Commit f2a3166
authored
feat(s3-deployment): support securityGroups in BucketDeploymentProps (#33233)
### Issue 33229
closes #33229
### Reason for this change
The `BucketDeployment` construct in AWS CDK allows deploying assets to S3 buckets, often requiring a Lambda function to perform the deployment. Currently, users can specify a **custom VPC** via `BucketDeploymentProps`, ensuring the deployment happens within a restricted network.
However, many organizations require more granular network security control. While specifying a VPC is helpful, **allowing custom security groups** would enable teams to define specific ingress/egress rules, meeting stricter compliance and security requirements.
### Description of changes
- **Updated `BucketDeploymentProps`** to include an optional `securityGroups?: ec2.ISecurityGroup[]` property.
- **Modified `BucketDeployment` constructor** to pass `securityGroups` to the Lambda function.
- **Ensured backward compatibility** by keeping `securityGroups` optional.
- **Updated README** to include guidance on setting ``vpc``, ``vpcSubnets``, and ``securityGroups`` parameters.
- **Testing** has been implemented at a unit test and integration test level for all new logic..
- **Improved** unit testing patterns through all other unit tests in this module.
### Describe any new or updated permissions being added
N/A
### Description of how you validated changes
Added unit tests to the relevant code modules to cover feature usage.
### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)
----
*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*1 parent 9d1c05c commit f2a3166
File tree
262 files changed
+124630
-102208
lines changed- packages
- @aws-cdk-testing/framework-integ/test/aws-s3-deployment/test
- integ.bucket-deployment-big-response.js.snapshot
- asset.c11608a15785084ea1afe65826e575ee316add10c8b1bb373e93297e26aec564.bundle
- integ.bucket-deployment-cloudfront.js.snapshot
- integ.bucket-deployment-cross-nested-stack-source.js.snapshot
- asset.4cbd7cdb5600b1d8c000087fcff345214c258e0476ef89eb6b39a89b7de1b656.bundle
- asset.c11608a15785084ea1afe65826e575ee316add10c8b1bb373e93297e26aec564.bundle
- integ.bucket-deployment-cross-stack-source.js.snapshot
- asset.c11608a15785084ea1afe65826e575ee316add10c8b1bb373e93297e26aec564.bundle
- integ.bucket-deployment-cross-stack-ssm-source.js.snapshot
- asset.21409ce0b2930d62f0f9cbee71545f6a93874b6bd01a8558df7de06918b71b78
- integ.bucket-deployment-data.js.snapshot
- integ.bucket-deployment-deployed-bucket.js.snapshot
- integ.bucket-deployment-large-file.js.snapshot
- asset.c11608a15785084ea1afe65826e575ee316add10c8b1bb373e93297e26aec564.bundle
- asset.f66430ab511cde85626727255d3a6502e950329cbe6edaa364236329861fa984
- integ.bucket-deployment-loggroup.js.snapshot
- integ.bucket-deployment-security-groups-efs.js.snapshot
- asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9
- asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61
- asset.fc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222e
- integ.bucket-deployment-security-groups-empty.js.snapshot
- asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9
- asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61
- asset.fc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222e
- integ.bucket-deployment-security-groups-multiple.js.snapshot
- asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9
- asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61
- asset.fc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222e
- integ.bucket-deployment-security-groups-single.js.snapshot
- asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9
- asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61
- asset.fc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222e
- integ.bucket-deployment-signcontent.js.snapshot
- integ.bucket-deployment-substitution-with-destination-key.js.snapshot
- asset.4cbd7cdb5600b1d8c000087fcff345214c258e0476ef89eb6b39a89b7de1b656.bundle
- asset.c11608a15785084ea1afe65826e575ee316add10c8b1bb373e93297e26aec564.bundle
- integ.bucket-deployment-substitution-with-role.js.snapshot
- asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61
- integ.bucket-deployment-substitution.js.snapshot
- asset.4cbd7cdb5600b1d8c000087fcff345214c258e0476ef89eb6b39a89b7de1b656.bundle
- asset.c11608a15785084ea1afe65826e575ee316add10c8b1bb373e93297e26aec564.bundle
- integ.bucket-deployment-vpc-basic.js.snapshot
- asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9
- asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61
- asset.fc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222e
- integ.bucket-deployment-vpc-config.js.snapshot
- asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9
- asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61
- asset.fc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222e
- integ.bucket-deployment-vpc-custom-subnets.js.snapshot
- asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9
- asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61
- asset.fc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222e
- integ.bucket-deployment-vpc-efs.js.snapshot
- asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9
- asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61
- asset.fc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222e
- integ.bucket-deployment-vpc-security-groups.js.snapshot
- asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9
- asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61
- asset.fc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222e
- integ.bucket-deployment-vpc-subnet-selection.js.snapshot
- asset.3423a042b818e31c1e34a19d6689ab2e5f9b70fcbe9e71df66f241b20a200bd9
- asset.44e9c4d7a5d3fd2d677e1a7e416b2b56f6b0104bd5eff9cac5557b4c65a9dc61
- asset.fc4481abf279255619ff7418faa5d24456fef3432ea0da59c95542578ff0222e
- integ.bucket-deployment.js.snapshot
- asset.c11608a15785084ea1afe65826e575ee316add10c8b1bb373e93297e26aec564.bundle
- aws-cdk-lib/aws-s3-deployment
- lib
- test
Some content is hidden
Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.
262 files changed
+124630
-102208
lines changedSome generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.
0 commit comments