diff --git a/demos-pipeline/lib/lib/build-image-data.ts b/demos-pipeline/lib/lib/build-image-data.ts index 063dee4..19b5f6e 100644 --- a/demos-pipeline/lib/lib/build-image-data.ts +++ b/demos-pipeline/lib/lib/build-image-data.ts @@ -37,6 +37,7 @@ export class BuildImageDataStack extends cdk.Stack { bucketName, versioned: true, removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, }); const dataBucketDeploymentRole = new iam.Role( diff --git a/demos-pipeline/lib/test/__snapshots__/build-image-data.test.ts.snap b/demos-pipeline/lib/test/__snapshots__/build-image-data.test.ts.snap index b53b9b8..d286d3a 100644 --- a/demos-pipeline/lib/test/__snapshots__/build-image-data.test.ts.snap +++ b/demos-pipeline/lib/test/__snapshots__/build-image-data.test.ts.snap @@ -167,11 +167,34 @@ exports[`Build Image Data Snapshot 1`] = ` }, "Type": "AWS::IAM::Policy", }, + "BuildImageDataBucketAutoDeleteObjectsCustomResource89CDEC31": { + "DeletionPolicy": "Delete", + "DependsOn": [ + "BuildImageDataBucketPolicyBF163C5F", + ], + "Properties": { + "BucketName": { + "Ref": "BuildImageDataBucketE6A8BC04", + }, + "ServiceToken": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F", + "Arn", + ], + }, + }, + "Type": "Custom::S3AutoDeleteObjects", + "UpdateReplacePolicy": "Delete", + }, "BuildImageDataBucketE6A8BC04": { "DeletionPolicy": "Delete", "Properties": { "BucketName": "test-bucket", "Tags": [ + { + "Key": "aws-cdk:auto-delete-objects", + "Value": "true", + }, { "Key": "aws-cdk:cr-owned:19b429dc", "Value": "true", @@ -184,6 +207,57 @@ exports[`Build Image Data Snapshot 1`] = ` "Type": "AWS::S3::Bucket", "UpdateReplacePolicy": "Delete", }, + "BuildImageDataBucketPolicyBF163C5F": { + "Properties": { + "Bucket": { + "Ref": "BuildImageDataBucketE6A8BC04", + }, + "PolicyDocument": { + "Statement": [ + { + "Action": [ + "s3:GetBucket*", + "s3:List*", + "s3:DeleteObject*", + ], + "Effect": "Allow", + "Principal": { + "AWS": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn", + ], + }, + }, + "Resource": [ + { + "Fn::GetAtt": [ + "BuildImageDataBucketE6A8BC04", + "Arn", + ], + }, + { + "Fn::Join": [ + "", + [ + { + "Fn::GetAtt": [ + "BuildImageDataBucketE6A8BC04", + "Arn", + ], + }, + "/*", + ], + ], + }, + ], + }, + ], + "Version": "2012-10-17", + }, + }, + "Type": "AWS::S3::BucketPolicy", + }, "CustomCDKBucketDeployment8693BB64968944B69AAFB0CC9EB8756C81C01536": { "DependsOn": [ "BuildImageBucketRoleDefaultPolicy39AC1070", @@ -216,6 +290,62 @@ exports[`Build Image Data Snapshot 1`] = ` }, "Type": "AWS::Lambda::Function", }, + "CustomS3AutoDeleteObjectsCustomResourceProviderHandler9D90184F": { + "DependsOn": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + ], + "Properties": { + "Code": { + "S3Bucket": "cdk-hnb659fds-assets-111111111111-eu-central-1", + "S3Key": "arbitrary-file.zip", + }, + "Description": { + "Fn::Join": [ + "", + [ + "Lambda function for auto-deleting objects in ", + { + "Ref": "BuildImageDataBucketE6A8BC04", + }, + " S3 bucket.", + ], + ], + }, + "Handler": "index.handler", + "MemorySize": 128, + "Role": { + "Fn::GetAtt": [ + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092", + "Arn", + ], + }, + "Runtime": "nodejs16.x", + "Timeout": 900, + }, + "Type": "AWS::Lambda::Function", + }, + "CustomS3AutoDeleteObjectsCustomResourceProviderRole3B1BD092": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": "sts:AssumeRole", + "Effect": "Allow", + "Principal": { + "Service": "lambda.amazonaws.com", + }, + }, + ], + "Version": "2012-10-17", + }, + "ManagedPolicyArns": [ + { + "Fn::Sub": "arn:\${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole", + }, + ], + }, + "Type": "AWS::IAM::Role", + }, }, "Rules": { "CheckBootstrapVersion": { diff --git a/demos-pipeline/lib/test/build-image-data.test.ts b/demos-pipeline/lib/test/build-image-data.test.ts index 893b744..9119945 100644 --- a/demos-pipeline/lib/test/build-image-data.test.ts +++ b/demos-pipeline/lib/test/build-image-data.test.ts @@ -5,6 +5,8 @@ import { BuildImageDataStack } from "../lib/build-image-data"; describe("Build Image Data", () => { const props = { bucketName: "test-bucket", + removalPolicy: cdk.RemovalPolicy.DESTROY, + autoDeleteObjects: true, env: { account: "111111111111", region: "eu-central-1" }, };