Skip to content

Commit

Permalink
feat(aws-s3): add the option to not poll to the CodePipeline Action. (#…
Browse files Browse the repository at this point in the history
  • Loading branch information
skinny85 authored Jan 25, 2019
1 parent 77fe077 commit 876b26d
Show file tree
Hide file tree
Showing 15 changed files with 431 additions and 34 deletions.
24 changes: 14 additions & 10 deletions packages/@aws-cdk/aws-cloudtrail/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,25 +31,29 @@ For example, to log to CloudWatch Logs
import cloudtrail = require('@aws-cdk/aws-cloudtrail');

const trail = new cloudtrail.CloudTrail(stack, 'CloudTrail', {
sendToCloudWatchLogs: true
sendToCloudWatchLogs: true
});
```

This creates the same setup as above - but also logs events to a created CloudWatch Log stream. By default, the created log group has a retention period of 365 Days, but this is also configurable.
This creates the same setup as above - but also logs events to a created CloudWatch Log stream.
By default, the created log group has a retention period of 365 Days, but this is also configurable.


For using CloudTrail event selector to log specific S3 events, you can use the `CloudTrailProps` configuration object

For example - this logs all ReadWriteEvents for the `magic-bucket` bucket:
For using CloudTrail event selector to log specific S3 events,
you can use the `CloudTrailProps` configuration object.
Example:

```ts
import cloudtrail = require('@aws-cdk/aws-cloudtrail');

const trail = new cloudtrail.CloudTrail(stack, 'MyAmazingCloudTrail')
const trail = new cloudtrail.CloudTrail(stack, 'MyAmazingCloudTrail');

trail.addS3Filter("arn:aws:s3:::magic-bucket/"); // Adds an event selector to the bucket magic-bucket. By default, this includes management events and all operations (Read + Write)
// Adds an event selector to the bucket magic-bucket.
// By default, this includes management events and all operations (Read + Write)
trail.addS3EventSelector(["arn:aws:s3:::magic-bucket/"]);

