-
Notifications
You must be signed in to change notification settings - Fork 2
/
storage-nested-stack.ts
56 lines (50 loc) · 2.12 KB
/
storage-nested-stack.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
import * as cdk from '@aws-cdk/core';
import * as cfn_inc from '@aws-cdk/cloudformation-include';
import { AmplifyInitResource } from './amplify-init-resources';
export interface StorageProps extends cdk.NestedStackProps {
amplifyInitResource: AmplifyInitResource;
amplifyEnvName?: string;
}
export class Storage extends cdk.NestedStack {
public readonly userFileBucketName: cdk.CfnOutput;
constructor(scope: cdk.Construct, id: string, props: StorageProps) {
super(scope, id);
const storageNestedStack = new cfn_inc.CfnInclude(this, 'Storage', {
templateFile: `${__dirname}/../../amplifyApp/amplify/backend/storage/s31f5e069a/s3-cloudformation-template.json`,
// From cdkApp/lib/backend/storage/s31f5e069a/parameters.json
parameters: {
env: props.amplifyEnvName,
bucketName: `storage`,
authPolicyName: `authPolicyName`,
unauthPolicyName: `unauthPolicyName`,
authRoleName: props.amplifyInitResource.authRole.roleName,
unauthRoleName: props.amplifyInitResource.unAuthRole.roleName,
selectedGuestPermissions: ['s3:GetObject', 's3:ListBucket'],
selectedAuthenticatedPermissions: [
's3:PutObject',
's3:GetObject',
's3:ListBucket',
's3:DeleteObject',
],
s3PermissionsAuthenticatedPublic:
's3:PutObject,s3:GetObject,s3:DeleteObject',
s3PublicPolicy: `Public_policy`,
s3PermissionsAuthenticatedUploads: 's3:PutObject',
s3UploadsPolicy: `Uploads_policy`,
s3PermissionsAuthenticatedProtected:
's3:PutObject,s3:GetObject,s3:DeleteObject',
s3ProtectedPolicy: `Protected_policy`,
s3PermissionsAuthenticatedPrivate:
's3:PutObject,s3:GetObject,s3:DeleteObject',
s3PrivatePolicy: `Private_policy`,
AuthenticatedAllowList: 'ALLOW',
s3ReadPolicy: `read_policy`,
s3PermissionsGuestPublic: 's3:GetObject',
s3PermissionsGuestUploads: 'DISALLOW',
GuestAllowList: 'ALLOW',
triggerFunction: 'NONE',
},
});
this.userFileBucketName = storageNestedStack.getOutput('BucketName');
}
}