From 3ed18cfb89a9bb0fabfe452e100e252b196d378f Mon Sep 17 00:00:00 2001 From: Adrian Hesketh Date: Tue, 5 Feb 2019 22:52:22 +0000 Subject: [PATCH 1/2] Update bucket conf to default AES256 encryption and enable versioning. --- .../lib/core-cloudformation-template.json | 16 ++++++- .../aws/package/lib/generateCoreTemplate.js | 43 +++++++++-------- .../package/lib/generateCoreTemplate.test.js | 46 +++++++++++++++++-- .../lib/mergeCustomProviderResources.test.js | 14 ++++++ 4 files changed, 95 insertions(+), 24 deletions(-) diff --git a/lib/plugins/aws/package/lib/core-cloudformation-template.json b/lib/plugins/aws/package/lib/core-cloudformation-template.json index 4be3c3d8e..8ef87e565 100644 --- a/lib/plugins/aws/package/lib/core-cloudformation-template.json +++ b/lib/plugins/aws/package/lib/core-cloudformation-template.json @@ -3,7 +3,21 @@ "Description": "The AWS CloudFormation template for this Serverless application", "Resources": { "ServerlessDeploymentBucket": { - "Type" : "AWS::S3::Bucket" + "Type" : "AWS::S3::Bucket", + "Properties" : { + "VersioningConfiguration": { + "Status": "Enabled" + }, + "BucketEncryption": { + "ServerSideEncryptionConfiguration": [ + { + "ServerSideEncryptionByDefault": { + "SSEAlgorithm": "AES256" + } + } + ] + } + } } }, "Outputs": { diff --git a/lib/plugins/aws/package/lib/generateCoreTemplate.js b/lib/plugins/aws/package/lib/generateCoreTemplate.js index 98341552c..6c93f225e 100644 --- a/lib/plugins/aws/package/lib/generateCoreTemplate.js +++ b/lib/plugins/aws/package/lib/generateCoreTemplate.js @@ -15,13 +15,13 @@ module.exports = { this.serverless.service.provider .compiledCloudFormationTemplate = this.serverless.utils.readFileSync( - path.join(this.serverless.config.serverlessPath, - 'plugins', - 'aws', - 'package', - 'lib', - 'core-cloudformation-template.json') - ); + path.join(this.serverless.config.serverlessPath, + 'plugins', + 'aws', + 'package', + 'lib', + 'core-cloudformation-template.json') + ); const bucketName = this.serverless.service.provider.deploymentBucket; const isS3TransferAccelerationSupported = this.provider.isS3TransferAccelerationSupported(); @@ -54,27 +54,30 @@ module.exports = { }); } + const mergeProperties = []; + if (isS3TransferAccelerationEnabled && isS3TransferAccelerationSupported) { // enable acceleration via CloudFormation - this.serverless.service.provider.compiledCloudFormationTemplate - .Resources.ServerlessDeploymentBucket.Properties = { - AccelerateConfiguration: { - AccelerationStatus: 'Enabled', - }, - }; + mergeProperties.push({ + AccelerateConfiguration: { + AccelerationStatus: 'Enabled', + }, + }); // keep track of acceleration status via CloudFormation Output this.serverless.service.provider.compiledCloudFormationTemplate - .Outputs.ServerlessDeploymentBucketAccelerated = { Value: true }; + .Outputs.ServerlessDeploymentBucketAccelerated = { Value: true }; } else if (isS3TransferAccelerationDisabled && isS3TransferAccelerationSupported) { // explicitly disable acceleration via CloudFormation - this.serverless.service.provider.compiledCloudFormationTemplate - .Resources.ServerlessDeploymentBucket.Properties = { - AccelerateConfiguration: { - AccelerationStatus: 'Suspended', - }, - }; + mergeProperties.push({ + AccelerateConfiguration: { + AccelerationStatus: 'Suspended', + }, + }); } + Object.assign(this.serverless.service.provider.compiledCloudFormationTemplate + .Resources.ServerlessDeploymentBucket.Properties, ...mergeProperties); + const coreTemplateFileName = this.provider.naming.getCoreTemplateFileName(); const coreTemplateFilePath = path.join(this.serverless.config.servicePath, diff --git a/lib/plugins/aws/package/lib/generateCoreTemplate.test.js