Skip to content

Commit

Permalink
Remove all S3 ACLs and adjust tests accordingly
Browse files Browse the repository at this point in the history
  • Loading branch information
@biffgaut
biffgaut committed Apr 15, 2023
1 parent 9ff5d63 commit b5389e3
Show file tree
Hide file tree
Showing 79 changed files with 1,562 additions and 152 deletions.
15 changes: 11 additions & 4 deletions ...s/aws-cloudfront-apigateway-lambda/test/integ.customCloudfrontLoggingBucket.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -589,13 +589,13 @@
"cfapigwlambdaCloudFrontToApiGatewaySetHttpSecurityHeadersE20F2933": {
"Type": "AWS::CloudFront::Function",
"Properties": {
"Name": "SetHttpSecurityHeadersc8273ed23dc12ef2b23814ad425355213a41659e4f",
"AutoPublish": true,
"FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
"FunctionConfig": {
"Comment": "SetHttpSecurityHeadersc8273ed23dc12ef2b23814ad425355213a41659e4f",
"Runtime": "cloudfront-js-1.0"
}
},
"Name": "SetHttpSecurityHeadersc8273ed23dc12ef2b23814ad425355213a41659e4f",
"AutoPublish": true
}
},
"cfapigwlambdaCloudFrontToApiGatewayCloudfrontLoggingBucket2E8E3DC2": {
Expand All @@ -611,6 +611,13 @@
}
]
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter"
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
Expand Down Expand Up @@ -884,7 +891,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "15684a15d07860e99d2a8079150ad33dd2cb743677fcd7016dd07345e1b69538.zip"
"S3Key": "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9.zip"
},
"Timeout": 900,
"MemorySize": 128,
Expand Down
15 changes: 11 additions & 4 deletions ...lutions-constructs/aws-cloudfront-apigateway-lambda/test/integ.no-arguments.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -589,13 +589,13 @@
"testcloudfrontapigatewaylambdaCloudFrontToApiGatewaySetHttpSecurityHeaders6945414A": {
"Type": "AWS::CloudFront::Function",
"Properties": {
"Name": "SetHttpSecurityHeadersc8118ca6b46a588ddfb2f1826effa6addb3adda75e",
"AutoPublish": true,
"FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
"FunctionConfig": {
"Comment": "SetHttpSecurityHeadersc8118ca6b46a588ddfb2f1826effa6addb3adda75e",
"Runtime": "cloudfront-js-1.0"
}
},
"Name": "SetHttpSecurityHeadersc8118ca6b46a588ddfb2f1826effa6addb3adda75e",
"AutoPublish": true
}
},
"testcloudfrontapigatewaylambdaCloudFrontToApiGatewayCloudfrontLoggingBucket7F467421": {
Expand All @@ -611,6 +611,13 @@
}
]
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter"
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
Expand Down Expand Up @@ -884,7 +891,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "15684a15d07860e99d2a8079150ad33dd2cb743677fcd7016dd07345e1b69538.zip"
"S3Key": "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9.zip"
},
"Timeout": 900,
"MemorySize": 128,
Expand Down
15 changes: 11 additions & 4 deletions ...ns-constructs/aws-cloudfront-apigateway-lambda/test/integ.override-behavior.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -550,13 +550,13 @@
"cfapilambdaoverrideCloudFrontToApiGatewaySetHttpSecurityHeaders67E61E6E": {
"Type": "AWS::CloudFront::Function",
"Properties": {
"Name": "SetHttpSecurityHeadersc82a9e79410026b75533b53f0a37eeb986a591fa95",
"AutoPublish": true,
"FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
"FunctionConfig": {
"Comment": "SetHttpSecurityHeadersc82a9e79410026b75533b53f0a37eeb986a591fa95",
"Runtime": "cloudfront-js-1.0"
}
},
"Name": "SetHttpSecurityHeadersc82a9e79410026b75533b53f0a37eeb986a591fa95",
"AutoPublish": true
}
},
"cfapilambdaoverrideCloudFrontToApiGatewayCloudfrontLoggingBucket3A71B9E0": {
Expand All @@ -572,6 +572,13 @@
}
]
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter"
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
Expand Down Expand Up @@ -923,7 +930,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "15684a15d07860e99d2a8079150ad33dd2cb743677fcd7016dd07345e1b69538.zip"
"S3Key": "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9.zip"
},
"Timeout": 900,
"MemorySize": 128,
Expand Down
2 changes: 1 addition & 1 deletion ...onstructs/aws-cloudfront-apigateway-lambda/test/test.cloudfront-apigateway-lambda.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ test('Cloudfront logging bucket with destroy removal policy and auto delete obje

