1.Stack.of(this).account; const region = aws_cdk_lib_1.Stack.of(this).region; if (props?.isPipelineArtifactBucket) { // 👇 Get qualifier // const qualifier = Stack.of(this).synthesizer.bootstrapQualifier || defaultQualifier; const qualifier = aws_cdk_lib_1.Stack.of(this).synthesizer.bootstrapQualifier; // add resource policy when custom qualifier if (qualifier && (qualifier != aws_cdk_lib_1.DefaultStackSynthesizer.DEFAULT_QUALIFIER)) { this.addToResourcePolicy(new iam.PolicyStatement({ actions: [ 's3:*', ], resources: [ `${this.bucketArn}`, `${this.bucketArn}/*`, ], principals: [ new iam.ArnPrincipal(`arn:aws:iam::${account}:role/cdk-${qualifier}-deploy-role-${account}-${region}`), ], })); } } } } exports.SecureBucket = SecureBucket; _a = JSII_RTTI_SYMBOL_1; SecureBucket[_a] = { fqn: "@gammarers/aws-secure-bucket.SecureBucket", version: "2.3.20" }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSw2Q0FBNEU7QUFDNUUsMkNBQTJDO0FBQzNDLHlDQUF5QztBQXlCekMsTUFBYSxZQUFhLFNBQVEsRUFBRSxDQUFDLE1BQU07SUFDekMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxLQUF5QjtRQUNqRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRTtZQUNmLEdBQUcsS0FBSztZQUNSLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE1BQU07WUFDbkMsb0VBQW9FO1lBQ3BFLFVBQVUsRUFBRSxDQUFDLEdBQUcsRUFBRTtnQkFDaEIsSUFBSSxLQUFLLEVBQUUsd0JBQXdCLEtBQUssSUFBSSxFQUFFLENBQUM7b0JBQzdDLE9BQU8sRUFBRSxDQUFDLGdCQUFnQixDQUFDLFVBQVUsQ0FBQztnQkFDeEMsQ0FBQztnQkFDRCxPQUFPLEtBQUssRUFBRSxVQUFVLElBQUksRUFBRSxDQUFDLGdCQUFnQixDQUFDLFdBQVcsQ0FBQztZQUM5RCxDQUFDLENBQUMsRUFBRTtZQUNKLGFBQWEsRUFBRSxDQUFDLEdBQUcsRUFBRTtnQkFDbkIsSUFBSSxDQUFDLEtBQUssRUFBRSxhQUFhLEVBQUUsQ0FBQztvQkFDMUIsT0FBTyxFQUFFLENBQUMsbUJBQW1CLENBQUMsT0FBTyxDQUFDO2dCQUN4QyxDQUFDO2dCQUNELE9BQU8sS0FBSyxDQUFDLGFBQWEsQ0FBQztZQUM3QixDQUFDLENBQUMsRUFBRTtZQUNKLGtCQUFrQixFQUFFLFNBQVM7WUFDN0IsZ0JBQWdCLEVBQUUsS0FBSztZQUN2QixpQkFBaUIsRUFBRSxFQUFFLENBQUMsaUJBQWlCLENBQUMsU0FBUztZQUNqRCxVQUFVLEVBQUUsSUFBSTtZQUNoQixTQUFTLEVBQUUsS0FBSyxFQUFFLFNBQVMsS