Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(cloudfront): s3 origin access control L2 construct #31254

Merged
merged 79 commits into from
Sep 5, 2024
+167,295 −34
Merged

feat(cloudfront): s3 origin access control L2 construct #31254

Show file tree
Hide file tree
Changes from 75 commits
Commits
Show all changes
79 commits
Select commit Hold shift + click to select a range
cd5f600
wip oac
May 17, 2024
fee9488
create custom resource to update kms policy
May 24, 2024
4ae6627
custom resource for bucket policy
May 28, 2024
dc49ed1
Support oac in webDistribution
May 28, 2024
ad28865
refactor
May 29, 2024
98af399
fix undefined distribution id
Jun 3, 2024
d87681e
refactor
Jun 19, 2024
c9bba82
Add validation for origin type on OAC
Jun 20, 2024
8a4e752
Add origin type to oac
Jun 21, 2024
4267b49
remove feature flag
gracelu0 Aug 3, 2024
a0529ec
deprecate S3Origin and replace with S3StaticWebsiteOrigin and S3Bucke…
gracelu0 Aug 8, 2024
e0a3d37
Add S3BucketOrigin subclass props
gracelu0 Aug 12, 2024
1bd7d95
update README for cloudfront with new API for S3BucketOrigin
gracelu0 Aug 12, 2024
5c16627
add unit tests for S3 OAC
gracelu0 Aug 14, 2024
664d2a9
remove name length validation (leave this to cloudformation)
gracelu0 Aug 14, 2024
62f8c68
fix unit test
gracelu0 Aug 14, 2024
012dfc6
formatting
gracelu0 Aug 14, 2024
622209a
Add integration test for S3 bucket origin with default OAC
gracelu0 Aug 16, 2024
1f7f792
add if check to OAC bind method
gracelu0 Aug 16, 2024
d4ac775
check default properties in OriginAccessControl in unit test
samson-keung Aug 16, 2024
a306f53
remove custom resource
gracelu0 Aug 19, 2024
d9376fb
fix integ test formatting
gracelu0 Aug 19, 2024
840957d
Add note about bucket object ownership with OAC
gracelu0 Aug 19, 2024
632c131
remove web distribution oac
gracelu0 Aug 19, 2024
bbc70e0
adding first unit test for S3BucketOrigin
samson-keung Aug 20, 2024
d835503
more unit tests for S3BucketOrigin
samson-keung Aug 21, 2024
7f51018
more unit tests for S3BucketOrigin and removed originAccessControlId …
samson-keung Aug 22, 2024
1b9455c
address feedback
gracelu0 Aug 22, 2024
903b105
fix unit tests
gracelu0 Aug 22, 2024
4c9d719
Unit test for S3BucketOrigin.withOriginAccessIdentity
samson-keung Aug 22, 2024
affcaf8
Add integration tests for s3 bucket origin and s3 static website origin
gracelu0 Aug 22, 2024
e256724
add unit test for s3 static website origin
gracelu0 Aug 23, 2024
1de0c6a
add test for imported bucket
gracelu0 Aug 24, 2024
879fc94
add unit test for oac permission levels
gracelu0 Aug 26, 2024
b08605e
introduce assembleDomainName option in S3BucketOrigin.withOriginAcces…
samson-keung Aug 27, 2024
054f24f
Update README and warning
gracelu0 Aug 22, 2024
f5c308c
fix using imported bucket with assembleDomainName to true
samson-keung Aug 27, 2024
626a8b3
remove assembleDomainName and use wildcard key policy
samson-keung Aug 28, 2024
4a8f9c8
warn user about wildcard in key policy
samson-keung Aug 28, 2024
9449c3c
warning wording update
samson-keung Aug 28, 2024
f33dffb
add unit test for oac permission levels (#31225)
gracelu0 Aug 28, 2024
dd11f45
warning wording update and removed redundant warning
samson-keung Aug 28, 2024
c8eaa3e
Use wildcard in KMS key policy instead of referencing Distribution to…
gracelu0 Aug 28, 2024
8d1f326
unit test using escape hatch to scope down OAC Key policy permission
samson-keung Aug 28, 2024
06b471a
liniting fix
samson-keung Aug 28, 2024
516c29f
add migration section and imported bucket sections to README
gracelu0 Aug 29, 2024
e146ecf
revert accidentally deleted doc string
samson-keung Aug 29, 2024
69f10ad
Unit test for using escape hatch to scope down Key Policy (#31246)
gracelu0 Aug 29, 2024
f776aad
update unit test warning message to match
gracelu0 Aug 29, 2024
5d6d0d4
update readme
gracelu0 Aug 29, 2024
8d37c8d
add section to README on migrating from OAI to OAC (#31247)
gracelu0 Aug 29, 2024
f0f58cd
liniting fixes
samson-keung Aug 29, 2024
afadeee
Liniting fixes (#31256)
samson-keung Aug 29, 2024
762e036
add section for ssekms circular dependency workaround
gracelu0 Aug 30, 2024
54d597e
add README section for sse-kms circular dependency workaround (#31262)
gracelu0 Aug 30, 2024
ebfa3fd
OAC encrypted bucket origin integ test
samson-keung Aug 30, 2024
bec0246
snapshot update
samson-keung Aug 30, 2024
35dd110
OAC encrypted bucket origin integ test (#31270)
gracelu0 Sep 3, 2024
298ffc9
update note on downtime during migration
gracelu0 Sep 3, 2024
3cab851
update readme
gracelu0 Sep 4, 2024
9377b09
docs: update note on downtime during migration (#31307)
gracelu0 Sep 4, 2024
765d37e
pr feedback for static website origin
gracelu0 Sep 4, 2024
69e2846
clarify standard s3 origin
gracelu0 Sep 4, 2024
d6ee6b7
refactor and readme
gracelu0 Sep 4, 2024
d111eea
Update S3BucketOrigin.withOriginAccessControl class methods to be pri…
samson-keung Sep 4, 2024
684ed5a
Update S3BucketOrigin.withOriginAccessControl class methods to be pri…
samson-keung Sep 4, 2024
5d510c5
move note to s3 section
gracelu0 Sep 4, 2024
070b3d5
format docstring with extra line
gracelu0 Sep 4, 2024
a4a5ef3
add new line to s3 origin file
gracelu0 Sep 4, 2024
ae53ce3
docstring for signingbehavior
gracelu0 Sep 4, 2024
405488d
address feedback
gracelu0 Sep 5, 2024
d35c6bd
refactor anonymous classes into subclasses for s3 bucket origin with …
gracelu0 Sep 5, 2024
912891b
Merge branch 'main' into gracelu0/s3-oac-l2
gracelu0 Sep 5, 2024
46db428
make subclasses private
gracelu0 Sep 5, 2024
3df3b2f
move permissions to keep private
gracelu0 Sep 5, 2024
81a8a89
fix linting error
gracelu0 Sep 5, 2024
d1dc56a
fix integ test
gracelu0 Sep 5, 2024
844c234
Merge branch 'main' into gracelu0/s3-oac-l2
mergify[bot] Sep 5, 2024
3d79694
Merge branch 'main' into gracelu0/s3-oac-l2
mergify[bot] Sep 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31,546 changes: 31,546 additions & 0 deletions ...ot/asset.3cef2cdbb46b3821e641ffb8b9af9731af5f7e4a9e857ab633dbcd9023de724d.bundle/index.js
View file
Open in desktop

