Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(aws-events-rule-kinesisfirehose-s3): added logS3AccessLogs and loggingBucketProps #492

Merged
merged 6 commits into from
Nov 5, 2021
Merged
Show file tree
Hide file tree
Changes from 4 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@ _Parameters_
|existingBucketObj?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Existing instance of S3 Bucket object. If this is provided, then also providing bucketProps is an error. |
|bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|User provided props to override the default props for the S3 Bucket.|
|logGroupProps?|[`logs.LogGroupProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroupProps.html)|User provided props to override the default props for for the CloudWatchLogs LogGroup.|
|loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.|
|logS3AccessLogs?| boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true|

## Pattern Properties

Expand All @@ -72,6 +74,7 @@ _Parameters_
|eventsRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for Events Rule|
|kinesisFirehoseRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for Kinesis Data Firehose delivery stream|
|kinesisFirehoseLogGroup|[`logs.LogGroup`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroup.html)|Returns an instance of the LogGroup created by the construct for Kinesis Data Firehose delivery stream|
|s3BucketInterface|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Returns an instance of s3.IBucket created by the construct|

## Default settings

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,19 @@ export interface EventbridgeToKinesisFirehoseToS3Props {
* @default - Default props are used
*/
readonly logGroupProps?: logs.LogGroupProps;
/**
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like you've made the same edits to this file in this PR and in aws-eventbridge-kinesisfirehose-s3. That's going to get pretty messy. If we merge this PR will it make 491 unnecessary?

Copy link
Contributor Author

@mickychetta mickychetta Nov 5, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, let's marge this pull request since it has all the commits in 491 and new changes. We will go ahead and close 491 after 492 merges

* Optional user provided props to override the default props for the S3 Logging Bucket.
*
* @default - Default props are used
*/
readonly loggingBucketProps?: s3.BucketProps;
/**
* Whether to turn on Access Logs for the S3 bucket with the associated storage costs.
* Enabling Access Logging is a best practice.
*
* @default - true
*/
readonly logS3AccessLogs?: boolean;
}

export class EventbridgeToKinesisFirehoseToS3 extends Construct {
Expand All @@ -79,6 +92,7 @@ export class EventbridgeToKinesisFirehoseToS3 extends Construct {
public readonly s3Bucket?: s3.Bucket;
public readonly s3LoggingBucket?: s3.Bucket;
public readonly eventBus?: events.IEventBus;
public readonly s3BucketInterface: s3.IBucket;

/**
* @summary Constructs a new instance of the EventbridgeToKinesisFirehoseToS3 class.
Expand All @@ -91,22 +105,21 @@ export class EventbridgeToKinesisFirehoseToS3 extends Construct {
super(scope, id);
defaults.CheckProps(props);

if (props.existingBucketObj && props.bucketProps) {
throw new Error('Cannot specify both bucket properties and an existing bucket');
}

// Set up the Kinesis Firehose using KinesisFirehoseToS3 construct
const firehoseToS3 = new KinesisFirehoseToS3(this, 'KinesisFirehoseToS3', {
kinesisFirehoseProps: props.kinesisFirehoseProps,
existingBucketObj: props.existingBucketObj,
bucketProps: props.bucketProps,
logGroupProps: props.logGroupProps
logGroupProps: props.logGroupProps,
loggingBucketProps: props.loggingBucketProps,
logS3AccessLogs: props.logS3AccessLogs
});
this.kinesisFirehose = firehoseToS3.kinesisFirehose;
this.s3Bucket = firehoseToS3.s3Bucket;
this.kinesisFirehoseRole = firehoseToS3.kinesisFirehoseRole;
this.s3LoggingBucket = firehoseToS3.s3LoggingBucket;
this.kinesisFirehoseLogGroup = firehoseToS3.kinesisFirehoseLogGroup;
this.s3BucketInterface = firehoseToS3.s3BucketInterface;

// Create an events service role
this.eventsRole = new iam.Role(this, 'EventsRuleInvokeKinesisFirehoseRole', {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -205,4 +205,61 @@ test('check custom event bus resource with props when deploy:true', () => {
expect(stack).toHaveResource('AWS::Events::EventBus', {
Name: `testeventbus`
});
});

// --------------------------------------------------------------
// s3 bucket with bucket, loggingBucket, and auto delete objects
// --------------------------------------------------------------
test('s3 bucket with bucket, loggingBucket, and auto delete objects', () => {
const stack = new cdk.Stack();

new EventbridgeToKinesisFirehoseToS3(stack, 'kinsisfirehose-s3', {
eventRuleProps: {
description: 'event rule props',
schedule: events.Schedule.rate(cdk.Duration.minutes(5))
},
bucketProps: {
removalPolicy: cdk.RemovalPolicy.DESTROY,
},
loggingBucketProps: {
removalPolicy: cdk.RemovalPolicy.DESTROY,
autoDeleteObjects: true
}
});

expect(stack).toHaveResource("AWS::S3::Bucket", {
AccessControl: "LogDeliveryWrite"
});

expect(stack).toHaveResource("Custom::S3AutoDeleteObjects", {
ServiceToken: {
"Fn::GetAtt": [
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
"Arn"
]
},
BucketName: {
Ref: "kinsisfirehoses3KinesisFirehoseToS3S3LoggingBucket1CC9C6B7"
}
});
});

// --------------------------------------------------------------
// s3 bucket with one content bucket and no logging bucket
// --------------------------------------------------------------
test('s3 bucket with one content bucket and no logging bucket', () => {
const stack = new cdk.Stack();

new EventbridgeToKinesisFirehoseToS3(stack, 'kinsisfirehose-s3', {
eventRuleProps: {
description: 'event rule props',
schedule: events.Schedule.rate(cdk.Duration.minutes(5))
},
bucketProps: {
removalPolicy: cdk.RemovalPolicy.DESTROY,
},
logS3AccessLogs: false
});

expect(stack).toCountResources("AWS::S3::Bucket", 1);
});
Loading