Merge branch '30-refactor-cloudfront-s3-static-site-bucket' into 'develop'

Resolve "Split CloudFront CDK construct into S3 bucket and Web Distribution"

Closes #30

See merge request verbose-equals-true/django-postgres-vue-gitlab-ecs!75

Author: briancaffey

awscdk/awscdk/cdk_app_root.py

@@ -11,6 +11,7 @@
 from alb import ApplicationLoadBalancer
 from ecs import Ecs
 from env_vars import Variables
+from static_site_bucket import StaticSiteBucket
 
 from backend import Backend
 from backend_tasks import BackendTasks
@@ -47,10 +48,15 @@ def __init__(
             vpc=self.vpc.vpc,
         )
 
+        self.static_site_bucket = StaticSiteBucket(
+            self, "StaticSiteBucket", full_app_name=full_app_name
+        )
+
         self.cloudfront = CloudFront(
             self,
             "StaticSite",
             hosted_zone=self.hosted_zone,
+            static_site_bucket_name=self.static_site_bucket.static_site_bucket.bucket_name,  # noqa
             certificate=self.certificate,
             alb=self.alb.alb.load_balancer_dns_name,
             full_domain_name=full_domain_name,

awscdk/awscdk/cloudfront.py

@@ -14,6 +14,7 @@ def __init__(
         self,
         scope: core.Construct,
         id: str,
+        static_site_bucket_name: str,
         hosted_zone: route53.IHostedZone,
         certificate: acm.ICertificate,
         alb: str,
@@ -23,29 +24,9 @@ def __init__(
     ) -> None:
         super().__init__(scope, id, **kwargs)
 
-        self.static_site_bucket = s3.Bucket(
-            self,
-            "StaticSiteBucket",
-            access_control=s3.BucketAccessControl.PUBLIC_READ,
-            bucket_name=f"{full_app_name}-frontend",
-            removal_policy=core.RemovalPolicy.DESTROY,
-            website_index_document="index.html",
-            website_error_document="index.html",
-        )
-
-        self.policy_statement = iam.PolicyStatement(
-            actions=["s3:GetObject"],
-            resources=[f"{self.static_site_bucket.bucket_arn}/*"],
-        )
-
-        self.policy_statement.add_any_principal()
-
-        self.static_site_policy_document = iam.PolicyDocument(
-            statements=[self.policy_statement]
+        s3_website_domain_name = (
+            f"{static_site_bucket_name}.s3-website-us-east-1.amazonaws.com"
         )
-
-        self.static_site_bucket.add_to_resource_policy(self.policy_statement)
-
         path_patterns = ["/api/*", "/admin/*", "/flower/*"]
         self.distribution = cloudfront.CloudFrontWebDistribution(
             self,
@@ -71,7 +52,7 @@ def __init__(
                 ),
                 cloudfront.SourceConfiguration(
                     custom_origin_source=cloudfront.CustomOriginConfig(
-                        domain_name=f"{self.static_site_bucket.bucket_name}.s3-website-us-east-1.amazonaws.com",
+                        domain_name=s3_website_domain_name,
                         origin_protocol_policy=cloudfront.OriginProtocolPolicy.HTTP_ONLY,
                     ),
                     behaviors=[

awscdk/awscdk/static_site_bucket.py

@@ -0,0 +1,35 @@
+from aws_cdk import (
+    aws_s3 as s3,
+    aws_iam as iam,
+    core,
+)
+
+
+class StaticSiteBucket(core.Construct):
+    def __init__(
+        self, scope: core.Construct, id: str, full_app_name: str, **kwargs,
+    ) -> None:
+        super().__init__(scope, id, **kwargs)
+
+        self.static_site_bucket = s3.Bucket(
+            self,
+            "StaticSiteBucket",
+            access_control=s3.BucketAccessControl.PUBLIC_READ,
+            bucket_name=f"{full_app_name}-frontend",
+            removal_policy=core.RemovalPolicy.DESTROY,
+            website_index_document="index.html",
+            website_error_document="index.html",
+        )
+
+        self.policy_statement = iam.PolicyStatement(
+            actions=["s3:GetObject"],
+            resources=[f"{self.static_site_bucket.bucket_arn}/*"],
+        )
+
+        self.policy_statement.add_any_principal()
+
+        self.static_site_policy_document = iam.PolicyDocument(
+            statements=[self.policy_statement]
+        )
+
+        self.static_site_bucket.add_to_resource_policy(self.policy_statement)

