Skip to content

Commit 1ab07a8

Browse files
GuiGuerreirooGuiGuerreiroo
authored
Merge pull request #240 from Maua-Dev/feature/create-s3-dev-policy-documents
feat: add the instance of s3 dev policy documents bucket and also con…
2 parents 16c1b93 + ee0e382 commit 1ab07a8

3 files changed

Lines changed: 150 additions & 79 deletions

File tree

iac/iac/bucket_stack.py

Lines changed: 144 additions & 79 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,11 @@
1414
class BucketStack(Construct):
1515
s3_bucket_member: aws_s3.Bucket
1616
s3_bucket_project: aws_s3.Bucket
17+
s3_bucket_dev_policy_documents: aws_s3.Bucket
1718
selfie_validation_step_function: aws_stepfunctions.StateMachine
1819
cloudfront_distribution_member: aws_cloudfront.Distribution
1920
cloudfront_distribution_project: aws_cloudfront.Distribution
21+
cloudfront_distribution_dev_policy_documents: aws_cloudfront.Distribution
2022

2123
def __init__(self, scope: Construct) -> None:
2224
super().__init__(scope, "PortalInterno_Bucket")
@@ -25,93 +27,156 @@ def __init__(self, scope: Construct) -> None:
2527

2628
REMOVAL_POLICY = RemovalPolicy.RETAIN if 'prod' in self.github_ref_name else RemovalPolicy.DESTROY
2729

28-
self.s3_bucket_member = aws_s3.Bucket(self, "PortalInterno_Member_Photo_S3_Bucket",
29-
versioned=True,
30-
block_public_access=aws_s3.BlockPublicAccess.BLOCK_ALL,
31-
event_bridge_enabled=False,
32-
cors=[aws_s3.CorsRule(
33-
allowed_methods=[
34-
aws_s3.HttpMethods.GET, aws_s3.HttpMethods.PUT, aws_s3.HttpMethods.POST],
35-
allowed_origins=["*"],
36-
allowed_headers=["*"],
37-
max_age=3000
38-
)],
39-
removal_policy=REMOVAL_POLICY
40-
)
30+
self.s3_bucket_member = aws_s3.Bucket(
31+
self,
32+
"PortalInterno_Member_Photo_S3_Bucket",
33+
versioned=True,
34+
block_public_access=aws_s3.BlockPublicAccess.BLOCK_ALL,
35+
event_bridge_enabled=False,
36+
cors=[aws_s3.CorsRule(
37+
allowed_methods=[
38+
aws_s3.HttpMethods.GET, aws_s3.HttpMethods.PUT, aws_s3.HttpMethods.POST
39+
],
40+
allowed_origins=["*"],
41+
allowed_headers=["*"],
42+
max_age=3000
43+
)],
44+
removal_policy=REMOVAL_POLICY
45+
)
4146

42-
oai = aws_cloudfront.OriginAccessIdentity(self, "PortalInterno_Member_Photo_OAI",
43-
comment="This is PortalInterno member photo OAI")
47+
oai = aws_cloudfront.OriginAccessIdentity(
48+
self,
49+
"PortalInterno_Member_Photo_OAI",
50+
comment="This is PortalInterno member photo OAI"
51+
)
4452

4553
self.s3_bucket_member.grant_read_write(oai)
4654

47-
self.cloudfront_distribution_member = aws_cloudfront.Distribution(self, "PortalInterno_Member_Photo_CloudFront_Distribution",
48-
default_behavior=aws_cloudfront.BehaviorOptions(
49-
origin=aws_cloudfront_origins.S3Origin(
50-
self.s3_bucket_member,
51-
origin_access_identity=oai),
52-
origin_request_policy=aws_cloudfront.OriginRequestPolicy.CORS_S3_ORIGIN,
53-
viewer_protocol_policy=aws_cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
54-
response_headers_policy=aws_cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
55-
cache_policy=aws_cloudfront.CachePolicy.CACHING_OPTIMIZED,
56-
allowed_methods=aws_cloudfront.AllowedMethods.ALLOW_ALL
57-
)
58-
)
55+
self.cloudfront_distribution_member = aws_cloudfront.Distribution(
56+
self,
57+
"PortalInterno_Member_Photo_CloudFront_Distribution",
58+
default_behavior=aws_cloudfront.BehaviorOptions(
59+
origin=aws_cloudfront_origins.S3Origin(
60+
self.s3_bucket_member,
61+
origin_access_identity=oai
62+
),
63+
origin_request_policy=aws_cloudfront.OriginRequestPolicy.CORS_S3_ORIGIN,
64+
viewer_protocol_policy=aws_cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
65+
response_headers_policy=aws_cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
66+
cache_policy=aws_cloudfront.CachePolicy.CACHING_OPTIMIZED,
67+
allowed_methods=aws_cloudfront.AllowedMethods.ALLOW_ALL
68+
)
69+
)
5970

