From e4128f13c40589f5926adde45446df988e939ee1 Mon Sep 17 00:00:00 2001 From: Nathanael Law Date: Mon, 28 Oct 2019 18:12:07 +0000 Subject: [PATCH 1/5] fix(s3): rule should match all update events In addition to 'PutObject', onCloudTrailPutObject() should also match on event names 'CopyObject' and 'CompleteMultipartUpload'; otherwise the event does not trigger when files are uploaded using those APIs. E.g., larger files are uploaded using the multipart API. fixes #4634 --- packages/@aws-cdk/aws-s3/lib/bucket.ts | 22 ++++-- .../test/integ.bucket-events.expected.json | 69 +++++++++++++++++++ .../aws-s3/test/integ.bucket-events.ts | 23 +++++++ 3 files changed, 108 insertions(+), 6 deletions(-) create mode 100644 packages/@aws-cdk/aws-s3/test/integ.bucket-events.expected.json create mode 100644 packages/@aws-cdk/aws-s3/test/integ.bucket-events.ts diff --git a/packages/@aws-cdk/aws-s3/lib/bucket.ts b/packages/@aws-cdk/aws-s3/lib/bucket.ts index a65daa3dd7918..c6137cae11263 100644 --- a/packages/@aws-cdk/aws-s3/lib/bucket.ts +++ b/packages/@aws-cdk/aws-s3/lib/bucket.ts @@ -172,7 +172,7 @@ export interface IBucket extends IResource { grantPublicAccess(keyPrefix?: string, ...allowedActions: string[]): iam.Grant; /** - * Define a CloudWatch event that triggers when something happens to this repository + * Define a CloudWatch event that triggers when something happens to this bucket * * Requires that there exists at least one CloudTrail Trail in your account * that captures the event. This method will not create the Trail. @@ -183,8 +183,9 @@ export interface IBucket extends IResource { onCloudTrailEvent(id: string, options?: OnCloudTrailBucketEventOptions): events.Rule; /** - * Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this - * repository. + * Defines an AWS CloudWatch event rule that can trigger a target when the + * object at the specified key in this bucket is written to. This includes + * the events PutObject, CopyObject, and CompleteMultipartUpload. * * Requires that there exists at least one CloudTrail Trail in your account * that captures the event. This method will not create the Trail. @@ -325,8 +326,9 @@ abstract class BucketBase extends Resource implements IBucket { } /** - * Defines an AWS CloudWatch event rule that can trigger a target when an image is pushed to this - * repository. + * Defines an AWS CloudWatch event rule that can trigger a target when the + * object at the specified key in this bucket is written to. This includes + * the events PutObject, CopyObject, and CompleteMultipartUpload. * * Requires that there exists at least one CloudTrail Trail in your account * that captures the event. This method will not create the Trail. @@ -338,7 +340,15 @@ abstract class BucketBase extends Resource implements IBucket { const rule = this.onCloudTrailEvent(id, options); rule.addEventPattern({ detail: { - eventName: ['PutObject'], + eventName: [ + 'CompleteMultipartUpload', + 'CopyObject', + 'PutObject' + ], + requestParameters: { + bucketName: [ this.bucketName ], + key: options.paths, + }, }, }); return rule; diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket-events.expected.json b/packages/@aws-cdk/aws-s3/test/integ.bucket-events.expected.json new file mode 100644 index 0000000000000..5772262a0e6fe --- /dev/null +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket-events.expected.json @@ -0,0 +1,69 @@ +{ + "Resources": { + "Bucket83908E77": { + "Type": "AWS::S3::Bucket", + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" + }, + "BucketOnPutObject88EA8A08": { + "Type": "AWS::Events::Rule", + "Properties": { + "EventPattern": { + "source": [ + "aws.s3" + ], + "detail-type": [ + "AWS API Call via CloudTrail" + ], + "detail": { + "resources": { + "ARN": [ + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "Bucket83908E77", + "Arn" + ] + }, + "/key" + ] + ] + } + ] + }, + "eventName": [ + "CompleteMultipartUpload", + "CopyObject", + "PutObject" + ], + "requestParameters": { + "bucketName": [ + { + "Ref": "Bucket83908E77" + } + ], + "key": [ + "key" + ] + } + } + }, + "State": "ENABLED", + "Targets": [ + { + "Arn": { + "Ref": "MyTopic" + }, + "Id": "Target0" + } + ] + } + }, + "MyTopic": { + "Type": "AWS::SNS::Topic" + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket-events.ts b/packages/@aws-cdk/aws-s3/test/integ.bucket-events.ts new file mode 100644 index 0000000000000..79bbd8d7bc9d9 --- /dev/null +++ b/packages/@aws-cdk/aws-s3/test/integ.bucket-events.ts @@ -0,0 +1,23 @@ +import cdk = require('@aws-cdk/core'); +import s3 = require('../lib'); + +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-s3-events'); + +const bucket = new s3.Bucket(stack, 'Bucket'); +// Use a raw CfnResource since aws-sns would introduce a circular dependency +const topic = new cdk.CfnResource(stack, 'MyTopic', { + type: 'AWS::SNS::Topic', +}); + +bucket.onCloudTrailPutObject('OnPutObject', { + target: { + bind: () => ({ + arn: topic.ref, + id: '' + }) + }, + paths: [ 'key' ] +}); + +app.synth(); From c842e7dea35a0a7ef9f311fad893ab45d6b7e1b1 Mon Sep 17 00:00:00 2001 From: Nathanael Law Date: Mon, 28 Oct 2019 20:11:09 +0000 Subject: [PATCH 2/5] added unit tests removed unnecessary integration tests --- .../test/notifications.test.ts | 92 ++++++++++++++++++- .../test/integ.bucket-events.expected.json | 69 -------------- .../aws-s3/test/integ.bucket-events.ts | 23 ----- 3 files changed, 87 insertions(+), 97 deletions(-) delete mode 100644 packages/@aws-cdk/aws-s3/test/integ.bucket-events.expected.json delete mode 100644 packages/@aws-cdk/aws-s3/test/integ.bucket-events.ts diff --git a/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts b/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts index 68b08a0f2c9c6..3cac56121593f 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts +++ b/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts @@ -305,7 +305,7 @@ test('a notification destination can specify a set of dependencies that must be }); describe('CloudWatch Events', () => { - test('onPutItem contains the Bucket ARN itself when path is undefined', () => { + test('onCloudTrailPutObject matches on CompleteMultipartUpload, CopyObject, and PutObject', () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { bucketName: 'MyBucket', @@ -323,8 +323,33 @@ describe('CloudWatch Events', () => { ], "detail": { "eventName": [ + "CompleteMultipartUpload", + "CopyObject", "PutObject", ], + }, + }, + "State": "ENABLED", + }); + }); + + test('onCloudTrailPutObject contains the Bucket ARN itself when path is undefined', () => { + const stack = new cdk.Stack(); + const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { + bucketName: 'MyBucket', + }); + bucket.onCloudTrailPutObject('PutRule', { + target: { + bind: () => ({ arn: 'ARN', id: '' }) + } + }); + + expect(stack).toHaveResourceLike('AWS::Events::Rule', { + "EventPattern": { + "source": [ + "aws.s3", + ], + "detail": { "resources": { "ARN": [ { @@ -347,7 +372,7 @@ describe('CloudWatch Events', () => { }); }); - test("onPutItem contains the path when it's provided", () => { + test("onCloudTrailPutObject contains the path when it's provided", () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { bucketName: 'MyBucket', @@ -365,9 +390,6 @@ describe('CloudWatch Events', () => { "aws.s3", ], "detail": { - "eventName": [ - "PutObject", - ], "resources": { "ARN": [ { @@ -389,4 +411,64 @@ describe('CloudWatch Events', () => { "State": "ENABLED", }); }); + + test("onCloudTrailPutObject matches on the requestParameter bucketName when the path is not provided", () => { + const stack = new cdk.Stack(); + const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { + bucketName: 'MyBucket', + }); + bucket.onCloudTrailPutObject('PutRule', { + target: { + bind: () => ({ arn: 'ARN', id: '' }) + }, + }); + + expect(stack).toHaveResourceLike('AWS::Events::Rule', { + "EventPattern": { + "source": [ + "aws.s3", + ], + "detail": { + "requestParameters": { + "bucketName": [ + bucket.bucketName, + ], + }, + }, + }, + "State": "ENABLED", + }); + }); + + test("onCloudTrailPutObject matches on the requestParameters bucketName and key when the path is provided", () => { + const stack = new cdk.Stack(); + const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { + bucketName: 'MyBucket', + }); + bucket.onCloudTrailPutObject('PutRule', { + target: { + bind: () => ({ arn: 'ARN', id: '' }) + }, + paths: ['my/path.zip'] + }); + + expect(stack).toHaveResourceLike('AWS::Events::Rule', { + "EventPattern": { + "source": [ + "aws.s3", + ], + "detail": { + "requestParameters": { + "bucketName": [ + bucket.bucketName, + ], + "key": [ + "my/path.zip", + ], + }, + }, + }, + "State": "ENABLED", + }); + }); }); diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket-events.expected.json b/packages/@aws-cdk/aws-s3/test/integ.bucket-events.expected.json deleted file mode 100644 index 5772262a0e6fe..0000000000000 --- a/packages/@aws-cdk/aws-s3/test/integ.bucket-events.expected.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "Resources": { - "Bucket83908E77": { - "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" - }, - "BucketOnPutObject88EA8A08": { - "Type": "AWS::Events::Rule", - "Properties": { - "EventPattern": { - "source": [ - "aws.s3" - ], - "detail-type": [ - "AWS API Call via CloudTrail" - ], - "detail": { - "resources": { - "ARN": [ - { - "Fn::Join": [ - "", - [ - { - "Fn::GetAtt": [ - "Bucket83908E77", - "Arn" - ] - }, - "/key" - ] - ] - } - ] - }, - "eventName": [ - "CompleteMultipartUpload", - "CopyObject", - "PutObject" - ], - "requestParameters": { - "bucketName": [ - { - "Ref": "Bucket83908E77" - } - ], - "key": [ - "key" - ] - } - } - }, - "State": "ENABLED", - "Targets": [ - { - "Arn": { - "Ref": "MyTopic" - }, - "Id": "Target0" - } - ] - } - }, - "MyTopic": { - "Type": "AWS::SNS::Topic" - } - } -} \ No newline at end of file diff --git a/packages/@aws-cdk/aws-s3/test/integ.bucket-events.ts b/packages/@aws-cdk/aws-s3/test/integ.bucket-events.ts deleted file mode 100644 index 79bbd8d7bc9d9..0000000000000 --- a/packages/@aws-cdk/aws-s3/test/integ.bucket-events.ts +++ /dev/null @@ -1,23 +0,0 @@ -import cdk = require('@aws-cdk/core'); -import s3 = require('../lib'); - -const app = new cdk.App(); -const stack = new cdk.Stack(app, 'aws-cdk-s3-events'); - -const bucket = new s3.Bucket(stack, 'Bucket'); -// Use a raw CfnResource since aws-sns would introduce a circular dependency -const topic = new cdk.CfnResource(stack, 'MyTopic', { - type: 'AWS::SNS::Topic', -}); - -bucket.onCloudTrailPutObject('OnPutObject', { - target: { - bind: () => ({ - arn: topic.ref, - id: '' - }) - }, - paths: [ 'key' ] -}); - -app.synth(); From 432bdc44acf4c508692509da19f1de28b7ce3d15 Mon Sep 17 00:00:00 2001 From: Nathanael Law Date: Mon, 28 Oct 2019 21:03:51 +0000 Subject: [PATCH 3/5] update expected cfn output for integ --- .../test/integ.lambda-pipeline.expected.json | 37 ++++++++++++------- 1 file changed, 24 insertions(+), 13 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json index d0b50556a168b..3d6a6d2104144 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json @@ -82,8 +82,8 @@ "Version": "2012-10-17" } }, - "DeletionPolicy": "Delete", - "UpdateReplacePolicy": "Delete" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "PipelineArtifactsBucket22248F97": { "Type": "AWS::S3::Bucket", @@ -104,8 +104,8 @@ ] } }, - "DeletionPolicy": "Retain", - "UpdateReplacePolicy": "Retain" + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" }, "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": { "Type": "AWS::KMS::Alias", @@ -118,8 +118,8 @@ ] } }, - "DeletionPolicy": "Delete", - "UpdateReplacePolicy": "Delete" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "PipelineRoleD68726F7": { "Type": "AWS::IAM::Role", @@ -381,7 +381,6 @@ } ] }, - { "Action": [ "s3:DeleteObject*", @@ -567,8 +566,8 @@ "Status": "Enabled" } }, - "DeletionPolicy": "Delete", - "UpdateReplacePolicy": "Delete" + "UpdateReplacePolicy": "Delete", + "DeletionPolicy": "Delete" }, "PipelineBucketawscdkcodepipelinelambdaPipeline87A4B3D3SourceEventRulekey23D3C004": { "Type": "AWS::Events::Rule", @@ -600,8 +599,20 @@ ] }, "eventName": [ + "CompleteMultipartUpload", + "CopyObject", "PutObject" - ] + ], + "requestParameters": { + "bucketName": [ + { + "Ref": "PipelineBucketB967BD35" + } + ], + "key": [ + "key" + ] + } } }, "State": "ENABLED", @@ -643,8 +654,8 @@ }, "CloudTrailS310CD22F2": { "Type": "AWS::S3::Bucket", - "DeletionPolicy": "Retain", - "UpdateReplacePolicy": "Retain" + "UpdateReplacePolicy": "Retain", + "DeletionPolicy": "Retain" }, "CloudTrailS3PolicyEA49A03E": { "Type": "AWS::S3::BucketPolicy", @@ -820,4 +831,4 @@ ] } } -} +} \ No newline at end of file From 588da7f539019c6303aaad7265f520ed841f3160 Mon Sep 17 00:00:00 2001 From: Nathanael Law Date: Tue, 29 Oct 2019 15:03:34 +0000 Subject: [PATCH 4/5] new method for matching object writes --- .../test/notifications.test.ts | 68 ++++++++++--------- packages/@aws-cdk/aws-s3/lib/bucket.ts | 62 +++++++++++++++-- 2 files changed, 91 insertions(+), 39 deletions(-) diff --git a/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts b/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts index 3cac56121593f..bc45f2287765e 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts +++ b/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts @@ -305,7 +305,7 @@ test('a notification destination can specify a set of dependencies that must be }); describe('CloudWatch Events', () => { - test('onCloudTrailPutObject matches on CompleteMultipartUpload, CopyObject, and PutObject', () => { + test('onCloudTrailPutObject contains the Bucket ARN itself when path is undefined', () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { bucketName: 'MyBucket', @@ -323,33 +323,8 @@ describe('CloudWatch Events', () => { ], "detail": { "eventName": [ - "CompleteMultipartUpload", - "CopyObject", "PutObject", ], - }, - }, - "State": "ENABLED", - }); - }); - - test('onCloudTrailPutObject contains the Bucket ARN itself when path is undefined', () => { - const stack = new cdk.Stack(); - const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { - bucketName: 'MyBucket', - }); - bucket.onCloudTrailPutObject('PutRule', { - target: { - bind: () => ({ arn: 'ARN', id: '' }) - } - }); - - expect(stack).toHaveResourceLike('AWS::Events::Rule', { - "EventPattern": { - "source": [ - "aws.s3", - ], - "detail": { "resources": { "ARN": [ { @@ -390,6 +365,9 @@ describe('CloudWatch Events', () => { "aws.s3", ], "detail": { + "eventName": [ + "PutObject", + ], "resources": { "ARN": [ { @@ -412,12 +390,40 @@ describe('CloudWatch Events', () => { }); }); - test("onCloudTrailPutObject matches on the requestParameter bucketName when the path is not provided", () => { + test("onCloudTrailWriteObject matches on events CompleteMultipartUpload, CopyObject, and PutObject", () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { bucketName: 'MyBucket', }); - bucket.onCloudTrailPutObject('PutRule', { + bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', { + target: { + bind: () => ({ arn: 'ARN', id: '' }) + } + }); + + expect(stack).toHaveResourceLike('AWS::Events::Rule', { + "EventPattern": { + "source": [ + "aws.s3", + ], + "detail": { + "eventName": [ + "CompleteMultipartUpload", + "CopyObject", + "PutObject", + ], + }, + }, + "State": "ENABLED", + }); + }); + + test('onCloudTrailWriteObject matches on the requestParameter bucketName when the path is not provided', () => { + const stack = new cdk.Stack(); + const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { + bucketName: 'MyBucket', + }); + bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', { target: { bind: () => ({ arn: 'ARN', id: '' }) }, @@ -436,16 +442,15 @@ describe('CloudWatch