Large diffs are not rendered by default.

1 change: 1 addition & 0 deletions ...integ/test/aws-cloudfront-origins/test/integ.s3-bucket-origin-default.js.snapshot/cdk.out
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

19 changes: 19 additions & 0 deletions ...nteg.s3-bucket-origin-default.js.snapshot/cloudfront-s3-bucket-origin-default.assets.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

83 changes: 83 additions & 0 deletions ...eg.s3-bucket-origin-default.js.snapshot/cloudfront-s3-bucket-origin-default.template.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
{
"Resources": {
"Bucket83908E77": {
"Type": "AWS::S3::Bucket",
"UpdateReplacePolicy": "Delete",
"DeletionPolicy": "Delete"
},
"Distribution830FAC52": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
"DistributionConfig": {
"DefaultCacheBehavior": {
"CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
"Compress": true,
"TargetOriginId": "cloudfronts3bucketorigindefaultDistributionOrigin18071673C",
"ViewerProtocolPolicy": "allow-all"
},
"Enabled": true,
"HttpVersion": "http2",
"IPV6Enabled": true,
"Origins": [
{
"DomainName": {
"Fn::GetAtt": [
"Bucket83908E77",
"RegionalDomainName"
]
},
"Id": "cloudfronts3bucketorigindefaultDistributionOrigin18071673C",
"S3OriginConfig": {
"OriginAccessIdentity": ""
}
}
]
}
}
}
},
"Outputs": {
"ExportsOutputRefDistribution830FAC524DF81588": {
"Value": {
"Ref": "Distribution830FAC52"
},
"Export": {
"Name": "cloudfront-s3-bucket-origin-default:ExportsOutputRefDistribution830FAC524DF81588"
}
}
},
"Parameters": {
"BootstrapVersion": {
"Type": "AWS::SSM::Parameter::Value<String>",
"Default": "/cdk-bootstrap/hnb659fds/version",
"Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
}
},
"Rules": {
"CheckBootstrapVersion": {
"Assertions": [
{
"Assert": {
"Fn::Not": [
{
"Fn::Contains": [
[
"1",
"2",
"3",
"4",
"5"
],
{
"Ref": "BootstrapVersion"
}
]
}
]
},
"AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
}
]
}
}
}
12 changes: 12 additions & 0 deletions ...eg/test/aws-cloudfront-origins/test/integ.s3-bucket-origin-default.js.snapshot/integ.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

156 changes: 156 additions & 0 deletions ...test/aws-cloudfront-origins/test/integ.s3-bucket-origin-default.js.snapshot/manifest.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

32 changes: 32 additions & 0 deletions ...-bucket-origin-default.js.snapshot/s3originoacDefaultTestDeployAssertD8FD270A.assets.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading
Loading