|
7 | 7 | RemovalPolicy, |
8 | 8 | Stack, |
9 | 9 | aws_certificatemanager, |
10 | | - aws_cloudfront, |
11 | | - aws_cloudfront_origins, |
12 | 10 | aws_ec2, |
13 | 11 | aws_iam, |
14 | 12 | aws_lambda, |
15 | 13 | aws_rds, |
16 | | - aws_route53, |
17 | | - aws_route53_targets, |
18 | 14 | aws_s3, |
19 | 15 | ) |
20 | 16 | from aws_cdk.aws_apigateway import DomainNameOptions |
@@ -126,7 +122,7 @@ def __init__( |
126 | 122 | "context": True, |
127 | 123 | "mosaic_index": True, |
128 | 124 | }, |
129 | | - pgstac_version="0.9.3", |
| 125 | + pgstac_version="0.9.2", |
130 | 126 | ) |
131 | 127 |
|
132 | 128 | # allow connections from any ipv4 to pgbouncer instance security group |
@@ -356,90 +352,29 @@ def __init__( |
356 | 352 | ) |
357 | 353 |
|
358 | 354 | if app_config.stac_browser_version: |
359 | | - if not ( |
360 | | - app_config.hosted_zone_id |
361 | | - and app_config.hosted_zone_name |
362 | | - and app_config.stac_browser_custom_domain |
363 | | - and app_config.stac_browser_certificate_arn |
364 | | - ): |
365 | | - raise ValueError( |
366 | | - "to deploy STAC browser you must provide config parameters for hosted_zone_id and stac_browser_custom_domain and stac_browser_certificate_arn" |
367 | | - ) |
368 | | - |
369 | 355 | stac_browser_bucket = aws_s3.Bucket( |
370 | 356 | self, |
371 | 357 | "stac-browser-bucket", |
372 | 358 | bucket_name=app_config.build_service_name("stac-browser"), |
373 | 359 | removal_policy=RemovalPolicy.DESTROY, |
374 | 360 | auto_delete_objects=True, |
375 | | - block_public_access=aws_s3.BlockPublicAccess.BLOCK_ALL, |
376 | | - enforce_ssl=True, |
377 | | - ) |
378 | | - |
379 | | - distribution = aws_cloudfront.Distribution( |
380 | | - self, |
381 | | - "stac-browser-distribution", |
382 | | - default_behavior=aws_cloudfront.BehaviorOptions( |
383 | | - origin=aws_cloudfront_origins.S3Origin(stac_browser_bucket), |
384 | | - viewer_protocol_policy=aws_cloudfront.ViewerProtocolPolicy.REDIRECT_TO_HTTPS, |
385 | | - allowed_methods=aws_cloudfront.AllowedMethods.ALLOW_GET_HEAD, |
386 | | - cached_methods=aws_cloudfront.CachedMethods.CACHE_GET_HEAD, |
387 | | - ), |
388 | | - default_root_object="index.html", |
389 | | - error_responses=[ |
390 | | - aws_cloudfront.ErrorResponse( |
391 | | - http_status=404, |
392 | | - response_http_status=200, |
393 | | - response_page_path="/index.html", |
394 | | - ) |
395 | | - ], |
396 | | - certificate=aws_certificatemanager.Certificate.from_certificate_arn( |
397 | | - self, |
398 | | - "stac-browser-certificate", |
399 | | - app_config.stac_browser_certificate_arn, |
400 | | - ), |
401 | | - domain_names=[app_config.stac_browser_custom_domain], |
402 | | - ) |
403 | | - |
404 | | - account_id = Stack.of(self).account |
405 | | - distribution_arn = f"arn:aws:cloudfront::${account_id}:distribution/${distribution.distribution_id}" |
406 | | - |
407 | | - stac_browser_bucket.add_to_resource_policy( |
408 | | - aws_iam.PolicyStatement( |
409 | | - actions=["s3:GetObject"], |
410 | | - resources=[stac_browser_bucket.arn_for_objects("*")], |
411 | | - principals=[aws_iam.ServicePrincipal("cloudfront.amazonaws.com")], |
412 | | - conditions={"StringEquals": {"AWS:SourceArn": distribution_arn}}, |
413 | | - ) |
414 | | - ) |
415 | | - |
416 | | - hosted_zone = aws_route53.HostedZone.from_hosted_zone_attributes( |
417 | | - self, |
418 | | - "stac-browser-hosted-zone", |
419 | | - hosted_zone_id=app_config.hosted_zone_id, |
420 | | - zone_name=app_config.hosted_zone_name, |
421 | | - ) |
422 | | - |
423 | | - aws_route53.ARecord( |
424 | | - self, |
425 | | - "stac-browser-alias", |
426 | | - zone=hosted_zone, |
427 | | - target=aws_route53.RecordTarget.from_alias( |
428 | | - aws_route53_targets.CloudFrontTarget(distribution) |
| 361 | + website_index_document="index.html", |
| 362 | + public_read_access=True, |
| 363 | + block_public_access=aws_s3.BlockPublicAccess( |
| 364 | + block_public_acls=False, |
| 365 | + block_public_policy=False, |
| 366 | + ignore_public_acls=False, |
| 367 | + restrict_public_buckets=False, |
429 | 368 | ), |
430 | | - record_name=app_config.stac_browser_custom_domain, |
| 369 | + object_ownership=aws_s3.ObjectOwnership.OBJECT_WRITER, |
431 | 370 | ) |
432 | | - |
433 | 371 | StacBrowser( |
434 | 372 | self, |
435 | 373 | "stac-browser", |
436 | 374 | github_repo_tag=app_config.stac_browser_version, |
437 | 375 | stac_catalog_url=f"https://{app_config.stac_api_custom_domain}", |
438 | 376 | website_index_document="index.html", |
439 | 377 | bucket_arn=stac_browser_bucket.bucket_arn, |
440 | | - config_file_path=os.path.join( |
441 | | - os.path.abspath(context_dir), "browser_config.js" |
442 | | - ), |
443 | 378 | ) |
444 | 379 |
|
445 | 380 | def _create_data_access_role(self) -> aws_iam.Role: |
|
0 commit comments