Skip to content

Commit

Permalink
fix: generate suffix as secret
Browse files Browse the repository at this point in the history
  • Loading branch information
@LoneRifle
LoneRifle committed Aug 20, 2024
1 parent d607586 commit b78bf8e
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 24 deletions.
19 changes: 14 additions & 5 deletions lib/formsg-on-cdk-stack.ts
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,13 @@
import * as cdk from 'aws-cdk-lib'
import { Construct } from 'constructs'
import { customAlphabet } from 'nanoid'

import * as ecs from 'aws-cdk-lib/aws-ecs'
import * as ecsPatterns from 'aws-cdk-lib/aws-ecs-patterns'
import * as ec2 from 'aws-cdk-lib/aws-ec2'
import { ApplicationLoadBalancer, ApplicationProtocol } from 'aws-cdk-lib/aws-elasticloadbalancingv2'
import { ApplicationLoadBalancer } from 'aws-cdk-lib/aws-elasticloadbalancingv2'
import { Secret } from 'aws-cdk-lib/aws-secretsmanager'
import { PolicyStatement } from 'aws-cdk-lib/aws-iam'
import { AllowedMethods, CacheCookieBehavior, CacheHeaderBehavior, CachePolicy, CacheQueryStringBehavior, Distribution, OriginProtocolPolicy, OriginRequestPolicy } from 'aws-cdk-lib/aws-cloudfront'
import { AllowedMethods, CachePolicy, Distribution, OriginProtocolPolicy, OriginRequestPolicy } from 'aws-cdk-lib/aws-cloudfront'
import { LoadBalancerV2Origin } from 'aws-cdk-lib/aws-cloudfront-origins'

import { FormsgS3Buckets } from './constructs/s3'
Expand Down Expand Up @@ -176,8 +175,18 @@ export class FormsgOnCdkStack extends cdk.Stack {
const distributionUrl = `https://${cloudFront.distributionDomainName}`

// Create S3 buckets
const nanoid = customAlphabet('abcdefghijklmnopqrstuvwxyz0123456789', 6)
const s3Suffix = nanoid()
const s3SuffixSecret = new Secret(this, 's3-suffix-secret', {
secretName: 's3-suffix-secret',
removalPolicy: cdk.RemovalPolicy.DESTROY,
generateSecretString: {
excludePunctuation: true,
excludeUppercase: true,
excludeCharacters: "/¥'%:{}-_[]()",
passwordLength: 6,
},
})

const s3Suffix = s3SuffixSecret.secretValue.unsafeUnwrap()
const s3Buckets = new FormsgS3Buckets(this, { s3Suffix, origin: distributionUrl })

const environment = {
Expand Down
18 changes: 0 additions & 18 deletions package-lock.json
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 0 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@
"aws-cdk-lib": "^2.147.1",
"cdk-ecr-deployment": "^3.0.80",
"constructs": "^10.0.0",
"nanoid": "^3.3.7",
"source-map-support": "^0.5.21"
}
}

0 comments on commit b78bf8e

Please sign in to comment.