Skip to content

Commit ca9127d

Browse files
mnapolimnapoli
committed
Add storage bucket
1 parent 1d111ba commit ca9127d

3 files changed

Lines changed: 142 additions & 0 deletions

File tree

src/storage/StorageBucket.ts

Lines changed: 32 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,32 @@
1+
import { BlockPublicAccess, Bucket, BucketEncryption, StorageClass } from 'aws-cdk-lib/aws-s3';
2+
import { Duration } from 'aws-cdk-lib';
3+
import { Construct } from 'constructs';
4+
import { BucketProps } from 'aws-cdk-lib/aws-s3/lib/bucket';
5+
6+
export class StorageBucket extends Bucket {
7+
constructor(scope: Construct, id: string, props?: BucketProps) {
8+
const defaults: Partial<BucketProps> = {
9+
// Encrypted at rest
10+
encryption: BucketEncryption.S3_MANAGED,
11+
// Versioned
12+
versioned: true,
13+
blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
14+
enforceSSL: true,
15+
lifecycleRules: [
16+
{
17+
transitions: [
18+
{
19+
storageClass: StorageClass.INTELLIGENT_TIERING,
20+
transitionAfter: Duration.days(0),
21+
},
22+
],
23+
},
24+
{
25+
noncurrentVersionExpiration: Duration.days(30),
26+
},
27+
],
28+
};
29+
30+
super(scope, id, Object.assign({}, defaults, props));
31+
}
32+
}

test/storage/StorageBucket.test.ts

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
import { describe, expect, it } from 'vitest';
2+
import { cleanupTemplate, compileTestStack } from '../helper';
3+
import { StorageBucket } from '../../src/storage/StorageBucket';
4+
5+
describe('StorageBucket', () => {
6+
it('builds', () => {
7+
const template = compileTestStack((stack) => {
8+
new StorageBucket(stack, 'Files');
9+
}).toJSON();
10+
11+
expect(cleanupTemplate(template).Resources).toMatchSnapshot();
12+
});
13+
});

test/storage/__snapshots__/StorageBucket.test.ts.snap

Lines changed: 97 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,97 @@
1+
// Vitest Snapshot v1
2+
3+
exports[`StorageBucket > builds 1`] = `
4+
{
5+
"Files8E6940B8": {
6+
"DeletionPolicy": "Retain",
7+
"Properties": {
8+
"BucketEncryption": {
9+
"ServerSideEncryptionConfiguration": [
10+
{
11+
"ServerSideEncryptionByDefault": {
12+
"SSEAlgorithm": "AES256",
13+
},
14+
},
15+
],
16+
},
17+
"LifecycleConfiguration": {
18+
"Rules": [
19+
{
20+
"Status": "Enabled",
21+
"Transitions": [
22+
{
23+
"StorageClass": "INTELLIGENT_TIERING",
24+
"TransitionInDays": 0,
25+
},
26+
],
27+
},
28+
{
29+
"NoncurrentVersionExpiration": {
30+
"NoncurrentDays": 30,
31+
},
32+
"Status": "Enabled",
33+
},
34+
],
35+
},
36+
"PublicAccessBlockConfiguration": {
37+
"BlockPublicAcls": true,
38+
"BlockPublicPolicy": true,
39+
"IgnorePublicAcls": true,
40+
"RestrictPublicBuckets": true,
41+
},
42+
"VersioningConfiguration": {
43+
"Status": "Enabled",
44+
},
45+
},
46+
"Type": "AWS::S3::Bucket",
47+
"UpdateReplacePolicy": "Retain",
48+
},
49+
"FilesPolicyCFAB4773": {
50+
"Properties": {
51+
"Bucket": {
52+
"Ref": "Files8E6940B8",
53+
},
54+
"PolicyDocument": {
55+
"Statement": [
56+
{
57+
"Action": "s3:*",
58+
"Condition": {
59+
"Bool": {
60+
"aws:SecureTransport": "false",
61+
},
62+
},
63+
"Effect": "Deny",
64+
"Principal": {
65+
"AWS": "*",
66+
},
67+
"Resource": [
68+
{
69+
"Fn::GetAtt": [
70+
"Files8E6940B8",
71+
"Arn",
72+
],
73+
},
74+
{
75+
"Fn::Join": [
76+
"",
77+
[
78+
{
79+
"Fn::GetAtt": [
80+
"Files8E6940B8",
81+
"Arn",
82+
],
83+
},
84+
"/*",
85+
],
86+
],
87+
},
88+
],
89+
},
90+
],
91+
"Version": "2012-10-17",
92+
},
93+
},
94+
"Type": "AWS::S3::BucketPolicy",
95+
},
96+
}
97+
`;

0 commit comments

Comments
 (0)