feat(aws-kinesisstreams-kinesisfirehose-s3): added loggingBucketProps…

… and logS3AccessLogs (#493) * added loggingBucketProps and logS3AccessLogs * redeploy stack for cfn nag suppress
awslabs · Nov 8, 2021 · 85b5f7a · 85b5f7a
1 parent 0af95f5
commit 85b5f7a
Show file tree

Hide file tree

Showing 13 changed files with 651 additions and 107 deletions.
diff --git a/...terns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/README.md b/...terns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/README.md
@@ -53,6 +53,8 @@ _Parameters_
 |kinesisFirehoseProps?|[`kinesisfirehose.CfnDeliveryStreamProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-kinesisfirehose.CfnDeliveryStreamProps.html)\|`any`|Optional user provided props to override the default props for Kinesis Firehose Delivery Stream.|
 |kinesisStreamProps?|[`kinesis.StreamProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-kinesis.StreamProps.html)|Optional user-provided props to override the default props for the Kinesis stream.|
 |logGroupProps?|[`logs.LogGroupProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-logs.LogGroupProps.html)|Optional user provided props to override the default props for for the CloudWatchLogs LogGroup.|
+|loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.|
+|logS3AccessLogs?| boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true|
 
 ## Pattern Properties
 
@@ -66,6 +68,7 @@ _Parameters_
 |kinesisStreamRole|[`iam.Role`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-iam.Role.html)|Returns an instance of the iam.Role created by the construct for Kinesis stream|
 |s3Bucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.Bucket.html)|Returns an instance of s3.Bucket created by the construct|
 |s3LoggingBucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.Bucket.html)|Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket|
+|s3BucketInterface|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Returns an instance of s3.IBucket created by the construct|
 
 ## Default settings
 

diff --git a/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/lib/index.ts b/source/patterns/@aws-solutions-constructs/aws-kinesisstreams-kinesisfirehose-s3/lib/index.ts
@@ -76,6 +76,19 @@ export interface KinesisStreamsToKinesisFirehoseToS3Props {
    * @default - Default props are used
    */
   readonly logGroupProps?: logs.LogGroupProps;
+  /**
+   * Optional user provided props to override the default props for the S3 Logging Bucket.
+   *
+   * @default - Default props are used
+   */
+   readonly loggingBucketProps?: s3.BucketProps;
+   /**
+    * Whether to turn on Access Logs for the S3 bucket with the associated storage costs.
+    * Enabling Access Logging is a best practice.
+    *
+    * @default - true
+    */
+   readonly logS3AccessLogs?: boolean;
 }
 
 export class KinesisStreamsToKinesisFirehoseToS3 extends Construct {
@@ -87,6 +100,7 @@ export class KinesisStreamsToKinesisFirehoseToS3 extends Construct {
   public readonly kinesisStreamRole: iam.Role;
   public readonly s3Bucket?: s3.Bucket;
   public readonly s3LoggingBucket?: s3.Bucket;
+  public readonly s3BucketInterface: s3.IBucket;
 
   /**
    * @summary Constructs a new instance of the KinesisStreamsToKinesisFirehoseToS3 class.
@@ -100,10 +114,6 @@ export class KinesisStreamsToKinesisFirehoseToS3 extends Construct {
     super(scope, id);
     defaults.CheckProps(props);
 
-    if (props.existingBucketObj && props.bucketProps) {
-      throw new Error('Cannot specify both bucket properties and an existing bucket');
-    }
-
     // Setup the Kinesis Stream
     this.kinesisStream = defaults.buildKinesisStream(this, {
       existingStreamObj: props.existingStreamObj,
@@ -151,14 +161,17 @@ export class KinesisStreamsToKinesisFirehoseToS3 extends Construct {
       existingBucketObj: props.existingBucketObj,
       existingLoggingBucketObj: props.existingLoggingBucketObj,
       bucketProps: props.bucketProps,
-      logGroupProps: props.logGroupProps
+      logGroupProps: props.logGroupProps,
+      loggingBucketProps: props.loggingBucketProps,
+      logS3AccessLogs: props.logS3AccessLogs
     });
 
     this.kinesisFirehose = kdfToS3Construct.kinesisFirehose;
     this.kinesisFirehoseRole = kdfToS3Construct.kinesisFirehoseRole;
     this.kinesisFirehoseLogGroup = kdfToS3Construct.kinesisFirehoseLogGroup;
     this.s3Bucket = kdfToS3Construct.s3Bucket;
     this.s3LoggingBucket = kdfToS3Construct.s3LoggingBucket;
+    this.s3BucketInterface = kdfToS3Construct.s3BucketInterface;
 
     if (props.createCloudWatchAlarms === undefined || props.createCloudWatchAlarms) {
       // Deploy best practices CW Alarms for Kinesis Stream