From a98eac197725eecebd4a5cc1c7d7a8149de1777a Mon Sep 17 00:00:00 2001 From: Alan Shaw Date: Tue, 1 Oct 2024 13:16:49 +0100 Subject: [PATCH] fix: bucket permissions --- stacks/psa-stack.js | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/stacks/psa-stack.js b/stacks/psa-stack.js index 8ec7ebdf..ebb0929d 100644 --- a/stacks/psa-stack.js +++ b/stacks/psa-stack.js @@ -3,6 +3,8 @@ * to CAR files the complete DAGs are stored in. */ import { Function } from 'sst/constructs' +import { Bucket } from 'aws-cdk-lib/aws-s3' +import { getBucketName } from './config.js' /** @param {import('sst/constructs').StackContext} context */ export function PSAStack ({ stack }) { @@ -25,22 +27,31 @@ export function PSAStack ({ stack }) { } }) + const buckets = [] + if (process.env.S3_DOTSTORAGE_0_BUCKET_ARN) { + buckets.push(Bucket.fromBucketArn(stack, 'dotstorage-0', process.env.S3_DOTSTORAGE_0_BUCKET_ARN)) + } + if (process.env.S3_DOTSTORAGE_1_BUCKET_ARN) { + buckets.push(Bucket.fromBucketArn(stack, 'dotstorage-1', process.env.S3_DOTSTORAGE_1_BUCKET_ARN)) + } + if (process.env.S3_PICKUP_BUCKET_ARN) { + buckets.push(Bucket.fromBucketArn(stack, 'pickup', process.env.S3_PICKUP_BUCKET_ARN)) + } + const hashFunction = new Function(stack, 'hash', { handler: 'psa/functions/hash.handler', url: { cors: true, authorizer: 'none' }, memorySize: '4 GB', - timeout: '15 minutes' + timeout: '15 minutes', + permissions: buckets }) - hashFunction.attachPermissions(['s3:HeadObject', 's3:GetObject']) - const downloadFunction = new Function(stack, 'download', { handler: 'psa/functions/download.handler', - url: { cors: true, authorizer: 'none' } + url: { cors: true, authorizer: 'none' }, + permissions: buckets }) - downloadFunction.attachPermissions(['s3:HeadObject', 's3:GetObject']) - stack.addOutputs({ hashFunctionURL: hashFunction.url, downloadFunctionURL: downloadFunction.url,