From 15955f119d59d88e298c5635217dc1b46b2864d0 Mon Sep 17 00:00:00 2001 From: George Seib Date: Sat, 16 Feb 2019 06:35:16 -0500 Subject: [PATCH 1/4] created environment variable for build Artifact name --- README.md | 2 ++ app/index.js | 13 +++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e639526..d806c07 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # codepipeline-s3-objects-public-read +A CASE (copy and steal everything!!! ;-) ) study from [Sam Dengler's original] (https://github.com/samdengler/codepipeline-s3-objects-public-read) . Added the environment variable 'BUILD_ARTIFACT'. + [AWS CodePipeline](https://aws.amazon.com/codepipeline/) is a fully managed continuous delivery (CD) service that lets you automate your software release process for fast and reliable updates. You can now use CodePipeline to deploy files, such as static website content or artifacts from your build process, to Amazon S3. The S3 deployment action makes it very easy to update S3 Buckets used to host static websites, however the objects deployed do not have Public Read Access. In cases where the S3 Bucket policy does no allow Public Read Access, this prevents users from accessing the website content. diff --git a/app/index.js b/app/index.js index 7630b0d..27d9d08 100644 --- a/app/index.js +++ b/app/index.js @@ -5,6 +5,15 @@ const codepipeline = new AWS.CodePipeline(); const process = require('process'); const S3_BUCKET = process.env.S3_BUCKET; + +if(process.env.BUILD_ARTIFACT) { + const BUILD_ARTIFACT = process.env.BUILD_ARTIFACT; +} +else { + const BUILD_ARTIFACT = "BuildArtifact"; +} + +const BUILD_ARTIFACT = process.env.BUILD_ARTIFACT const PUBLIC_READ_ACL = "public-read"; exports.handler = async (event, context) => { @@ -36,7 +45,7 @@ exports.handler = async (event, context) => { } async function listObjectsFromBuildArtifact(jobData) { - let buildArtifact = jobData.inputArtifacts.filter(i => i.name === "BuildArtifact")[0]; + let buildArtifact = jobData.inputArtifacts.filter(i => i.name === BUILD_ARTIFACT)[0]; let artifactS3Client = new AWS.S3({ accessKeyId: jobData.artifactCredentials.accessKeyId, secretAccessKey: jobData.artifactCredentials.secretAccessKey, @@ -81,4 +90,4 @@ async function putJobFailureResult(jobId, message) { }; return codepipeline.putJobFailureResult(params).promise(); -} \ No newline at end of file +} From f95243204553c11400b2d906f52362dab8dbeb7c Mon Sep 17 00:00:00 2001 From: George Seib Date: Sat, 16 Feb 2019 06:42:33 -0500 Subject: [PATCH 2/4] created environment variable for build Artifact name --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d806c07..af69324 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # codepipeline-s3-objects-public-read -A CASE (copy and steal everything!!! ;-) ) study from [Sam Dengler's original] (https://github.com/samdengler/codepipeline-s3-objects-public-read) . Added the environment variable 'BUILD_ARTIFACT'. +A CASE (copy and steal everything!!! ;-) ) study from [Sam Dengler's original](https://github.com/samdengler/codepipeline-s3-objects-public-read) . Added the environment variable 'BUILD_ARTIFACT'. [AWS CodePipeline](https://aws.amazon.com/codepipeline/) is a fully managed continuous delivery (CD) service that lets you automate your software release process for fast and reliable updates. You can now use CodePipeline to deploy files, such as static website content or artifacts from your build process, to Amazon S3. From 3f1372a8fcc1701fccba3053f75855ce74d77254 Mon Sep 17 00:00:00 2001 From: George Seib Date: Sat, 16 Feb 2019 07:18:20 -0500 Subject: [PATCH 3/4] added build artifact variable to template --- template.yaml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/template.yaml b/template.yaml index c8dde6f..9e988e6 100644 --- a/template.yaml +++ b/template.yaml @@ -4,19 +4,22 @@ Transform: AWS::Serverless-2016-10-31 Parameters: S3BucketParameter: Type: String + BuildArtifactParameter: + Type: String + Default: BuildArtifact Metadata: AWS::ServerlessRepo::Application: Name: codepipeline-s3-objects-public-read - Description: A Lambda function triggered by CodePipeline to update the S3 ACL to Public Read for objects deployed via S3 Deploy action. - Author: Sam Dengler + Description: A Lambda function triggered by CodePipeline to update the S3 ACL to Public Read for objects deployed via S3 Deploy action. Originally from Sam Dengler. + Author: George Seib SpdxLicenseId: Apache-2.0 LicenseUrl: LICENSE.txt ReadmeUrl: README.md Labels: ['codepipeline','s3'] - HomePageUrl: https://github.com/samdengler/codepipeline-s3-objects-public-read + HomePageUrl: https://github.com/geseib/codepipeline-s3-objects-public-read SemanticVersion: 0.0.1 - SourceCodeUrl: https://github.com/samdengler/codepipeline-s3-objects-public-read + SourceCodeUrl: https://github.com/geseib/codepipeline-s3-objects-public-read Resources: PublicReadAclFunction: @@ -29,6 +32,8 @@ Resources: Environment: Variables: S3_BUCKET: !Ref S3BucketParameter + BUILD_ARTIFACT: !Ref BuildArtifactParameter + Policies: - S3FullAccessPolicy: BucketName: !Ref S3BucketParameter From fc30ddef6de8a148a07f95b492a95eb9b4522645 Mon Sep 17 00:00:00 2001 From: George Seib Date: Sat, 16 Feb 2019 07:45:46 -0500 Subject: [PATCH 4/4] moved default build artifact logic to CFN template --- app/index.js | 8 -------- 1 file changed, 8 deletions(-) diff --git a/app/index.js b/app/index.js index 27d9d08..44cee4b 100644 --- a/app/index.js +++ b/app/index.js @@ -5,14 +5,6 @@ const codepipeline = new AWS.CodePipeline(); const process = require('process'); const S3_BUCKET = process.env.S3_BUCKET; - -if(process.env.BUILD_ARTIFACT) { - const BUILD_ARTIFACT = process.env.BUILD_ARTIFACT; -} -else { - const BUILD_ARTIFACT = "BuildArtifact"; -} - const BUILD_ARTIFACT = process.env.BUILD_ARTIFACT const PUBLIC_READ_ACL = "public-read";