diff --git a/docs/providers/aws/guide/deploying.md b/docs/providers/aws/guide/deploying.md index 9abeaeaba..8fd9423cb 100644 --- a/docs/providers/aws/guide/deploying.md +++ b/docs/providers/aws/guide/deploying.md @@ -66,7 +66,8 @@ The Serverless Framework translates all syntax in `serverless.yml` to a single A ``` * You can specify your own S3 bucket which should be used to store all the deployment artifacts. - The `deploymentBucket` config which is nested under `provider` lets you e.g. set the `name` or the `serverSideEncryption` method for this bucket + The `deploymentBucket` config which is nested under `provider` lets you e.g. set the `name` or the `serverSideEncryption` method for this bucket. If you don't provide your own bucket, Serverless + will create a bucket which uses default AES256 encryption. * You can specify your own S3 prefix which should be used to store all the deployment artifacts. The `deploymentPrefix` config which is nested under `provider` lets you set the prefix under which the deployment artifacts will be stored. If not specified, defaults to `serverless`. diff --git a/lib/plugins/aws/package/lib/core-cloudformation-template.json b/lib/plugins/aws/package/lib/core-cloudformation-template.json index 4be3c3d8e..501b507f8 100644 --- a/lib/plugins/aws/package/lib/core-cloudformation-template.json +++ b/lib/plugins/aws/package/lib/core-cloudformation-template.json @@ -3,7 +3,18 @@ "Description": "The AWS CloudFormation template for this Serverless application", "Resources": { "ServerlessDeploymentBucket": { - "Type" : "AWS::S3::Bucket" + "Type" : "AWS::S3::Bucket", + "Properties" : { + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + } + ] + } + } } }, "Outputs": { diff --git a/lib/plugins/aws/package/lib/generateCoreTemplate.js b/lib/plugins/aws/package/lib/generateCoreTemplate.js index 98341552c..47be04c97 100644 --- a/lib/plugins/aws/package/lib/generateCoreTemplate.js +++ b/lib/plugins/aws/package/lib/generateCoreTemplate.js @@ -15,13 +15,13 @@ module.exports = { this.serverless.service.provider .compiledCloudFormationTemplate = this.serverless.utils.readFileSync( - path.join(this.serverless.config.serverlessPath, - 'plugins', - 'aws', - 'package', - 'lib', - 'core-cloudformation-template.json') - ); + path.join(this.serverless.config.serverlessPath, + 'plugins', + 'aws', + 'package', + 'lib', + 'core-cloudformation-template.json') + ); const bucketName = this.serverless.service.provider.deploymentBucket; const isS3TransferAccelerationSupported = this.provider.isS3TransferAccelerationSupported(); @@ -56,23 +56,23 @@ module.exports = { if (isS3TransferAccelerationEnabled && isS3TransferAccelerationSupported) { // enable acceleration via CloudFormation - this.serverless.service.provider.compiledCloudFormationTemplate - .Resources.ServerlessDeploymentBucket.Properties = { + Object.assign(this.serverless.service.provider.compiledCloudFormationTemplate + .Resources.ServerlessDeploymentBucket.Properties, { AccelerateConfiguration: { AccelerationStatus: 'Enabled', }, - }; + }); // keep track of acceleration status via CloudFormation Output this.serverless.service.provider.compiledCloudFormationTemplate - .Outputs.ServerlessDeploymentBucketAccelerated = { Value: true }; + .Outputs.ServerlessDeploymentBucketAccelerated = { Value: true }; } else if (isS3TransferAccelerationDisabled && isS3TransferAccelerationSupported) { // explicitly disable acceleration via CloudFormation - this.serverless.service.provider.compiledCloudFormationTemplate - .Resources.ServerlessDeploymentBucket.Properties = { + Object.assign(this.serverless.service.provider.compiledCloudFormationTemplate + .Resources.ServerlessDeploymentBucket.Properties, { AccelerateConfiguration: { AccelerationStatus: 'Suspended', }, - }; + }); } const coreTemplateFileName = this.provider.naming.getCoreTemplateFileName(); diff --git a/lib/plugins/aws/package/lib/generateCoreTemplate.test.js b/lib/plugins/aws/package/lib/generateCoreTemplate.test.js index 72a2ae361..ba46b9647 100644 --- a/lib/plugins/aws/package/lib/generateCoreTemplate.test.js +++ b/lib/plugins/aws/package/lib/generateCoreTemplate.test.js @@ -109,9 +109,20 @@ describe('#generateCoreTemplate()', () => { expect( awsPlugin.serverless.service.provider.compiledCloudFormationTemplate .Resources.ServerlessDeploymentBucket - ).to.be.deep.equal({ - Type: 'AWS::S3::Bucket', - }); + ).to.be.deep.equal({ + Type: 'AWS::S3::Bucket', + Properties: { + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, + }, + }); }) ); @@ -156,6 +167,15 @@ describe('#generateCoreTemplate()', () => { AccelerateConfiguration: { AccelerationStatus: 'Suspended', }, + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, }, }); }); @@ -172,6 +192,17 @@ describe('#generateCoreTemplate()', () => { const template = serverless.service.provider.coreCloudFormationTemplate; expect(template.Resources.ServerlessDeploymentBucket).to.be.deep.equal({ Type: 'AWS::S3::Bucket', + Properties: { + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, + }, }); }); }); diff --git a/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js b/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js index c765406ff..885cf5b34 100644 --- a/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js +++ b/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js @@ -73,6 +73,17 @@ describe('mergeCustomProviderResources', () => { FakeResource2: { FakePropKey: 'FakePropValue', }, + Properties: { + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, + }, }, }, };