From 816783e5dec4c8459bb87d14db30ddfed71b6fab Mon Sep 17 00:00:00 2001 From: Jim OMulloy Date: Thu, 30 Jul 2020 15:57:12 +0100 Subject: [PATCH 1/7] issue-429: remove S3 acl blocks --- cloudformation/template.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/cloudformation/template.yaml b/cloudformation/template.yaml index c8522bd29..4f1060465 100644 --- a/cloudformation/template.yaml +++ b/cloudformation/template.yaml @@ -585,11 +585,11 @@ Resources: Type: AWS::S3::Bucket Properties: BucketName: !Ref DevPortalSiteS3BucketName - PublicAccessBlockConfiguration: - BlockPublicAcls: true - BlockPublicPolicy: true - IgnorePublicAcls: true - RestrictPublicBuckets: true +# PublicAccessBlockConfiguration: +# BlockPublicAcls: true +# BlockPublicPolicy: true +# IgnorePublicAcls: true +# RestrictPublicBuckets: true DevPortalSiteS3BucketPolicy: Type: 'AWS::S3::BucketPolicy' @@ -610,11 +610,11 @@ Resources: Type: AWS::S3::Bucket Properties: BucketName: !Ref ArtifactsS3BucketName - PublicAccessBlockConfiguration: - BlockPublicAcls: true - BlockPublicPolicy: true - IgnorePublicAcls: true - RestrictPublicBuckets: true + # PublicAccessBlockConfiguration: + # BlockPublicAcls: true + # BlockPublicPolicy: true + # IgnorePublicAcls: true + # RestrictPublicBuckets: true NotificationConfiguration: LambdaConfigurations: - From 5bb76a3f261633e2c642003dd167f48480da641a Mon Sep 17 00:00:00 2001 From: Jim OMulloy Date: Thu, 30 Jul 2020 16:11:29 +0100 Subject: [PATCH 2/7] ussue-429: restore S3 acl block --- cloudformation/template.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/cloudformation/template.yaml b/cloudformation/template.yaml index 4f1060465..c8522bd29 100644 --- a/cloudformation/template.yaml +++ b/cloudformation/template.yaml @@ -585,11 +585,11 @@ Resources: Type: AWS::S3::Bucket Properties: BucketName: !Ref DevPortalSiteS3BucketName -# PublicAccessBlockConfiguration: -# BlockPublicAcls: true -# BlockPublicPolicy: true -# IgnorePublicAcls: true -# RestrictPublicBuckets: true + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true DevPortalSiteS3BucketPolicy: Type: 'AWS::S3::BucketPolicy' @@ -610,11 +610,11 @@ Resources: Type: AWS::S3::Bucket Properties: BucketName: !Ref ArtifactsS3BucketName - # PublicAccessBlockConfiguration: - # BlockPublicAcls: true - # BlockPublicPolicy: true - # IgnorePublicAcls: true - # RestrictPublicBuckets: true + PublicAccessBlockConfiguration: + BlockPublicAcls: true + BlockPublicPolicy: true + IgnorePublicAcls: true + RestrictPublicBuckets: true NotificationConfiguration: LambdaConfigurations: - From 32067051eff7ed282b806d1695f17fc653d01bce Mon Sep 17 00:00:00 2001 From: Jim OMulloy Date: Thu, 30 Jul 2020 16:29:40 +0100 Subject: [PATCH 3/7] issue-429: remove DevPortalSiteS3Bucket acl block --- cloudformation/template.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cloudformation/template.yaml b/cloudformation/template.yaml index c8522bd29..61913cb34 100644 --- a/cloudformation/template.yaml +++ b/cloudformation/template.yaml @@ -585,11 +585,11 @@ Resources: Type: AWS::S3::Bucket Properties: BucketName: !Ref DevPortalSiteS3BucketName - PublicAccessBlockConfiguration: - BlockPublicAcls: true - BlockPublicPolicy: true - IgnorePublicAcls: true - RestrictPublicBuckets: true +# PublicAccessBlockConfiguration: +# BlockPublicAcls: true +# BlockPublicPolicy: true +# IgnorePublicAcls: true +# RestrictPublicBuckets: true DevPortalSiteS3BucketPolicy: Type: 'AWS::S3::BucketPolicy' From d5fddcea1c337adf1cd796fb7f71f19eb50cc0a5 Mon Sep 17 00:00:00 2001 From: Jim OMulloy Date: Thu, 30 Jul 2020 16:49:54 +0100 Subject: [PATCH 4/7] issue-429: remove DevPortalSiteS3Bucket access block in dev mode --- cloudformation/template.