feat(aws-fargate-s3): Created new construct #591
Conversation
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
source/patterns/@aws-solutions-constructs/aws-fargate-s3/README.md
Outdated
Show resolved
Hide resolved
| |bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Bucket.| | ||
| |loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.| | ||
| |logS3AccessLogs?| boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true| | ||
| |bucketPermissions?|`string[]`|Optional bucket permissions to grant to the Lambda function. One or more of the following may be specified: `Delete`, `Put`, `Read`, `ReadWrite`, `Write`.| |
There was a problem hiding this comment.
These terms seem specific to DDB, there's no difference between Put and Write in S3 that I can think of easily. I think the correct list would be:
List
Put
Get
Delete
If we want to stay 'generic' so read/write are common terms across all constructs (which has appeal), then it would be:
Read (we would want to ensure this includes ListBucket)
Write
Delete
If the docs are correct and more than 1 can be specified, then there is no need to include ReadWrite - I haven't looked at lambda-s3 yet, but this seems like a mistake we made back then.
Let's go with the latter and make all constructs use the terms Read and Write for consistency.
There was a problem hiding this comment.
If this is optional, the docs need to clearly state the default.
There was a problem hiding this comment.
The default bucket permissions in aws-lambda-s3 is ReadWrite which composes of Read, Write, and Delete operations so I will stick to to that for consistency. I allowed Read, Write, and Delete strings for bucketPermissions in order to create a more fine-grained policy. I removed Put as it is repetitive and made ReadWrite as default which separates confusion from inputs.
There was a problem hiding this comment.
We will need to make following changes to aws-lambda-s3 if we agree with this.
source/patterns/@aws-solutions-constructs/aws-fargate-s3/test/fargate-s3.test.ts
Outdated
Show resolved
Hide resolved
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| @@ -68,7 +56,7 @@ _Parameters_ | |||
| |bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Bucket.| | |||
| |loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.| | |||
| |logS3AccessLogs?| boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true| | |||
| |bucketPermissions?|`string[]`|Optional bucket permissions to grant to the Lambda function. One or more of the following may be specified: `Delete`, `Put`, `Read`, `ReadWrite`, `Write`.| | |||
| |bucketPermissions?|`string[]`|Optional bucket permissions to grant to the Fargate service. One or more of the following may be specified: `Delete`, `Read`, and `Write`. Default is `ReadWrite` which includes `[s3:GetObject*, s3:GetBucket*, s3:List*, s3:DeleteObject*, s3:PutObject*, s3:Abort*]`.| | |||
There was a problem hiding this comment.
Need to change this to Default is 'Read' and 'Write' as we don't want to give the impression that ReadWrite is not deprecated. I like that we don't list it here - I assume the code still allows it for backwards compatibility.
If the code looks good I can approve this now and we can make a quick inline change of this comment later.
| if (props.bucketPermissions.includes('Read')) { | ||
| bucket.grantRead(this.service.taskDefinition.taskRole); | ||
| } | ||
| if (props.bucketPermissions.includes('ReadWrite')) { |
There was a problem hiding this comment.
We can't delete this functionality as that will break existing clients - we should drop them from the doc but leave the code that supports them in place along with comments that 'Put' and 'ReadWrite' are deprecated but this code remains for backwards compatibility.
// ReadWrite and Put are deprecated, but included here for backwards compatibility
if (props.bucketPermissions.includes('Write') ||
props.bucketPermissions.includes{'ReadWrite') ||
props.bucketPermissions.includes('Put') )
{
...
}
if (props.bucketPermissions.includes('Read') || props.bucketPermissions.include('ReadWrite') {
...
}
etc.
if (props.bucketPermissions.includes('ReadWrite') || props.bucketPermissions.includes('Put')) {
printWarning('Put and ReadWrite are deprecated, please switch to some combination of Read, Write and Delete');
}
Issue #590 , if available:
Description of changes:
-Created new construct of aws-fargate-s3
-Added environment variables in fargate environment to allow read/write to bucket
-Created unit/integ tests
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.
fixes #590