added logS3AccessLogs

awslabs · biffgaut · Nov 17, 2021 · Nov 16, 2021 · Nov 16, 2021 · Nov 16, 2021
commit e89b793b867b94ebcd69fd4790abfd216a810ba3
@@ -45,12 +45,13 @@ _Parameters_
 
 | **Name**     | **Type**        | **Description** |
 |:-------------|:----------------|-----------------|
-|existingBucketInterface?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Existing instance of S3 Bucket object or interface. If this is provided, then also providing bucketProps will cause an error. |
+|existingBucketObj?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Existing instance of S3 Bucket object or interface. If this is provided, then also providing bucketProps will cause an error. |
 |bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Bucket.|
 |cloudFrontDistributionProps?|[`cloudfront.DistributionProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.DistributionProps.html)|Optional user provided props to override the default props for CloudFront Distribution|
 |insertHttpSecurityHeaders?|`boolean`|Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront|
 |loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.|
 |cloudFrontLoggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the CloudFront Logging Bucket.|
+|logS3AccessLogs?| boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true|
 
 ## Pattern Properties
 

@@ -21,77 +21,89 @@ import * as defaults from '@aws-solutions-constructs/core';
  * @summary The properties for the CloudFrontToS3 Construct
  */
 export interface CloudFrontToS3Props {
-   /**
-    * Existing instance of S3 Bucket object, providing both this and `bucketProps` will cause an error.
-    *
-    * @default - None
-    */
-   readonly existingBucketInterface?: s3.IBucket,
-   /**
-    * Optional user provided props to override the default props for the S3 Bucket.
-    *
-    * @default - Default props are used
-    */
-   readonly bucketProps?: s3.BucketProps,
-   /**
-    * Optional user provided props to override the default props
-    *
-    * @default - Default props are used
-    */
-   readonly cloudFrontDistributionProps?: cloudfront.DistributionProps | any,
-   /**
-    * Optional user provided props to turn on/off the automatic injection of best practice HTTP
-    * security headers in all responses from cloudfront
-    *
-    * @default - true
-    */
-   readonly insertHttpSecurityHeaders?: boolean;
-   /**
-    * Optional user provided props to override the default props for the S3 Logging Bucket.
-    *
-    * @default - Default props are used
-    */
-    readonly loggingBucketProps?: s3.BucketProps
-    /**
-     * Optional user provided props to override the default props for the CloudFront Logging Bucket.
-     *
-     * @default - Default props are used
-     */
-    readonly cloudFrontLoggingBucketProps?: s3.BucketProps
- }
+  /**
+   * Existing instance of S3 Bucket object, providing both this and `bucketProps` will cause an error.
+   *
+   * @default - None
+   */
+  readonly existingBucketObj?: s3.IBucket,
+  /**
+   * Optional user provided props to override the default props for the S3 Bucket.
+   *
+   * @default - Default props are used
+   */
+  readonly bucketProps?: s3.BucketProps,
+  /**
+   * Optional user provided props to override the default props
+   *
+   * @default - Default props are used
+   */
+  readonly cloudFrontDistributionProps?: cloudfront.DistributionProps | any,
+  /**
+   * Optional user provided props to turn on/off the automatic injection of best practice HTTP
+   * security headers in all responses from cloudfront
+   *
+   * @default - true
+   */
+  readonly insertHttpSecurityHeaders?: boolean;
+  /**
+   * Optional user provided props to override the default props for the S3 Logging Bucket.
+   *
+   * @default - Default props are used
+   */
+  readonly loggingBucketProps?: s3.BucketProps
+  /**
+   * Optional user provided props to override the default props for the CloudFront Logging Bucket.
+   *
+   * @default - Default props are used
+   */
+  readonly cloudFrontLoggingBucketProps?: s3.BucketProps
+  /**
+   * Whether to turn on Access Logs for the S3 bucket with the associated storage costs.
+   * Enabling Access Logging is a best practice.
+   *
+   * @default - true
+   */
+  readonly logS3AccessLogs?: boolean;
+}
 
 export class CloudFrontToS3 extends Construct {
-     public readonly cloudFrontWebDistribution: cloudfront.Distribution;
-     public readonly cloudFrontFunction?: cloudfront.Function;
-     public readonly cloudFrontLoggingBucket?: s3.Bucket;
-     public readonly s3BucketInterface: s3.IBucket;
-     public readonly s3Bucket?: s3.Bucket;
-     public readonly s3LoggingBucket?: s3.Bucket;
+  public readonly cloudFrontWebDistribution: cloudfront.Distribution;
+  public readonly cloudFrontFunction?: cloudfront.Function;
+  public readonly cloudFrontLoggingBucket?: s3.Bucket;
+  public readonly s3BucketInterface: s3.IBucket;
+  public readonly s3Bucket?: s3.Bucket;
+  public readonly s3LoggingBucket?: s3.Bucket;
+
+  /**
+   * @summary Constructs a new instance of the CloudFrontToS3 class.
+   * @param {cdk.App} scope - represents the scope for all the resources.
+   * @param {string} id - this is a a scope-unique id.
+   * @param {CloudFrontToS3Props} props - user provided props for the construct
+   * @since 0.8.0
+   * @access public
+   */
+  constructor(scope: Construct, id: string, props: CloudFrontToS3Props) {
+    super(scope, id);
+    defaults.CheckProps(props);
+
+    let bucket: s3.IBucket;
 
