How to use the @aws-cdk/aws-iam.CanonicalUserPrincipal function in @aws-cdk/aws-iam

To help you get started, we’ve selected a few @aws-cdk/aws-iam examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github aws / aws-cdk / packages / @aws-cdk / aws-cloudfront / lib / origin_access_identity.ts View on Github external
this.resource = new CfnCloudFrontOriginAccessIdentity(this, "Resource", {
      cloudFrontOriginAccessIdentityConfig: {
        comment: (props && props.comment) || "Allows CloudFront to reach the bucket"
      }
    });
    // physical id - OAI name
    this.originAccessIdentityName = this.getResourceNameAttribute(this.resource.ref);

    // Canonical user to whitelist in S3 Bucket Policy
    this.cloudFrontOriginAccessIdentityS3CanonicalUserId = this.resource.attrS3CanonicalUserId;
    // The principal for must be either the canonical user or a special ARN
    // with the CloudFront Origin Access Id (see `arn()` method). For
    // import/export the OAI is anyway required so the principal is constructed
    // with it. But for the normal case the S3 Canonical User as a nicer
    // interface and does not require constructing the ARN.
    this.grantPrincipal = new iam.CanonicalUserPrincipal(this.cloudFrontOriginAccessIdentityS3CanonicalUserId);
  }
}
github cloudcomponents / cdk-components / packages / cdk-static-website / src / website-bucket.ts View on Github external
websiteIndexDocument: websiteIndexDocument || 'index.html',
            websiteErrorDocument: websiteErrorDocument || 'error.html',
        });

        const originId = new CfnCloudFrontOriginAccessIdentity(
            this,
            'OriginAccessIdentity',
            {
                cloudFrontOriginAccessIdentityConfig: {
                    comment: `CloudFront OriginAccessIdentity for ${bucket.bucketName}`,
                },
            },
        );

        bucket.grantRead(
            new CanonicalUserPrincipal(originId.attrS3CanonicalUserId),
        );

        if (!disableUpload) {
            const placeHolderSource = path.join(__dirname, '..', 'website');

            new BucketDeployment(this, 'WebsiteDeployment', {
                sources: [Source.asset(source || placeHolderSource)],
                destinationBucket: bucket,
                retainOnDelete: removalPolicy === RemovalPolicy.RETAIN,
            });
        }

        this.s3OriginConfig = {
            originAccessIdentityId: originId.ref,
            s3BucketSource: bucket,
        };
github jeshan / scale-your-cloudformation / lib / cdk-stack.js View on Github external
websiteIndexDocument: 'index.html',
            websiteErrorDocument: 'error.html',
        });

        const originId = new CfnCloudFrontOriginAccessIdentity(
            this,
            'OriginAccessIdentity',
            {
                cloudFrontOriginAccessIdentityConfig: {
                    comment: `CloudFront OriginAccessIdentity for ${websiteBucket.bucketName}`,
                },
            },
        );

        websiteBucket.grantRead(
            new CanonicalUserPrincipal(originId.attrS3CanonicalUserId),
        );

        let s3OriginConfig = {
            originAccessIdentityId: originId.ref,
            s3BucketSource: websiteBucket,
        };

        const distributionConfig = {
            originConfigs: [
                {
                    s3OriginSource: {
                        ...s3OriginConfig,
                    },
                    behaviors: [{ isDefaultBehavior: true }],
                },
            ],