Skip to content

Commit acc5eb9

Browse files
author
Abdelhalim Dadouche
committed
- disabled versioning on all buckets / enabled auto delete on stack deletion
- verified test completion
1 parent 0fba01d commit acc5eb9

11 files changed

+1087
-119
lines changed

lib/build-image-data.ts

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -51,12 +51,12 @@ export class BuildImageDataStack extends cdk.Stack {
5151
// Create a bucket, then allow a deployment Lambda to upload to it.
5252
const dataBucket = new s3.Bucket(this, 'BuildImageDataBucket', {
5353
bucketName,
54-
versioned: true,
54+
versioned: false,
5555
encryptionKey: encryptionKey,
56-
removalPolicy: cdk.RemovalPolicy.DESTROY,
57-
autoDeleteObjects: true,
5856
enforceSSL: true,
5957
serverAccessLogsBucket: accessLoggingBucket,
58+
autoDeleteObjects: true,
59+
removalPolicy: RemovalPolicy.DESTROY,
6060
});
6161

6262
const cwPolicy = new iam.PolicyDocument({

lib/build-image-pipeline.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,7 +128,7 @@ export class BuildImagePipelineStack extends cdk.Stack {
128128
enableKeyRotation: true,
129129
});
130130
artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', {
131-
versioned: true,
131+
versioned: false,
132132
enforceSSL: true,
133133
serverAccessLogsBucket: accessLoggingBucket,
134134
serverAccessLogsPrefix: props.serverAccessLogsPrefix,

lib/embedded-linux-codebuild-project.ts

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,8 +94,10 @@ export class EmbeddedLinuxCodebuildProjectStack extends cdk.Stack {
9494
accessLoggingBucket = props.accessLoggingBucket;
9595
} else {
9696
accessLoggingBucket = new s3.Bucket(this, "ArtifactAccessLogging", {
97-
versioned: true,
97+
versioned: false,
9898
enforceSSL: true,
99+
autoDeleteObjects: true,
100+
removalPolicy: RemovalPolicy.DESTROY,
99101
});
100102
}
101103

lib/embedded-linux-pipeline.ts

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -150,9 +150,11 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack {
150150
outputBucket = props.outputBucket;
151151
} else {
152152
outputBucket = new s3.Bucket(this, 'PipelineOutput', {
153-
versioned: true,
153+
versioned: false,
154154
enforceSSL: true,
155155
serverAccessLogsBucket: accessLoggingBucket,
156+
autoDeleteObjects: true,
157+
removalPolicy: RemovalPolicy.DESTROY,
156158
});
157159
}
158160
}
@@ -167,7 +169,7 @@ export class EmbeddedLinuxPipelineStack extends cdk.Stack {
167169
enableKeyRotation: true,
168170
});
169171
artifactBucket = new s3.Bucket(this, 'PipelineArtifacts', {
170-
versioned: true,
172+
versioned: false,
171173
enforceSSL: true,
172174
serverAccessLogsBucket: accessLoggingBucket,
173175
encryptionKey,

test/__snapshots__/build-image-data.test.ts.snap

Lines changed: 68 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,7 @@ exports[`Build Image Data Snapshot 1`] = `
2727
"Ref": "BuildImageDataBucketE6A8BC04",
2828
},
2929
"Extract": true,
30+
"OutputObjectKeys": true,
3031
"Prune": true,
3132
"ServiceToken": {
3233
"Fn::GetAtt": [
@@ -246,9 +247,6 @@ exports[`Build Image Data Snapshot 1`] = `
246247
"Value": "true",
247248
},
248249
],
249-
"VersioningConfiguration": {
250-
"Status": "Enabled",
251-
},
252250
},
253251
"Type": "AWS::S3::Bucket",
254252
"UpdateReplacePolicy": "Delete",
@@ -386,7 +384,7 @@ exports[`Build Image Data Snapshot 1`] = `
386384
[
387385
"Lambda function for auto-deleting objects in ",
388386
{
389-
"Ref": "BuildImageDataBucketE6A8BC04",
387+
"Ref": "LoggingBucket1E5A6F3B",
390388
},
391389
" S3 bucket.",
392390
],
@@ -428,7 +426,7 @@ exports[`Build Image Data Snapshot 1`] = `
428426
"Type": "AWS::IAM::Role",
429427
},
430428
"LoggingBucket1E5A6F3B": {
431-
"DeletionPolicy": "Retain",
429+
"DeletionPolicy": "Delete",
432430
"Properties": {
433431
"AccessControl": "LogDeliveryWrite",
434432
"OwnershipControls": {
@@ -438,12 +436,34 @@ exports[`Build Image Data Snapshot 1`] = `
438436
},
439437
],
440438
},
441-
"VersioningConfiguration": {
442-
"Status": "Enabled",
443-
},
439+
"Tags": [
440+
{
441+
"Key": "aws-cdk:auto-delete-objects",
442+
"Value": "true",
443+
},
444+
],
444445
},
445446
"Type": "AWS::S3::Bucket",
446-
"UpdateReplacePolicy": "Retain",
447+
"UpdateReplacePolicy": "Delete",
448+
},
449+
"LoggingBucketAutoDeleteObjectsCustomResource3835D361": {
450+
"DeletionPolicy": "Delete",
451+
"DependsOn": [
452+
"LoggingBucketPolicy21938756",
453+
],
454+
"Properties": {
455+
"BucketName": {
456+
"Ref": "LoggingBucket1E5A6F3B",
457+
},
458+
"ServiceToken": {
459+
"Fn::GetAtt": [
460+
"CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F",
461+
"Arn",
462+
],
463+
},
464+
},
465+
"Type": "Custom::S3AutoDeleteObjects",
466+
"UpdateReplacePolicy": "Delete",
447467
},
448468
"LoggingBucketPolicy21938756": {
449469
"Properties": {
@@ -486,6 +506,45 @@ exports[`Build Image Data Snapshot 1`] = `
486506
},
487507
],
488508
},
509+
{
510+
"Action": [
511+
"s3:PutBucketPolicy",
512+
"s3:GetBucket*",
513+
"s3:List*",
514+
"s3:DeleteObject*",
515+
],
516+
"Effect": "Allow",
517+
"Principal": {
518+
"AWS": {
519+
"Fn::GetAtt": [
520+
"CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092",
521+
"Arn",
522+
],
523+
},
524+
},
525+
"Resource": [
526+
{
527+
"Fn::GetAtt": [
528+
"LoggingBucket1E5A6F3B",
529+
"Arn",
530+
],
531+
},
532+
{
533+
"Fn::Join": [
534+
"",
535+
[
536+
{
537+
"Fn::GetAtt": [
538+
"LoggingBucket1E5A6F3B",
539+
"Arn",
540+
],
541+
},
542+
"/*",
543+
],
544+
],
545+
},
546+
],
547+
},
489548
],
490549
"Version": "2012-10-17",
491550
},

0 commit comments

Comments
 (0)