Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(aws-s3): add the option to not poll to the CodePipeline Action #1260

Merged
merged 1 commit into from
Jan 25, 2019
Merged

feat(aws-s3): add the option to not poll to the CodePipeline Action #1260

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 14 additions & 10 deletions packages/@aws-cdk/aws-cloudtrail/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,25 +31,29 @@ For example, to log to CloudWatch Logs
import cloudtrail = require('@aws-cdk/aws-cloudtrail');

const trail = new cloudtrail.CloudTrail(stack, 'CloudTrail', {
sendToCloudWatchLogs: true
sendToCloudWatchLogs: true
});
```

This creates the same setup as above - but also logs events to a created CloudWatch Log stream. By default, the created log group has a retention period of 365 Days, but this is also configurable.
This creates the same setup as above - but also logs events to a created CloudWatch Log stream.
By default, the created log group has a retention period of 365 Days, but this is also configurable.


For using CloudTrail event selector to log specific S3 events, you can use the `CloudTrailProps` configuration object

For example - this logs all ReadWriteEvents for the `magic-bucket` bucket:
For using CloudTrail event selector to log specific S3 events,
you can use the `CloudTrailProps` configuration object.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm a little confused because I don't see CloudTrailProps anywhere in the code example...

Example:

```ts
import cloudtrail = require('@aws-cdk/aws-cloudtrail');

const trail = new cloudtrail.CloudTrail(stack, 'MyAmazingCloudTrail')
const trail = new cloudtrail.CloudTrail(stack, 'MyAmazingCloudTrail');

trail.addS3Filter("arn:aws:s3:::magic-bucket/"); // Adds an event selector to the bucket magic-bucket. By default, this includes management events and all operations (Read + Write)
// Adds an event selector to the bucket magic-bucket.
// By default, this includes management events and all operations (Read + Write)
trail.addS3EventSelector(["arn:aws:s3:::magic-bucket/"]);