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLElBQUk7WUFDbEUsZUFBZSxFQUFFLENBQUMsR0FBRyxFQUFFO2dCQUNyQixJQUFJLEtBQUssRUFBRSxlQUFlLEVBQUUsQ0FBQztvQkFDM0IsT0FBTyxLQUFLLENBQUMsZUFBZSxDQUFDO2dCQUMvQixDQUFDO2dCQUNELE9BQU8sRUFBRSxDQUFDLGVBQWUsQ0FBQyxxQkFBcUIsQ0FBQztZQUNsRCxDQUFDLENBQUMsRUFBRTtTQUNMLENBQUMsQ0FBQztRQUVILGdCQUFnQjtRQUNoQixNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLFlBQTRCLENBQUM7UUFDekQsSUFBSSxLQUFLLEVBQUUsa0JBQWtCLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDdkMsU0FBUyxDQUFDLG1CQUFtQixDQUFDLHVFQUF1RSxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQy9HLENBQUM7UUFFRCwwQkFBMEI7UUFDMUIsTUFBTSxPQUFPLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsT0FBTyxDQUFDO1FBQ3ZDLE1BQU0sTUFBTSxHQUFHLG1CQUFLLENBQUMsRUFBRSxDQUFDLElBQUksQ0FBQyxDQUFDLE1BQU0sQ0FBQztRQUVyQyxJQUFJLEtBQUssRUFBRSx3QkFBd0IsRUFBRSxDQUFDO1lBRXBDLG1CQUFtQjtZQUNuQix1RkFBdUY7WUFDdkYsTUFBTSxTQUFTLEdBQUcsbUJBQUssQ0FBQyxFQUFFLENBQUMsSUFBSSxDQUFDLENBQUMsV0FBVyxDQUFDLGtCQUFrQixDQUFDO1lBRWhFLDRDQUE0QztZQUM1QyxJQUFJLFNBQVMsSUFBSSxDQUFDLFNBQVMsSUFBSSxxQ0FBdUIsQ0FBQyxpQkFBaUIsQ0FBQyxFQUFFLENBQUM7Z0JBRTFFLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxlQUFlLENBQUM7b0JBQy9DLE9BQU8sRUFBRTt3QkFDUCxNQUFNO3FCQUNQO29CQUNELFNBQVMsRUFBRTt3QkFDVCxHQUFHLElBQUksQ0FBQyxTQUFTLEVBQUU7d0JBQ25CLEdBQUcsSUFBSSxDQUFDLFNBQVMsSUFBSTtxQkFDdEI7b0JBQ0QsVUFBVSxFQUFFO3dCQUNWLElBQUksR0FBRyxDQUFDLFlBQVksQ0FBQyxnQkFBZ0IsT0FBTyxhQUFhLFNBQVMsZ0JBQWdCLE9BQU8sSUFBSSxNQUFNLEVBQUUsQ0FBQztxQkFDdkc7aUJBQ0YsQ0FBQyxDQUFDLENBQUM7WUFDTixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7O0FBaEVILG9DQWlFQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IERlZmF1bHRTdGFja1N5bnRoZXNpemVyLCBSZW1vdmFsUG9saWN5LCBTdGFjayB9IGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCAqIGFzIGlhbSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtaWFtJztcbmltcG9ydCAqIGFzIHMzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1zMyc7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcblxuLyoqXG4gKiBAVE9ETzogTm90IHlldCBzdXBwb3J0ZWRcbiAqIGh0dHBzOi8vZ2l0aHViLmNvbS9hd3MvanNpaS9pc3N1ZXMvNDQ2OFxuICogdHlwZSBvbWl0S2V5cyA9ICdwdWJsaWNSZWFkQWNjZXNzfGVuZm9yY2VTU0x8YmxvY2tQdWJsaWNBY2Nlc3MnO1xuICogZXhwb3J0IGludGVyZmFjZSBDb2RlUGlwZWxpbmVTdGF0ZUNoYW5nZURldGVjdGlvbkV2ZW50UnVsZVByb3BzIGV4dGVuZHMgT21pdDxzMy5CdWNrZXRQcm9wcywgJ3B1YmxpY1JlYWRBY2Nlc3MnPiB7fVxuICovXG5cbmV4cG9ydCBpbnRlcmZhY2UgU2VjdXJlQnVja2V0UHJvcHMgZXh0ZW5kcyBzMy5CdWNrZXRQcm9wcyB7XG5cbiAgLyoqXG4gICAqIElmIHlvdSBhcmUgc2V0dGluZyBhIGN1c3RvbSBRdWFsaWZpZXIgYW5kIHVzaW5nIGl0IGFzIHRoZSBhcnRpZmFjdCBidWNrZXQgZm9yIHRoZSBDREsgcGlwZWxpbmUsIHNldCBpdCB0byB0cnVlLlxuICAgKlxuICAgKiBAZGVmYXVsdCBmYWxzZVxuICAgKi9cbiAgcmVhZG9ubHkgaXNQaXBlbGluZUFydGlmYWN0QnVja2V0PzogYm9vbGVhbjtcblxuICAvKipcbiAgICogSWYgeW91ciBhcmUgdXNpbmcgaXQgYXMgdGhlIENsb3VkRnJvbnQgb3JpZ24gYnVja2V0LCBzZXQgaXQgdG8gdHJ1ZS5cbiAgICovXG4gIHJlYWRvbmx5IGlzQ2xvdWRGcm9udE9yaWdpbkJ1Y2tldD86IGJvb2xlYW47XG59XG5cbmV4cG9ydCBjbGFzcyBTZWN1cmVCdWNrZXQgZXh0ZW5kcyBzMy5CdWNrZXQge1xuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wcz86IFNlY3VyZUJ1Y2tldFByb3BzKSB7XG4gICAgc3VwZXIoc2NvcGUsIGlkLCB7XG4gICAgICAuLi5wcm9wcyxcbiAgICAgIHJlbW92YWxQb2xpY3k6IFJlbW92YWxQb2xpY3kuUkVUQUlOLFxuICAgICAgLy8gZW5jcnlwdGlvbjogcHJvcHM/LmVuY3J5cHRpb24gfHwgczMuQnVja2V0RW5jcnlwdGlvbi5LTVNfTUFOQUdFRCxcbiAgICAgIGVuY3J5cHRpb246ICgoKSA9PiB7XG4gICAgICAgIGlmIChwcm9wcz8uaXNDbG91ZEZyb250T3JpZ2luQnVja2V0ID09PSB0cnVlKSB7XG4gICAgICAgICAgcmV0dXJuIHMzLkJ1Y2tldEVuY3J5cHRpb24uUzNfTUFOQUdFRDtcbiAgICAgICAgfVxuICAgICAgICByZXR1cm4gcHJvcHM/LmVuY3J5cHRpb24gfHwgczMuQnVja2V0RW5jcnlwdGlvbi5LTVNfTUFOQUdFRDtcbiAgICAgIH0pKCksXG4gICAgICBhY2Nlc3NDb250cm9sOiAoKCkgPT4ge1xuICAgICAgICBpZiAoIXByb3BzPy5hY2Nlc3NDb250cm9sKSB7XG4gICAgICAgICAgcmV0dXJuIHMzLkJ1Y2tldEFjY2Vzc0NvbnRyb2wuUFJJVkFURTtcbiAgICAgICAgfVxuICAgICAgICByZXR1cm4gcHJvcHMuYWNjZXNzQ29udHJvbDtcbiAgICAgIH0pKCksXG4gICAgICBldmVudEJyaWRnZUVuYWJsZWQ6IHVuZGVmaW5lZCxcbiAgICAgIHB1YmxpY1JlYWRBY2Nlc3M6IGZhbHNlLFxuICAgICAgYmxvY2tQdWJsaWNBY2Nlc3M6IHMzLkJsb2NrUHVibGljQWNjZXNzLkJMT0NLX0FMTCxcbiAgICAgIGVuZm9yY2VTU0