in source/infrastructure/lib/scenarios-storage.ts [35:109]
constructor(scope: Construct, id: string, props: ScenarioTestRunnerStorageContructProps) {
super(scope, id);
this.scenariosBucket = new Bucket(this, 'DLTScenariosBucket', {
removalPolicy: RemovalPolicy.RETAIN,
serverAccessLogsBucket: props.s3LogsBucket,
serverAccessLogsPrefix: 'scenarios-bucket-access/',
encryption: BucketEncryption.KMS_MANAGED,
blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
cors: [
{
allowedMethods: [HttpMethods.GET, HttpMethods.POST, HttpMethods.PUT],
allowedOrigins: [`https://${props.cloudFrontDomainName}`],
allowedHeaders: ['*'],
exposedHeaders: ['ETag']
}
]
});
Tags.of(this.scenariosBucket).add('SolutionId', props.solutionId);
this.scenariosBucket.addToResourcePolicy(new PolicyStatement({
actions: ['s3:*'],
resources: [this.scenariosBucket.bucketArn, `${this.scenariosBucket.bucketArn}/*`],
effect: Effect.DENY,
principals: [new AnyPrincipal],
conditions: {
'Bool': {
'aws:SecureTransport': false
}
}
}));
this.scenariosS3Policy = new Policy(this, 'ScenariosS3Policy', {
statements: [
new PolicyStatement({
effect: Effect.ALLOW,
actions: [
's3:HeadObject',
's3:PutObject',
's3:GetObject',
's3:ListBucket'
],
resources: [
this.scenariosBucket.bucketArn,
`${this.scenariosBucket.bucketArn}/*`
]
})
]
});
props.ecsTaskExecutionRole.attachInlinePolicy(this.scenariosS3Policy);
this.scenariosTable = new Table(this, 'DLTScenariosTable', {
billingMode: BillingMode.PAY_PER_REQUEST,
encryption: TableEncryption.AWS_MANAGED,
partitionKey: { name: 'testId', type: AttributeType.STRING },
pointInTimeRecovery: true
});
Tags.of(this.scenariosTable).add('SolutionId', props.solutionId);
this.dynamoDbPolicy = new Policy(this, 'DynamoDbPolicy', {
statements: [
new PolicyStatement({
effect: Effect.ALLOW,
actions: [
'dynamodb:DeleteItem',
'dynamodb:GetItem',
'dynamodb:PutItem',
'dynamodb:Scan',
'dynamodb:UpdateItem'
],
resources: [this.scenariosTable.tableArn]
})
]
})
}