Merge pull request #12 from org-formation/feat/s3-public-access-block

Implemented Community::S3::PublicAccessBlock Resource #11

cloud-formation/delay/installation.md

@@ -7,5 +7,10 @@ aws cloudformation register-type \
   --type RESOURCE \
   --schema-handler-package s3://community-resource-provider-catalog/community-cloudformation-delay-0.1.0.zip
 
-aws cloudformation set-type-default-version
+aws cloudformation describe-type-registration --registration-token <registration-token> 
+
+aws cloudformation set-type-default-version \
+  --version-id <version-id> \
+  --type-name Community::CloudFormation::Delay \
+  --type RESOURCE
 ```

cloud-formation/delay/package.json

@@ -10,7 +10,7 @@
     "build": "npx tsc",
     "prepack": "npm run build",
     "submit": "cfn generate && npm run build && cfn submit -vv --region us-east-1 --set-default",
-    "package": "cfn submit --dry-run -vv && cp ${npm_package_name}.zip ${npm_package_name}-${npm_package_version}.zip",
+    "package": "cfn generate && npm run build && cfn submit --dry-run -vv && cp ${npm_package_name}.zip ${npm_package_name}-${npm_package_version}.zip",
     "publish": "npm run package && aws s3 cp ${npm_package_name}-${npm_package_version}.zip s3://community-resource-provider-catalog/${npm_package_name}-${npm_package_version}.zip",
     "test": "echo \"Error: no test specified\" && exit 1"
   },

cloud-formation/delay/src/models.ts

@@ -1,6 +1,6 @@
 // This is a generated file. Modifications will be overwritten.
-import { BaseModel, Dict, Optional, transformValue } from 'cfn-rpdk';
-import { Exclude, Expose, Transform } from 'class-transformer';
+import { BaseModel, Dict, integer, Integer, Optional, transformValue } from 'cfn-rpdk';
+import { Exclude, Expose, Type, Transform } from 'class-transformer';
 
 export class ResourceModel extends BaseModel {
     ['constructor']: typeof ResourceModel;

ec2/ebs-encryption-defaults/installation.md

@@ -7,5 +7,10 @@ aws cloudformation register-type \
   --type RESOURCE \
   --schema-handler-package s3://community-resource-provider-catalog/community-ec2-ebsencryptiondefaults-0.1.0.zip
 
-aws cloudformation set-type-default-version
+aws cloudformation describe-type-registration --registration-token <registration-token> 
+
+aws cloudformation set-type-default-version \
+  --version-id <version-id> \
+  --type-name Community::Organizations::EbsEncryptionDefaults \
+  --type RESOURCE
 ```

ec2/ebs-encryption-defaults/package.json

@@ -10,7 +10,7 @@
         "build": "npx tsc",
         "prepack": "npm run build",
         "submit": "cfn generate && npm run build && cfn submit -vv --region us-east-1 --set-default",
-        "package": "cfn submit --dry-run -vv && cp ${npm_package_name}.zip ${npm_package_name}-${npm_package_version}.zip",
+        "package": "cfn generate && npm run build && cfn submit --dry-run -vv && cp ${npm_package_name}.zip ${npm_package_name}-${npm_package_version}.zip",
         "publish": "npm run package && aws s3 cp ${npm_package_name}-${npm_package_version}.zip s3://community-resource-provider-catalog/${npm_package_name}-${npm_package_version}.zip",
         "test": "echo \"Error: no test specified\" && exit 1"
     },

iam/password-policy/installation.md

@@ -7,5 +7,11 @@ aws cloudformation register-type \
   --type RESOURCE \
   --schema-handler-package s3://community-resource-provider-catalog/community-iam-passwordpolicy-0.2.0.zip
 