-     /**
-      * @summary Constructs a new instance of the CloudFrontToS3 class.
-      * @param {cdk.App} scope - represents the scope for all the resources.
-      * @param {string} id - this is a a scope-unique id.
-      * @param {CloudFrontToS3Props} props - user provided props for the construct
-      * @since 0.8.0
-      * @access public
-      */
-     constructor(scope: Construct, id: string, props: CloudFrontToS3Props) {
-       super(scope, id);
-       defaults.CheckProps(props);
+    if (!props.existingBucketObj) {
+      [this.s3Bucket, this.s3LoggingBucket] = defaults.buildS3Bucket(this, {
+        bucketProps: props.bucketProps,
+        loggingBucketProps: props.loggingBucketProps,
+        logS3AccessLogs: props.logS3AccessLogs
+      });
+      bucket = this.s3Bucket;
+    } else {
+      bucket = props.existingBucketObj;
+    }
 
-       if (!props.existingBucketInterface) {
-         [this.s3Bucket, this.s3LoggingBucket] = defaults.buildS3Bucket(this, {
-           bucketProps: props.bucketProps,
-           loggingBucketProps: props.loggingBucketProps
-         });
-         this.s3BucketInterface = this.s3Bucket;
-       } else {
-         this.s3BucketInterface = props.existingBucketInterface;
-       }
+    this.s3BucketInterface = bucket;
 
-       [this.cloudFrontWebDistribution, this.cloudFrontFunction, this.cloudFrontLoggingBucket] =
-           defaults.CloudFrontDistributionForS3(this, this.s3BucketInterface,
-             props.cloudFrontDistributionProps, props.insertHttpSecurityHeaders, props.cloudFrontLoggingBucketProps);
-     }
+    [this.cloudFrontWebDistribution, this.cloudFrontFunction, this.cloudFrontLoggingBucket] =
+      defaults.CloudFrontDistributionForS3(this, this.s3BucketInterface,
+        props.cloudFrontDistributionProps, props.insertHttpSecurityHeaders, props.cloudFrontLoggingBucketProps);
+  }
 }
@@ -29,7 +29,8 @@ let mybucket: s3.Bucket;
 mybucket = defaults.CreateScrapBucket(stack, { removalPolicy: RemovalPolicy.DESTROY });
 
 const _construct = new CloudFrontToS3(stack, 'test-cloudfront-s3', {
-  existingBucketInterface: mybucket,
+  existingBucketObj: mybucket,
+  logS3AccessLogs: false
 });
 
 // Add Cache Policy

@@ -89,7 +89,7 @@ test('check existing bucket', () => {
   });
 
   const props: CloudFrontToS3Props = {
-    existingBucketInterface: existingBucket
+    existingBucketObj: existingBucket
   };
 
   new CloudFrontToS3(stack, 'test-cloudfront-s3', props);
@@ -143,7 +143,7 @@ test("Test bad call with existingBucket and bucketProps", () => {
   const app = () => {
     // Helper declaration
     new CloudFrontToS3(stack, "bad-s3-args", {
-      existingBucketInterface: testBucket,
+      existingBucketObj: testBucket,
       bucketProps: {
         removalPolicy: RemovalPolicy.DESTROY
       },
@@ -153,11 +153,11 @@ test("Test bad call with existingBucket and bucketProps", () => {
   expect(app).toThrowError();
 });
 
-test("Test existingBucketInterface", () => {
+test("Test existingBucketObj", () => {
   // Stack
   const stack = new cdk.Stack();
   const construct: CloudFrontToS3 = new CloudFrontToS3(stack, "existingIBucket", {
-    existingBucketInterface: s3.Bucket.fromBucketName(stack, 'mybucket', 'mybucket')
+    existingBucketObj: s3.Bucket.fromBucketName(stack, 'mybucket', 'mybucket')
   });
   // Assertion
   expect(construct.cloudFrontWebDistribution !== null);
@@ -313,4 +313,21 @@ test('Cloudfront logging bucket error when providing existing log bucket and log
   };
 
   expect(app).toThrowError();
+});
+
+// --------------------------------------------------------------
+// s3 bucket with one content bucket and no logging bucket
+// --------------------------------------------------------------
+test('s3 bucket with one content bucket and no logging bucket', () => {
+  const stack = new cdk.Stack();
+
+  const construct = new CloudFrontToS3(stack, 'cloudfront-s3', {
+    bucketProps: {
+      removalPolicy: cdk.RemovalPolicy.DESTROY,
+    },
+    logS3AccessLogs: false
+  });
+
+  expect(stack).toCountResources("AWS::S3::Bucket", 2);
+  expect(construct.s3LoggingBucket).toEqual(undefined);
 });