60-
self.s3_bucket_project = aws_s3.Bucket(self, "PortalInterno_Project_Photo_S3_Bucket",
61-
versioned=True,
62-
block_public_access=aws_s3.BlockPublicAccess.BLOCK_ALL,
63-
event_bridge_enabled=False,
64-
cors=[aws_s3.CorsRule(
65-
allowed_methods=[
66-
aws_s3.HttpMethods.GET, aws_s3.HttpMethods.PUT, aws_s3.HttpMethods.POST],
67-
allowed_origins=["*"],
68-
allowed_headers=["*"],
69-
max_age=3000
70-
)],
71-
removal_policy=REMOVAL_POLICY
72-
)
71+
self.s3_bucket_project = aws_s3.Bucket(
72+
self,
73+
"PortalInterno_Project_Photo_S3_Bucket",
74+
versioned=True,
75+
block_public_access=aws_s3.BlockPublicAccess.BLOCK_ALL,
76+
event_bridge_enabled=False,
77+
cors=[aws_s3.CorsRule(
78+
allowed_methods=[
79+
aws_s3.HttpMethods.GET, aws_s3.HttpMethods.PUT, aws_s3.HttpMethods.POST
80+
],
81+
allowed_origins=["*"],
82+
allowed_headers=["*"],
83+
max_age=3000
84+
)],
85+
removal_policy=REMOVAL_POLICY
86+
)
7387

74-
oai = aws_cloudfront.OriginAccessIdentity(self, "PortalInterno_Project_Photo_OAI",
75-
comment="This is PortalInterno project photo OAI")
88+
oai = aws_cloudfront.OriginAccessIdentity(
89+
self,
90+
"PortalInterno_Project_Photo_OAI",
91+
comment="This is PortalInterno project photo OAI"
92+
)
7693

7794
self.s3_bucket_project.grant_read_write(oai)
7895

79-
self.cloudfront_distribution_project = aws_cloudfront.Distribution(self, "PortalInterno_Project_Photo_CloudFront_Distribution",
80-
default_behavior=aws_cloudfront.BehaviorOptions(
81-
origin=aws_cloudfront_origins.S3Origin(
82-
self.s3_bucket_project,
83-
origin_access_identity=oai),
84-
origin_request_policy=aws_cloudfront.OriginRequestPolicy.CORS_S3_ORIGIN,
85-
viewer_protocol_policy=aws_cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
86-
response_headers_policy=aws_cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
87-
cache_policy=aws_cloudfront.CachePolicy.CACHING_OPTIMIZED,
88-
allowed_methods=aws_cloudfront.AllowedMethods.ALLOW_ALL
89-
)
90-
)
96+
self.cloudfront_distribution_project = aws_cloudfront.Distribution(
97+
self,
98+
"PortalInterno_Project_Photo_CloudFront_Distribution",
99+
default_behavior=aws_cloudfront.BehaviorOptions(
100+
origin=aws_cloudfront_origins.S3Origin(
101+
self.s3_bucket_project,
102+
origin_access_identity=oai
103+
),
104+
origin_request_policy=aws_cloudfront.OriginRequestPolicy.CORS_S3_ORIGIN,
105+
viewer_protocol_policy=aws_cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
106+
response_headers_policy=aws_cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
107+
cache_policy=aws_cloudfront.CachePolicy.CACHING_OPTIMIZED,
108+
allowed_methods=aws_cloudfront.AllowedMethods.ALLOW_ALL
109+
)
110+
)
91111