b/lib/plugins/aws/package/lib/generateCoreTemplate.test.js index 72a2ae361..2f8e9ea39 100644 --- a/lib/plugins/aws/package/lib/generateCoreTemplate.test.js +++ b/lib/plugins/aws/package/lib/generateCoreTemplate.test.js @@ -109,9 +109,23 @@ describe('#generateCoreTemplate()', () => { expect( awsPlugin.serverless.service.provider.compiledCloudFormationTemplate .Resources.ServerlessDeploymentBucket - ).to.be.deep.equal({ - Type: 'AWS::S3::Bucket', - }); + ).to.be.deep.equal({ + Type: 'AWS::S3::Bucket', + Properties: { + VersioningConfiguration: { + Status: 'Enabled', + }, + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, + }, + }); }) ); @@ -156,6 +170,18 @@ describe('#generateCoreTemplate()', () => { AccelerateConfiguration: { AccelerationStatus: 'Suspended', }, + VersioningConfiguration: { + Status: 'Enabled', + }, + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, }, }); }); @@ -172,6 +198,20 @@ describe('#generateCoreTemplate()', () => { const template = serverless.service.provider.coreCloudFormationTemplate; expect(template.Resources.ServerlessDeploymentBucket).to.be.deep.equal({ Type: 'AWS::S3::Bucket', + Properties: { + VersioningConfiguration: { + Status: 'Enabled', + }, + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, + }, }); }); }); diff --git a/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js b/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js index c765406ff..391763dd8 100644 --- a/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js +++ b/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js @@ -73,6 +73,20 @@ describe('mergeCustomProviderResources', () => { FakeResource2: { FakePropKey: 'FakePropValue', }, + Properties: { + VersioningConfiguration: { + Status: 'Enabled', + }, + BucketEncryption: { + ServerSideEncryptionConfiguration: [ + { + ServerSideEncryptionByDefault: { + SSEAlgorithm: 'AES256', + }, + }, + ], + }, + }, }, }, }; From 2e85b52bcec3b73cefcdac84166cd7da74b285b9 Mon Sep 17 00:00:00 2001 From: Adrian Hesketh Date: Wed, 6 Feb 2019 17:07:30 +0000 Subject: [PATCH 2/2] Removed AWS S3 versioning and fixed build error for Node 4.4. --- docs/providers/aws/guide/deploying.md | 3 ++- .../lib/core-cloudformation-template.json | 3 --- .../aws/package/lib/generateCoreTemplate.js | 27 +++++++++---------- .../package/lib/generateCoreTemplate.test.js | 9 ------- .../lib/mergeCustomProviderResources.test.js | 3 --- 5 files changed, 14 insertions(+), 31 deletions(-) diff --git a/docs/providers/aws/guide/deploying.md b/docs/providers/aws/guide/deploying.md index 9abeaeaba..8fd9423cb 100644 --- a/docs/providers/aws/guide/deploying.md +++ b/docs/providers/aws/guide/deploying.md @@ -66,7 +66,8 @@ The Serverless Framework translates all syntax in `serverless.yml` to a single A ``` * You can specify your own S3 bucket which should be used to store all the deployment artifacts. - The `deploymentBucket` config which is nested under `provider` lets you e.g. set the `name` or the `serverSideEncryption` method for this bucket + The `deploymentBucket` config which is nested under `provider` lets you e.g. set the `name` or the `serverSideEncryption` method for this bucket. If you don't provide your own bucket, Serverless + will create a bucket which uses default AES256 encryption. * You can specify your own S3 prefix which should be used to store all the deployment artifacts. The `deploymentPrefix` config which is nested under `provider` lets you set the prefix under which the deployment artifacts will be stored. If not specified, defaults to `serverless`. diff --git a/lib/plugins/aws/package/lib/core-cloudformation-template.json b/lib/plugins/aws/package/lib/core-cloudformation-template.json