-aws cloudformation set-type-default-version
+aws cloudformation describe-type-registration --registration-token <registration-token> 
+
+aws cloudformation set-type-default-version \
+  --version-id <version-id> \
+  --type-name Community::IAM::PasswordPolicy \
+  --type RESOURCE
+
 ```

iam/password-policy/package.json

@@ -10,7 +10,7 @@
     "build": "npx tsc",
     "prepack": "npm run build",
     "submit": "cfn generate && npm run build && cfn submit -vv --region us-east-1 --set-default",
-    "package": "cfn submit --dry-run -vv && cp ${npm_package_name}.zip ${npm_package_name}-${npm_package_version}.zip",
+    "package": "cfn generate && npm run build && cfn submit --dry-run -vv && cp ${npm_package_name}.zip ${npm_package_name}-${npm_package_version}.zip",
     "publish": "npm run package && aws s3 cp ${npm_package_name}-${npm_package_version}.zip s3://community-resource-provider-catalog/${npm_package_name}-${npm_package_version}.zip",
     "test": "echo \"Error: no test specified\" && exit 1"
   },

iam/saml-provider/installation.md

@@ -7,5 +7,10 @@ aws cloudformation register-type \
   --type RESOURCE \
   --schema-handler-package s3://community-resource-provider-catalog/community-iam-samlprovider-0.1.0.zip
 
-aws cloudformation set-type-default-version
+aws cloudformation describe-type-registration --registration-token <registration-token> 
+
+aws cloudformation set-type-default-version \
+  --version-id <version-id> \
+  --type-name Community::IAM::SamlProvider \
+  --type RESOURCE
 ```

iam/saml-provider/package.json

@@ -10,7 +10,7 @@
         "build": "npx tsc",
         "prepack": "npm run build",
         "submit": "cfn generate && npm run build && cfn submit -vv --region us-east-1 --set-default",
-        "package": "cfn submit --dry-run -vv && cp ${npm_package_name}.zip ${npm_package_name}-${npm_package_version}.zip",
+        "package": "cfn generate && npm run build && cfn submit --dry-run -vv && cp ${npm_package_name}.zip ${npm_package_name}-${npm_package_version}.zip",
         "publish": "npm run package && aws s3 cp ${npm_package_name}-${npm_package_version}.zip s3://community-resource-provider-catalog/${npm_package_name}-${npm_package_version}.zip",
         "test": "echo \"Error: no test specified\" && exit 1"
     },

readme.md

@@ -11,5 +11,5 @@ A community driven repository where you can find AWS Resource Type Providers for
 | Community::ServiceQuotas::CloudFormation | Custom Service Quota limits for CloudFormation resources. e.g: to increase the maximum number of stacks per account | in progress |  [installation](service-quotas/cloud-formation/installation.md) <br/> [docs](service-quotas/cloud-formation/docs/README.md)  <br/> [example](service-quotas/cloud-formation/example.yml) |
 | Community::ServiceQuotas::S3 | Custom Service Quota limits for S3 resources. e.g: to increase the maximum number of buckets per account | in progress | [installation](service-quotas/s3/installation.md) <br/> [docs](service-quotas/s3/docs/README.md) <br/> [example](service-quotas/s3/example.yml)  |
 | Community::EC2::EbsEncryptionDefaults    | Region level EBS encryption defaults: encryption enabled/disabled and KmsKeyId | in progress | [installation](ec2/ebs-encryption-defaults/installation.md) <br/> [docs](ec2/ebs-encryption-defaults/docs/README.md) <br/> [example](ec2/ebs-encryption-defaults/example.yml) |
-| Community::S3::PublicAccessBlock | Account level public access block (applies to all buckets within account) | planned | todo | todo |
+| Community::S3::PublicAccessBlock | Account level public access block (applies to all buckets within account) | in progress |  [installation](s3/public-access-block/installation.md) <br/> [docs](s3/public-access-block/docs/README.md) <br/> [example](s3/public-access-block/example.yml)  |
 | Community::CloudFormation::Delay | Resource that waits for a specified time period. | in progress | [installation](cloud-formation/delay/installation.md) <br/> [docs](cloud-formation/delay/docs/README.md) <br/> [example](cloud-formation/delay/example.yml) |