92-
self.s3_bucket_member_report = aws_s3.Bucket(self, "PortalInterno_Member_Report_S3_Bucket",
93-
versioned=True,
94-
block_public_access=aws_s3.BlockPublicAccess.BLOCK_ALL,
95-
event_bridge_enabled=False,
96-
cors=[aws_s3.CorsRule(
97-
allowed_methods=[
98-
aws_s3.HttpMethods.GET, aws_s3.HttpMethods.PUT, aws_s3.HttpMethods.POST],
99-
allowed_origins=["*"],
100-
allowed_headers=["*"],
101-
max_age=3000
102-
)],
103-
removal_policy=REMOVAL_POLICY
104-
)
112+
self.s3_bucket_member_report = aws_s3.Bucket(
113+
self,
114+
"PortalInterno_Member_Report_S3_Bucket",
115+
versioned=True,
116+
block_public_access=aws_s3.BlockPublicAccess.BLOCK_ALL,
117+
event_bridge_enabled=False,
118+
cors=[aws_s3.CorsRule(
119+
allowed_methods=[
120+
aws_s3.HttpMethods.GET, aws_s3.HttpMethods.PUT, aws_s3.HttpMethods.POST
121+
],
122+
allowed_origins=["*"],
123+
allowed_headers=["*"],
124+
max_age=3000
125+
)],
126+
removal_policy=REMOVAL_POLICY
127+
)
105128

106-
self.cloudfront_distribution_member_report = aws_cloudfront.Distribution(self, "PortalInterno_Member_Report_CloudFront_Distribution",
107-
default_behavior=aws_cloudfront.BehaviorOptions(
108-
origin=aws_cloudfront_origins.S3Origin(
109-
self.s3_bucket_member_report,
110-
origin_access_identity=oai),
111-
origin_request_policy=aws_cloudfront.OriginRequestPolicy.CORS_S3_ORIGIN,
112-
viewer_protocol_policy=aws_cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
113-
response_headers_policy=aws_cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
114-
cache_policy=aws_cloudfront.CachePolicy.CACHING_OPTIMIZED,
115-
allowed_methods=aws_cloudfront.AllowedMethods.ALLOW_ALL
116-
)
117-
)
129+
self.cloudfront_distribution_member_report = aws_cloudfront.Distribution(
130+
self,
131+
"PortalInterno_Member_Report_CloudFront_Distribution",
132+
default_behavior=aws_cloudfront.BehaviorOptions(
133+
origin=aws_cloudfront_origins.S3Origin(
134+
self.s3_bucket_member_report,
135+
origin_access_identity=oai
136+
),
137+
origin_request_policy=aws_cloudfront.OriginRequestPolicy.CORS_S3_ORIGIN,
138+
viewer_protocol_policy=aws_cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
139+
response_headers_policy=aws_cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
140+
cache_policy=aws_cloudfront.CachePolicy.CACHING_OPTIMIZED,
141+
allowed_methods=aws_cloudfront.AllowedMethods.ALLOW_ALL
142+
)
143+
)
144+
145+
self.s3_bucket_dev_policy_documents= aws_s3.Bucket(
146+
self,
147+
"PortalInterno_Dev_Policy_Documents_S3_Bucket",
148+
versioned= True,
149+
block_public_access= aws_s3.BlockPublicAccess.BLOCK_ALL,
150+
event_bridge_enabled=False,
151+
cors=[aws_s3.CorsRule(
152+
allowed_methods=[aws_s3.HttpMethods.GET, aws_s3.HttpMethods.PUT, aws_s3.HttpMethods.POST],
153+
allowed_origins=["*"],
154+
allowed_headers=["*"],
155+
max_age=3000
156+
)],
157+
removal_policy= REMOVAL_POLICY
158+
)
159+
160+
oai=aws_cloudfront.OriginAccessIdentity(
161+
self,
162+
"PortalInterno_Dev_Policy_Documents_OAI",
163+
comment= "This is Portal interno dev policy documents OAI"
164+
)
165+
166+
self.s3_bucket_dev_policy_documents.grant_read_write(oai)
167+
168+
self.cloudfront_distribution_dev_policy_documents= aws_cloudfront.Distribution(
169+
self,
170+
"PortalInterno_Dev_Policy_Documents_CloudFront_Distribution",
171+
default_behavior=aws_cloudfront.BehaviorOptions(
172+
origin=aws_cloudfront_origins.S3Origin(
173+
self.s3_bucket_dev_policy_documents,
174+
origin_access_identity=oai
175+
),
176+
origin_request_policy=aws_cloudfront.OriginRequestPolicy.CORS_S3_ORIGIN,
177+
viewer_protocol_policy=aws_cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS,
178+
response_headers_policy=aws_cloudfront.ResponseHeadersPolicy.CORS_ALLOW_ALL_ORIGINS,
179+
cache_policy=aws_cloudfront.CachePolicy.CACHING_OPTIMIZED,
180+
allowed_methods=aws_cloudfront.AllowedMethods.ALLOW_ALL
181+
)
182+
)

