cdk-nextjs/lib/nextjs-file-system.js

Deploy Next.js apps on AWS with CDK

"use strict";
var _a;
Object.defineProperty(exports, "__esModule", { value: true });
exports.NextjsFileSystem = void 0;
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
const aws_cdk_lib_1 = require("aws-cdk-lib");
const aws_efs_1 = require("aws-cdk-lib/aws-efs");
const constructs_1 = require("constructs");
/**
 * Next.js Network File System enabling sharing of image optimization cache,
 * data cach, and pages cache.
 */
class NextjsFileSystem extends constructs_1.Construct {
    constructor(scope, id, props) {
        super(scope, id);
        this.props = props;
        this.fileSystem = this.createFileSystem();
        this.accessPoint = this.createAccessPoint();
    }
    /**
     * Creates EFS File System
     *
     * Note, the resource policy for the File System will include the boolean
     * condition, `"elasticfilesystem:AccessedViaMountTarget": "true"` which from
     * CDK [docs](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_efs-readme.html#permissions)
     * says, "only allow access to clients using IAM authentication and deny access
     * to anonymous clients".
     * @see https://docs.aws.amazon.com/efs/latest/ug/access-control-block-public-access.html
     *
     * Ideally we could add IAM string condition `elasticfilesystem:AccessPointArn`
     * to the resource policy but this causes circular dependency.
     */
    createFileSystem() {
        const fileSystem = new aws_efs_1.FileSystem(this, "FileSystem", {
            encrypted: true,
            lifecyclePolicy: aws_efs_1.LifecyclePolicy.AFTER_30_DAYS,
            removalPolicy: aws_cdk_lib_1.RemovalPolicy.DESTROY,
            vpc: this.props.vpc,
            allowAnonymousAccess: false,
            ...this.props.overrides?.fileSystemProps,
        });
        return fileSystem;
    }
    createAccessPoint() {
        const uid = "1001";
        const gid = "1001";
        const accessPoint = new aws_efs_1.AccessPoint(this, "AccessPoint", {
            // as /cdk-nextjs doesn't exist in a new efs filesystem, the efs will
            // create the directory with the following options
            createAcl: {
                ownerGid: gid,
                ownerUid: uid,
                permissions: "755",
            },
            fileSystem: this.fileSystem,
