@sheplu/aws-safe-modules/managed/S3Bucket.js

A collection of CDKTF modules for AWS, with security and compliance in mind

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.ManagedS3 = void 0;
const constructs_1 = require("constructs");
const main_1 = require("../main");
class ManagedS3 extends constructs_1.Construct {
    constructor(scope, id, config) {
        super(scope, id);
        const myBucket = new main_1.S3Bucket(this, 'bucket', {
            bucket: config.bucket,
            objectLockEnabled: config.worm ? true : false
        });
        this.instance = myBucket;
        new main_1.S3BucketOwnershipControls(this, 'bucket-ownership', {
            bucket: myBucket.id,
            rule: {
                objectOwnership: "BucketOwnerPreferred",
            },
        });
        const myBucketVersioning = new main_1.S3BucketVersioningA(this, 'bucket-versioning', {
            bucket: myBucket.id,
            versioningConfiguration: {
                status: 'Enabled',
                mfaDelete: 'Disabled',
            },
        });
        new main_1.S3BucketLifecycleConfiguration(this, 'bucket-lifecycle', {
            bucket: myBucket.id,
            rule: [{
                    id: 'default-lifecycle',
                    status: 'Enabled',
                    noncurrentVersionExpiration: [{
                            noncurrentDays: 30,
                            newerNoncurrentVersions: 2,
                        }],
                    abortIncompleteMultipartUpload: [{
                            daysAfterInitiation: 7,
                        }],
                }],
            dependsOn: [myBucketVersioning],
        });
        const bucketPermission = {
            statement: [{
                    actions: ['s3:*'],
                    resources: [`${myBucket.arn}/*`],
                    principals: [{
                            type: 'AWS',
                            identifiers: ['*'],
                        }],
                    effect: 'Deny',
                    condition: [{
                            test: 'Bool',
                            variable: 'aws:SecureTransport',
                            values: ['false'],
                        }],
                }],
        };
        if (config.addBucketPermission) {
            bucketPermission.statement.push(...config.addBucketPermission);
        }
