-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathdaily-recordings-bucket-stack.ts
72 lines (63 loc) · 2 KB
/
daily-recordings-bucket-stack.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
import {
CfnOutput,
Stack,
StackProps,
Duration,
aws_s3,
aws_iam,
} from "aws-cdk-lib";
import { Construct } from "constructs";
export class DailyRecordingBucket extends Stack {
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
const bucketName = this.node.tryGetContext("s3bucketName");
const recordingsBucket = new aws_s3.Bucket(this, "DailyS3Bucket", {
bucketName: bucketName,
encryption: aws_s3.BucketEncryption.S3_MANAGED,
versioned: true,
});
const dailySubdomain = this.node.tryGetContext("dailySubdomain");
const dailyRole = new aws_iam.Role(this, "dailyRole", {
description: "Role allowing Daily to record to bucket",
maxSessionDuration: Duration.hours(12),
assumedBy: new aws_iam.AccountPrincipal("291871421005"),
externalIds: [dailySubdomain],
});
dailyRole.addToPolicy(
new aws_iam.PolicyStatement({
effect: aws_iam.Effect.ALLOW,
actions: [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucketMultipartUploads",
"s3:AbortMultipartUpload",
"s3:ListBucketVersions",
"s3:ListBucket",
"s3:GetObjectVersion",
"s3:ListMultipartUploadParts",
],
// Connects the bucket to the role
resources: [
recordingsBucket.bucketArn,
recordingsBucket.arnForObjects("*"),
],
})
);
// Outputs are defined below:
new CfnOutput(this, "bucketName", {
value: recordingsBucket.bucketName,
description: "Name of S3 bucket",
exportName: `${dailySubdomain}-bucketName`,
});
new CfnOutput(this, "bucketRegion", {
value: this.region,
description: "Region where S3 bucket is located",
exportName: `${dailySubdomain}-bucketRegion`,
});
new CfnOutput(this, "roleArn", {
value: dailyRole.roleArn,
description: "ARN of IAM role for Daily to assume",
exportName: `${dailySubdomain}-roleArn`,
});
}
}