Events', () => { }, }, }, - "State": "ENABLED", }); }); - test("onCloudTrailPutObject matches on the requestParameters bucketName and key when the path is provided", () => { + test("onCloudTrailWriteObject matches on the requestParameters bucketName and key when the path is provided", () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { bucketName: 'MyBucket', }); - bucket.onCloudTrailPutObject('PutRule', { + bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', { target: { bind: () => ({ arn: 'ARN', id: '' }) }, @@ -468,7 +473,6 @@ describe('CloudWatch Events', () => { }, }, }, - "State": "ENABLED", }); }); }); diff --git a/packages/@aws-cdk/aws-s3/lib/bucket.ts b/packages/@aws-cdk/aws-s3/lib/bucket.ts index c6137cae11263..bb524524af3ff 100644 --- a/packages/@aws-cdk/aws-s3/lib/bucket.ts +++ b/packages/@aws-cdk/aws-s3/lib/bucket.ts @@ -172,7 +172,7 @@ export interface IBucket extends IResource { grantPublicAccess(keyPrefix?: string, ...allowedActions: string[]): iam.Grant; /** - * Define a CloudWatch event that triggers when something happens to this bucket + * Defines a CloudWatch event that triggers when something happens to this bucket * * Requires that there exists at least one CloudTrail Trail in your account * that captures the event. This method will not create the Trail. @@ -183,9 +183,12 @@ export interface IBucket extends IResource { onCloudTrailEvent(id: string, options?: OnCloudTrailBucketEventOptions): events.Rule; /** - * Defines an AWS CloudWatch event rule that can trigger a target when the - * object at the specified key in this bucket is written to. This includes - * the events PutObject, CopyObject, and CompleteMultipartUpload. + * Defines an AWS CloudWatch event that triggers when an object is uploaded + * to the specified paths (keys) in this bucket using the PutObject API call. + * + * Note that some tools like `aws s3 cp` will automatically use either + * PutObject or the multipart upload API depending on the file size, + * so using `onCloudTrailWriteObject` may be preferable. * * Requires that there exists at least one CloudTrail Trail in your account * that captures the event. This method will not create the Trail. @@ -194,6 +197,23 @@ export interface IBucket extends IResource { * @param options Options for adding the rule */ onCloudTrailPutObject(id: string, options?: OnCloudTrailBucketEventOptions): events.Rule; + + /** + * Defines an AWS CloudWatch event that triggers when an object at the + * specified paths (keys) in this bucket are written to. This includes + * the events PutObject, CopyObject, and CompleteMultipartUpload. + * + * Note that some tools like `aws s3 cp` will automatically use either + * PutObject or the multipart upload API depending on the file size, + * so using this method may be preferable to `onCloudTrailPutObject`. + * + * Requires that there exists at least one CloudTrail Trail in your account + * that captures the event. This method will not create the Trail. + * + * @param id The id of the rule + * @param options Options for adding the rule + */ + onCloudTrailWriteObject(id: string, options?: OnCloudTrailBucketEventOptions): events.Rule; } /** @@ -326,9 +346,12 @@ abstract class BucketBase extends Resource implements IBucket { } /** - * Defines an AWS CloudWatch event rule that can trigger a target when the - * object at the specified key in this bucket is written to. This includes - * the events PutObject, CopyObject, and CompleteMultipartUpload. + * Defines an AWS CloudWatch event that triggers when an object is uploaded + * to the specified paths (keys) in this bucket using the PutObject API call. + * + * Note that some tools like `aws s3 cp` will automatically use either + * PutObject or the multipart upload API depending on the file size, + * so using `onCloudTrailWriteObject` may be preferable. * * Requires that there exists at least one CloudTrail Trail in your account * that captures the event. This method will not create the Trail. @@ -337,6 +360,31 @@ abstract class BucketBase extends Resource implements IBucket { * @param options Options for adding the rule */ public onCloudTrailPutObject(id: string, options: OnCloudTrailBucketEventOptions = {}): events.Rule { + const rule = this.onCloudTrailEvent(id, options); + rule.addEventPattern({ + detail: { + eventName: ['PutObject'], + }, + }); + return rule; + } + + /** + * Defines an AWS CloudWatch event that triggers when an object at the + * specified paths (keys) in this bucket are written to. This includes + * the events PutObject, CopyObject, and CompleteMultipartUpload. + * + * Note that some tools like `aws s3 cp` will automatically use either + * PutObject or the multipart upload API depending on the file size, + * so using this method may be preferable to `onCloudTrailPutObject`. + * + * Requires that there exists at least one CloudTrail Trail in your account + * that captures the event. This method will not create the Trail. + * + * @param id The id of the rule + * @param options Options for adding the rule + */ + public onCloudTrailWriteObject(id: string, options: OnCloudTrailBucketEventOptions = {}): events.Rule { const rule = this.onCloudTrailEvent(id, options); rule.addEventPattern({ detail: { From 501acbd768ec095873fdfec4c32ea6b042ff70ef Mon Sep 17 00:00:00 2001 From: Nathanael Law Date: Tue, 29 Oct 2019 15:04:05 +0000 Subject: [PATCH 5/5] use new method to match write events --- .../lib/s3/source-action.ts | 2 +- .../test/integ.lambda-pipeline.expected.json | 23 ++++++++++--------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/packages/@aws-cdk/aws-codepipeline-actions/lib/s3/source-action.ts b/packages/@aws-cdk/aws-codepipeline-actions/lib/s3/source-action.ts index 1afe49ae452cd..3ee5cb779430c 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/lib/s3/source-action.ts +++ b/packages/@aws-cdk/aws-codepipeline-actions/lib/s3/source-action.ts @@ -96,7 +96,7 @@ export class S3SourceAction extends Action { // this means a duplicate path for the same bucket - error out throw new Error(`S3 source action with path '${this.props.bucketKey}' is already present in the pipeline for this source bucket`); } - this.props.bucket.onCloudTrailPutObject(id, { + this.props.bucket.onCloudTrailWriteObject(id, { target: new targets.CodePipeline(stage.pipeline), paths: [this.props.bucketKey] }); diff --git a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json index 3d6a6d2104144..453d4954406de 100644 --- a/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json +++ b/packages/@aws-cdk/aws-codepipeline-actions/test/integ.lambda-pipeline.expected.json @@ -82,8 +82,8 @@ "Version": "2012-10-17" } }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "DeletionPolicy": "Delete", + "UpdateReplacePolicy": "Delete" }, "PipelineArtifactsBucket22248F97": { "Type": "AWS::S3::Bucket", @@ -104,8 +104,8 @@ ] } }, - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "DeletionPolicy": "Retain", + "UpdateReplacePolicy": "Retain" }, "PipelineArtifactsBucketEncryptionKeyAlias5C510EEE": { "Type": "AWS::KMS::Alias", @@ -118,8 +118,8 @@ ] } }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "DeletionPolicy": "Delete", + "UpdateReplacePolicy": "Delete" }, "PipelineRoleD68726F7": { "Type": "AWS::IAM::Role", @@ -381,6 +381,7 @@ } ] }, + { "Action": [ "s3:DeleteObject*", @@ -566,8 +567,8 @@ "Status": "Enabled" } }, - "UpdateReplacePolicy": "Delete", - "DeletionPolicy": "Delete" + "DeletionPolicy": "Delete", + "UpdateReplacePolicy": "Delete" }, "PipelineBucketawscdkcodepipelinelambdaPipeline87A4B3D3SourceEventRulekey23D3C004": { "Type": "AWS::Events::Rule", @@ -654,8 +655,8 @@ }, "CloudTrailS310CD22F2": { "Type": "AWS::S3::Bucket", - "UpdateReplacePolicy": "Retain", - "DeletionPolicy": "Retain" + "DeletionPolicy": "Retain", + "UpdateReplacePolicy": "Retain" }, "CloudTrailS3PolicyEA49A03E": { "Type": "AWS::S3::BucketPolicy", @@ -831,4 +832,4 @@ ] } } -} \ No newline at end of file +}