Skip to content

Commit

Permalink
revert: "chore(cloudfront): encryption and enforceSSL on distribution…
Browse files Browse the repository at this point in the history
… s3 loggingBucket (#18264)" (#18772)

#18271 resulted in the definition of a new bucket policy, which broke existing users that already had an implicit bucket policy created by AWS (see [docs](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AWS-logs-and-resource-policy.html#AWS-logs-infrastructure-S3)).

Reverts commit ad7374a in the meantime until we figure out the longer term solution.

Fixes #18676

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
Elad Ben-Israel authored Feb 1, 2022
1 parent 17dbe5f commit 121e4a1
Show file tree
Hide file tree
Showing 4 changed files with 2 additions and 124 deletions.
5 changes: 1 addition & 4 deletions packages/@aws-cdk/aws-cloudfront/lib/distribution.ts
Original file line number Diff line number Diff line change
Expand Up @@ -430,10 +430,7 @@ export class Distribution extends Resource implements IDistribution {
throw new Error('Explicitly disabled logging but provided a logging bucket.');
}

const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket', {
encryption: s3.BucketEncryption.S3_MANAGED,
enforceSSL: true,
});
const bucket = props.logBucket ?? new s3.Bucket(this, 'LoggingBucket');
return {
bucket: bucket.bucketRegionalDomainName,
includeCookies: props.logIncludesCookies,
Expand Down
5 changes: 1 addition & 4 deletions packages/@aws-cdk/aws-cloudfront/lib/web-distribution.ts
Original file line number Diff line number Diff line change
Expand Up @@ -954,10 +954,7 @@ export class CloudFrontWebDistribution extends cdk.Resource implements IDistribu
}

if (props.loggingConfig) {
this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket', {
encryption: s3.BucketEncryption.S3_MANAGED,
enforceSSL: true,
});
this.loggingBucket = props.loggingConfig.bucket || new s3.Bucket(this, 'LoggingBucket');
distributionConfig = {
...distributionConfig,
logging: {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -75,67 +75,9 @@
},
"AnAmazingWebsiteProbably2LoggingBucket222F7CE9": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
}
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain"
},
"AnAmazingWebsiteProbably2LoggingBucketPolicyE298B456": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "AnAmazingWebsiteProbably2LoggingBucket222F7CE9"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"AnAmazingWebsiteProbably2LoggingBucket222F7CE9",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"AnAmazingWebsiteProbably2LoggingBucket222F7CE9",
"Arn"
]
},
"/*"
]
]
}
]
}
],
"Version": "2012-10-17"
}
}
},
"AnAmazingWebsiteProbably2CFDistribution7C1CCD12": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,67 +2,9 @@
"Resources": {
"MyDistLoggingBucket9B8976BC": {
"Type": "AWS::S3::Bucket",
"Properties": {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
}
},
"UpdateReplacePolicy": "Retain",
"DeletionPolicy": "Retain"
},
"MyDistLoggingBucketPolicy847D8D11": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "MyDistLoggingBucket9B8976BC"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:*",
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
},
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Resource": [
{
"Fn::GetAtt": [
"MyDistLoggingBucket9B8976BC",
"Arn"
]
},
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"MyDistLoggingBucket9B8976BC",
"Arn"
]
},
"/*"
]
]
}
]
}
],
"Version": "2012-10-17"
}
}
},
"MyDistDB88FD9A": {
"Type": "AWS::CloudFront::Distribution",
"Properties": {
Expand Down

0 comments on commit 121e4a1

Please sign in to comment.