w6IHRydWUsXG4gICAgICB2ZXJzaW9uZWQ6IHByb3BzPy52ZXJzaW9uZWQgIT09IHVuZGVmaW5lZCA/IHByb3BzLnZlcnNpb25lZCA6IHRydWUsXG4gICAgICBvYmplY3RPd25lcnNoaXA6ICgoKSA9PiB7XG4gICAgICAgIGlmIChwcm9wcz8ub2JqZWN0T3duZXJzaGlwKSB7XG4gICAgICAgICAgcmV0dXJuIHByb3BzLm9iamVjdE93bmVyc2hpcDtcbiAgICAgICAgfVxuICAgICAgICByZXR1cm4gczMuT2JqZWN0T3duZXJzaGlwLkJVQ0tFVF9PV05FUl9FTkZPUkNFRDtcbiAgICAgIH0pKCksXG4gICAgfSk7XG5cbiAgICAvLyBHZXQgQ2ZuQnVja2V0XG4gICAgY29uc3QgY2ZuQnVja2V0ID0gdGhpcy5ub2RlLmRlZmF1bHRDaGlsZCBhcyBzMy5DZm5CdWNrZXQ7XG4gICAgaWYgKHByb3BzPy5ldmVudEJyaWRnZUVuYWJsZWQgPT09IHRydWUpIHtcbiAgICAgIGNmbkJ1Y2tldC5hZGRQcm9wZXJ0eU92ZXJyaWRlKCdOb3RpZmljYXRpb25Db25maWd1cmF0aW9uLkV2ZW50QnJpZGdlQ29uZmlndXJhdGlvbi5FdmVudEJyaWRnZUVuYWJsZWQnLCB0cnVlKTtcbiAgICB9XG5cbiAgICAvLyDwn5GHIEdldCBhY2NvdW50ICYgcmVnaW9uXG4gICAgY29uc3QgYWNjb3VudCA9IFN0YWNrLm9mKHRoaXMpLmFjY291bnQ7XG4gICAgY29uc3QgcmVnaW9uID0gU3RhY2sub2YodGhpcykucmVnaW9uO1xuXG4gICAgaWYgKHByb3BzPy5pc1BpcGVsaW5lQXJ0aWZhY3RCdWNrZXQpIHtcblxuICAgICAgLy8g8J+RhyBHZXQgcXVhbGlmaWVyXG4gICAgICAvLyBjb25zdCBxdWFsaWZpZXIgPSBTdGFjay5vZih0aGlzKS5zeW50aGVzaXplci5ib290c3RyYXBRdWFsaWZpZXIgfHwgZGVmYXVsdFF1YWxpZmllcjtcbiAgICAgIGNvbnN0IHF1YWxpZmllciA9IFN0YWNrLm9mKHRoaXMpLnN5bnRoZXNpemVyLmJvb3RzdHJhcFF1YWxpZmllcjtcblxuICAgICAgLy8gYWRkIHJlc291cmNlIHBvbGljeSB3aGVuIGN1c3RvbSBxdWFsaWZpZXJcbiAgICAgIGlmIChxdWFsaWZpZXIgJiYgKHF1YWxpZmllciAhPSBEZWZhdWx0U3RhY2tTeW50aGVzaXplci5ERUZBVUxUX1FVQUxJRklFUikpIHtcblxuICAgICAgICB0aGlzLmFkZFRvUmVzb3VyY2VQb2xpY3kobmV3IGlhbS5Qb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAgIGFjdGlvbnM6IFtcbiAgICAgICAgICAgICdzMzoqJyxcbiAgICAgICAgICBdLFxuICAgICAgICAgIHJlc291cmNlczogW1xuICAgICAgICAgICAgYCR7dGhpcy5idWNrZXRBcm59YCxcbiAgICAgICAgICAgIGAke3RoaXMuYnVja2V0QXJufS8qYCxcbiAgICAgICAgICBdLFxuICAgICAgICAgIHByaW5jaXBhbHM6IFtcbiAgICAgICAgICAgIG5ldyBpYW0uQXJuUHJpbmNpcGFsKGBhcm46YXdzOmlhbTo6JHthY2NvdW50fTpyb2xlL2Nkay0ke3F1YWxpZmllcn0tZGVwbG95LXJvbGUtJHthY2NvdW50fS0ke3JlZ2lvbn1gKSxcbiAgICAgICAgICBdLFxuICAgICAgICB9KSk7XG4gICAgICB9XG4gICAgfVxuICB9XG59Il19