const configuration = { includeManagementEvents = false, readWriteType = ReadWriteType.All };
trail.addS3Filter(["arn:aws:s3:::foo"], configuration ); // Adds an event selector to the bucket foo, with a specific configuration
// Adds an event selector to the bucket foo, with a specific configuration
trail.addS3EventSelector(["arn:aws:s3:::foo"], {
includeManagementEvents: false,
readWriteType: ReadWriteType.All,
});
```
3 changes: 2 additions & 1 deletion packages/@aws-cdk/aws-codepipeline/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@
"devDependencies": {
"@aws-cdk/assert": "^0.22.0",
"@aws-cdk/aws-cloudformation": "^0.22.0",
"@aws-cdk/aws-cloudtrail": "^0.22.0",
"@aws-cdk/aws-codebuild": "^0.22.0",
"@aws-cdk/aws-codecommit": "^0.22.0",
"@aws-cdk/aws-codedeploy": "^0.22.0",
Expand Down Expand Up @@ -98,4 +99,4 @@
"construct-ctor:@aws-cdk/aws-codepipeline.CrossRegionScaffoldStack.<initializer>.params[1]"
]
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@
"Ref": "PipelineBucketB967BD35"
},
"S3ObjectKey": "key",
"PollForSourceChanges": true
"PollForSourceChanges": false
},
"InputArtifacts": [],
"Name": "Source",
Expand Down Expand Up @@ -188,6 +188,66 @@
"PipelineRoleDefaultPolicyC7A05455"
]
},
"PipelineEventsRole46BEEA7C": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
}
}
],
"Version": "2012-10-17"
}
}
},
"PipelineEventsRoleDefaultPolicyFF4FCCE0": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "codepipeline:StartPipelineExecution",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":codepipeline:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":",
{
"Ref": "PipelineC660917D"
}
]
]
}
}
],
"Version": "2012-10-17"
},
"PolicyName": "PipelineEventsRoleDefaultPolicyFF4FCCE0",
"Roles": [
{
"Ref": "PipelineEventsRole46BEEA7C"
}
]
}
},
"PipelineBucketB967BD35": {
"Type": "AWS::S3::Bucket",
"Properties": {
Expand All @@ -196,6 +256,182 @@
}
}
},
"PipelineBucketawscdkcodepipelinelambdaPipeline87A4B3D3SourceEventRuleCE4D4505": {
"Type": "AWS::Events::Rule",
"Properties": {
"EventPattern": {
"source": [
"aws.s3"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"s3.amazonaws.com"
],
"eventName": [
"PutObject"
],
"resources": {
"ARN": [
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"PipelineBucketB967BD35",
"Arn"
]
},
"/key"
]
]
}
]
}
}
},
"State": "ENABLED",
"Targets": [
{
"Arn": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":codepipeline:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":",
{
"Ref": "PipelineC660917D"
}
]
]
},
"Id": "Pipeline",
"RoleArn": {
"Fn::GetAtt": [
"PipelineEventsRole46BEEA7C",
"Arn"
]
}
}
]
}
},
"CloudTrailS310CD22F2": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Retain"
},
"CloudTrailS3PolicyEA49A03E": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "CloudTrailS310CD22F2"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:GetBucketAcl",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Resource": {
"Fn::GetAtt": [
"CloudTrailS310CD22F2",
"Arn"
]
}
},
{
"Action": "s3:PutObject",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
},
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"CloudTrailS310CD22F2",
"Arn"
]
},
"/AWSLogs/",
{
"Ref": "AWS::AccountId"
},
"/*"
]
]
}
}
],
"Version": "2012-10-17"
}
}
},
"CloudTrailA62D711D": {
"Type": "AWS::CloudTrail::Trail",
"Properties": {
"IsLogging": true,
"S3BucketName": {
"Ref": "CloudTrailS310CD22F2"
},
"EnableLogFileValidation": true,
"EventSelectors": [
{
"DataResources": [
{
"Type": "AWS::S3::Object",
"Values": [
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"PipelineBucketB967BD35",
"Arn"
]
},
"/key"
]
]
}
]
}
],
"IncludeManagementEvents": false,
"ReadWriteType": "WriteOnly"
}
],
"IncludeGlobalServiceEvents": true,
"IsMultiRegionTrail": true
},
"DependsOn": [
"CloudTrailS3PolicyEA49A03E"
]
},
"LambdaFunServiceRoleF0979767": {
"Type": "AWS::IAM::Role",
"Properties": {
Expand Down Expand Up @@ -272,4 +508,4 @@
]
}
}
}
}
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import cloudtrail = require('@aws-cdk/aws-cloudtrail');
import lambda = require('@aws-cdk/aws-lambda');
import s3 = require('@aws-cdk/aws-s3');
import cdk = require('@aws-cdk/cdk');
Expand All @@ -14,11 +15,15 @@ const bucket = new s3.Bucket(stack, 'PipelineBucket', {
versioned: true,
removalPolicy: cdk.RemovalPolicy.Destroy,
});
const key = 'key';
const trail = new cloudtrail.CloudTrail(stack, 'CloudTrail');
trail.addS3EventSelector([bucket.arnForObjects(key)], cloudtrail.ReadWriteType.WriteOnly);
new s3.PipelineSourceAction(stack, 'Source', {
stage: sourceStage,
outputArtifactName: 'SourceArtifact',
bucket,
bucketKey: 'key',
bucketKey: key,
pollForSourceChanges: false,
});

const lambdaFun = new lambda.Function(stack, 'LambdaFun', {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -161,8 +161,7 @@
"S3Bucket": {
"Ref": "MyBucketF68F3FF0"
},
"S3ObjectKey": "some/path",
"PollForSourceChanges": true
"S3ObjectKey": "some/path"
},
"InputArtifacts": [],
"Name": "S3",
Expand Down Expand Up @@ -245,4 +244,4 @@
}
}
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -173,8 +173,7 @@
"S3Bucket": {
"Ref": "PipelineBucketB967BD35"
},
"S3ObjectKey": "key",
"PollForSourceChanges": true
"S3ObjectKey": "key"
},
"InputArtifacts": [],
"Name": "Source",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -275,8 +275,7 @@
"S3Bucket": {
"Ref": "MyBucketF68F3FF0"
},
"S3ObjectKey": "some/path",
"PollForSourceChanges": true
"S3ObjectKey": "some/path"
},
"InputArtifacts": [],
"Name": "Source2",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -284,8 +284,7 @@
"S3Bucket": {
"Ref": "CodeDeployPipelineIntegTest9F618D61"
},
"S3ObjectKey": "application.zip",
"PollForSourceChanges": true
"S3ObjectKey": "application.zip"
},
"InputArtifacts": [],
"Name": "S3Source",
Expand Down Expand Up @@ -336,4 +335,4 @@
]
}
}
}
}
Loading

0 comments on commit 876b26d

Please sign in to comment.