archive-gh-me/serverless
1
0
Fork 0
mirror of https://github.com/serverless/serverless.git synced 2026-01-25 15:07:39 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #5800 from a-h/enable_s3_encryption

Browse Source 
Update bucket conf to default AES256 encryption.
This commit is contained in:
Philipp Muens 2019-02-13 12:46:01 +01:00 committed by GitHub
commit 415ca07f70
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 73 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/providers/aws/guide/deploying.md
View File

@ -66,7 +66,8 @@ The Serverless Framework translates all syntax in `serverless.yml` to a single A
```
* You can specify your own S3 bucket which should be used to store all the deployment artifacts.
The `deploymentBucket` config which is nested under `provider` lets you e.g. set the `name` or the `serverSideEncryption` method for this bucket
The `deploymentBucket` config which is nested under `provider` lets you e.g. set the `name` or the `serverSideEncryption` method for this bucket. If you don't provide your own bucket, Serverless
will create a bucket which uses default AES256 encryption.
* You can specify your own S3 prefix which should be used to store all the deployment artifacts.
The `deploymentPrefix` config which is nested under `provider` lets you set the prefix under which the deployment artifacts will be stored. If not specified, defaults to `serverless`.

13
lib/plugins/aws/package/lib/core-cloudformation-template.json
View File

@ -3,7 +3,18 @@
"Description": "The AWS CloudFormation template for this Serverless application",
"Resources": {
"ServerlessDeploymentBucket": {
"Type" : "AWS::S3::Bucket"
"Type" : "AWS::S3::Bucket",
"Properties" : {
"BucketEncryption": {
"ServerSideEncryptionConfiguration": [
{
"ServerSideEncryptionByDefault": {
"SSEAlgorithm": "AES256"
}
}
]
}
}
}
},
"Outputs": {

28
lib/plugins/aws/package/lib/generateCoreTemplate.js
View File

@ -15,13 +15,13 @@ module.exports = {
this.serverless.service.provider
.compiledCloudFormationTemplate = this.serverless.utils.readFileSync(
path.join(this.serverless.config.serverlessPath,
'plugins',
'aws',
'package',
'lib',
'core-cloudformation-template.json')
);
path.join(this.serverless.config.serverlessPath,
'plugins',
'aws',
'package',
'lib',
'core-cloudformation-template.json')
);
const bucketName = this.serverless.service.provider.deploymentBucket;
const isS3TransferAccelerationSupported = this.provider.isS3TransferAccelerationSupported();
@ -56,23 +56,23 @@ module.exports = {
if (isS3TransferAccelerationEnabled && isS3TransferAccelerationSupported) {
// enable acceleration via CloudFormation
this.serverless.service.provider.compiledCloudFormationTemplate
.Resources.ServerlessDeploymentBucket.Properties = {
Object.assign(this.serverless.service.provider.compiledCloudFormationTemplate
.Resources.ServerlessDeploymentBucket.Properties, {
AccelerateConfiguration: {
AccelerationStatus: 'Enabled',
},
};
});
// keep track of acceleration status via CloudFormation Output
this.serverless.service.provider.compiledCloudFormationTemplate
.Outputs.ServerlessDeploymentBucketAccelerated = { Value: true };
.Outputs.ServerlessDeploymentBucketAccelerated = { Value: true };
} else if (isS3TransferAccelerationDisabled && isS3TransferAccelerationSupported) {
// explicitly disable acceleration via CloudFormation
this.serverless.service.provider.compiledCloudFormationTemplate
.Resources.ServerlessDeploymentBucket.Properties = {
Object.assign(this.serverless.service.provider.compiledCloudFormationTemplate
.Resources.ServerlessDeploymentBucket.Properties, {
AccelerateConfiguration: {
AccelerationStatus: 'Suspended',
},
};
});
}
const coreTemplateFileName = this.provider.naming.getCoreTemplateFileName();

37
lib/plugins/aws/package/lib/generateCoreTemplate.test.js
View File

@ -109,9 +109,20 @@ describe('#generateCoreTemplate()', () => {
expect(
awsPlugin.serverless.service.provider.compiledCloudFormationTemplate
.Resources.ServerlessDeploymentBucket
).to.be.deep.equal({
Type: 'AWS::S3::Bucket',
});
).to.be.deep.equal({
Type: 'AWS::S3::Bucket',
Properties: {
BucketEncryption: {
ServerSideEncryptionConfiguration: [
{
ServerSideEncryptionByDefault: {
SSEAlgorithm: 'AES256',
},
},
],
},
},
});
})
);
@ -156,6 +167,15 @@ describe('#generateCoreTemplate()', () => {
AccelerateConfiguration: {
AccelerationStatus: 'Suspended',
},
BucketEncryption: {
ServerSideEncryptionConfiguration: [
{
ServerSideEncryptionByDefault: {
SSEAlgorithm: 'AES256',
},
},
],
},
},
});
});
@ -172,6 +192,17 @@ describe('#generateCoreTemplate()', () => {
const template = serverless.service.provider.coreCloudFormationTemplate;
expect(template.Resources.ServerlessDeploymentBucket).to.be.deep.equal({
Type: 'AWS::S3::Bucket',
Properties: {
BucketEncryption: {
ServerSideEncryptionConfiguration: [
{
ServerSideEncryptionByDefault: {
SSEAlgorithm: 'AES256',
},
},
],
},
},
});
});
});

11
lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js
View File

@ -73,6 +73,17 @@ describe('mergeCustomProviderResources', () => {
FakeResource2: {
FakePropKey: 'FakePropValue',
},
Properties: {
BucketEncryption: {
ServerSideEncryptionConfiguration: [
{
ServerSideEncryptionByDefault: {
SSEAlgorithm: 'AES256',
},
},
],
},
},
},
},
};