awscdk/stack.yml

@@ -283,8 +283,8 @@ Resources:
         Ref: VpcC3027511
     Metadata:
       aws:cdk:path: dev-mysite-com-stack/ApplicationLoadBalancer/ALB/SecurityGroup/Resource
-  ApplicationLoadBalancerALBSecurityGrouptodevmysitecomstackBackendBackendSecurityGroup987E976C8000947E9AB3:
-    Type: AWS::EC2::SecurityGroupEgress
+  ? ApplicationLoadBalancerALBSecurityGrouptodevmysitecomstackBackendBackendSecurityGroup987E976C8000947E9AB3
+  : Type: AWS::EC2::SecurityGroupEgress
     Properties:
       GroupId:
         Fn::GetAtt:
@@ -373,7 +373,7 @@ Resources:
         Ref: VpcC3027511
     Metadata:
       aws:cdk:path: dev-mysite-com-stack/ApplicationLoadBalancer/DefaultTargetGroup/Resource
-  StaticSiteStaticSiteBucket442CE34F:
+  StaticSiteBucket6BF500B9:
     Type: AWS::S3::Bucket
     Properties:
       AccessControl: PublicRead
@@ -387,12 +387,12 @@ Resources:
     UpdateReplacePolicy: Delete
     DeletionPolicy: Delete
     Metadata:
-      aws:cdk:path: dev-mysite-com-stack/StaticSite/StaticSiteBucket/Resource
-  StaticSiteStaticSiteBucketPolicyC8E62485:
+      aws:cdk:path: dev-mysite-com-stack/StaticSiteBucket/StaticSiteBucket/Resource
+  StaticSiteBucketPolicy543699F0:
     Type: AWS::S3::BucketPolicy
     Properties:
       Bucket:
-        Ref: StaticSiteStaticSiteBucket442CE34F
+        Ref: StaticSiteBucket6BF500B9
       PolicyDocument:
         Statement:
           - Action: s3:GetObject
@@ -402,12 +402,12 @@ Resources:
               Fn::Join:
                 - ""
                 - - Fn::GetAtt:
-                      - StaticSiteStaticSiteBucket442CE34F
+                      - StaticSiteBucket6BF500B9
                       - Arn
                   - /*
         Version: "2012-10-17"
     Metadata:
-      aws:cdk:path: dev-mysite-com-stack/StaticSite/StaticSiteBucket/Policy/Resource
+      aws:cdk:path: dev-mysite-com-stack/StaticSiteBucket/StaticSiteBucket/Policy/Resource
   StaticSiteCloudFrontDistributionCFDistributionA70E78CD:
     Type: AWS::CloudFront::Distribution
     Properties:
@@ -521,7 +521,7 @@ Resources:
             DomainName:
               Fn::Join:
                 - ""
-                - - Ref: StaticSiteStaticSiteBucket442CE34F
+                - - Ref: StaticSiteBucket6BF500B9
                   - .s3-website-us-east-1.amazonaws.com
             Id: origin2
         PriceClass: PriceClass_100
@@ -820,7 +820,7 @@ Resources:
               - - Ref: AWS::AccountId
                 - .dkr.ecr.us-east-1.
                 - Ref: AWS::URLSuffix
-                - /aws-cdk/assets:47065bc78cdd042647d95665e4f6fc1c352f98e0748ad1947d0b1d788cc1ec49
+                - /aws-cdk/assets:41bdd10a3c4f6c26292af664680559ccbaecfcd26073ddb0df264187ffa4fdfb
           LogConfiguration:
             LogDriver: awslogs
             Options:
@@ -915,8 +915,8 @@ Resources:
         - Ref: BackendBackendTaskExecutionRole3B22D4E5
     Metadata:
       aws:cdk:path: dev-mysite-com-stack/Backend/BackendTask/ExecutionRole/DefaultPolicy/Resource
-  BackendBackendSecurityGroupfromdevmysitecomstackApplicationLoadBalancerALBSecurityGroup41CD7D0380003CD57722:
-    Type: AWS::EC2::SecurityGroupIngress