s3/public-access-block/.gitignore

@@ -0,0 +1,18 @@
+# Distribution / packaging
+build/
+dist/
+
+# Unit test / coverage reports
+.cache
+.hypothesis/
+.pytest_cache/
+
+# RPDK logs
+rpdk.log
+
+# Node.js
+node_modules/
+coverage/
+
+# contains credentials
+sam-tests/

s3/public-access-block/.npmrc

@@ -0,0 +1 @@
+optional = true

s3/public-access-block/.rpdk-config

@@ -0,0 +1,11 @@
+{
+    "typeName": "Community::S3::PublicAccessBlock",
+    "language": "typescript",
+    "runtime": "nodejs12.x",
+    "entrypoint": "dist/handlers.entrypoint",
+    "testEntrypoint": "dist/handlers.testEntrypoint",
+    "settings": {
+        "useDocker": true,
+        "protocolVersion": "2.0.0"
+    }
+}

s3/public-access-block/README.md

@@ -0,0 +1,39 @@
+// Community::S3::PublicAccessBlock
+
+Congratulations on starting development! Next steps:
+
+1. Write the JSON schema describing your resource, [community-s3-publicaccessblock.json](./community-s3-publicaccessblock.json)
+2. Implement your resource handlers in [handlers.ts](./community-s3-publicaccessblock/handlers.ts)
+
+> Don't modify [models.ts](./community-s3-publicaccessblock/models.ts) by hand, any modifications will be overwritten when the `generate` or `package` commands are run.
+
+Implement CloudFormation resource here. Each function must always return a ProgressEvent.
+
+```typescript
+const progress: ProgressEvent = ProgressEvent.builder()
+
+    // Required
+    // Must be one of OperationStatus.InProgress, OperationStatus.Failed, OperationStatus.Success
+    .status(OperationStatus.InProgress)
+    // Required on SUCCESS (except for LIST where resourceModels is required)
+    // The current resource model after the operation; instance of ResourceModel class
+    .resourceModel(model)
+    .resourceModels(null)
+    // Required on FAILED
+    // Customer-facing message, displayed in e.g. CloudFormation stack events
+    .message('')
+    // Required on FAILED a HandlerErrorCode
+    .errorCode(HandlerErrorCode.InternalFailure)
+    // Optional
+    // Use to store any state between re-invocation via IN_PROGRESS
+    .callbackContext({})
+    // Required on IN_PROGRESS
+    // The number of seconds to delay before re-invocation
+    .callbackDelaySeconds(0)
+
+    .build()
+```
+
+While importing the [cfn-rpdk](https://github.com/eduardomourar/cloudformation-cli-typescript-plugin) library, failures can be passed back to CloudFormation by either raising an exception from `exceptions`, or setting the ProgressEvent's `status` to `OperationStatus.Failed` and `errorCode` to one of `HandlerErrorCode`. There is a static helper function, `ProgressEvent.failed`, for this common case.
+
+Keep in mind, during runtime all logs will be delivered to CloudWatch except those used with `debug` method.

s3/public-access-block/community-s3-publicaccessblock.json

@@ -0,0 +1,57 @@
+{
+    "typeName": "Community::S3::PublicAccessBlock",
+    "description": "Account level public access block (applies to all buckets within account).",
+    "sourceUrl": "https://github.com/org-formation/aws-resource-providers.git",
+    "definitions": {
+    },
+    "properties": {
+        "BlockPublicAcls": {
+            "type": "boolean"
+        },
+        "BlockPublicPolicy": {
+            "type": "boolean"
+        },
+        "IgnorePublicAcls": {
+            "type": "boolean"
+        },
+        "RestrictPublicBuckets": {
+            "type": "boolean"
+        },
+        "ResourceId": {
+            "type": "string"
+        }
+    },
+    "additionalProperties": false,
+    "required": [
+        "TestCode",
+        "Title"
+    ],
+    "readOnlyProperties": [
+        "/properties/ResourceId"
+    ],
+    "primaryIdentifier": [
+        "/properties/ResourceId"
+    ],
+    "handlers": {
+        "create": {
+            "permissions": [
+                "s3:PutAccountPublicAccessBlock"
+            ]
+        },
+        "read": {
+            "permissions": [
+                "s3:GetAccountPublicAccessBlock"
+            ]
+        },
+        "update": {
+            "permissions": [
+                "s3:PutAccountPublicAccessBlock"
+            ]
+        },
+        "delete": {
+            "permissions": [
+                "s3:PutAccountPublicAccessBlock"
+            ]
+        }
+    }   
+}

