def _create_artifact

def _create_artifact_bucket()

in src/build_infrastructure/android/stacks/build_pipeline_stack.py [0:0]

34 lines of code
1 McCabe index (conditional complexity)


    def _create_artifact_bucket(self, bucket_name:str):
        artifact_bucket = aws_s3.Bucket(self, "PipelineAssets", 
            bucket_name=bucket_name, 
            encryption=aws_s3.BucketEncryption.KMS_MANAGED,
            removal_policy=core.RemovalPolicy.DESTROY)
        artifact_bucket.add_to_resource_policy(permission=aws_iam.PolicyStatement(
            principals=[aws_iam.AnyPrincipal()],
            effect=aws_iam.Effect.DENY,
            resources=[
                artifact_bucket.bucket_arn, 
                f"{artifact_bucket.bucket_arn}/*"
            ],
            actions=["s3:*"],
            conditions={
                "Bool": {
                    "aws:SecureTransport": "false"
                }
            }
        ))
        artifact_bucket.add_to_resource_policy(permission=aws_iam.PolicyStatement(
            principals=[aws_iam.AnyPrincipal()],
            effect=aws_iam.Effect.DENY,
            resources=[
                artifact_bucket.bucket_arn, 
                f"{artifact_bucket.bucket_arn}/*"
            ],
            actions=["s3:PutObject"],
            conditions={
                "StringNotEquals": {
                    "s3:x-amz-server-side-encryption": "aws:kms"
                }
            }
        ))
        return artifact_bucket