From 13151c3047a37c10f493e267a72789f252852840 Mon Sep 17 00:00:00 2001 From: Ihor S Date: Tue, 9 Sep 2025 10:04:18 +0200 Subject: [PATCH 1/3] add policy to allow user deployer to publish frontend to s3 --- infra/lib/infra-stack.ts | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/infra/lib/infra-stack.ts b/infra/lib/infra-stack.ts index a740956..e5d00bc 100644 --- a/infra/lib/infra-stack.ts +++ b/infra/lib/infra-stack.ts @@ -419,6 +419,16 @@ export class InfraStack extends cdk.Stack { resources: [codeBucket.bucketArn, `${codeBucket.bucketArn}/*`], }), + // Allow publishing frontend artifacts to the dedicated frontend bucket + new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + actions: ['s3:*'], + resources: [ + frontendBucket.bucketArn, + `${frontendBucket.bucketArn}/*`, + ], + }), + // Allow triggering SSM RunCommand to restart docker on the instance new iam.PolicyStatement({ effect: iam.Effect.ALLOW, @@ -444,6 +454,13 @@ export class InfraStack extends cdk.Stack { actions: ['logs:*'], resources: ['*'], }), + + // CloudFront permissions + new iam.PolicyStatement({ + effect: iam.Effect.ALLOW, + actions: ['cloudfront:CreateInvalidation'], + resources: ['*'], + }), ], }), ); From 3fbcf78b25bc299552ba204bc5b007d1756b4dad Mon Sep 17 00:00:00 2001 From: Ihor S Date: Tue, 9 Sep 2025 12:24:41 +0200 Subject: [PATCH 2/3] some fixes --- .github/workflows/deploy-dev.yml | 4 ++-- infra/lib/infra-stack.ts | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy-dev.yml b/.github/workflows/deploy-dev.yml index 6968986..248de2b 100644 --- a/.github/workflows/deploy-dev.yml +++ b/.github/workflows/deploy-dev.yml @@ -49,12 +49,12 @@ jobs: - if: ${{ steps.cache-api.outputs.cache-hit != 'true' }} name: Zip application - run: zip -r app.zip . -x ".git/*" ".github/*" "infra/" "docker/" "test/" + run: zip -r app.zip . -x ".git/*" ".github/*" "infra/*" "docker/*" "test/*" - if: ${{ steps.cache-api.outputs.cache-hit != 'true' }} name: Upload to S3 run: | - FILE_NAME="app-${{ github.sha }}.zip" + FILE_NAME="app-$(date +%Y-%m-%d_%H:%M)-${{ github.sha }}.zip" aws s3 cp app.zip s3://$CODE_BUCKET/$FILE_NAME echo "FILE_NAME=$FILE_NAME" >> $GITHUB_ENV diff --git a/infra/lib/infra-stack.ts b/infra/lib/infra-stack.ts index e5d00bc..519aad8 100644 --- a/infra/lib/infra-stack.ts +++ b/infra/lib/infra-stack.ts @@ -499,5 +499,10 @@ export class InfraStack extends cdk.Stack { value: frontendBucket.bucketName, description: 'S3 bucket for frontend deployment', }); + + new cdk.CfnOutput(this, 'CloudFrontDistributionId', { + value: distribution.distributionId, + description: 'CloudFront distribution ID', + }); } } From c27764c3e501e9c775313b1c9843361823f93df3 Mon Sep 17 00:00:00 2001 From: Ihor S Date: Tue, 9 Sep 2025 12:24:43 +0200 Subject: [PATCH 3/3] 0.0.4 --- package-lock.json | 4 ++-- package.json | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8ab441b..ebdc80e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "ionicapp", - "version": "0.0.3", + "version": "0.0.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "ionicapp", - "version": "0.0.3", + "version": "0.0.4", "license": "UNLICENSED", "dependencies": { "@nestjs/common": "^11.0.1", diff --git a/package.json b/package.json index 44db976..467ed3f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ionicapp", - "version": "0.0.3", + "version": "0.0.4", "description": "", "author": "", "private": true, @@ -122,4 +122,4 @@ } ] } -} \ No newline at end of file +}