in netbench-cdk/lib/netbench.ts [128:169]
private createS3Bucket(id: string, reportBucket: boolean): cdk.aws_s3.Bucket {
// NOTE: putting the bucketName in the bucketProperties
// over-rides CloudFormation's unique naming scheme
let bucketProperties = {
bucketName: id,
blockPublicAccess: cdk.aws_s3.BlockPublicAccess.BLOCK_ALL,
encryption: cdk.aws_s3.BucketEncryption.S3_MANAGED,
enforceSSL: true,
// On stack destroy, keep the bucket and it's contents, leaving an orphan.
// This will require manual cleanup if you'd like to recreate the stack.
removalPolicy: cdk.RemovalPolicy.RETAIN,
}
const netbenchBucket = new cdk.aws_s3.Bucket(this, id, bucketProperties)
if (reportBucket) {
// If this is a reporting bucket, populate it with the contents of ./staticfiles/.
const deployment = new BucketDeployment(this, 'NetbenchReportBucketContents', {
sources: [cdk.aws_s3_deployment.Source.asset(path.join(__dirname, "../staticfiles"))],
destinationBucket: netbenchBucket,
prune: false, // Do NOT delete objects in s3 that don't exist locally.
});
}
const bucketActions = ['s3:AbortMultipartUpload',
's3:GetBucketLocation',
's3:GetObject',
's3:ListBucket',
's3:ListBucketMultipartUploads',
's3:ListMultipartUploadParts',
's3:PutObject']
netbenchBucket.addToResourcePolicy(new cdk.aws_iam.PolicyStatement({
sid: 'netbenchec2',
// Special CDK construct that implicitly adds a condition to the policy.
principals: [new cdk.aws_iam.AnyPrincipal().inOrganization(`arn:aws:sts::${this.account}:assumed-role`)],
effect: cdk.aws_iam.Effect.ALLOW,
actions: bucketActions,
resources: [`${netbenchBucket.bucketArn}/*`,
netbenchBucket.bucketArn]
}))
return netbenchBucket;
};