diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cdk.out b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cdk.out index 588d7b269d34f..1f0068d32659a 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cdk.out +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cdk.out @@ -1 +1 @@ -{"version":"20.0.0"} \ No newline at end of file +{"version":"36.0.0"} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-integ.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-stack.assets.json similarity index 62% rename from packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-integ.assets.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-stack.assets.json index 96d3e3aab1cdb..c5723dffd1d94 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-integ.assets.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-stack.assets.json @@ -1,15 +1,15 @@ { - "version": "20.0.0", + "version": "36.0.0", "files": { - "014ba2fd8a586de5727af6ec8eedf78f338eae1b685dbbd1724e30010e1dea96": { + "b5b660b9764fa165a21fc38b0182b62bbb6a5e8c6afbb4a804e8cdcb99be28b1": { "source": { - "path": "cloudfront-custom-s3-integ.template.json", + "path": "cloudfront-custom-s3-stack.template.json", "packaging": "file" }, "destinations": { "current_account-current_region": { "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", - "objectKey": "014ba2fd8a586de5727af6ec8eedf78f338eae1b685dbbd1724e30010e1dea96.json", + "objectKey": "b5b660b9764fa165a21fc38b0182b62bbb6a5e8c6afbb4a804e8cdcb99be28b1.json", "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" } } diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-integ.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-stack.template.json similarity index 94% rename from packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-integ.template.json rename to packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-stack.template.json index 6089fa718a48b..a208e41a3aa17 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-integ.template.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/cloudfront-custom-s3-stack.template.json @@ -3,6 +3,12 @@ "Bucket83908E77": { "Type": "AWS::S3::Bucket", "Properties": { + "PublicAccessBlockConfiguration": { + "BlockPublicAcls": false, + "BlockPublicPolicy": false, + "IgnorePublicAcls": false, + "RestrictPublicBuckets": false + }, "WebsiteConfiguration": { "ErrorDocument": "404.html", "IndexDocument": "index.html" diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/integ.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/integ.json index acce2537164c7..826160602f651 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/integ.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/integ.json @@ -1,14 +1,14 @@ { - "version": "20.0.0", + "enableLookups": true, + "version": "36.0.0", "testCases": { - "integ.cloudfront-custom-s3": { + "integ-cloudfront-custom-s3/DefaultTest": { "stacks": [ - "cloudfront-custom-s3-integ" + "cloudfront-custom-s3-stack" ], - "diffAssets": false, - "stackUpdateWorkflow": true + "diffAssets": true, + "assertionStack": "integ-cloudfront-custom-s3/DefaultTest/DeployAssert", + "assertionStackName": "integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA" } - }, - "synthContext": {}, - "enableLookups": false + } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.assets.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.assets.json new file mode 100644 index 0000000000000..294d17e25ca7b --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.assets.json @@ -0,0 +1,19 @@ +{ + "version": "36.0.0", + "files": { + "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": { + "source": { + "path": "integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.template.json", + "packaging": "file" + }, + "destinations": { + "current_account-current_region": { + "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}", + "objectKey": "21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}" + } + } + } + }, + "dockerImages": {} +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.template.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.template.json new file mode 100644 index 0000000000000..ad9d0fb73d1dd --- /dev/null +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.template.json @@ -0,0 +1,36 @@ +{ + "Parameters": { + "BootstrapVersion": { + "Type": "AWS::SSM::Parameter::Value", + "Default": "/cdk-bootstrap/hnb659fds/version", + "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]" + } + }, + "Rules": { + "CheckBootstrapVersion": { + "Assertions": [ + { + "Assert": { + "Fn::Not": [ + { + "Fn::Contains": [ + [ + "1", + "2", + "3", + "4", + "5" + ], + { + "Ref": "BootstrapVersion" + } + ] + } + ] + }, + "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI." + } + ] + } + } +} \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/manifest.