diff --git a/CHANGELOG.md b/CHANGELOG.md index 9d5df50..a53c774 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [4.2.1] - 2022-05-02 + +### Changed + +- A bug fix was made to update the S3 Access Log bucket to use new bucket ownership properties and policy settings rather than S3 ACLs + ## [4.2.0] - 2022-12-05 ### Added diff --git a/source/infrastructure/cdk.json b/source/infrastructure/cdk.json index 96d77a4..5922fde 100644 --- a/source/infrastructure/cdk.json +++ b/source/infrastructure/cdk.json @@ -1,6 +1,7 @@ { "app": "npx ts-node --prefer-ts-exts bin/machine-to-cloud-connectivity.ts", "context": { - "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": false + "@aws-cdk/aws-cloudfront:defaultSecurityPolicyTLSv1.2_2021": false, + "@aws-cdk/aws-s3:serverAccessLogsUseBucketPolicy": true } } diff --git a/source/infrastructure/lib/common-resource/logging-bucket.ts b/source/infrastructure/lib/common-resource/logging-bucket.ts index 21db510..ea685ba 100644 --- a/source/infrastructure/lib/common-resource/logging-bucket.ts +++ b/source/infrastructure/lib/common-resource/logging-bucket.ts @@ -3,7 +3,7 @@ import { RemovalPolicy, Aws } from 'aws-cdk-lib'; import { AnyPrincipal, Effect, PolicyStatement } from 'aws-cdk-lib/aws-iam'; -import { BlockPublicAccess, Bucket, BucketAccessControl, BucketEncryption } from 'aws-cdk-lib/aws-s3'; +import { Bucket, BucketEncryption, ObjectOwnership } from 'aws-cdk-lib/aws-s3'; import { NagSuppressions } from 'cdk-nag'; import { Construct } from 'constructs'; import { addCfnSuppressRules } from '../../utils/utils'; @@ -18,8 +18,7 @@ export class LoggingBucketConstruct extends Construct { super(scope, id); this.s3LoggingBucket = new Bucket(this, 'LogBucket', { - accessControl: BucketAccessControl.LOG_DELIVERY_WRITE, - blockPublicAccess: BlockPublicAccess.BLOCK_ALL, + objectOwnership: ObjectOwnership.OBJECT_WRITER, encryption: BucketEncryption.S3_MANAGED, removalPolicy: RemovalPolicy.RETAIN, bucketName: `${Aws.STACK_NAME}-${Aws.ACCOUNT_ID}-log` @@ -41,7 +40,8 @@ export class LoggingBucketConstruct extends Construct { // cdk-nag suppressions NagSuppressions.addResourceSuppressions(this.s3LoggingBucket, [ - { id: 'AwsSolutions-S1', reason: 'This bucket is to store S3 logs, so it does not require access logs.' } + { id: 'AwsSolutions-S1', reason: 'This bucket is to store S3 logs, so it does not require access logs.' }, + { id: 'AwsSolutions-S2', reason: 'Public Access Blocking is handled by objectOwnership' } ]); } } diff --git a/source/infrastructure/package.json b/source/infrastructure/package.json index 7a67f21..3fb1263 100644 --- a/source/infrastructure/package.json +++ b/source/infrastructure/package.json @@ -1,6 +1,6 @@ { "name": "machine-to-cloud-connectivity-infrastructure", - "version": "4.2.0", + "version": "4.2.1", "author": { "name": "Amazon Web Services", "url": "https://aws.amazon.com/solutions" diff --git a/source/infrastructure/test/__snapshots__/logging-bucket.test.ts.snap b/source/infrastructure/test/__snapshots__/logging-bucket.test.ts.snap index b0959ef..d64d6d8 100644 --- a/source/infrastructure/test/__snapshots__/logging-bucket.test.ts.snap +++ b/source/infrastructure/test/__snapshots__/logging-bucket.test.ts.snap @@ -12,6 +12,10 @@ Object { "id": "AwsSolutions-S1", "reason": "This bucket is to store S3 logs, so it does not require access logs.", }, + Object { + "id": "AwsSolutions-S2", + "reason": "Public Access Blocking is handled by objectOwnership", + }, ], }, "cfn_nag": Object { @@ -24,7 +28,6 @@ Object { }, }, "Properties": Object { - "AccessControl": "LogDeliveryWrite", "BucketEncryption": Object { "ServerSideEncryptionConfiguration": Array [ Object { @@ -49,11 +52,12 @@ Object { ], ], }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, + "OwnershipControls": Object { + "Rules": Array [ + Object { + "ObjectOwnership": "ObjectWriter", + }, + ], }, }, "Type": "AWS::S3::Bucket", diff --git a/source/infrastructure/test/__snapshots__/machine-to-cloud-connectivity.test.ts.snap b/source/infrastructure/test/__snapshots__/machine-to-cloud-connectivity.test.ts.snap index 709aa39..914e5d3 100644 --- a/source/infrastructure/test/__snapshots__/machine-to-cloud-connectivity.test.ts.snap +++ b/source/infrastructure/test/__snapshots__/machine-to-cloud-connectivity.test.ts.snap @@ -6173,6 +6173,10 @@ Object { "id": "AwsSolutions-S1", "reason": "This bucket is to store S3 logs, so it does not require access logs.", }, + Object { + "id": "AwsSolutions-S2", + "reason": "Public Access Blocking is handled by objectOwnership", + }, ], }, "cfn_nag": Object { @@ -6210,11 +6214,12 @@ Object { ], ], }, - "PublicAccessBlockConfiguration": Object { - "BlockPublicAcls": true, - "BlockPublicPolicy": true, - "IgnorePublicAcls": true, - "RestrictPublicBuckets": true, + "OwnershipControls": Object { + "Rules": Array [ + Object { + "ObjectOwnership": "ObjectWriter", + }, + ], }, }, "Type": "AWS::S3::Bucket", diff --git a/source/lambda/connection-builder/package.json b/source/lambda/connection-builder/package.json index 110211d..1960d7d 100644 --- a/source/lambda/connection-builder/package.json +++ b/source/lambda/connection-builder/package.json @@ -1,6 +1,6 @@ { "name": "connection-builder", - "version": "4.2.0", + "version": "4.2.1", "description": "The function creates a connection and deploys the connection into the Greengrass edge device.", "main": "index.js", "scripts": { diff --git a/source/lambda/custom-resource/package.json b/source/lambda/custom-resource/package.json index 9b932a9..e957ba5 100644 --- a/source/lambda/custom-resource/package.json +++ b/source/lambda/custom-resource/package.json @@ -1,6 +1,6 @@ { "name": "custom-resource", - "version": "4.2.0", + "version": "4.2.1", "description": "The solution's custom resource function", "main": "index.js", "scripts": { diff --git a/source/lambda/greengrass-deployer/package.json b/source/lambda/greengrass-deployer/package.json index 5b933ac..83a8fd1 100644 --- a/source/lambda/greengrass-deployer/package.json +++ b/source/lambda/greengrass-deployer/package.json @@ -1,6 +1,6 @@ { "name": "greengrass-deployer", - "version": "4.2.0", + "version": "4.2.1", "description": "The function deploys the Greengrass group and restarting connections.", "main": "index.js", "scripts": { diff --git a/source/lambda/lib/aws-handlers/greengrass-v2-component-builder.ts b/source/lambda/lib/aws-handlers/greengrass-v2-component-builder.ts index 45776e8..a745c96 100644 --- a/source/lambda/lib/aws-handlers/greengrass-v2-component-builder.ts +++ b/source/lambda/lib/aws-handlers/greengrass-v2-component-builder.ts @@ -26,7 +26,7 @@ const PYTHON_MODULE_VERSION = { 'OpenOPC-Python3x': '1.3.1', Pyro4: '4.81', 'python-dateutil': '2.8.1', - requests_ntlm: '1.1.0', + requests_ntlm: '1.2.0', testresources: '2.0.1', wheel: '0.37.1', 'twisted[serial]': '20.3.0', diff --git a/source/lambda/lib/package.json b/source/lambda/lib/package.json index ad44f6a..4b8ff77 100644 --- a/source/lambda/lib/package.json +++ b/source/lambda/lib/package.json @@ -1,6 +1,6 @@ { "name": "lib", - "version": "4.2.0", + "version": "4.2.1", "description": "The Lambda functions common libraries", "main": "index.js", "scripts": { diff --git a/source/lambda/sqs-message-consumer/package.json b/source/lambda/sqs-message-consumer/package.json index d3c6840..ff8ce6f 100644 --- a/source/lambda/sqs-message-consumer/package.json +++ b/source/lambda/sqs-message-consumer/package.json @@ -1,6 +1,6 @@ { "name": "sqs-message-consumer", - "version": "4.2.0", + "version": "4.2.1", "description": "It consumes the SQS queue messages from IoT topic and stores the logs into the DynamoDB table.", "main": "index.js", "scripts": { diff --git a/source/lambda/timestream-writer/package.json b/source/lambda/timestream-writer/package.json index f395c31..da756a1 100644 --- a/source/lambda/timestream-writer/package.json +++ b/source/lambda/timestream-writer/package.json @@ -1,6 +1,6 @@ { "name": "timestream-writer", - "version": "4.2.0", + "version": "4.2.1", "description": "It consumes the Kinesis Data Stream data and store the data into Amazon Timestream table.", "main": "index.js", "scripts": { diff --git a/source/machine_connector/m2c2_modbus_tcp_connector/requirements.txt b/source/machine_connector/m2c2_modbus_tcp_connector/requirements.txt index 78ecd96..be6b863 100644 --- a/source/machine_connector/m2c2_modbus_tcp_connector/requirements.txt +++ b/source/machine_connector/m2c2_modbus_tcp_connector/requirements.txt @@ -4,5 +4,5 @@ pyserial>=3.5 pyserial-asyncio==0.6 greengrasssdk==1.6.0 backoff==2.2.1 -awsiotsdk==1.11.1 +awsiotsdk==1.13.0 dateutil==1.4 \ No newline at end of file diff --git a/source/machine_connector/m2c2_opcda_connector/requirements.txt b/source/machine_connector/m2c2_opcda_connector/requirements.txt index 96381fb..c4f7970 100644 --- a/source/machine_connector/m2c2_opcda_connector/requirements.txt +++ b/source/machine_connector/m2c2_opcda_connector/requirements.txt @@ -3,4 +3,4 @@ Pyro4==4.81 OpenOPC-Python3x==1.3.1 python-dateutil==2.8.1 backoff==2.2.1 -awsiotsdk==1.11.1 \ No newline at end of file +awsiotsdk==1.13.0 \ No newline at end of file diff --git a/source/machine_connector/m2c2_osipi_connector/requirements.txt b/source/machine_connector/m2c2_osipi_connector/requirements.txt index cc2ff85..9ecddc8 100644 --- a/source/machine_connector/m2c2_osipi_connector/requirements.txt +++ b/source/machine_connector/m2c2_osipi_connector/requirements.txt @@ -1,6 +1,6 @@ git+https://github.com/dcbark01/PI-Web-API-Client-Python.git@b620f72f2d2551632f406df44bd409f5cc305055 -requests_ntlm == 1.1.0 +requests_ntlm == 1.2.0 greengrasssdk==1.6.0 backoff==2.2.1 -awsiotsdk==1.11.1 \ No newline at end of file +awsiotsdk==1.13.0 \ No newline at end of file diff --git a/source/machine_connector/m2c2_publisher/requirements.txt b/source/machine_connector/m2c2_publisher/requirements.txt index b1304b2..8d7f043 100644 --- a/source/machine_connector/m2c2_publisher/requirements.txt +++ b/source/machine_connector/m2c2_publisher/requirements.txt @@ -1,4 +1,4 @@ greengrasssdk==1.6.0 python-dateutil==2.8.1 backoff==2.2.1 -awsiotsdk==1.11.3 \ No newline at end of file +awsiotsdk==1.13.0 \ No newline at end of file diff --git a/source/machine_connector/requirements_dev.txt b/source/machine_connector/requirements_dev.txt index ac30c81..ec7240c 100644 --- a/source/machine_connector/requirements_dev.txt +++ b/source/machine_connector/requirements_dev.txt @@ -3,11 +3,11 @@ pytest==7.2.0 pytest-cov==4.0.0 pytest-mock==3.10.0 python-dateutil==2.8.1 -awsiotsdk==1.11.1 +awsiotsdk==1.13.0 greengrasssdk==1.6.0 Pyro4==4.81 OpenOPC-Python3x==1.3.1 git+https://github.com/dcbark01/PI-Web-API-Client-Python.git@b620f72f2d2551632f406df44bd409f5cc305055 -requests_ntlm == 1.1.0 \ No newline at end of file +requests_ntlm == 1.2.0 \ No newline at end of file diff --git a/source/machine_connector/utils/__init__.py b/source/machine_connector/utils/__init__.py index fdbcc9a..d0d7b99 100644 --- a/source/machine_connector/utils/__init__.py +++ b/source/machine_connector/utils/__init__.py @@ -6,4 +6,4 @@ from .stream_manager_helper import StreamManagerHelperClient from .init_msg_metadata import InitMessage -__version__ = "4.2.0" +__version__ = "4.2.1" diff --git a/source/machine_connector/utils/requirements.txt b/source/machine_connector/utils/requirements.txt index c24ef1f..52cd785 100644 --- a/source/machine_connector/utils/requirements.txt +++ b/source/machine_connector/utils/requirements.txt @@ -1,3 +1,3 @@ backoff==2.2.1 -awsiotsdk==1.11.1 +awsiotsdk==1.13.0 greengrasssdk==1.6.1 \ No newline at end of file diff --git a/source/package.json b/source/package.json index 5f89d55..3f6346a 100644 --- a/source/package.json +++ b/source/package.json @@ -1,6 +1,6 @@ { "name": "machine-to-cloud-connectivity-framework-source", - "version": "4.2.0", + "version": "4.2.1", "description": "Machine to Cloud Connectivity Framework ESLint and prettier", "private": true, "license": "Apache-2.0", @@ -23,7 +23,7 @@ "eslint-config-react-app": "^7.0.0", "eslint-plugin-header": "^3.1.1", "eslint-plugin-import": "^2.25.4", - "eslint-plugin-jsdoc": "^38.0.6", + "eslint-plugin-jsdoc": "^43.1.1", "eslint-plugin-node": "^11.1.0", "eslint-plugin-prettier": "^4.0.0", "eslint-plugin-react": "^7.29.4", @@ -31,4 +31,4 @@ "prettier": "^2.6.1", "typescript": "~4.6.3" } -} \ No newline at end of file +} diff --git a/source/ui/package.json b/source/ui/package.json index 110e18e..813b781 100644 --- a/source/ui/package.json +++ b/source/ui/package.json @@ -6,7 +6,7 @@ "name": "Amazon Web Services", "url": "https://aws.amazon.com/solutions" }, - "version": "4.2.0", + "version": "4.2.1", "private": true, "devDependencies": { "@aws-amplify/api": "4.0.40",