const configuration = { includeManagementEvents = false, readWriteType = ReadWriteType.All };
trail.addS3Filter(["arn:aws:s3:::foo"], configuration ); // Adds an event selector to the bucket foo, with a specific configuration
// Adds an event selector to the bucket foo, with a specific configuration
trail.addS3EventSelector(["arn:aws:s3:::foo"], {
includeManagementEvents: false,
readWriteType: ReadWriteType.All,
});
```
3 changes: 2 additions & 1 deletion packages/@aws-cdk/aws-codepipeline/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@
"devDependencies": {
"@aws-cdk/assert": "^0.22.0",
"@aws-cdk/aws-cloudformation": "^0.22.0",
"@aws-cdk/aws-cloudtrail": "^0.22.0",
"@aws-cdk/aws-codebuild": "^0.22.0",
"@aws-cdk/aws-codecommit": "^0.22.0",
"@aws-cdk/aws-codedeploy": "^0.22.0",
Expand Down Expand Up @@ -98,4 +99,4 @@
"construct-ctor:@aws-cdk/aws-codepipeline.CrossRegionScaffoldStack.<initializer>.params[1]"
]
}
}
}
240 changes: 238 additions & 2 deletions packages/@aws-cdk/aws-codepipeline/test/integ.lambda-pipeline.expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@
"Ref": "PipelineBucketB967BD35"
},
"S3ObjectKey": "key",
"PollForSourceChanges": true
"PollForSourceChanges": false
},
"InputArtifacts": [],
"Name": "Source",
Expand Down Expand Up @@ -188,6 +188,66 @@
"PipelineRoleDefaultPolicyC7A05455"
]
},
"PipelineEventsRole46BEEA7C": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
}
}
],
"Version": "2012-10-17"
}
}
},
"PipelineEventsRoleDefaultPolicyFF4FCCE0": {
"Type": "AWS::IAM::Policy",
"Properties": {
"PolicyDocument": {
"Statement": [
{
"Action": "codepipeline:StartPipelineExecution",
"Effect": "Allow",
"Resource": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":codepipeline:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":",
{
"Ref": "PipelineC660917D"
}
]
]
}
}
],
"Version": "2012-10-17"
},
"PolicyName": "PipelineEventsRoleDefaultPolicyFF4FCCE0",
"Roles": [
{
"Ref": "PipelineEventsRole46BEEA7C"
}
]
}
},
"PipelineBucketB967BD35": {
"Type": "AWS::S3::Bucket",
"Properties": {
Expand All @@ -196,6 +256,182 @@
}
}
},
"PipelineBucketawscdkcodepipelinelambdaPipeline87A4B3D3SourceEventRuleCE4D4505": {
"Type": "AWS::Events::Rule",
"Properties": {
"EventPattern": {
"source": [
"aws.s3"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"s3.amazonaws.com"
],
"eventName": [
"PutObject"
],
"resources": {
"ARN": [
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"PipelineBucketB967BD35",
"Arn"
]
},
"/key"
]
]
}
]
}
}
},
"State": "ENABLED",
"Targets": [
{
"Arn": {
"Fn::Join": [
"",
[
"arn:",
{
"Ref": "AWS::Partition"
},
":codepipeline:",
{
"Ref": "AWS::Region"
},
":",
{
"Ref": "AWS::AccountId"
},
":",
{
"Ref": "PipelineC660917D"
}
]
]
},
"Id": "Pipeline",
"RoleArn": {
"Fn::GetAtt": [
"PipelineEventsRole46BEEA7C",
"Arn"
]
}
}
]
}
},
"CloudTrailS310CD22F2": {
"Type": "AWS::S3::Bucket",
"DeletionPolicy": "Retain"
},
"CloudTrailS3PolicyEA49A03E": {
"Type": "AWS::S3::BucketPolicy",
"Properties": {
"Bucket": {
"Ref": "CloudTrailS310CD22F2"
},
"PolicyDocument": {
"Statement": [
{
"Action": "s3:GetBucketAcl",
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Resource": {
"Fn::GetAtt": [
"CloudTrailS310CD22F2",
"Arn"
]
}
},
{
"Action": "s3:PutObject",
"Condition": {
"StringEquals": {
"s3:x-amz-acl": "bucket-owner-full-control"
}
},
"Effect": "Allow",
"Principal": {
"Service": "cloudtrail.amazonaws.com"
},
"Resource": {
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"CloudTrailS310CD22F2",
"Arn"
]
},
"/AWSLogs/",
{
"Ref": "AWS::AccountId"
},
"/*"
]
]
}
}
],
"Version": "2012-10-17"
}
}
},
"CloudTrailA62D711D": {
"Type": "AWS::CloudTrail::Trail",
"Properties": {
"IsLogging": true,
"S3BucketName": {
"Ref": "CloudTrailS310CD22F2"
},
"EnableLogFileValidation": true,
"EventSelectors": [
{
"DataResources": [
{
"Type": "AWS::S3::Object",
"Values": [
{
"Fn::Join": [
"",
[
{
"Fn::GetAtt": [
"PipelineBucketB967BD35",
"Arn"
]
},
"/key"
]
]
}
]
}
],
"IncludeManagementEvents": false,
"ReadWriteType": "WriteOnly"
}
],
"IncludeGlobalServiceEvents": true,
"IsMultiRegionTrail": true
},
"DependsOn": [
"CloudTrailS3PolicyEA49A03E"
]
},
"LambdaFunServiceRoleF0979767": {
"Type": "AWS::IAM::Role",
"Properties": {
Expand Down Expand Up @@ -272,4 +508,4 @@
]
}
}
}
}
7 changes: 6 additions & 1 deletion packages/@aws-cdk/aws-codepipeline/test/integ.lambda-pipeline.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import cloudtrail = require('@aws-cdk/aws-cloudtrail');
import lambda = require('@aws-cdk/aws-lambda');
import s3 = require('@aws-cdk/aws-s3');
import cdk = require('@aws-cdk/cdk');
Expand All @@ -14,11 +15,15 @@ const bucket = new s3.Bucket(stack, 'PipelineBucket', {
versioned: true,
removalPolicy: cdk.RemovalPolicy.Destroy,
});
const key = 'key';
const trail = new cloudtrail.CloudTrail(stack, 'CloudTrail');
trail.addS3EventSelector([bucket.arnForObjects(key)], cloudtrail.ReadWriteType.WriteOnly);
new s3.PipelineSourceAction(stack, 'Source', {
stage: sourceStage,
outputArtifactName: 'SourceArtifact',
bucket,
bucketKey: 'key',
bucketKey: key,
pollForSourceChanges: false,
});

const lambdaFun = new lambda.Function(stack, 'LambdaFun', {
Expand Down
5 changes: 2 additions & 3 deletions packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-cfn-cross-region.expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,8 +161,7 @@
"S3Bucket": {
"Ref": "MyBucketF68F3FF0"
},
"S3ObjectKey": "some/path",
"PollForSourceChanges": true
"S3ObjectKey": "some/path"
},
"InputArtifacts": [],
"Name": "S3",
Expand Down Expand Up @@ -245,4 +244,4 @@
}
}
}
}
}
3 changes: 1 addition & 2 deletions packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-cfn.expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,8 +173,7 @@
"S3Bucket": {
"Ref": "PipelineBucketB967BD35"
},
"S3ObjectKey": "key",
"PollForSourceChanges": true
"S3ObjectKey": "key"
},
"InputArtifacts": [],
"Name": "Source",
Expand Down
3 changes: 1 addition & 2 deletions ...cdk/aws-codepipeline/test/integ.pipeline-code-build-multiple-inputs-outputs.expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -275,8 +275,7 @@
"S3Bucket": {
"Ref": "MyBucketF68F3FF0"
},
"S3ObjectKey": "some/path",
"PollForSourceChanges": true
"S3ObjectKey": "some/path"
},
"InputArtifacts": [],
"Name": "Source2",
Expand Down
5 changes: 2 additions & 3 deletions packages/@aws-cdk/aws-codepipeline/test/integ.pipeline-code-deploy.expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -284,8 +284,7 @@
"S3Bucket": {
"Ref": "CodeDeployPipelineIntegTest9F618D61"
},
"S3ObjectKey": "application.zip",
"PollForSourceChanges": true
"S3ObjectKey": "application.zip"
},
"InputArtifacts": [],
"Name": "S3Source",
Expand Down Expand Up @@ -336,4 +335,4 @@
]
}
}
}
}
Loading