Skip to content

Commit

Permalink
Merge branch 'master' into apprunner-vpc-connector
Browse files Browse the repository at this point in the history
  • Loading branch information
mergify[bot] authored May 25, 2022
2 parents 851933d + 3e6ec5c commit a6b2b57
Show file tree
Hide file tree
Showing 2 changed files with 43 additions and 0 deletions.
3 changes: 3 additions & 0 deletions packages/@aws-cdk/aws-s3-deployment/lib/bucket-deployment.ts
Original file line number Diff line number Diff line change
Expand Up @@ -327,6 +327,9 @@ export class BucketDeployment extends CoreConstruct {
const sources: SourceConfig[] = props.sources.map((source: ISource) => source.bind(this, { handlerRole }));

props.destinationBucket.grantReadWrite(handler);
if (props.accessControl) {
props.destinationBucket.grantPutAcl(handler);
}
if (props.distribution) {
handler.addToRolePolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
Expand Down
40 changes: 40 additions & 0 deletions packages/@aws-cdk/aws-s3-deployment/test/bucket-deployment.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -708,6 +708,46 @@ testFutureBehavior('lambda execution role gets permissions to read from the sour
});
});

testFutureBehavior('lambda execution role gets putObjectAcl permission when deploying with accessControl', s3GrantWriteCtx, cdk.App, (app) => {
// GIVEN
const stack = new cdk.Stack(app);
const source = new s3.Bucket(stack, 'Source');
const bucket = new s3.Bucket(stack, 'Dest');

// WHEN
new s3deploy.BucketDeployment(stack, 'Deploy', {
sources: [s3deploy.Source.bucket(source, 'file.zip')],
destinationBucket: bucket,
accessControl: s3.BucketAccessControl.PUBLIC_READ,
});

// THEN
const map = Template.fromStack(stack).findResources('AWS::IAM::Policy');
expect(map).toBeDefined();
const resource = map[Object.keys(map)[0]];
expect(resource.Properties.PolicyDocument.Statement).toContainEqual({
Action: [
's3:PutObjectAcl',
's3:PutObjectVersionAcl',
],
Effect: 'Allow',
Resource: {
'Fn::Join': [
'',
[
{
'Fn::GetAtt': [
'DestC383B82A',
'Arn',
],
},
'/*',
],
],
},
});
});

test('memoryLimit can be used to specify the memory limit for the deployment resource handler', () => {
// GIVEN
const stack = new cdk.Stack();
Expand Down

0 comments on commit a6b2b57

Please sign in to comment.