-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathucan-invocation-stack.js
95 lines (86 loc) · 2.34 KB
/
ucan-invocation-stack.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
import {
Bucket,
KinesisStream,
} from 'sst/constructs'
import { PolicyStatement, StarPrincipal, Effect } from 'aws-cdk-lib/aws-iam'
import {
getBucketConfig,
getKinesisStreamConfig,
setupSentry
} from './config.js'
/**
* @param {import('sst/constructs').StackContext} properties
*/
export function UcanInvocationStack({ stack, app }) {
// Setup app monitoring with Sentry
setupSentry(app, stack)
const workflowBucket = new Bucket(stack, 'workflow-store', {
cors: true,
cdk: {
bucket: {
...getBucketConfig('workflow-store', app.stage),
// change the defaults accordingly to allow access via new Policy
blockPublicAccess: {
blockPublicAcls: true,
ignorePublicAcls: true,
restrictPublicBuckets: false,
blockPublicPolicy: false,
}
},
}
})
// Make bucket public for `s3:GetObject` command
workflowBucket.cdk.bucket.addToResourcePolicy(
new PolicyStatement({
actions: ['s3:GetObject'],
effect: Effect.ALLOW,
principals: [new StarPrincipal()],
resources: [workflowBucket.cdk.bucket.arnForObjects('*')],
})
)
const invocationBucket = new Bucket(stack, 'invocation-store', {
cors: true,
cdk: {
bucket: getBucketConfig('invocation-store', app.stage)
}
})
const taskBucket = new Bucket(stack, 'task-store', {
cors: true,
cdk: {
bucket: getBucketConfig('task-store', app.stage)
}
})
// TODO: keep for historical content that we might want to process
new Bucket(stack, 'ucan-store', {
cors: true,
cdk: {
bucket: getBucketConfig('ucan-store', app.stage)
}
})
// TODO: keep for historical content that we might want to process
// only needed for production
if (stack.stage === 'production' || stack.stage === 'staging') {
new KinesisStream(stack, 'ucan-stream', {
cdk: {
stream: getKinesisStreamConfig(stack)
},
})
}
// create a kinesis stream
const ucanStream = new KinesisStream(stack, 'ucan-stream-v2', {
cdk: {
stream: getKinesisStreamConfig(stack)
}
})
stack.addOutputs({
workflowBucketName: workflowBucket.bucketName,
invocationBucketName: invocationBucket.bucketName,
taskBucketName: taskBucket.bucketName
})
return {
invocationBucket,
taskBucket,
workflowBucket,
ucanStream
}
}