-
Notifications
You must be signed in to change notification settings - Fork 4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(s3): move notification destinations into their own module (#2659)
In accordance with new guidelines, we're centralizing cross-service integrations into their own package. In this case, centralizing S3 Notification Destinations into `@aws-cdk/aws-s3-notifications`. Fixes #2445. BREAKING CHANGE: using a Topic, Queue or Lambda as bucket notification destination now requires an integration object from the `@aws-cdk/aws-s3-notifications` package.
- Loading branch information
Showing
44 changed files
with
6,224 additions
and
893 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,4 @@ | ||
## S3 Bucket Notifications API | ||
## S3 Bucket Notifications Destinations | ||
|
||
This module includes the API that constructs should implement in order to be | ||
able to be used as destinations for bucket notifications. | ||
|
||
To implement the `IBucketNotificationDestination`, a construct should implement | ||
a method `asBucketNotificationDestination(bucketArn, bucketId)` which registers | ||
this resource as a destination for bucket notifications _for the specified | ||
bucket_ and returns the ARN of the destination and it's type. | ||
This module includes integration classes for using Topics, Queues or Lambdas | ||
as S3 Notification Destinations. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,3 @@ | ||
export * from './destination'; | ||
export * from './sqs'; | ||
export * from './sns'; | ||
export * from './lambda'; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
import iam = require('@aws-cdk/aws-iam'); | ||
import lambda = require('@aws-cdk/aws-lambda'); | ||
import s3 = require('@aws-cdk/aws-s3'); | ||
import { CfnResource, Construct } from '@aws-cdk/cdk'; | ||
|
||
/** | ||
* Use a Lambda function as a bucket notification destination | ||
*/ | ||
export class LambdaDestination implements s3.IBucketNotificationDestination { | ||
constructor(private readonly fn: lambda.IFunction) { | ||
} | ||
|
||
public bind(_scope: Construct, bucket: s3.IBucket): s3.BucketNotificationDestinationProps { | ||
const permissionId = `AllowBucketNotificationsFrom${bucket.node.uniqueId}`; | ||
|
||
if (this.fn.node.tryFindChild(permissionId) === undefined) { | ||
this.fn.addPermission(permissionId, { | ||
sourceAccount: bucket.node.stack.accountId, | ||
principal: new iam.ServicePrincipal('s3.amazonaws.com'), | ||
sourceArn: bucket.bucketArn | ||
}); | ||
} | ||
|
||
// if we have a permission resource for this relationship, add it as a dependency | ||
// to the bucket notifications resource, so it will be created first. | ||
const permission = this.fn.node.findChild(permissionId) as CfnResource; | ||
|
||
return { | ||
type: s3.BucketNotificationDestinationType.Lambda, | ||
arn: this.fn.functionArn, | ||
dependencies: permission ? [ permission ] : undefined | ||
}; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
import iam = require('@aws-cdk/aws-iam'); | ||
import s3 = require('@aws-cdk/aws-s3'); | ||
import sns = require('@aws-cdk/aws-sns'); | ||
import { Construct } from '@aws-cdk/cdk'; | ||
|
||
/** | ||
* Use an SNS topic as a bucket notification destination | ||
*/ | ||
export class SnsDestination implements s3.IBucketNotificationDestination { | ||
constructor(private readonly topic: sns.ITopic) { | ||
} | ||
|
||
public bind(_scope: Construct, bucket: s3.IBucket): s3.BucketNotificationDestinationProps { | ||
this.topic.addToResourcePolicy(new iam.PolicyStatement() | ||
.addServicePrincipal('s3.amazonaws.com') | ||
.addAction('sns:Publish') | ||
.addResource(this.topic.topicArn) | ||
.addCondition('ArnLike', { "aws:SourceArn": bucket.bucketArn })); | ||
|
||
return { | ||
arn: this.topic.topicArn, | ||
type: s3.BucketNotificationDestinationType.Topic, | ||
dependencies: [ this.topic ] // make sure the topic policy resource is created before the notification config | ||
}; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
import iam = require('@aws-cdk/aws-iam'); | ||
import s3 = require('@aws-cdk/aws-s3'); | ||
import sqs = require('@aws-cdk/aws-sqs'); | ||
import { Construct } from '@aws-cdk/cdk'; | ||
|
||
/** | ||
* Use an SQS queue as a bucket notification destination | ||
*/ | ||
export class SqsDestination implements s3.IBucketNotificationDestination { | ||
constructor(private readonly queue: sqs.IQueue) { | ||
} | ||
|
||
/** | ||
* Allows using SQS queues as destinations for bucket notifications. | ||
* Use `bucket.onEvent(event, queue)` to subscribe. | ||
*/ | ||
public bind(_scope: Construct, bucket: s3.IBucket): s3.BucketNotificationDestinationProps { | ||
this.queue.grantSendMessages(new iam.ServicePrincipal('s3.amazonaws.com', { | ||
conditions: { | ||
ArnLike: { 'aws:SourceArn': bucket.bucketArn } | ||
} | ||
})); | ||
|
||
// if this queue is encrypted, we need to allow S3 to read messages since that's how | ||
// it verifies that the notification destination configuration is valid. | ||
if (this.queue.encryptionMasterKey) { | ||
this.queue.encryptionMasterKey.addToResourcePolicy(new iam.PolicyStatement() | ||
.addServicePrincipal('s3.amazonaws.com') | ||
.addAction('kms:GenerateDataKey*') | ||
.addAction('kms:Decrypt') | ||
.addAllResources(), /* allowNoOp */ false); | ||
} | ||
|
||
return { | ||
arn: this.queue.queueArn, | ||
type: s3.BucketNotificationDestinationType.Queue, | ||
dependencies: [ this.queue ] | ||
}; | ||
} | ||
|
||
} |
Oops, something went wrong.