        const myBucketPolicy = new main_1.DataAwsIamPolicyDocument(this, 'bucket-iam-policy', bucketPermission);
        new main_1.S3BucketPolicy(this, 'bucket-policy', {
            bucket: myBucket.id,
            policy: myBucketPolicy.json
        });
        if (config.worm) {
            new main_1.S3BucketObjectLockConfigurationA(this, 'bucket-lock-configuration', {
                bucket: myBucket.id,
                rule: {
                    defaultRetention: {
                        days: 10,
                        mode: 'GOVERNANCE',
                    },
                },
            });
        }
    }
}
exports.ManagedS3 = ManagedS3;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUzNCdWNrZXQuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9tYW5hZ2VkL1MzQnVja2V0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUFBLDJDQUF1QztBQUN2QyxrQ0FBK0w7QUFTL0wsTUFBYSxTQUFVLFNBQVEsc0JBQVM7SUFJdkMsWUFBWSxLQUFnQixFQUFFLEVBQVUsRUFBRSxNQUF1QjtRQUNoRSxLQUFLLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBRVgsTUFBTSxRQUFRLEdBQUcsSUFBSSxlQUFRLENBQUMsSUFBSSxFQUFFLFFBQVEsRUFBRTtZQUNuRCxNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQU07WUFDckIsaUJBQWlCLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxLQUFLO1NBQzdDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxRQUFRLEdBQUcsUUFBUSxDQUFDO1FBRXpCLElBQUksZ0NBQXlCLENBQUMsSUFBSSxFQUFFLGtCQUFrQixFQUFFO1lBQ3ZELE1BQU0sRUFBRSxRQUFRLENBQUMsRUFBRTtZQUNuQixJQUFJLEVBQUU7Z0JBQ0wsZUFBZSxFQUFFLHNCQUFzQjthQUN2QztTQUNELENBQUMsQ0FBQztRQUVILE1BQU0sa0JBQWtCLEdBQUcsSUFBSSwwQkFBbUIsQ0FBQyxJQUFJLEVBQUUsbUJBQW1CLEVBQUU7WUFDN0UsTUFBTSxFQUFFLFFBQVEsQ0FBQyxFQUFFO1lBQ25CLHVCQUF1QixFQUFFO2dCQUN4QixNQUFNLEVBQUUsU0FBUztnQkFDakIsU0FBUyxFQUFFLFVBQVU7YUFDckI7U0FDRCxDQUFDLENBQUM7UUFFSCxJQUFJLHFDQUE4QixDQUFDLElBQUksRUFBRSxrQkFBa0IsRUFBRTtZQUM1RCxNQUFNLEVBQUUsUUFBUSxDQUFDLEVBQUU7WUFDbkIsSUFBSSxFQUFFLENBQUM7b0JBQ04sRUFBRSxFQUFFLG1CQUFtQjtvQkFDdkIsTUFBTSxFQUFFLFNBQVM7b0JBQ2pCLDJCQUEyQixFQUFFLENBQUM7NEJBQzdCLGNBQWMsRUFBRSxFQUFFOzRCQUNsQix1QkFBdUIsRUFBRSxDQUFDO3lCQUMxQixDQUFDO29CQUNGLDhCQUE4QixFQUFFLENBQUM7NEJBQ2hDLG1CQUFtQixFQUFFLENBQUM7eUJBQ3RCLENBQUM7aUJBQ0YsQ0FBQztZQUNGLFNBQVMsRUFBRSxDQUFDLGtCQUFrQixDQUFDO1NBQy9CLENBQUMsQ0FBQztRQUVILE1BQU0sZ0JBQWdCLEdBQUc7WUFDeEIsU0FBUyxFQUFFLENBQUM7b0JBQ1gsT0FBTyxFQUFFLENBQUMsTUFBTSxDQUFDO29CQUNqQixTQUFTLEVBQUUsQ0FBQyxHQUFHLFFBQVEsQ0FBQyxHQUFHLElBQUksQ0FBQztvQkFDaEMsVUFBVSxFQUFFLENBQUM7NEJBQ1osSUFBSSxFQUFFLEtBQUs7NEJBQ1gsV0FBVyxFQUFFLENBQUMsR0FBRyxDQUFDO3