const template = Template.fromStack(stack);
template.hasResourceProperties("AWS::S3::Bucket", {
AccessControl: "LogDeliveryWrite"
OwnershipControls: { Rules: [ { ObjectOwnership: "ObjectWriter" } ] },
});

template.hasResourceProperties("Custom::S3AutoDeleteObjects", {
Expand Down
15 changes: 11 additions & 4 deletions ...nstructs/aws-cloudfront-apigateway/test/integ.customCloudfrontLoggingBucket.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -589,13 +589,13 @@
"cfapigwSetHttpSecurityHeaders07A0F0C0": {
"Type": "AWS::CloudFront::Function",
"Properties": {
"Name": "SetHttpSecurityHeadersc8fc067b45a5c199a519a90c3b5f02d380f1625f1d",
"AutoPublish": true,
"FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
"FunctionConfig": {
"Comment": "SetHttpSecurityHeadersc8fc067b45a5c199a519a90c3b5f02d380f1625f1d",
"Runtime": "cloudfront-js-1.0"
}
},
"Name": "SetHttpSecurityHeadersc8fc067b45a5c199a519a90c3b5f02d380f1625f1d",
"AutoPublish": true
}
},
"cfapigwCloudfrontLoggingBucket79FE4195": {
Expand All @@ -611,6 +611,13 @@
}
]
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter"
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
Expand Down Expand Up @@ -884,7 +891,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "15684a15d07860e99d2a8079150ad33dd2cb743677fcd7016dd07345e1b69538.zip"
"S3Key": "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9.zip"
},
"Timeout": 900,
"MemorySize": 128,
Expand Down
15 changes: 11 additions & 4 deletions ...@aws-solutions-constructs/aws-cloudfront-apigateway/test/integ.no-arguments.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -589,13 +589,13 @@
"testcloudfrontapigatewaySetHttpSecurityHeadersD8DBA642": {
"Type": "AWS::CloudFront::Function",
"Properties": {
"Name": "SetHttpSecurityHeadersc86815c5ef0b0f2cdd73c6957ce5bbd25e8f895b9b",
"AutoPublish": true,
"FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
"FunctionConfig": {
"Comment": "SetHttpSecurityHeadersc86815c5ef0b0f2cdd73c6957ce5bbd25e8f895b9b",
"Runtime": "cloudfront-js-1.0"
}
},
"Name": "SetHttpSecurityHeadersc86815c5ef0b0f2cdd73c6957ce5bbd25e8f895b9b",
"AutoPublish": true
}
},
"testcloudfrontapigatewayCloudfrontLoggingBucket9811F6E8": {
Expand All @@ -611,6 +611,13 @@
}
]
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter"
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
Expand Down Expand Up @@ -884,7 +891,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "15684a15d07860e99d2a8079150ad33dd2cb743677fcd7016dd07345e1b69538.zip"
"S3Key": "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9.zip"
},
"Timeout": 900,
"MemorySize": 128,
Expand Down
2 changes: 1 addition & 1 deletion ...ws-solutions-constructs/aws-cloudfront-apigateway/test/test.cloudfront-apigateway.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ test('Cloudfront logging bucket with destroy removal policy and auto delete obje

const template = Template.fromStack(stack);
template.hasResourceProperties("AWS::S3::Bucket", {
AccessControl: "LogDeliveryWrite"
OwnershipControls: { Rules: [ { ObjectOwnership: "ObjectWriter" } ] },
});

template.hasResourceProperties("Custom::S3AutoDeleteObjects", {
Expand Down
2 changes: 1 addition & 1 deletion ...ns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/cloudfront-mediastore.test.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -665,7 +665,7 @@ test('Cloudfront logging bucket with destroy removal policy and auto delete obje

const template = Template.fromStack(stack);
template.hasResourceProperties("AWS::S3::Bucket", {
AccessControl: "LogDeliveryWrite"
OwnershipControls: { Rules: [ { ObjectOwnership: "ObjectWriter" } ] },
});