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/manifest.json index e70159435d2dd..89eef35f773cb 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/manifest.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/manifest.json @@ -1,33 +1,28 @@ { - "version": "20.0.0", + "version": "36.0.0", "artifacts": { - "Tree": { - "type": "cdk:tree", - "properties": { - "file": "tree.json" - } - }, - "cloudfront-custom-s3-integ.assets": { + "cloudfront-custom-s3-stack.assets": { "type": "cdk:asset-manifest", "properties": { - "file": "cloudfront-custom-s3-integ.assets.json", + "file": "cloudfront-custom-s3-stack.assets.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" } }, - "cloudfront-custom-s3-integ": { + "cloudfront-custom-s3-stack": { "type": "aws:cloudformation:stack", "environment": "aws://unknown-account/unknown-region", "properties": { - "templateFile": "cloudfront-custom-s3-integ.template.json", + "templateFile": "cloudfront-custom-s3-stack.template.json", + "terminationProtection": false, "validateOnSynth": false, "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", - "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/014ba2fd8a586de5727af6ec8eedf78f338eae1b685dbbd1724e30010e1dea96.json", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/b5b660b9764fa165a21fc38b0182b62bbb6a5e8c6afbb4a804e8cdcb99be28b1.json", "requiresBootstrapStackVersion": 6, "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", "additionalDependencies": [ - "cloudfront-custom-s3-integ.assets" + "cloudfront-custom-s3-stack.assets" ], "lookupRole": { "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", @@ -36,41 +31,95 @@ } }, "dependencies": [ - "cloudfront-custom-s3-integ.assets" + "cloudfront-custom-s3-stack.assets" ], "metadata": { - "/cloudfront-custom-s3-integ/Bucket/Resource": [ + "/cloudfront-custom-s3-stack/Bucket/Resource": [ { "type": "aws:cdk:logicalId", "data": "Bucket83908E77" } ], - "/cloudfront-custom-s3-integ/Bucket/Policy/Resource": [ + "/cloudfront-custom-s3-stack/Bucket/Policy/Resource": [ { "type": "aws:cdk:logicalId", "data": "BucketPolicyE9A3008A" } ], - "/cloudfront-custom-s3-integ/Distribution/CFDistribution": [ + "/cloudfront-custom-s3-stack/Distribution/CFDistribution": [ { "type": "aws:cdk:logicalId", "data": "DistributionCFDistribution882A7313" } ], - "/cloudfront-custom-s3-integ/BootstrapVersion": [ + "/cloudfront-custom-s3-stack/BootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "BootstrapVersion" } ], - "/cloudfront-custom-s3-integ/CheckBootstrapVersion": [ + "/cloudfront-custom-s3-stack/CheckBootstrapVersion": [ { "type": "aws:cdk:logicalId", "data": "CheckBootstrapVersion" } ] }, - "displayName": "cloudfront-custom-s3-integ" + "displayName": "cloudfront-custom-s3-stack" + }, + "integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.assets": { + "type": "cdk:asset-manifest", + "properties": { + "file": "integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.assets.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA": { + "type": "aws:cloudformation:stack", + "environment": "aws://unknown-account/unknown-region", + "properties": { + "templateFile": "integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.template.json", + "terminationProtection": false, + "validateOnSynth": false, + "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-deploy-role-${AWS::AccountId}-${AWS::Region}", + "cloudFormationExecutionRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-cfn-exec-role-${AWS::AccountId}-${AWS::Region}", + "stackTemplateAssetObjectUrl": "s3://cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}/21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22.json", + "requiresBootstrapStackVersion": 6, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version", + "additionalDependencies": [ + "integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.assets" + ], + "lookupRole": { + "arn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-lookup-role-${AWS::AccountId}-${AWS::Region}", + "requiresBootstrapStackVersion": 8, + "bootstrapStackVersionSsmParameter": "/cdk-bootstrap/hnb659fds/version" + } + }, + "dependencies": [ + "integcloudfrontcustoms3DefaultTestDeployAssert2E08B1DA.assets" + ], + "metadata": { + "/integ-cloudfront-custom-s3/DefaultTest/DeployAssert/BootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "BootstrapVersion" + } + ], + "/integ-cloudfront-custom-s3/DefaultTest/DeployAssert/CheckBootstrapVersion": [ + { + "type": "aws:cdk:logicalId", + "data": "CheckBootstrapVersion" + } + ] + }, + "displayName": "integ-cloudfront-custom-s3/DefaultTest/DeployAssert" + }, + "Tree": { + "type": "cdk:tree", + "properties": { + "file": "tree.json" + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/tree.json b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/tree.json index 6a162019faf7b..04918af494079 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/tree.json +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.js.snapshot/tree.json @@ -4,28 +4,26 @@ "id": "App", "path": "", "children": { - "Tree": { - "id": "Tree", - "path": "Tree", - "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" - } - }, - "cloudfront-custom-s3-integ": { - "id": "cloudfront-custom-s3-integ", - "path": "cloudfront-custom-s3-integ", + "cloudfront-custom-s3-stack": { + "id": "cloudfront-custom-s3-stack", + "path": "cloudfront-custom-s3-stack", "children": { "Bucket": { "id": "Bucket", - "path": "cloudfront-custom-s3-integ/Bucket", + "path": "cloudfront-custom-s3-stack/Bucket", "children": { "Resource": { "id": "Resource", - "path": "cloudfront-custom-s3-integ/Bucket/Resource", + "path": "cloudfront-custom-s3-stack/Bucket/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::Bucket", "aws:cdk:cloudformation:props": { + "publicAccessBlockConfiguration": { + "blockPublicPolicy": false, + "blockPublicAcls": false, + "ignorePublicAcls": false, + "restrictPublicBuckets": false + }, "websiteConfiguration": { "indexDocument": "index.html", "errorDocument": "404.html" @@ -33,17 +31,17 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucket", + "fqn": "aws-cdk-lib.aws_s3.CfnBucket", "version": "0.0.0" } }, "Policy": { "id": "Policy", - "path": "cloudfront-custom-s3-integ/Bucket/Policy", + "path": "cloudfront-custom-s3-stack/Bucket/Policy", "children": { "Resource": { "id": "Resource", - "path": "cloudfront-custom-s3-integ/Bucket/Policy/Resource", + "path": "cloudfront-custom-s3-stack/Bucket/Policy/Resource", "attributes": { "aws:cdk:cloudformation:type": "AWS::S3::BucketPolicy", "aws:cdk:cloudformation:props": { @@ -79,29 +77,29 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.CfnBucketPolicy", + "fqn": "aws-cdk-lib.aws_s3.CfnBucketPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.BucketPolicy", + "fqn": "aws-cdk-lib.aws_s3.BucketPolicy", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-s3.Bucket", + "fqn": "aws-cdk-lib.aws_s3.Bucket", "version": "0.0.0" } }, "Distribution": { "id": "Distribution", - "path": "cloudfront-custom-s3-integ/Distribution", + "path": "cloudfront-custom-s3-stack/Distribution", "children": { "CFDistribution": { "id": "CFDistribution", - "path": "cloudfront-custom-s3-integ/Distribution/CFDistribution", + "path": "cloudfront-custom-s3-stack/Distribution/CFDistribution", "attributes": { "aws:cdk:cloudformation:type": "AWS::CloudFront::Distribution", "aws:cdk:cloudformation:props": { @@ -170,26 +168,104 @@ } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cloudfront.CfnDistribution", + "fqn": "aws-cdk-lib.aws_cloudfront.CfnDistribution", "version": "0.0.0" } } }, "constructInfo": { - "fqn": "@aws-cdk/aws-cloudfront.CloudFrontWebDistribution", + "fqn": "aws-cdk-lib.aws_cloudfront.CloudFrontWebDistribution", + "version": "0.0.0" + } + }, + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "cloudfront-custom-s3-stack/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "cloudfront-custom-s3-stack/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", "version": "0.0.0" } } }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + }, + "integ-cloudfront-custom-s3": { + "id": "integ-cloudfront-custom-s3", + "path": "integ-cloudfront-custom-s3", + "children": { + "DefaultTest": { + "id": "DefaultTest", + "path": "integ-cloudfront-custom-s3/DefaultTest", + "children": { + "Default": { + "id": "Default", + "path": "integ-cloudfront-custom-s3/DefaultTest/Default", + "constructInfo": { + "fqn": "constructs.Construct", + "version": "10.3.0" + } + }, + "DeployAssert": { + "id": "DeployAssert", + "path": "integ-cloudfront-custom-s3/DefaultTest/DeployAssert", + "children": { + "BootstrapVersion": { + "id": "BootstrapVersion", + "path": "integ-cloudfront-custom-s3/DefaultTest/DeployAssert/BootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnParameter", + "version": "0.0.0" + } + }, + "CheckBootstrapVersion": { + "id": "CheckBootstrapVersion", + "path": "integ-cloudfront-custom-s3/DefaultTest/DeployAssert/CheckBootstrapVersion", + "constructInfo": { + "fqn": "aws-cdk-lib.CfnRule", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "aws-cdk-lib.Stack", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTestCase", + "version": "0.0.0" + } + } + }, + "constructInfo": { + "fqn": "@aws-cdk/integ-tests-alpha.IntegTest", + "version": "0.0.0" + } + }, + "Tree": { + "id": "Tree", + "path": "Tree", "constructInfo": { "fqn": "constructs.Construct", - "version": "10.1.85" + "version": "10.3.0" } } }, "constructInfo": { - "fqn": "constructs.Construct", - "version": "10.1.85" + "fqn": "aws-cdk-lib.App", + "version": "0.0.0" } } } \ No newline at end of file diff --git a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.ts b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.ts index d0481ff353d5b..ff901ec6fab34 100644 --- a/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.ts +++ b/packages/@aws-cdk-testing/framework-integ/test/aws-cloudfront/test/integ.cloudfront-custom-s3.ts @@ -2,6 +2,7 @@ import * as s3 from 'aws-cdk-lib/aws-s3'; import { App, Stack } from 'aws-cdk-lib'; import { Construct } from 'constructs'; import * as cloudfront from 'aws-cdk-lib/aws-cloudfront'; +import { IntegTest } from '@aws-cdk/integ-tests-alpha'; class TestStack extends Stack { constructor(scope: Construct, id: string) { @@ -9,6 +10,12 @@ class TestStack extends Stack { const bucket = new s3.Bucket(this, 'Bucket', { publicReadAccess: true, + blockPublicAccess: { + blockPublicPolicy: false, + blockPublicAcls: false, + ignorePublicAcls: false, + restrictPublicBuckets: false, + }, websiteIndexDocument: 'index.html', websiteErrorDocument: '404.html', }); @@ -31,5 +38,8 @@ class TestStack extends Stack { } const app = new App(); -new TestStack(app, 'cloudfront-custom-s3-integ'); -app.synth(); +new IntegTest(app, 'integ-cloudfront-custom-s3', { + testCases: [new TestStack(app, 'cloudfront-custom-s3-stack')], + diffAssets: true, + enableLookups: true, +}); diff --git a/packages/aws-cdk-lib/aws-s3/README.md b/packages/aws-cdk-lib/aws-s3/README.md index 20df480ede05c..58b7084e620e2 100644 --- a/packages/aws-cdk-lib/aws-s3/README.md +++ b/packages/aws-cdk-lib/aws-s3/README.md @@ -379,6 +379,26 @@ When `blockPublicPolicy` is set to `true`, `grantPublicRead()` throws an error. [block public access settings]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html +## Public Read Access + +Use `publicReadAccess` to allow public read access to the bucket. + +Note that to enable `publicReadAccess`, make sure both bucket-level and account-level block public access control is disabled. + +Bucket-level block public access control can be configured through `blockPublicAccess` property. Account-level block public +access control can be configured on AWS Console -> S3 -> Block Public Access settings for this account (Navigation Panel). +```ts +const bucket = new s3.Bucket(this, 'Bucket', { + publicReadAccess: true, + blockPublicAccess: { + blockPublicPolicy: false, + blockPublicAcls: false, + ignorePublicAcls: false, + restrictPublicBuckets: false, + }, +}); +``` + ## Logging configuration Use `serverAccessLogsBucket` to describe where server access logs are to be stored. diff --git a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts index a822d571ec59a..5497df55798f2 100644 --- a/packages/aws-cdk-lib/aws-s3/lib/bucket.ts +++ b/packages/aws-cdk-lib/aws-s3/lib/bucket.ts @@ -2000,6 +2000,10 @@ export class Bucket extends BucketBase { (props.lifecycleRules || []).forEach(this.addLifecycleRule.bind(this)); if (props.publicReadAccess) { + if (props.blockPublicAccess === undefined) { + throw new Error('Cannot use \'publicReadAccess\' property on a bucket without allowing bucket-level public access through \'blockPublicAceess\' property.'); + } + this.grantPublicAccess(); } diff --git a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts index 35ca6cddcc956..4d97390952ee5 100644 --- a/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts +++ b/packages/aws-cdk-lib/aws-s3/test/bucket.test.ts @@ -905,6 +905,28 @@ describe('bucket', () => { }); }); + test('bucket with default block public access setting to throw error msg', () => { + const stack = new cdk.Stack(); + + expect(() => new s3.Bucket(stack, 'Bucket', { + publicReadAccess: true, + })).toThrow('Cannot use \'publicReadAccess\' property on a bucket without allowing bucket-level public access through \'blockPublicAceess\' property.'); + }); + + test('bucket with enabled block public access setting to throw error msg', () => { + const stack = new cdk.Stack(); + + expect(() => new s3.Bucket(stack, 'Bucket', { + publicReadAccess: true, + blockPublicAccess: { + blockPublicPolicy: true, + blockPublicAcls: false, + ignorePublicAcls: false, + restrictPublicBuckets: false, + }, + })).toThrow('Cannot grant public access when \'blockPublicPolicy\' is enabled'); + }); + test('bucket with custom canned access control', () => { const stack = new cdk.Stack(); new s3.Bucket(stack, 'MyBucket', {