Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(s3-deployment): support securityGroups in BucketDeploymentProps #33233

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(s3-deployment): support securityGroups in BucketDeploymentProps #33233

wants to merge 1 commit into from
+150 −4

Conversation

drduhe
Copy link

@drduhe drduhe commented Jan 30, 2025
edited
Loading

Issue # (if applicable)

closes #33229

Reason for this change

The BucketDeployment construct in AWS CDK allows deploying assets to S3 buckets, often requiring a Lambda function to perform the deployment. Currently, users can specify a custom VPC via BucketDeploymentProps, ensuring the deployment happens within a restricted network.

However, many organizations require more granular network security control. While specifying a VPC is helpful, allowing custom security groups would enable teams to define specific ingress/egress rules, meeting stricter compliance and security requirements.

Description of changes

  • Updated BucketDeploymentProps to include an optional securityGroups?: ec2.ISecurityGroup[] property.
  • Modified BucketDeployment constructor to pass securityGroups to the Lambda function.
  • Ensured backward compatibility by keeping securityGroups optional.
  • Updated README to include guidance on setting vpc, vpcSubnets, and securityGroups parameters.

Describe any new or updated permissions being added

N/A

Description of how you validated changes

Added unit tests to the relevant code modules to cover feature usage.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@github-actions github-actions bot added beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK feature-request A feature should be added or improved. p2 labels Jan 30, 2025
@aws-cdk-automation aws-cdk-automation requested a review from a team January 30, 2025 05:51
aws-cdk-automation
aws-cdk-automation requested changes Jan 30, 2025
View reviewed changes
Copy link
Collaborator

@aws-cdk-automation aws-cdk-automation left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The pull request linter fails with the following errors:

❌ Features must contain a change to an integration test file and the resulting snapshot.

If you believe this pull request should receive an exemption, please comment and provide a justification. A comment requesting an exemption should contain the text Exemption Request. Additionally, if clarification is needed, add Clarification Request to a comment.

✅ A exemption request has been requested. Please wait for a maintainer's review.

@drduhe drduhe requested a review from a team as a code owner January 30, 2025 06:42
@drduhe drduhe force-pushed the issue/33229 branch 2 times, most recently from e9003c1 to ba8b378 Compare January 30, 2025 07:16
@drduhe
Copy link
Author

drduhe commented Jan 30, 2025
edited
Loading

Exemption Request - I don't think this requires a change to integration tests, per other similar PR guidance. There is also no integration tests for this module it seems.

@aws-cdk-automation aws-cdk-automation added pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback. pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. labels Jan 30, 2025
@drduhe drduhe force-pushed the issue/33229 branch 6 times, most recently from 8da326c to a2a7583 Compare January 30, 2025 23:19
@github-actions github-actions bot added the effort/medium Medium work item – several days of effort label Jan 30, 2025
@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
  • Commit ID: 71b57fa
  • Result: FAILED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@github-actions github-actions bot mentioned this pull request Feb 1, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wimlewis-amazon wimlewis-amazon wimlewis-amazon left review comments

@aws-cdk-automation aws-cdk-automation aws-cdk-automation requested changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK effort/medium Medium work item – several days of effort feature-request A feature should be added or improved. p2 pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. pr-linter/exemption-requested The contributor has requested an exemption to the PR Linter feedback.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

(s3-deployment): Add securityGroups to BucketDeploymentProps
3 participants
@drduhe @aws-cdk-automation @wimlewis-amazon