constructor()

in source/lib/s3-bucket.ts [27:77]

• 45 lines of code
• 2 McCabe index (conditional complexity)

    constructor(scope: cdk.Construct, id: string, props: EncryptedBucketProps) {
        super(scope, id);

        const securitySettings: s3.BucketProps = {
            blockPublicAccess: s3.BlockPublicAccess.BLOCK_ALL,
            encryption: s3.BucketEncryption.S3_MANAGED
        }

        const accessLogsBucket = new s3.Bucket(this, 'AccessLogsBucket', securitySettings);
        CfnNagHelper.addSuppressions(accessLogsBucket.node.defaultChild as s3.CfnBucket, [
            { Id: 'W35', Reason: 'This bucket is used to store access logs for another bucket' },
            { Id: 'W51', Reason: 'This bucket does not need a bucket policy' }
        ]);

        const rules: s3.LifecycleRule[] = [{
            id: 'multipart-upload-rule',
            enabled: true,
            abortIncompleteMultipartUploadAfter: cdk.Duration.days(7)
        }];

        if (props.enableIntelligentTiering) {
            rules.push({
                id: 'intelligent-tiering-rule',
                enabled: true,
                transitions: [{
                    storageClass: s3.StorageClass.INTELLIGENT_TIERING,
                    transitionAfter: cdk.Duration.days(1)
                }]
            });
        }

       this.Bucket = new s3.Bucket(this, 'Bucket', {
            ...securitySettings,
            serverAccessLogsBucket: accessLogsBucket,
            lifecycleRules: rules
        });

        this.Bucket.addToResourcePolicy(new iam.PolicyStatement({
            sid: 'HttpsOnly',
            effect: iam.Effect.DENY,
            resources: [
                this.Bucket.arnForObjects('*'),
                this.Bucket.bucketArn
            ],
            actions: ['*'],
            principals: [new iam.AnyPrincipal()],
            conditions: {
                Bool: { 'aws:SecureTransport': 'false' }
            }
        }));
    }