index 8ef87e565..501b507f8 100644 --- a/lib/plugins/aws/package/lib/core-cloudformation-template.json +++ b/lib/plugins/aws/package/lib/core-cloudformation-template.json @@ -5,9 +5,6 @@ "ServerlessDeploymentBucket": { "Type" : "AWS::S3::Bucket", "Properties" : { - "VersioningConfiguration": { - "Status": "Enabled" - }, "BucketEncryption": { "ServerSideEncryptionConfiguration": [ { diff --git a/lib/plugins/aws/package/lib/generateCoreTemplate.js b/lib/plugins/aws/package/lib/generateCoreTemplate.js index 6c93f225e..47be04c97 100644 --- a/lib/plugins/aws/package/lib/generateCoreTemplate.js +++ b/lib/plugins/aws/package/lib/generateCoreTemplate.js @@ -54,30 +54,27 @@ module.exports = { }); } - const mergeProperties = []; - if (isS3TransferAccelerationEnabled && isS3TransferAccelerationSupported) { // enable acceleration via CloudFormation - mergeProperties.push({ - AccelerateConfiguration: { - AccelerationStatus: 'Enabled', - }, - }); + Object.assign(this.serverless.service.provider.compiledCloudFormationTemplate + .Resources.ServerlessDeploymentBucket.Properties, { + AccelerateConfiguration: { + AccelerationStatus: 'Enabled', + }, + }); // keep track of acceleration status via CloudFormation Output this.serverless.service.provider.compiledCloudFormationTemplate .Outputs.ServerlessDeploymentBucketAccelerated = { Value: true }; } else if (isS3TransferAccelerationDisabled && isS3TransferAccelerationSupported) { // explicitly disable acceleration via CloudFormation - mergeProperties.push({ - AccelerateConfiguration: { - AccelerationStatus: 'Suspended', - }, - }); + Object.assign(this.serverless.service.provider.compiledCloudFormationTemplate + .Resources.ServerlessDeploymentBucket.Properties, { + AccelerateConfiguration: { + AccelerationStatus: 'Suspended', + }, + }); } - Object.assign(this.serverless.service.provider.compiledCloudFormationTemplate - .Resources.ServerlessDeploymentBucket.Properties, ...mergeProperties); - const coreTemplateFileName = this.provider.naming.getCoreTemplateFileName(); const coreTemplateFilePath = path.join(this.serverless.config.servicePath, diff --git a/lib/plugins/aws/package/lib/generateCoreTemplate.test.js b/lib/plugins/aws/package/lib/generateCoreTemplate.test.js index 2f8e9ea39..ba46b9647 100644 --- a/lib/plugins/aws/package/lib/generateCoreTemplate.test.js +++ b/lib/plugins/aws/package/lib/generateCoreTemplate.test.js @@ -112,9 +112,6 @@ describe('#generateCoreTemplate()', () => { ).to.be.deep.equal({ Type: 'AWS::S3::Bucket', Properties: { - VersioningConfiguration: { - Status: 'Enabled', - }, BucketEncryption: { ServerSideEncryptionConfiguration: [ { @@ -170,9 +167,6 @@ describe('#generateCoreTemplate()', () => { AccelerateConfiguration: { AccelerationStatus: 'Suspended', }, - VersioningConfiguration: { - Status: 'Enabled', - }, BucketEncryption: { ServerSideEncryptionConfiguration: [ { @@ -199,9 +193,6 @@ describe('#generateCoreTemplate()', () => { expect(template.Resources.ServerlessDeploymentBucket).to.be.deep.equal({ Type: 'AWS::S3::Bucket', Properties: { - VersioningConfiguration: { - Status: 'Enabled', - }, BucketEncryption: { ServerSideEncryptionConfiguration: [ { diff --git a/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js b/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js index 391763dd8..885cf5b34 100644 --- a/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js +++ b/lib/plugins/aws/package/lib/mergeCustomProviderResources.test.js @@ -74,9 +74,6 @@ describe('mergeCustomProviderResources', () => { FakePropKey: 'FakePropValue', }, Properties: { - VersioningConfiguration: { - Status: 'Enabled', - }, BucketEncryption: { ServerSideEncryptionConfiguration: [ {