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cloudformation/template.yaml b/cloudformation/template.yaml index 61913cb34..a7b1d927c 100644 --- a/cloudformation/template.yaml +++ b/cloudformation/template.yaml @@ -585,11 +585,11 @@ Resources: Type: AWS::S3::Bucket Properties: BucketName: !Ref DevPortalSiteS3BucketName -# PublicAccessBlockConfiguration: -# BlockPublicAcls: true -# BlockPublicPolicy: true -# IgnorePublicAcls: true -# RestrictPublicBuckets: true + PublicAccessBlockConfiguration: + BlockPublicAcls: !If [ NotDevelopmentMode, 'true', 'false' ] + BlockPublicPolicy: !If [ NotDevelopmentMode, 'true', 'false' ] + IgnorePublicAcls: !If [ NotDevelopmentMode, 'true', 'false' ] + RestrictPublicBuckets: !If [ NotDevelopmentMode, 'true', 'false' ] DevPortalSiteS3BucketPolicy: Type: 'AWS::S3::BucketPolicy' From 9c80d00705a6b8d8d945c1e79588dd97def6f382 Mon Sep 17 00:00:00 2001 From: Jim OMulloy Date: Thu, 30 Jul 2020 16:56:27 +0100 Subject: [PATCH 5/7] issue-429: ArtifactsS3Bucket no block in dev mode --- cloudformation/template.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cloudformation/template.yaml b/cloudformation/template.yaml index a7b1d927c..8bf4ab6e6 100644 --- a/cloudformation/template.yaml +++ b/cloudformation/template.yaml @@ -611,10 +611,10 @@ Resources: Properties: BucketName: !Ref ArtifactsS3BucketName PublicAccessBlockConfiguration: - BlockPublicAcls: true - BlockPublicPolicy: true - IgnorePublicAcls: true - RestrictPublicBuckets: true + BlockPublicAcls: !If [ NotDevelopmentMode, 'true', 'false' ] + BlockPublicPolicy: !If [ NotDevelopmentMode, 'true', 'false' ] + IgnorePublicAcls: !If [ NotDevelopmentMode, 'true', 'false' ] + RestrictPublicBuckets: !If [ NotDevelopmentMode, 'true', 'false' ] NotificationConfiguration: LambdaConfigurations: - From 43544425627c95d5c4f556108684810567ed5f0f Mon Sep 17 00:00:00 2001 From: Jim OMulloy Date: Fri, 31 Jul 2020 08:35:34 +0100 Subject: [PATCH 6/7] issue-429: add promise() to s3 delete --- lambdas/static-asset-uploader/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lambdas/static-asset-uploader/index.js b/lambdas/static-asset-uploader/index.js index 346cf0f90..b72cbe556 100644 --- a/lambdas/static-asset-uploader/index.js +++ b/lambdas/static-asset-uploader/index.js @@ -81,7 +81,7 @@ async function cleanS3Bucket (bucketName) { Delete: { Objects: keys } - }) + }).promise() console.log(`deleteObjects result: ${inspectStringify(result)}`) } } From c2523af302335c030b98d6165e67f5d797dc88b2 Mon Sep 17 00:00:00 2001 From: Jim OMulloy Date: Thu, 22 Oct 2020 08:56:58 +0100 Subject: [PATCH 7/7] revert static asset change to master --- lambdas/static-asset-uploader/index.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lambdas/static-asset-uploader/index.js b/lambdas/static-asset-uploader/index.js index b72cbe556..346cf0f90 100644 --- a/lambdas/static-asset-uploader/index.js +++ b/lambdas/static-asset-uploader/index.js @@ -81,7 +81,7 @@ async function cleanS3Bucket (bucketName) { Delete: { Objects: keys } - }).promise() + }) console.log(`deleteObjects result: ${inspectStringify(result)}`) } }