Skip to content

Commit

Permalink
feat(aws-iot-kinesisfirehose-s3): added custom loggingBucketProps (#480)
Browse files Browse the repository at this point in the history
* added custom logging bucket props to kinesisfirehose-s3

* added custom logging bucket props to iot-kinesisfirehose-s3

* added log bucket condition in input validation

* Added logS3AccessLogs for enabling/disabling s3 logs

* added cfn suppress rule for no logging

* fix lint issue

* redeploy stack for cfn nag suppress changes

* added logS3AccessLogs flag for iot-kinesisfirehose-s3

* added s3BucketInterface to index and README
  • Loading branch information
mickychetta authored Nov 4, 2021
1 parent 6fab3e5 commit 76c0aa9
Show file tree
Hide file tree
Showing 9 changed files with 1,070 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,8 @@ _Parameters_
|existingBucketObj?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Existing instance of S3 Bucket object, providing both this and `bucketProps` will cause an error.|
|bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|User provided props to override the default props for the S3 Bucket. If this is provided, then also providing bucketProps is an error. |
|logGroupProps?|[`logs.LogGroupProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroupProps.html)|User provided props to override the default props for for the CloudWatchLogs LogGroup.|
|loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.|
|logS3AccessLogs? | boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true|

## Pattern Properties

Expand All @@ -77,6 +79,7 @@ _Parameters_
|iotActionsRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for IoT Rule|
|kinesisFirehoseRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for Kinesis Data Firehose delivery stream|
|kinesisFirehoseLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for Kinesis Data Firehose delivery stream|
|s3BucketInterface|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Returns an instance of s3.IBucket created by the construct|

## Default settings

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,19 +43,32 @@ export interface IotToKinesisFirehoseToS3Props {
*
* @default - None
*/
readonly existingBucketObj?: s3.IBucket,
readonly existingBucketObj?: s3.IBucket;
/**
* User provided props to override the default props for the S3 Bucket.
*
* @default - Default props are used
*/
readonly bucketProps?: s3.BucketProps,
readonly bucketProps?: s3.BucketProps;
/**
* User provided props to override the default props for the CloudWatchLogs LogGroup.
*
* @default - Default props are used
*/
readonly logGroupProps?: logs.LogGroupProps
readonly logGroupProps?: logs.LogGroupProps;
/**
* Optional user provided props to override the default props for the S3 Logging Bucket.
*
* @default - Default props are used
*/
readonly loggingBucketProps?: s3.BucketProps;
/**
* Whether to turn on Access Logs for the S3 bucket with the associated storage costs.
* Enabling Access Logging is a best practice.
*
* @default - true
*/
readonly logS3AccessLogs?: boolean;
}

export class IotToKinesisFirehoseToS3 extends Construct {
Expand All @@ -66,6 +79,7 @@ export class IotToKinesisFirehoseToS3 extends Construct {
public readonly s3Bucket?: s3.Bucket;
public readonly s3LoggingBucket?: s3.Bucket;
public readonly iotActionsRole: iam.Role;
public readonly s3BucketInterface: s3.IBucket;

/**
* @summary Constructs a new instance of the IotToKinesisFirehoseToS3 class.
Expand All @@ -79,18 +93,17 @@ export class IotToKinesisFirehoseToS3 extends Construct {
super(scope, id);
defaults.CheckProps(props);

if (props.existingBucketObj && props.bucketProps) {
throw new Error('Cannot specify both bucket properties and an existing bucket');
}

const firehoseToS3 = new KinesisFirehoseToS3(this, 'KinesisFirehoseToS3', {
kinesisFirehoseProps: props.kinesisFirehoseProps,
existingBucketObj: props.existingBucketObj,
bucketProps: props.bucketProps,
logGroupProps: props.logGroupProps
logGroupProps: props.logGroupProps,
loggingBucketProps: props.loggingBucketProps,
logS3AccessLogs: props.logS3AccessLogs
});
this.kinesisFirehose = firehoseToS3.kinesisFirehose;
this.s3Bucket = firehoseToS3.s3Bucket;
this.s3BucketInterface = firehoseToS3.s3BucketInterface;

// Setup the IAM Role for IoT Actions
this.iotActionsRole = new iam.Role(this, 'IotActionsRole', {
Expand Down
Loading

0 comments on commit 76c0aa9

Please sign in to comment.