UNPKG

@scloud/cdk-patterns

Version:

Serverless CDK patterns for common infrastructure needs

github.com/davidcarboni/scloud

davidcarboni/scloud

33 lines 5.16 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.KmsBucket = void 0; const aws_cdk_lib_1 = require("aws-cdk-lib"); const aws_kms_1 = require("aws-cdk-lib/aws-kms"); const aws_s3_1 = require("aws-cdk-lib/aws-s3"); const constructs_1 = require("constructs"); /** * A bucket with a KMS key. * @param props Any additional properties for the bucket. These can override the defaults provided by this function. * NB if you don't want a key alias, pass null for keyAlias. This is useful when importing a bucket and key into a stack. * @returns An s3.Bucket */ class KmsBucket extends constructs_1.Construct { constructor(scope, id, props) { // We set a key alias because this seems to be the only // identifying information shown in the list in the AWS console. // If explicitly null, we don't set an alias, otherwise use the value passed in const alias = props.keyAlias === null ? undefined : props.keyAlias || `${aws_cdk_lib_1.Stack.of(scope).stackName}/${id}`; super(scope, `${id}KmsBucket`); this.key = new aws_kms_1.Key(scope, `KmsKey${id}`, { removalPolicy: aws_cdk_lib_1.RemovalPolicy.RETAIN, alias, description: id }); this.bucket = new aws_s3_1.Bucket(scope, id, { blockPublicAccess: aws_s3_1.BlockPublicAccess.BLOCK_ALL, encryption: aws_s3_1.BucketEncryption.KMS, encryptionKey: this.key, bucketKeyEnabled: false, removalPolicy: aws_cdk_lib_1.RemovalPolicy.RETAIN, ...props, }); } } exports.KmsBucket = KmsBucket; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiS21zQnVja2V0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL0ttc0J1Y2tldC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUFBQSw2Q0FBbUQ7QUFDbkQsaURBQTBDO0FBQzFDLCtDQUs0QjtBQUM1QiwyQ0FBdUM7QUFVdkM7Ozs7O0dBS0c7QUFDSCxNQUFhLFNBQVUsU0FBUSxzQkFBUztJQUt0QyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQThCO1FBQ3RFLHVEQUF1RDtRQUN2RCxnRUFBZ0U7UUFDaEUsK0VBQStFO1FBQy9FLE1BQU0sS0FBSyxHQUFHLEtBQUssQ0FBQyxRQUFRLEtBQUssSUFBSSxDQUFDLENBQUMsQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxRQUFRLElBQUksR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxTQUFTLElBQUksRUFBRSxFQUFFLENBQUM7UUFDM0csS0FBSyxDQUFDLEtBQUssRUFBRSxHQUFHLEVBQUUsV0FBVyxDQUFDLENBQUM7UUFDL0IsSUFBSSxDQUFDLEdBQUcsR0FBRyxJQUFJLGFBQUcsQ0FBQyxLQUFLLEVBQUUsU0FBUyxFQUFFLEVBQUUsRUFBRSxFQUFFLGFBQWEsRUFBRSwyQkFBYSxDQUFDLE1BQU0sRUFBRSxLQUFLLEVBQUUsV0FBVyxFQUFFLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDMUcsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLGVBQU0sQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFO1lBQ2xDLGlCQUFpQixFQUFFLDBCQUFpQixDQUFDLFNBQVM7WUFDOUMsVUFBVSxFQUFFLHlCQUFnQixDQUFDLEdBQUc7WUFDaEMsYUFBYSxFQUFFLElBQUksQ0FBQyxHQUFHO1lBQ3ZCLGdCQUFnQixFQUFFLEtBQUs7WUFDdkIsYUFBYSxFQUFFLDJCQUFhLENBQUMsTUFBTTtZQUNuQyxHQUFHLEtBQUs7U0FDVCxDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0Y7QUFyQkQsOEJBcUJDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgUmVtb3ZhbFBvbGljeSwgU3RhY2sgfSBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgeyBLZXkgfSBmcm9tICdhd3MtY2RrLWxpYi9hd3Mta21zJztcbmltcG9ydCB7XG4gIEJsb2NrUHVibGljQWNjZXNzLFxuICBCdWNrZXQsXG4gIEJ1Y2tldEVuY3J5cHRpb24sXG4gIEJ1Y2tldFByb3BzLFxufSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtczMnO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5cbmludGVyZmFjZSBLbXNCdWNrZXRQcm9wcyBleHRlbmRzIEJ1Y2tldFByb3BzIHtcbiAgLyoqXG4gICAqIFBhc3MgbnVsbCB0byBpbmRpY2F0ZSB5b3UgZG9uJ3Qgd2FudCBhIGtleSBhbGlhcy5cbiAgICogVGhpcyBpcyB1c2VmdWwgd2hlbiBpbXBvcnRpbmcgYSBidWNrZXQgYW5kIGtleSBpbnRvIGEgc3RhY2suXG4gICAqL1xuICBrZXlBbGlhczogc3RyaW5nIHwgbnVsbDtcbn1cblxuLyoqXG4gKiBBIGJ1Y2tldCB3aXRoIGEgS01TIGtleS5cbiAqIEBwYXJhbSBwcm9wcyBBbnkgYWRkaXRpb25hbCBwcm9wZXJ0aWVzIGZvciB0aGUgYnVja2V0LiBUaGVzZSBjYW4gb3ZlcnJpZGUgdGhlIGRlZmF1bHRzIHByb3ZpZGVkIGJ5IHRoaXMgZnVuY3Rpb24uXG4gKiBOQiBpZiB5b3UgZG9uJ3Qgd2FudCBhIGtleSBhbGlhcywgcGFzcyBudWxsIGZvciBrZXlBbGlhcy4gVGhpcyBpcyB1c2VmdWwgd2hlbiBpbXBvcnRpbmcgYSBidWNrZXQgYW5kIGtleSBpbnRvIGEgc3RhY2suXG4gKiBAcmV0dXJucyBBbiBzMy5CdWNrZXRcbiAqL1xuZXhwb3J0IGNsYXNzIEttc0J1Y2tldCBleHRlbmRzIENvbnN0cnVjdCB7XG4gIGtleTogS2V5O1xuXG4gIGJ1Y2tldDogQnVja2V0O1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBQYXJ0aWFsPEttc0J1Y2tldFByb3BzPikge1xuICAgIC8vIFdlIHNldCBhIGtleSBhbGlhcyBiZWNhdXNlIHRoaXMgc2VlbXMgdG8gYmUgdGhlIG9ubHlcbiAgICAvLyBpZGVudGlmeWluZyBpbmZvcm1hdGlvbiBzaG93biBpbiB0aGUgbGlzdCBpbiB0aGUgQVdTIGNvbnNvbGUuXG4gICAgLy8gSWYgZXhwbGljaXRseSBudWxsLCB3ZSBkb24ndCBzZXQgYW4gYWxpYXMsIG90aGVyd2lzZSB1c2UgdGhlIHZhbHVlIHBhc3NlZCBpblxuICAgIGNvbnN0IGFsaWFzID0gcHJvcHMua2V5QWxpYXMgPT09IG51bGwgPyB1bmRlZmluZWQgOiBwcm9wcy5rZXlBbGlhcyB8fCBgJHtTdGFjay5vZihzY29wZSkuc3RhY2tOYW1lfS8ke2lkfWA7XG4gICAgc3VwZXIoc2NvcGUsIGAke2lkfUttc0J1Y2tldGApO1xuICAgIHRoaXMua2V5ID0gbmV3IEtleShzY29wZSwgYEttc0tleSR7aWR9YCwgeyByZW1vdmFsUG9saWN5OiBSZW1vdmFsUG9saWN5LlJFVEFJTiwgYWxpYXMsIGRlc2NyaXB0aW9uOiBpZCB9KTtcbiAgICB0aGlzLmJ1Y2tldCA9IG5ldyBCdWNrZXQoc2NvcGUsIGlkLCB7XG4gICAgICBibG9ja1B1YmxpY0FjY2VzczogQmxvY2tQdWJsaWNBY2Nlc3MuQkxPQ0tfQUxMLFxuICAgICAgZW5jcnlwdGlvbjogQnVja2V0RW5jcnlwdGlvbi5LTVMsXG4gICAgICBlbmNyeXB0aW9uS2V5OiB0aGlzLmtleSxcbiAgICAgIGJ1Y2tldEtleUVuYWJsZWQ6IGZhbHNlLFxuICAgICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5SRVRBSU4sXG4gICAgICAuLi5wcm9wcyxcbiAgICB9KTtcbiAgfVxufVxuIl19