This repository has been archived by the owner on Apr 17, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcms.ts
88 lines (79 loc) · 2.11 KB
/
cms.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
// Import the entirety of s3 pending https://github.com/pulumi/pulumi-aws/issues/1925
import { s3 } from '@pulumi/aws';
import { Policy } from '@pulumi/aws/iam';
import {
ComponentResource,
CustomResourceOptions,
Output,
ResourceOptions,
interpolate,
} from '@pulumi/pulumi';
interface Args {
// The name of the bucket to create
name: string;
// The email address the CMS can use
fromAddress: string;
}
class CMS extends ComponentResource {
public readonly policy: Output<string>;
constructor(name: string, args: Args, opts?: CustomResourceOptions) {
super('wafflehacks:infrastructure:CMS', name, { options: opts }, opts);
const defaultResourceOptions: ResourceOptions = { parent: this };
const { name: bucketName, fromAddress } = args;
const bucket = new s3.BucketV2(
`${name}-bucket`,
{
bucket: bucketName,
},
defaultResourceOptions,
);
new s3.BucketAclV2(
`${name}-acl`,
{
bucket: bucket.id,
acl: 'private',
},
defaultResourceOptions,
);
const policy = new Policy(
`${name}-policy`,
{
policy: {
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Action: [
's3:DeleteObject',
's3:GetObject',
's3:GetObjectAcl',
's3:PutObject',
's3:PutObjectAcl',
],
Resource: [interpolate`arn:aws:s3:::${bucket.id}/*`],
},
{
Effect: 'Allow',
Action: ['s3:ListBucket'],
Resource: [interpolate`arn:aws:s3:::${bucket.id}`],
},
{
Effect: 'Allow',
Action: ['ses:SendEmail', 'ses:SendRawEmail'],
Resource: '*',
Condition: {
StringEquals: {
'ses:FromAddress': fromAddress,
},
},
},
],
},
},
defaultResourceOptions,
);
this.policy = policy.name;
this.registerOutputs();
}
}
export default CMS;