Minor usage imporvements!

* Adds `.DS_Store` to the `.gitignore` file - because mac * Exposes domainName and dualStackDomainName on the S3 L2 construct (because somtimes you need those) * Adds a "Canonical User Id" in the permissions lib - because there's so many ways to identify accounts! (We need it for CloudFront OAIs 🎉)
sarathkumarsivan · May 31, 2018 · eb6b5da · eb6b5da
1 parent 13d8b7f
commit eb6b5da
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
+.DS_Store
 node_modules
 lerna-debug.log
 *.js

diff --git a/packages/aws-cdk-s3/lib/bucket.ts b/packages/aws-cdk-s3/lib/bucket.ts
@@ -254,6 +254,8 @@ export interface BucketProps {
 export class Bucket extends BucketRef {
     public readonly bucketArn: s3.BucketArn;
     public readonly bucketName: BucketName;
+    public readonly domainName: s3.BucketDomainName;
+    public readonly dualstackDomainName: s3.BucketDualStackDomainName;
     public readonly encryptionKey?: kms.EncryptionKeyRef;
     protected policy?: BucketPolicy;
     protected autoCreatePolicy = true;
@@ -281,6 +283,8 @@ export class Bucket extends BucketRef {
         this.encryptionKey = encryptionKey;
         this.bucketArn = resource.bucketArn;
         this.bucketName = resource.ref;
+        this.domainName = resource.bucketDomainName;
+        this.dualstackDomainName = resource.bucketDualStackDomainName;
 
         // Add all lifecycle rules
         (props.lifecycleRules || []).forEach(this.addLifecycleRule.bind(this));

diff --git a/packages/aws-cdk/lib/cloudformation/permission.ts b/packages/aws-cdk/lib/cloudformation/permission.ts
@@ -72,6 +72,29 @@ export class ServicePrincipal extends PolicyPrincipal {
     }
 }
 
+/**
+ * A policy prinicipal for canonicalUserIds - useful for S3 bucket policies that use
+ * Origin Access identities.
+ *
+ * See https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
+ *
+ * and
+ *
+ * https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
+ *
+ * for more details.
+ *
+ */
+export class CanonicalUserPrincipal extends PolicyPrincipal {
+    constructor(public readonly canonicalUserId: any) {
+        super();
+    }
+
+    public toJson(): any {
+        return { CanonicalUser: this.canonicalUserId };
+    }
+}
+
 export class FederatedPrincipal extends PolicyPrincipal {
     constructor(public readonly federated: any) {
         super();