lCQUNsQixDQUFDO29CQUNGLE1BQU0sRUFBRSxNQUFNO29CQUNkLFNBQVMsRUFBRSxDQUFDOzRCQUNYLElBQUksRUFBRSxNQUFNOzRCQUNaLFFBQVEsRUFBRSxxQkFBcUI7NEJBQy9CLE1BQU0sRUFBRSxDQUFDLE9BQU8sQ0FBQzt5QkFDakIsQ0FBQztpQkFDRixDQUFDO1NBQ0YsQ0FBQztRQUVGLElBQUcsTUFBTSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDL0IsZ0JBQWdCLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxHQUFHLE1BQU0sQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO1FBQ2hFLENBQUM7UUFFRCxNQUFNLGNBQWMsR0FBRyxJQUFJLCtCQUF3QixDQUFDLElBQUksRUFBRSxtQkFBbUIsRUFBRSxnQkFBZ0IsQ0FBQyxDQUFDO1FBRWpHLElBQUkscUJBQWMsQ0FBQyxJQUFJLEVBQUUsZUFBZSxFQUFFO1lBQ3pDLE1BQU0sRUFBRSxRQUFRLENBQUMsRUFBRTtZQUNuQixNQUFNLEVBQUUsY0FBYyxDQUFDLElBQUk7U0FDM0IsQ0FBQyxDQUFDO1FBRUgsSUFBRyxNQUFNLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDaEIsSUFBSSx1Q0FBZ0MsQ0FBQyxJQUFJLEVBQUUsMkJBQTJCLEVBQUU7Z0JBQzNELE1BQU0sRUFBRSxRQUFRLENBQUMsRUFBRTtnQkFDbkIsSUFBSSxFQUFFO29CQUNGLGdCQUFnQixFQUFFO3dCQUNkLElBQUksRUFBRSxFQUFFO3dCQUNSLElBQUksRUFBRSxZQUFZO3FCQUNyQjtpQkFDSjthQUNKLENBQUMsQ0FBQztRQUNiLENBQUM7SUFDRixDQUFDO0NBQ0Q7QUFyRkQsOEJBcUZDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgeyBEYXRhQXdzSWFtUG9saWN5RG9jdW1lbnQsIFMzQnVja2V0LCBTM0J1Y2tldExpZmVjeWNsZUNvbmZpZ3VyYXRpb24sIFMzQnVja2V0T2JqZWN0TG9ja0NvbmZpZ3VyYXRpb25BLCBTM0J1Y2tldE93bmVyc2hpcENvbnRyb2xzLCBTM0J1Y2tldFBvbGljeSwgUzNCdWNrZXRWZXJzaW9uaW5nQSB9IGZyb20gJy4uL21haW4nO1xuXG5leHBvcnQgdHlwZSBNYW5hZ2VkUzNDb25maWcgPSB7XG5cdGJ1Y2tldD86IHN0cmluZyxcblx0d29ybT86IGJvb2xlYW4sXG5cdC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tZXhwbGljaXQtYW55XG5cdGFkZEJ1Y2tldFBlcm1pc3Npb24/OiBBcnJheTxhbnk+XG59XG5cbmV4cG9ydCBjbGFzcyBNYW5hZ2VkUzMgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuXHQvLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgQHR5cGVzY3JpcHQtZXNsaW50L25vLWV4cGxpY2l0LWFueVxuXHRwdWJsaWMgcmVhZG9ubHkgaW5zdGFuY2U6IGFueTtcblxuXHRjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBjb25maWc6IE1hbmFnZWRTM0NvbmZpZykge1xuXHRcdHN1cGVyKHNjb3BlLCBpZCk7XG5cbiAgICAgICAgY29uc3QgbXlCdWNrZXQgPSBuZXcgUzNCdWNrZXQodGhpcywgJ2J1Y2tldCcsIHtcblx0XHRcdGJ1Y2tldDogY29uZmlnLmJ1Y2tldCxcblx0XHRcdG9iamVjdExvY2tFbmFibGVkOiBjb25maWcud29ybSA/IHRydWUgOiBmYWxzZVxuXHRcdH0pO1xuXG5cdFx0dGhpcy5pbnN0YW5jZSA9IG15QnVja2V0O1xuXG5cdFx0bmV3IFMzQnVja2V0T3duZXJzaGlwQ29udHJvbHModGhpcywgJ2J1Y2tldC1vd25lcnNoaXAnLCB7XG5cdFx0XHRidWNrZXQ6IG15QnVja2V0LmlkLFxuXHRcdFx0cnVsZToge1xuXHRcdFx0XHRvYmplY3RPd25lcnNoaXA6IFwiQnVja2V0T3duZXJQcmVmZXJyZWRcIixcblx0XHRcdH0sXG5cdFx0fSk7XG5cblx0XHRjb25zdCBteUJ1Y2tldFZlcnNpb25pbmcgPSBuZXcgUzNCdWNrZXRWZXJzaW9uaW5nQSh0aGlzLCAnYnVja2V0LXZlcnNpb25pbmcnLCB7XG5cdFx0XHRidWNrZXQ6IG15QnVja2V0LmlkLFxuXHRcdFx0dmVyc2lvbmluZ0NvbmZpZ3VyYXRpb246IHtcblx0XHRcdFx0c3RhdHVzOiAnRW5hYmxlZCcsXG5cdFx0XHRcdG1mYURlbGV0ZTogJ0Rpc2FibGVkJyxcblx0XHRcdH0sXG5cdFx0fSk7XG5cblx0XHRuZXcgUzNCdWNrZXRMaWZlY3ljbGVDb25maWd1cmF0aW9uKHRoaXMsICdidWNrZXQtbGlmZWN5Y2xlJywge1xuXHRcdFx0YnVja2V0OiBteUJ1Y2tldC5pZCxcblx0XHRcdHJ1bGU6IFt7XG5cdFx0XHRcdGlkOiAnZGVmYXVsdC1saWZlY3ljbGUnLFxuXHRcdFx0XHRzdGF0dXM6ICdFbmFibGVkJyxcblx0XHRcdFx0bm9uY3VycmVudFZlcnNpb25FeHBpcmF0aW9uOiBbe1xuXHRcdFx0XHRcdG5vbmN1cnJlbnREYXlzOiAzMCxcblx0XHRcdFx0XHRuZXdlck5vbmN1cnJlbnRWZXJzaW9uczogMixcblx0XHRcdFx0fV0sXG5cdFx0XHRcdGFib3J0SW5jb21wbGV0ZU11bHRpcGFydFVwbG9hZDogW3tcblx0XHRcdFx0XHRkYXlzQWZ0ZXJJbml0aWF0aW9uOiA3LFxuXHRcdFx0XHR9XSxcblx0XHRcdH1dLFxuXHRcdFx0ZGVwZW5kc09uOiBbbXlCdWNrZXRWZXJzaW9uaW5nXSxcblx0XHR9KTtcblxuXHRcdGNvbnN0IGJ1Y2tldFBlcm1pc3Npb24gPSB7XG5cdFx0XHRzdGF0ZW1lbnQ6IFt7XG5cdFx0XHRcdGFjdGlvbnM6IFsnczM6KiddLFxuXHRcdFx0XHRyZXNvdXJjZXM6IFtgJHtteUJ1Y2tldC5hcm59LypgXSxcblx0XHRcdFx0cHJpbmNpcGFsczogW3tcblx0XHRcdFx0XHR0eXBlOiAnQVdTJyxcblx0XHRcdFx0XHRpZGVudGlmaWVyczogWycqJ10sXG5cdFx0XHRcdH1dLFxuXHRcdFx0XHRlZmZlY3Q6ICdEZW55Jyxcblx0XHRcdFx0Y29uZGl0aW9uOiBbe1xuXHRcdFx0XHRcdHRlc3Q6ICdCb29sJyxcblx0XHRcdFx0XHR2YXJpYWJsZTogJ2F3czpTZWN1cmVUcmFuc3BvcnQnLFxuXHRcdFx0XHRcdHZhbHVlczogWydmYWxzZSddLFxuXHRcdFx0XHR9XSxcblx0XHRcdH1dLFxuXHRcdH07XG5cblx0XHRpZihjb25maWcuYWRkQnVja2V0UGVybWlzc2lvbikge1xuXHRcdFx0YnVja2V0UGVybWlzc2lvbi5zdGF0ZW1lbnQucHVzaCguLi5jb25maWcuYWRkQnVja2V0UGVybWlzc2lvbik7XG5cdFx0fVxuXG5cdFx0Y29uc3QgbXlCdWNrZXRQb2xpY3kgPSBuZXcgRGF0YUF3c0lhbVBvbGljeURvY3VtZW50KHRoaXMsICdidWNrZXQtaWFtLXBvbGljeScsIGJ1Y2tldFBlcm1pc3Npb24pO1xuXG5cdFx0bmV3IFMzQnVja2V0UG9saWN5KHRoaXMsICdidWNrZXQtcG9saWN5Jywge1xuXHRcdFx0YnVja2V0OiBteUJ1Y2tldC5pZCxcblx0XHRcdHBvbGljeTogbXlCdWNrZXRQb2xpY3kuanNvblxuXHRcdH0pO1xuXG5cdFx0aWYoY29uZmlnLndvcm0pIHtcblx0XHRcdG5ldyBTM0J1Y2tldE9iamVjdExvY2tDb25maWd1cmF0aW9uQSh0aGlzLCAnYnVja2V0LWxvY2stY29uZmlndXJhdGlvbicsIHtcbiAgICAgICAgICAgICAgICBidWNrZXQ6IG15QnVja2V0LmlkLFxuICAgICAgICAgICAgICAgIHJ1bGU6IHtcbiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdFJldGVudGlvbjoge1xuICAgICAgICAgICAgICAgICAgICAgICAgZGF5czogMTAsXG4gICAgICAgICAgICAgICAgICAgICAgICBtb2RlOiAnR09WRVJOQU5DRScsXG4gICAgICAgICAgICAgICAgICAgIH0sXG4gICAgICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIH0pO1xuXHRcdH1cblx0fVxufVxuIl19