+  ? BackendBackendSecurityGroupfromdevmysitecomstackApplicationLoadBalancerALBSecurityGroup41CD7D0380003CD57722
+  : Type: AWS::EC2::SecurityGroupIngress
     Properties:
       IpProtocol: tcp
       Description: Load balancer to target
@@ -1026,7 +1026,7 @@ Resources:
               - - Ref: AWS::AccountId
                 - .dkr.ecr.us-east-1.
                 - Ref: AWS::URLSuffix
-                - /aws-cdk/assets:47065bc78cdd042647d95665e4f6fc1c352f98e0748ad1947d0b1d788cc1ec49
+                - /aws-cdk/assets:41bdd10a3c4f6c26292af664680559ccbaecfcd26073ddb0df264187ffa4fdfb
           LogConfiguration:
             LogDriver: awslogs
             Options:
@@ -1213,7 +1213,7 @@ Resources:
               - - Ref: AWS::AccountId
                 - .dkr.ecr.us-east-1.
                 - Ref: AWS::URLSuffix
-                - /aws-cdk/assets:47065bc78cdd042647d95665e4f6fc1c352f98e0748ad1947d0b1d788cc1ec49
+                - /aws-cdk/assets:41bdd10a3c4f6c26292af664680559ccbaecfcd26073ddb0df264187ffa4fdfb
           LogConfiguration:
             LogDriver: awslogs
             Options:
@@ -1399,7 +1399,7 @@ Resources:
               - - Ref: AWS::AccountId
                 - .dkr.ecr.us-east-1.
                 - Ref: AWS::URLSuffix
-                - /aws-cdk/assets:47065bc78cdd042647d95665e4f6fc1c352f98e0748ad1947d0b1d788cc1ec49
+                - /aws-cdk/assets:41bdd10a3c4f6c26292af664680559ccbaecfcd26073ddb0df264187ffa4fdfb
           LogConfiguration:
             LogDriver: awslogs
             Options:
@@ -1487,4 +1487,3 @@ Resources:
     Type: AWS::CDK::Metadata
     Properties:
       Modules: aws-cdk=1.38.0,@aws-cdk/assets=1.38.0,@aws-cdk/aws-apigateway=1.38.0,@aws-cdk/aws-applicationautoscaling=1.38.0,@aws-cdk/aws-autoscaling=1.38.0,@aws-cdk/aws-autoscaling-common=1.38.0,@aws-cdk/aws-autoscaling-hooktargets=1.38.0,@aws-cdk/aws-batch=1.38.0,@aws-cdk/aws-certificatemanager=1.38.0,@aws-cdk/aws-cloudformation=1.38.0,@aws-cdk/aws-cloudfront=1.38.0,@aws-cdk/aws-cloudwatch=1.38.0,@aws-cdk/aws-codebuild=1.38.0,@aws-cdk/aws-codecommit=1.38.0,@aws-cdk/aws-codepipeline=1.38.0,@aws-cdk/aws-cognito=1.38.0,@aws-cdk/aws-ec2=1.38.0,@aws-cdk/aws-ecr=1.38.0,@aws-cdk/aws-ecr-assets=1.38.0,@aws-cdk/aws-ecs=1.38.0,@aws-cdk/aws-ecs-patterns=1.38.0,@aws-cdk/aws-elasticache=1.38.0,@aws-cdk/aws-elasticloadbalancing=1.38.0,@aws-cdk/aws-elasticloadbalancingv2=1.38.0,@aws-cdk/aws-events=1.38.0,@aws-cdk/aws-events-targets=1.38.0,@aws-cdk/aws-iam=1.38.0,@aws-cdk/aws-kms=1.38.0,@aws-cdk/aws-lambda=1.38.0,@aws-cdk/aws-logs=1.38.0,@aws-cdk/aws-rds=1.38.0,@aws-cdk/aws-route53=1.38.0,@aws-cdk/aws-route53-targets=1.38.0,@aws-cdk/aws-s3=1.38.0,@aws-cdk/aws-s3-assets=1.38.0,@aws-cdk/aws-sam=1.38.0,@aws-cdk/aws-secretsmanager=1.38.0,@aws-cdk/aws-servicediscovery=1.38.0,@aws-cdk/aws-sns=1.38.0,@aws-cdk/aws-sns-subscriptions=1.38.0,@aws-cdk/aws-sqs=1.38.0,@aws-cdk/aws-ssm=1.38.0,@aws-cdk/aws-stepfunctions=1.38.0,@aws-cdk/cloud-assembly-schema=1.38.0,@aws-cdk/core=1.38.0,@aws-cdk/custom-resources=1.38.0,@aws-cdk/cx-api=1.38.0,@aws-cdk/region-info=1.38.0,jsii-runtime=Python/3.6.8
-

gitlab-ci/aws/cdk.yml

@@ -25,7 +25,6 @@ variables:
   after_script:
     - echo "Build Complete"
 
-
 .Sync Quasar PWA Assets:
   image: python:3.8
   stage: deploy