s3/public-access-block/docs/README.md

@@ -0,0 +1,83 @@
+# Community::S3::PublicAccessBlock
+
+Account level public access block (applies to all buckets within account).
+
+## Syntax
+
+To declare this entity in your AWS CloudFormation template, use the following syntax:
+
+### JSON
+
+<pre>
+{
+    "Type" : "Community::S3::PublicAccessBlock",
+    "Properties" : {
+        "<a href="#blockpublicacls" title="BlockPublicAcls">BlockPublicAcls</a>" : <i>Boolean</i>,
+        "<a href="#blockpublicpolicy" title="BlockPublicPolicy">BlockPublicPolicy</a>" : <i>Boolean</i>,
+        "<a href="#ignorepublicacls" title="IgnorePublicAcls">IgnorePublicAcls</a>" : <i>Boolean</i>,
+        "<a href="#restrictpublicbuckets" title="RestrictPublicBuckets">RestrictPublicBuckets</a>" : <i>Boolean</i>,
+    }
+}
+</pre>
+
+### YAML
+
+<pre>
+Type: Community::S3::PublicAccessBlock
+Properties:
+    <a href="#blockpublicacls" title="BlockPublicAcls">BlockPublicAcls</a>: <i>Boolean</i>
+    <a href="#blockpublicpolicy" title="BlockPublicPolicy">BlockPublicPolicy</a>: <i>Boolean</i>
+    <a href="#ignorepublicacls" title="IgnorePublicAcls">IgnorePublicAcls</a>: <i>Boolean</i>
+    <a href="#restrictpublicbuckets" title="RestrictPublicBuckets">RestrictPublicBuckets</a>: <i>Boolean</i>
+</pre>
+
+## Properties
+
+#### BlockPublicAcls
+
+_Required_: No
+
+_Type_: Boolean
+
+_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+
+#### BlockPublicPolicy
+
+_Required_: No
+
+_Type_: Boolean
+
+_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+
+#### IgnorePublicAcls
+
+_Required_: No
+
+_Type_: Boolean
+
+_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+
+#### RestrictPublicBuckets
+
+_Required_: No
+
+_Type_: Boolean
+
+_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
+
+## Return Values
+
+### Ref
+
+When you pass the logical ID of this resource to the intrinsic `Ref` function, Ref returns the ResourceId.
+
+### Fn::GetAtt
+
+The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
+
+For more information about using the `Fn::GetAtt` intrinsic function, see [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html).
+
+#### ResourceId
+
+Returns the <code>ResourceId</code> value.
+

s3/public-access-block/example.yml

@@ -0,0 +1,9 @@
+AWSTemplateFormatVersion: 2010-09-09
+Resources:
+  S3AccountPublicAccessBlock:
+    Type: 'Community::S3::PublicAccessBlock'
+    Properties:
+      BlockPublicAcls: true
+      BlockPublicPolicy: false
+      IgnorePublicAcls: true
+      RestrictPublicBuckets: true

s3/public-access-block/installation.md

@@ -0,0 +1,17 @@
+# Community::S3::PublicAccessBlock
+
+## Installation using AWS CLI
+``` bash
+aws cloudformation register-type \
+  --type-name Community::S3::PublicAccessBlock \
+  --type RESOURCE \
+  --schema-handler-package s3://community-resource-provider-catalog/community-s3-publicaccessblock-0.1.0.zip
+
+aws cloudformation describe-type-registration --registration-token <registration-token> 
+
+aws cloudformation set-type-default-version \
+  --version-id <version-id> \
+  --type-name Community::S3::PublicAccessBlock \
+  --type RESOURCE
+
+```