-
Notifications
You must be signed in to change notification settings - Fork 30
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Account for custom S3 compatible service
V4 Signature for AWS Custom ServiceURL and Region for S3 compatible storage other than AWS Added and used some parameters Update AWSSDK.S3 to latest version possible (see aws/aws-sdk-net#2540 (comment))
- Loading branch information
Guillaume Escarieux
committed
Feb 16, 2023
1 parent
0b7a20c
commit 6474ae1
Showing
9 changed files
with
217 additions
and
34 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
AWSTemplateFormatVersion: "2010-09-09" | ||
Parameters: | ||
GitLfsUsername: | ||
Type: String | ||
Description: Username for authenticating against Git LFS endpoint | ||
GitLfsPassword: | ||
Type: String | ||
Description: Password for authenticating against Git LFS endpoint | ||
Outputs: | ||
LfsEndpoint: | ||
Description: The Git LFS endpoint to use | ||
Value: !Sub 'https://${RestApi}.execute-api.${AWS::Region}.amazonaws.com/lfs' | ||
Resources: | ||
StorageBucket: | ||
Type: AWS::S3::Bucket | ||
DeletionPolicy: Retain | ||
RestApi: | ||
Type: AWS::ApiGateway::RestApi | ||
Properties: | ||
Body: | ||
swagger: '2.0' | ||
info: | ||
description: 'Describes a proxy to a Lambda function to sign S3 requests.' | ||
title: 'Git LFS REST API' | ||
version: '1.0.0' | ||
paths: | ||
/{proxy+}: | ||
x-amazon-apigateway-any-method: | ||
produces: | ||
- application/json | ||
parameters: | ||
- name: proxy | ||
in: path | ||
required: true | ||
type: string | ||
responses: {} | ||
x-amazon-apigateway-integration: | ||
responses: | ||
default: | ||
statusCode: 200 | ||
uri: !Sub 'arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:${SigningLambda}/invocations' | ||
passthroughBehavior: when_no_match | ||
httpMethod: POST | ||
contentHandling: CONVERT_TO_TEXT | ||
type: aws_proxy | ||
Description: Git LFS endpoint | ||
FailOnWarnings: true | ||
Name: !Ref AWS::StackName | ||
RestDeployment: | ||
Type: AWS::ApiGateway::Deployment | ||
Properties: | ||
RestApiId: !Ref RestApi | ||
StageName: lfs | ||
SigningLambda: | ||
Type: AWS::Lambda::Function | ||
Properties: | ||
Code: | ||
S3Bucket: !Sub 'ae-infrastructure-${AWS::Region}' | ||
S3Key: git-lfs/3.0.0/Estranged.Lfs.Hosting.Lambda.zip | ||
Description: Generates S3 signed URLs for Git LFS | ||
FunctionName: !Ref AWS::StackName | ||
Handler: Estranged.Lfs.Hosting.Lambda::Estranged.Lfs.Hosting.Lambda.LambdaEntryPoint::FunctionHandlerAsync | ||
MemorySize: 512 | ||
Role: !GetAtt SigningLambdaRole.Arn | ||
Runtime: dotnetcore3.1 | ||
Timeout: 30 | ||
Environment: | ||
Variables: | ||
LFS_BUCKET: !Ref StorageBucket | ||
LFS_USERNAME: !Ref GitLfsUsername | ||
LFS_PASSWORD: !Ref GitLfsPassword | ||
GITHUB_ORGANISATION: !Ref GitOrganisation | ||
GITHUB_REPOSITORY: !Ref GitHubRepositoryVariable | ||
BITBUCKET_WORKSPACE: !Ref BitBucketWorkspaceVariable | ||
BITBUCKET_REPOSITORY: !Ref BitBucketRepositoryVariable | ||
S3Region: !Ref S3_REGION | ||
S3ServiceURL: !Ref S3_SERVICE_URL | ||
S3AccessKey: !Ref S3_ACCESS_KEY | ||
S3AccessSecret: !Ref S3_ACCESS_SECRET | ||
SigningLambdaGatewayPermission: | ||
Type: AWS::Lambda::Permission | ||
Properties: | ||
Action: lambda:InvokeFunction | ||
FunctionName: !GetAtt SigningLambda.Arn | ||
Principal: apigateway.amazonaws.com | ||
SourceArn: !Sub arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${RestApi}/* | ||
SigningLambdaRole: | ||
Type: AWS::IAM::Role | ||
Properties: | ||
AssumeRolePolicyDocument: | ||
Version: "2012-10-17" | ||
Statement: | ||
- | ||
Effect: Allow | ||
Principal: | ||
Service: | ||
- lambda.amazonaws.com | ||
Action: | ||
- sts:AssumeRole | ||
ManagedPolicyArns: | ||
- arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole | ||
- arn:aws:iam::aws:policy/AmazonS3FullAccess |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters