Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update aws-py-static-website to BucketV2 #1692

Merged
merged 1 commit into from
Oct 1, 2024
Merged

Update aws-py-static-website to BucketV2 #1692

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions aws-py-static-website/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,8 @@ with `***`.
Type Name Plan
+ pulumi:pulumi:Stack static-website-example create
+ ├─ pulumi:providers:aws east create
+ ├─ aws:s3:Bucket requestLogs create
+ ├─ aws:s3:Bucket contentBucket create
+ ├─ aws:s3:BucketV2 requestLogs create
+ ├─ aws:s3:BucketV2 contentBucket create
+ │ ├─ aws:s3:BucketObject 404.html create
+ │ └─ aws:s3:BucketObject index.html create
+ ├─ aws:acm:Certificate certificate create
Expand Down
51 changes: 41 additions & 10 deletions aws-py-static-website/__main__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,33 @@
import pulumi_aws.route53
import pulumi_aws.s3


def setup_acl(bucket_name, bucket, acl):
bucket_ownership_controls = pulumi_aws.s3.BucketOwnershipControls(
bucket_name,
bucket=bucket.bucket,
rule={
"object_ownership": "BucketOwnerPreferred",
})

public_access_block = pulumi_aws.s3.BucketPublicAccessBlock(
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm having second thoughts on whether this is necessary, will double check with @flostadler and @corymhall on Monday.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK this is necessary to be able to serve the website off the bucket on the public network. Confirmed with team. AWS is making this harder intentionally and this is reflected in the TF mapping.

bucket_name,
bucket=bucket.bucket,
block_public_acls=False,
block_public_policy=False,
ignore_public_acls=False,
restrict_public_buckets=False)

content_bucket_acl = pulumi_aws.s3.BucketAclV2(
bucket_name,
bucket=content_bucket.bucket,
acl=acl,
opts = ResourceOptions(depends_on=[
bucket_ownership_controls,
public_access_block,
]))


def get_domain_and_subdomain(domain):
"""
Returns the subdomain and the parent domain.
Expand All @@ -24,20 +51,23 @@ def get_domain_and_subdomain(domain):
parts.pop(0)
return subdomain, '.'.join(parts) + '.'


# Read the configuration for this stack.
stack_config = Config()
target_domain = stack_config.require('targetDomain')
path_to_website_contents = stack_config.require('pathToWebsiteContents')
certificate_arn = stack_config.get('certificateArn')

# Create an S3 bucket configured as a website bucket.
content_bucket = pulumi_aws.s3.Bucket('contentBucket',
bucket=target_domain,
acl='public-read',
website=pulumi_aws.s3.BucketWebsiteArgs(
index_document='index.html',
error_document='404.html'
))
content_bucket = pulumi_aws.s3.BucketV2('contentBucket', bucket=target_domain)
setup_acl('contentBucket', content_bucket, 'public-read')


content_bucket_website = pulumi_aws.s3.BucketWebsiteConfigurationV2('content-bucket',
bucket=content_bucket.bucket,
index_document={"suffix": "index.html"},
error_document={"key": "404.html"})


def crawl_directory(content_dir, f):
"""
Expand Down Expand Up @@ -109,7 +139,8 @@ def bucket_object_converter(filepath):
certificate_arn = cert_validation.certificate_arn

# Create a logs bucket for the CloudFront logs
logs_bucket = pulumi_aws.s3.Bucket('requestLogs', bucket=f'{target_domain}-logs', acl='private')
logs_bucket = pulumi_aws.s3.BucketV2('requestLogs', bucket=f'{target_domain}-logs')
setup_acl('requestLogs', logs_bucket, 'private')

# Create the CloudFront distribution
cdn = pulumi_aws.cloudfront.Distribution('cdn',
Expand All @@ -119,7 +150,7 @@ def bucket_object_converter(filepath):
],
origins=[pulumi_aws.cloudfront.DistributionOriginArgs(
origin_id=content_bucket.arn,
domain_name=content_bucket.website_endpoint,
domain_name=content_bucket_website.website_endpoint,
custom_origin_config=pulumi_aws.cloudfront.DistributionOriginCustomOriginConfigArgs(
origin_protocol_policy='http-only',
http_port=80,
Expand Down Expand Up @@ -191,6 +222,6 @@ def create_alias_record(target_domain, distribution):

# Export the bucket URL, bucket website endpoint, and the CloudFront distribution information.
export('content_bucket_url', Output.concat('s3://', content_bucket.bucket))
export('content_bucket_website_endpoint', content_bucket.website_endpoint)
export('content_bucket_website_endpoint', content_bucket_website.website_endpoint)
export('cloudfront_domain', cdn.domain_name)
export('target_domain_endpoint', f'https://{target_domain}/')
Loading