template.hasResourceProperties("Custom::S3AutoDeleteObjects", {
Expand Down
15 changes: 11 additions & 4 deletions ...nstructs/aws-cloudfront-mediastore/test/integ.customCloudFrontLoggingBucket.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,13 @@
}
]
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter"
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
Expand Down Expand Up @@ -269,13 +276,13 @@
"cloudfrontmediastoreSetHttpSecurityHeadersC55C3265": {
"Type": "AWS::CloudFront::Function",
"Properties": {
"Name": "SetHttpSecurityHeadersc80b17555ef95835e434ce55c4536b557a9baf1262",
"AutoPublish": true,
"FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
"FunctionConfig": {
"Comment": "SetHttpSecurityHeadersc80b17555ef95835e434ce55c4536b557a9baf1262",
"Runtime": "cloudfront-js-1.0"
}
},
"Name": "SetHttpSecurityHeadersc80b17555ef95835e434ce55c4536b557a9baf1262",
"AutoPublish": true
}
},
"cloudfrontmediastoreCloudFrontDistribution639346BB": {
Expand Down Expand Up @@ -410,7 +417,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "15684a15d07860e99d2a8079150ad33dd2cb743677fcd7016dd07345e1b69538.zip"
"S3Key": "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9.zip"
},
"Timeout": 900,
"MemorySize": 128,
Expand Down
15 changes: 11 additions & 4 deletions ...erns/@aws-solutions-constructs/aws-cloudfront-mediastore/test/integ.default.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,13 @@
}
]
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter"
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
Expand Down Expand Up @@ -269,13 +276,13 @@
"testcloudfrontmediastoreSetHttpSecurityHeaders9995A63D": {
"Type": "AWS::CloudFront::Function",
"Properties": {
"Name": "SetHttpSecurityHeadersc85e0befbf4ed85d473981453c3bd34f0a97efbe49",
"AutoPublish": true,
"FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
"FunctionConfig": {
"Comment": "SetHttpSecurityHeadersc85e0befbf4ed85d473981453c3bd34f0a97efbe49",
"Runtime": "cloudfront-js-1.0"
}
},
"Name": "SetHttpSecurityHeadersc85e0befbf4ed85d473981453c3bd34f0a97efbe49",
"AutoPublish": true
}
},
"testcloudfrontmediastoreCloudFrontDistributionED9265B1": {
Expand Down Expand Up @@ -410,7 +417,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "15684a15d07860e99d2a8079150ad33dd2cb743677fcd7016dd07345e1b69538.zip"
"S3Key": "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9.zip"
},
"Timeout": 900,
"MemorySize": 128,
Expand Down
15 changes: 11 additions & 4 deletions ...solutions-constructs/aws-cloudfront-mediastore/test/integ.existingContainer.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,13 @@
}
]
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter"
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
Expand Down Expand Up @@ -194,13 +201,13 @@
"testcloudfrontmediastoreSetHttpSecurityHeaders9995A63D": {
"Type": "AWS::CloudFront::Function",
"Properties": {
"Name": "SetHttpSecurityHeadersc8671d40ce388b672e8795a9218fe7e3f368379f42",
"AutoPublish": true,
"FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
"FunctionConfig": {
"Comment": "SetHttpSecurityHeadersc8671d40ce388b672e8795a9218fe7e3f368379f42",
"Runtime": "cloudfront-js-1.0"
}
},
"Name": "SetHttpSecurityHeadersc8671d40ce388b672e8795a9218fe7e3f368379f42",
"AutoPublish": true
}
},
"testcloudfrontmediastoreCloudFrontDistributionED9265B1": {
Expand Down Expand Up @@ -327,7 +334,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "15684a15d07860e99d2a8079150ad33dd2cb743677fcd7016dd07345e1b69538.zip"
"S3Key": "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9.zip"
},
"Timeout": 900,
"MemorySize": 128,
Expand Down
15 changes: 11 additions & 4 deletions ...olutions-constructs/aws-cloudfront-mediastore/test/integ.overrideProperties.expected.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,13 @@
}
]
},
"OwnershipControls": {
"Rules": [
{
"ObjectOwnership": "ObjectWriter"
}
]
},
"PublicAccessBlockConfiguration": {
"BlockPublicAcls": true,
"BlockPublicPolicy": true,
Expand Down Expand Up @@ -233,13 +240,13 @@
"testcloudfrontmediastoreSetHttpSecurityHeaders9995A63D": {
"Type": "AWS::CloudFront::Function",
"Properties": {
"Name": "SetHttpSecurityHeadersc8f338626119f90653fe964a54eb18cb4a8d6406ce",
"AutoPublish": true,
"FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
"FunctionConfig": {
"Comment": "SetHttpSecurityHeadersc8f338626119f90653fe964a54eb18cb4a8d6406ce",
"Runtime": "cloudfront-js-1.0"
}
},
"Name": "SetHttpSecurityHeadersc8f338626119f90653fe964a54eb18cb4a8d6406ce",
"AutoPublish": true
}
},
"testcloudfrontmediastoreCloudFrontDistributionED9265B1": {
Expand Down Expand Up @@ -369,7 +376,7 @@
"S3Bucket": {
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
},
"S3Key": "15684a15d07860e99d2a8079150ad33dd2cb743677fcd7016dd07345e1b69538.zip"
"S3Key": "40aa87cdf43c4095cec18bc443965f22ab2f8c1ace47e482a0ba4e35d83b0cc9.zip"
},
"Timeout": 900,
"MemorySize": 128,
Expand Down
Loading

0 comments on commit b5389e3

Please sign in to comment.