            // arbitrarily named path which is exposed to NFS clients: lambda or fargate
            path: "/cdk-nextjs",
            // enforce POSIX identity so container wil access file system with this identity
            posixUser: {
                gid,
                uid,
            },
            ...this.props.overrides?.accessPointProps,
        });
        return accessPoint;
    }
    allowCompute({ connections, role }) {
        this.fileSystem.connections.allowDefaultPortFrom(connections);
        this.fileSystem.grantReadWrite(role);
    }
}
exports.NextjsFileSystem = NextjsFileSystem;
_a = JSII_RTTI_SYMBOL_1;
NextjsFileSystem[_a] = { fqn: "cdk-nextjs.NextjsFileSystem", version: "0.4.10" };
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibmV4dGpzLWZpbGUtc3lzdGVtLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL25leHRqcy1maWxlLXN5c3RlbS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQUFBLDZDQUE0QztBQUU1QyxpREFNNkI7QUFFN0IsMkNBQXVDO0FBaUJ2Qzs7O0dBR0c7QUFDSCxNQUFhLGdCQUFpQixTQUFRLHNCQUFTO0lBSzdDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBNEI7UUFDcEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqQixJQUFJLENBQUMsS0FBSyxHQUFHLEtBQUssQ0FBQztRQUNuQixJQUFJLENBQUMsVUFBVSxHQUFHLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1FBQzFDLElBQUksQ0FBQyxXQUFXLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixFQUFFLENBQUM7SUFDOUMsQ0FBQztJQUNEOzs7Ozs7Ozs7Ozs7T0FZRztJQUNLLGdCQUFnQjtRQUN0QixNQUFNLFVBQVUsR0FBRyxJQUFJLG9CQUFVLENBQUMsSUFBSSxFQUFFLFlBQVksRUFBRTtZQUNwRCxTQUFTLEVBQUUsSUFBSTtZQUNmLGVBQWUsRUFBRSx5QkFBZSxDQUFDLGFBQWE7WUFDOUMsYUFBYSxFQUFFLDJCQUFhLENBQUMsT0FBTztZQUNwQyxHQUFHLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHO1lBQ25CLG9CQUFvQixFQUFFLEtBQUs7WUFDM0IsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsRUFBRSxlQUFlO1NBQ3pDLENBQUMsQ0FBQztRQUNILE9BQU8sVUFBVSxDQUFDO0lBQ3BCLENBQUM7SUFDTyxpQkFBaUI7UUFDdkIsTUFBTSxHQUFHLEdBQUcsTUFBTSxDQUFDO1FBQ25CLE1BQU0sR0FBRyxHQUFHLE1BQU0sQ0FBQztRQUNuQixNQUFNLFdBQVcsR0FBRyxJQUFJLHFCQUFXLENBQUMsSUFBSSxFQUFFLGFBQWEsRUFBRTtZQUN2RCxxRUFBcUU7WUFDckUsa0RBQWtEO1lBQ2xELFNBQVMsRUFBRTtnQkFDVCxRQUFRLEVBQUUsR0FBRztnQkFDYixRQUFRLEVBQUUsR0FBRztnQkFDYixXQUFXLEVBQUUsS0FBSzthQUNuQjtZQUNELFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQiw0RUFBNEU7WUFDNUUsSUFBSSxFQUFFLGFBQWE7WUFDbkIsZ0ZBQWdGO1lBQ2hGLFNBQVMsRUFBRTtnQkFDVCxHQUFHO2dCQUNILEdBQUc7YUFDSjtZQUNELEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxTQUFTLEVBQUUsZ0JBQWdCO1NBQzFDLENBQUMsQ0FBQztRQUNILE9BQU8sV0FBVyxDQUFDO0lBQ3JCLENBQUM7SUFDRCxZQUFZLENBQUMsRUFBRSxXQUFXLEVBQUUsSUFBSSxFQUFxQjtRQUNuRCxJQUFJLENBQUMsVUFBVSxDQUFDLFdBQVcsQ0FBQyxvQkFBb0IsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUM5RCxJQUFJLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUN2QyxDQUFDOztBQTdESCw0Q0E4REMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBSZW1vdmFsUG9saWN5IH0gZnJvbSBcImF3cy1jZGstbGliXCI7XG5pbXBvcnQgeyBDb25uZWN0aW9ucywgSVZwYyB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWMyXCI7XG5pbXBvcnQge1xuICBBY2Nlc3NQb2ludCxcbiAgQWNjZXNzUG9pbnRQcm9wcyxcbiAgRmlsZVN5c3RlbSxcbiAgRmlsZVN5c3RlbVByb3BzLFxuICBMaWZlY3ljbGVQb2xpY3ksXG59IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtZWZzXCI7XG5pbXBvcnQgeyBJUm9sZSB9IGZyb20gXCJhd3MtY2RrLWxpYi9hd3MtaWFtXCI7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuXG5leHBvcnQgaW50ZXJmYWNlIE5leHRqc0ZpbGVTeXN0ZW1PdmVycmlkZXMge1xuICByZWFkb25seSBmaWxlU3lzdGVtUHJvcHM/OiBGaWxlU3lzdGVtUHJvcHM7XG4gIHJlYWRvbmx5IGFjY2Vzc1BvaW50UHJvcHM/OiBBY2Nlc3NQb2ludFByb3BzO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIE5leHRqc0ZpbGVTeXN0ZW1Qcm9wcyB7XG4gIHJlYWRvbmx5IG92ZXJyaWRlcz86IE5leHRqc0ZpbGVTeXN0ZW1PdmVycmlkZXM7XG4gIHJlYWRvbmx5IHZwYzogSVZwYztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBBbGxvd0NvbXB1dGVQcm9wcyB7XG4gIHJlYWRvbmx5IGNvbm5lY3Rpb25zOiBDb25uZWN0aW9ucztcbiAgcmVhZG9ubHkgcm9sZTogSVJvbGU7XG59XG5cbi8qKlxuICogTmV4dC5qcyBOZXR3b3JrIEZpbGUgU3lzdGVtIGVuYWJsaW5nIHNoYXJpbmcgb2YgaW1hZ2Ugb3B0aW1pemF0aW9uIGNhY2hlLFxuICogZGF0YSBjYWNoLCBhbmQgcGFnZXMgY2FjaGUuXG4gKi9cbmV4cG9ydCBjbGFzcyBOZXh0anNGaWxlU3lzdGVtIGV4dGVuZHMgQ29uc3RydWN0IHtcbiAgZmlsZVN5c3RlbTogRmlsZVN5c3RlbTtcbiAgYWNjZXNzUG9pbnQ6IEFjY2Vzc1BvaW50O1xuICBwcml2YXRlIHByb3BzOiBOZXh0anNGaWxlU3lzdGVtUHJvcHM7XG5cbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IE5leHRqc0ZpbGVTeXN0ZW1Qcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCk7XG4gICAgdGhpcy5wcm9wcyA9IHByb3BzO1xuICAgIHRoaXMuZmlsZVN5c3RlbSA9IHRoaXMuY3JlYXRlRmlsZVN5c3RlbSgpO1xuICAgIHRoaXMuYWNjZXNzUG9pbnQgPSB0aGlzLmNyZWF0ZUFjY2Vzc1BvaW50KCk7XG4gIH1cbiAgLyoqXG4gICAqIENyZWF0ZXMgRUZTIEZpbGUgU3lzdGVtXG4gICAqXG4gICAqIE5vdGUsIHRoZSByZXNvdXJjZSBwb2xpY3kgZm9yIHRoZSBGaWxlIFN5c3RlbSB3aWxsIGluY2x1ZGUgdGhlIGJvb2xlYW5cbiAgICogY29uZGl0aW9uLCBgXCJlbGFzdGljZmlsZXN5c3RlbTpBY2Nlc3NlZFZpYU1vdW50VGFyZ2V0XCI6IFwidHJ1ZVwiYCB3aGljaCBmcm9tXG4gICAqIENESyBbZG9jc10oaHR0cHM6Ly9kb2NzLmF3cy5hbWF6b24uY29tL2Nkay9hcGkvdjIvZG9jcy9hd3MtY2RrLWxpYi5hd3NfZWZzLXJlYWRtZS5odG1sI3Blcm1pc3Npb25zKVxuICAgKiBzYXlzLCBcIm9ubHkgYWxsb3cgYWNjZXNzIHRvIGNsaWVudHMgdXNpbmcgSUFNIGF1dGhlbnRpY2F0aW9uIGFuZCBkZW55IGFjY2Vzc1xuICAgKiB0byBhbm9ueW1vdXMgY2xpZW50c1wiLlxuICAgKiBAc2VlIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9lZnMvbGF0ZXN0L3VnL2FjY2Vzcy1jb250cm9sLWJsb2NrLXB1YmxpYy1hY2Nlc3MuaHRtbFxuICAgKlxuICAgKiBJZGVhbGx5IHdlIGNvdWxkIGFkZCBJQU0gc3RyaW5nIGNvbmRpdGlvbiBgZWxhc3RpY2ZpbGVzeXN0ZW06QWNjZXNzUG9pbnRBcm5gXG4gICAqIHRvIHRoZSByZXNvdXJjZSBwb2xpY3kgYnV0IHRoaXMgY2F1c2VzIGNpcmN1bGFyIGRlcGVuZGVuY3kuXG4gICAqL1xuICBwcml2YXRlIGNyZWF0ZUZpbGVTeXN0ZW0oKSB7XG4gICAgY29uc3QgZmlsZVN5c3RlbSA9IG5ldyBGaWxlU3lzdGVtKHRoaXMsIFwiRmlsZVN5c3RlbVwiLCB7XG4gICAgICBlbmNyeXB0ZWQ6IHRydWUsXG4gICAgICBsaWZlY3ljbGVQb2xpY3k6IExpZmVjeWNsZVBvbGljeS5BRlRFUl8zMF9EQVlTLFxuICAgICAgcmVtb3ZhbFBvbGljeTogUmVtb3ZhbFBvbGljeS5ERVNUUk9ZLFxuICAgICAgdnBjOiB0aGlzLnByb3BzLnZwYyxcbiAgICAgIGFsbG93QW5vbnltb3VzQWNjZXNzOiBmYWxzZSxcbiAgICAgIC4uLnRoaXMucHJvcHMub3ZlcnJpZGVzPy5maWxlU3lzdGVtUHJvcHMsXG4gICAgfSk7XG4gICAgcmV0dXJuIGZpbGVTeXN0ZW07XG4gIH1cbiAgcHJpdmF0ZSBjcmVhdGVBY2Nlc3NQb2ludCgpIHtcbiAgICBjb25zdCB1aWQgPSBcIjEwMDFcIjtcbiAgICBjb25zdCBnaWQgPSBcIjEwMDFcIjtcbiAgICBjb25zdCBhY2Nlc3NQb2ludCA9IG5ldyBBY2Nlc3NQb2ludCh0aGlzLCBcIkFjY2Vzc1BvaW50XCIsIHtcbiAgICAgIC8vIGFzIC9jZGstbmV4dGpzIGRvZXNuJ3QgZXhpc3QgaW4gYSBuZXcgZWZzIGZpbGVzeXN0ZW0sIHRoZSBlZnMgd2lsbFxuICAgICAgLy8gY3JlYXRlIHRoZSBkaXJlY3Rvcnkgd2l0aCB0aGUgZm9sbG93aW5nIG9wdGlvbnNcbiAgICAgIGNyZWF0ZUFjbDoge1xuICAgICAgICBvd25lckdpZDogZ2lkLFxuICAgICAgICBvd25lclVpZDogdWlkLFxuICAgICAgICBwZXJtaXNzaW9uczogXCI3NTVcIixcbiAgICAgIH0sXG4gICAgICBmaWxlU3lzdGVtOiB0aGlzLmZpbGVTeXN0ZW0sXG4gICAgICAvLyBhcmJpdHJhcmlseSBuYW1lZCBwYXRoIHdoaWNoIGlzIGV4cG9zZWQgdG8gTkZTIGNsaWVudHM6IGxhbWJkYSBvciBmYXJnYXRlXG4gICAgICBwYXRoOiBcIi9jZGstbmV4dGpzXCIsXG4gICAgICAvLyBlbmZvcmNlIFBPU0lYIGlkZW50aXR5IHNvIGNvbnRhaW5lciB3aWwgYWNjZXNzIGZpbGUgc3lzdGVtIHdpdGggdGhpcyBpZGVudGl0eVxuICAgICAgcG9zaXhVc2VyOiB7XG4gICAgICAgIGdpZCxcbiAgICAgICAgdWlkLFxuICAgICAgfSxcbiAgICAgIC4uLnRoaXMucHJvcHMub3ZlcnJpZGVzPy5hY2Nlc3NQb2ludFByb3BzLFxuICAgIH0pO1xuICAgIHJldHVybiBhY2Nlc3NQb2ludDtcbiAgfVxuICBhbGxvd0NvbXB1dGUoeyBjb25uZWN0aW9ucywgcm9sZSB9OiBBbGxvd0NvbXB1dGVQcm9wcykge1xuICAgIHRoaXMuZmlsZVN5c3RlbS5jb25uZWN0aW9ucy5hbGxvd0RlZmF1bHRQb3J0RnJvbShjb25uZWN0aW9ucyk7XG4gICAgdGhpcy5maWxlU3lzdGVtLmdyYW50UmVhZFdyaXRlKHJvbGUpO1xuICB9XG59XG4iXX0=