iac/iac/iac_stack.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,8 @@ def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
7070
"CLOUD_FRONT_DISTRIBUTION_DOMAIN_ASSETS_PROJECT": self.bucket_stack.cloudfront_distribution_project.domain_name,
7171
"S3_BUCKET_NAME_MEMBER_REPORT": self.bucket_stack.s3_bucket_member_report.bucket_name,
7272
"CLOUD_FRONT_DISTRIBUTION_DOMAIN_ASSETS_MEMBER_REPORT": self.bucket_stack.cloudfront_distribution_member_report.domain_name,
73+
"S3_BUCKET_NAME_DEV_POLICY_DOCUMENTS": self.bucket_stack.s3_bucket_dev_policy_documents.bucket_name,
74+
"CLOUD_FRONT_DISTRIBUTION_DOMAIN_ASSETS_DEV_POLICY_DOCUMENTS": self.bucket_stack.cloudfront_distribution_dev_policy_documents.domain_name,
7375
"COGNITO_USER_POOL_ID": self.cognito_stack.user_pool.user_pool_id,
7476
"COGNITO_CLIENT_ID": self.cognito_stack.client.user_pool_client_id,
7577
"MSS_NAME": os.environ.get("MSS_NAME", "port_mss_action"),

src/shared/environments.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,7 @@ def load_envs(self):
4646
self.s3_bucket_name_member = "portalinternostackbackd-portalinternobackbucket-project"
4747
self.s3_bucket_name_project = "portalinternostackbackd-portalinternobackbucket-member"
4848
self.s3_bucket_name_member_report = "portalinternostackbackd-portalinternobackbucket-member-report"
49+
self.s3_bucket_name_dev_policy_documents= "portalinternosbackd-portalinternobackbucket-dev-policy-report"
4950
self.region = "sa-east-1"
5051
self.endpoint_url = "http://localhost:8000"
5152
self.dynamo_table_name = "port_mss_action-table"
@@ -60,6 +61,7 @@ def load_envs(self):
6061
self.cloud_front_distribution_domain_assets_member = "https://d3q9q9q9q9q9q9.cloudfront.net"
6162
self.cloud_front_distribution_domain_assets_project = "https://d3q9q9q9q9q9q9.cloudfront.net"
6263
self.cloud_front_distribution_domain_assets_member_report = "https://d3q9q9q9q9q9q9.cloudfront.net"
64+
self.cloud_front_distribution_domain_assets_dev_policy_documents= "https://d3q9q9q9q9q9q9.cloudfront.net"
6365
self.bucket_endpoint_url = "http://localhost:9000"
6466
self.reply_to_email = "dev@maua.br"
6567
self.from_email = "contato@devmaua.com"
@@ -71,6 +73,7 @@ def load_envs(self):
7173
self.s3_bucket_name_member = os.environ.get("S3_BUCKET_NAME_MEMBER")
7274
self.s3_bucket_name_project = os.environ.get("S3_BUCKET_NAME_PROJECT")
7375
self.s3_bucket_name_member_report = os.environ.get("S3_BUCKET_NAME_MEMBER_REPORT")
76+
self.s3_bucket_name_dev_policy_documents= os.environ.get("S3_BUCKET_NAME_DEV_POLICY_DOCUMENTS")
7477
self.region = os.environ.get("REGION")
7578
self.endpoint_url = os.environ.get("ENDPOINT_URL")
7679
self.dynamo_table_name = os.environ.get("DYNAMO_TABLE_NAME")
@@ -85,6 +88,7 @@ def load_envs(self):
8588
self.cloud_front_distribution_domain_assets_member = os.environ.get("CLOUD_FRONT_DISTRIBUTION_DOMAIN_ASSETS_MEMBER")
8689
self.cloud_front_distribution_domain_assets_project = os.environ.get("CLOUD_FRONT_DISTRIBUTION_DOMAIN_ASSETS_PROJECT")
8790
self.cloud_front_distribution_domain_assets_member_report = os.environ.get("CLOUD_FRONT_DISTRIBUTION_DOMAIN_ASSETS_MEMBER_REPORT")
91+
self.cloud_front_distribution_domain_assets_dev_policy_documents= os.environ.get("CLOUD_FRONT_DISTRIBUTION_DOMAIN_ASSETS_DEV_POLICY_DOCUMENTS")
8892
self.bucket_endpoint_url = os.environ.get("BUCKET_ENDPOINT_URL")
8993
self.reply_to_email = os.environ.get("REPLY_TO_EMAIL")
9094
self.from_email = os.environ.get("FROM_EMAIL")

0 commit comments

Comments
 (0)