feat(aws-iot-s3): new construct implementation #469
Conversation
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| |:-------------|:----------------|-----------------| | ||
| |existingBucketObj?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Existing instance of S3 Bucket object. Providing this property and `bucketProps` results in an error.| | ||
| |bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Bucket. Providing this and `existingBucketObj` reults in an error.| | ||
| |loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.| |
There was a problem hiding this comment.
We'll take care of this after merge, but just FYI we've added another prop - a boolean flag allowing clients to turn off Access Logging (defaults to true)
| |bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Bucket. Providing this and `existingBucketObj` reults in an error.| | ||
| |loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.| | ||
| |iotTopicRuleProps?|[`iot.CfnTopicRuleProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iot.CfnTopicRuleProps.html)|User provided CfnTopicRuleProps to override the defaults.| | ||
| |s3Key|`string`|User provided s3Key to override the default (`${topic()}/${timestamp()}`) object key. Used to store messages matched by the IoT Rule.| |
There was a problem hiding this comment.
Help me out with this - it's not listed in the interface for IoT nor S3. Is it a concept unique to the combination of these two services?
There was a problem hiding this comment.
It is a unique prop for this construct. This is one of the required properties for s3ActionProperty. Details can be found here
| }); | ||
|
|
||
| // Setup the IAM policy for IoT Actions | ||
| const iotActionsPolicy = new iam.Policy(this, 'IotActionsPolicy', { |
There was a problem hiding this comment.
Can't this be handled with a bucket.grantWrite() call, similar to aws-iot-sqs?
| const app = new App(); | ||
| const stack = new Stack(app, generateIntegStackName(__filename)); | ||
|
|
||
| const props: IotToS3Props = { |
There was a problem hiding this comment.
Let's send bucket props and loggingBucketProps with deleteAllObjects: true and REMOVAL-POLICY.destroy so that the test cleans itself up completely. Many of our recent changes is to ensure that clients can set up their constructs to be completely destroyed and we will be changing existing integration tests to do so.
There was a problem hiding this comment.
ok, I will change the test cases and update the PR
| actions: [] | ||
| } | ||
| }, | ||
| bucketProps: { |
There was a problem hiding this comment.
integ.iot-s3-defaultprops.ts is also a new bucket, what makes this unique is sending bucket props. If you make the removal and delete all objects changes then these tests are essentially the same.
There was a problem hiding this comment.
Bucket encryption is different, I was making sure the construct can write to a bucket with different encryption types supported by S3
| actions: [] | ||
| } | ||
| }, | ||
| existingBucketObj, |
There was a problem hiding this comment.
Again, name seems off. This is not override props, this is existing bucket.
There was a problem hiding this comment.
I will align the names with existing constructs
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
| @@ -112,7 +110,7 @@ export class IotToS3 extends Construct { | |||
| this.iotTopicRule = new iot.CfnTopicRule(this, 'IotTopicRule', iotTopicProps); | |||
|
|
|||
| // If bucket has a KMS CMK, explicitly provide IoTActionsRole necessary access to write to the bucket | |||
| if (this.s3Bucket && this.s3Bucket.encryptionKey) { | |||
| if (this.s3Bucket && this.s3Bucket.encryptionKey && props.existingBucketObj) { | |||
There was a problem hiding this comment.
I don't get this - doesn't the role need access to the KMS key for the bucket regardless of whether the bucket is new or was supplied by the client?
| @@ -64,6 +64,7 @@ _Parameters_ | |||
| |loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.| | |||
| |iotTopicRuleProps?|[`iot.CfnTopicRuleProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iot.CfnTopicRuleProps.html)|User provided CfnTopicRuleProps to override the defaults.| | |||
| |s3Key|`string`|User provided s3Key to override the default (`${topic()}/${timestamp()}`) object key. Used to store messages matched by the IoT Rule.| | |||
| |logS3AccessLogs?|`boolean`|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true| | |||
|
|
|||
| ## Pattern Properties | |||
|
|
|||
There was a problem hiding this comment.
Properties needs to expose s3BucketInterface: s3:IBucket as well. You accept IBucket as an input - if the client sends an IBucket, how do you populate this non-optional property with an s3.Bucket? The old constructs aren't consistent on this, but where we want to be is a construct accepts an IBucket or Bucket as a prop (but not both).
If a construct accepts IBucket, then it exposes Bucket and IBucket at properties. If it receives an IBucket then it populates just s3BucketInterface. If it creates a new bucket, then it populates BOTH s3BucketInterface and s3Bucket.
If a construct accepts Bucket, then we expose just s3Bucket and always populate it.
| @@ -64,6 +64,7 @@ _Parameters_ | |||
| |loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.| | |||
There was a problem hiding this comment.
If the construct accepts IBucket instead of bucket, then the name of the attribute needs to be existingBucketInterface (and only the s3BucketInterface property is populated)
| @@ -27,8 +27,12 @@ const props: IotToS3Props = { | |||
| sql: "SELECT * FROM 'solutions/constructs'", | |||
| actions: [] | |||
| } | |||
| }, | |||
| logS3AccessLogs: false, | |||
There was a problem hiding this comment.
Just getting started on the review - at least one integ test has this turned on, right?
There was a problem hiding this comment.
yes, we have a test case where this is turned on with access bucket destroyed during stack teardown
| @@ -21,7 +21,8 @@ import { BucketEncryption } from "@aws-cdk/aws-s3"; | |||
| const app = new App(); | |||
| const stack = new Stack(app, generateIntegStackName(__filename)); | |||
| const existingKey = new kms.Key(stack, `existingKey`, { | |||
| enableKeyRotation: true | |||
| enableKeyRotation: true, | |||
| removalPolicy: RemovalPolicy.DESTROY | |||
| }); | |||
|
|
|||
| const props: IotToS3Props = { | |||
There was a problem hiding this comment.
This should have s3AccessLogs on, which is good - but we need to provide props for the logging bucket so that it gets cleaned up.
There was a problem hiding this comment.
updated to clean up the access logs bucket
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
|
||
| | **Name** | **Type** | **Description** | | ||
| |:-------------|:----------------|-----------------| | ||
| |s3Bucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.Bucket.html)|Returns an instance of the S3 bucket created by the pattern.| |
There was a problem hiding this comment.
Change to:
Returns an instance of the S3 bucket created by the pattern. If an existingBucketInterface is provided in IotToS3Props, then this value will be undefined.
| | **Name** | **Type** | **Description** | | ||
| |:-------------|:----------------|-----------------| | ||
| |s3Bucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.Bucket.html)|Returns an instance of the S3 bucket created by the pattern.| | ||
| |s3BucketInterface?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Returns S3 Bucket interface created by the pattern.| |
There was a problem hiding this comment.
Change to:
Returns S3 Bucket interface created or used by the pattern. If an existingBucketInterface is provided in IotToS3Props, then only this value will be set and s3Bucket will be undefined. If the construct creates the bucket, then both properties will be set.
| loggingBucketProps: props.loggingBucketProps, | ||
| logS3AccessLogs: props.logS3AccessLogs | ||
| }); | ||
| this.s3BucketInterface = s3.Bucket.fromBucketArn(this, `S3BucketInterface`, this.s3Bucket.bucketArn); |
There was a problem hiding this comment.
This line can just be:
this.s3BucketInterface = this.s3Bucket
source/patterns/@aws-solutions-constructs/aws-iot-s3/test/iot-s3.test.ts
Outdated
Show resolved
Hide resolved
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Issue #, if available:
Description of changes:
New aws-iot-s3 solutions construct implementation
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.