Release/1.8.1 (#1011)

* chore: add object ownership to S3 buckets * doc: update the CHANGELOG.md file
aws-solutions · May 2, 2023 · ef24413 · ef24413
1 parent 58dfe6e
commit ef24413
Show file tree

Hide file tree

Showing 16 changed files with 864 additions and 2,353 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.8.1] - 2023-05-01
+
+- Update our CDK code in PDoA v1.8 to turn on S3 ACLs.  They are [no longer on by default](https://aws.amazon.com/it/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023/) as of April 2023
+
 ## [1.8.0] - 2022-11-21
 
 - Settings page enhancement

diff --git a/backend/package-lock.json b/backend/package-lock.json
diff --git a/backend/package.json b/backend/package.json
@@ -1,6 +1,6 @@
 {
   "name": "performance-dashboard-backend",
-  "version": "1.8.0",
+  "version": "1.8.1",
   "description": "Performance Dashboard on AWS Backend",
   "license": "Apache-2.0",
   "awssdkUserAgent": "AwsSolution/SO0157/v",

diff --git a/buildspec.yml b/buildspec.yml
@@ -3,7 +3,7 @@ version: 0.2
 phases:
   install:
     runtime-versions:
-      nodejs: 14
+      nodejs: 16
     commands:
       - ls -al
       - npm --version

diff --git a/cdk/lib/constructs/contentstorage.ts b/cdk/lib/constructs/contentstorage.ts
@@ -5,7 +5,7 @@
 
 import * as cdk from "@aws-cdk/core";
 import * as s3 from "@aws-cdk/aws-s3";
-import { BucketAccessControl } from "@aws-cdk/aws-s3";
+import { ObjectOwnership } from "@aws-cdk/aws-s3";
 import { Effect, PolicyStatement, AnyPrincipal } from "@aws-cdk/aws-iam";
 
 interface Props {
@@ -22,7 +22,7 @@ export class ContentStorage extends cdk.Construct {
       encryption: s3.BucketEncryption.S3_MANAGED,
       versioned: true,
       serverAccessLogsPrefix: "access_logs/",
-      accessControl: BucketAccessControl.LOG_DELIVERY_WRITE,
+      objectOwnership: ObjectOwnership.OBJECT_WRITER,
 
       /**
        * Ideally, one would leave the bucket name to be autogenerated by CF. But

diff --git a/cdk/lib/constructs/datastorage.ts b/cdk/lib/constructs/datastorage.ts
@@ -5,7 +5,7 @@
 
 import * as cdk from "@aws-cdk/core";
 import * as s3 from "@aws-cdk/aws-s3";
-import { BucketAccessControl } from "@aws-cdk/aws-s3";
+import { ObjectOwnership } from "@aws-cdk/aws-s3";
 import { Effect, PolicyStatement, AnyPrincipal } from "@aws-cdk/aws-iam";
 
 interface Props {
@@ -22,7 +22,7 @@ export class DatasetStorage extends cdk.Construct {
       encryption: s3.BucketEncryption.S3_MANAGED,
       versioned: true,
       serverAccessLogsPrefix: "access_logs/",
-      accessControl: BucketAccessControl.LOG_DELIVERY_WRITE,
+      objectOwnership: ObjectOwnership.OBJECT_WRITER,
 
       /**
        * Ideally, one would leave the bucket name to be autogenerated by CF. But

diff --git a/cdk/lib/dashboardexamples-stack.ts b/cdk/lib/dashboardexamples-stack.ts
@@ -7,6 +7,7 @@ import * as cdk from "@aws-cdk/core";
 import * as lambda from "@aws-cdk/aws-lambda";
 import s3Deploy = require("@aws-cdk/aws-s3-deployment");
 import * as s3 from "@aws-cdk/aws-s3";
+import { ObjectOwnership } from "@aws-cdk/aws-s3";
 import { ExampleDashboardLambda } from "./constructs/exampledashboardlambda";
 import customResource = require("@aws-cdk/custom-resources");
 
@@ -35,6 +36,7 @@ export class DashboardExamplesStack extends cdk.Stack {
     const exampleBucket = new s3.Bucket(this, "ExampleBucket", {
       encryption: s3.BucketEncryption.S3_MANAGED,
       versioned: false,
+      objectOwnership: ObjectOwnership.OBJECT_WRITER,
     });
 
     const lambdas = new ExampleDashboardLambda(

diff --git a/cdk/lib/frontend-stack.ts b/cdk/lib/frontend-stack.ts
@@ -12,7 +12,7 @@ import lambda = require("@aws-cdk/aws-lambda");
 import iam = require("@aws-cdk/aws-iam");
 import logs = require("@aws-cdk/aws-logs");
 import { HttpHeaders } from "@cloudcomponents/cdk-lambda-at-edge-pattern";
-import { BucketAccessControl } from "@aws-cdk/aws-s3";
+import { ObjectOwnership } from "@aws-cdk/aws-s3";
 
 interface Props extends cdk.StackProps {
   datasetsBucket: string;
@@ -40,7 +40,7 @@ export class FrontendStack extends cdk.Stack {
       websiteErrorDocument: "index.html",
       encryption: s3.BucketEncryption.S3_MANAGED,
       serverAccessLogsPrefix: "access_logs/",
-      accessControl: BucketAccessControl.LOG_DELIVERY_WRITE,
+      objectOwnership: ObjectOwnership.OBJECT_WRITER,
     });
 
     const httpHeaders = new HttpHeaders(this, "HttpHeaders", {

diff --git a/cdk/package-lock.json b/cdk/package-lock.json
diff --git a/cdk/package.json b/cdk/package.json
@@ -1,6 +1,6 @@
 {
   "name": "performance-dashboard-cdk",
-  "version": "1.8.0",
+  "version": "1.8.1",
   "description": "Performance Dashboard on AWS CDK",
   "license": "Apache-2.0",
   "bin": {

diff --git a/deployment/performance-dashboard-on-aws.template b/deployment/performance-dashboard-on-aws.template
@@ -1,6 +1,6 @@
 {
   "AWSTemplateFormatVersion": "2010-09-09",
-  "Description": "(SO0157) Performance Dashboard on AWS Solution Implementation v1.8.0",
+  "Description": "(SO0157) Performance Dashboard on AWS Solution Implementation v1.8.1",
   "Parameters": {
     "AdminEmail": {
       "Type": "String",