From 3ee6fa0a5f4e730e48248f863bf03a522bcd872d Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 10:52:08 +0000 Subject: [PATCH 01/17] feat: use DNS certificate if available for staging and production --- serverless.yml | 54 +++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/serverless.yml b/serverless.yml index 5cb29c4..f027112 100644 --- a/serverless.yml +++ b/serverless.yml @@ -80,6 +80,9 @@ custom: ses: region: ${self:provider.environment.SES_REGION, self:provider.region} + frontendUrlWithoutHttps: ${self:provider.environment.FRONTEND_URL.replace("https://", "")} + backendUrlWithoutHttps: ${self:provider.environment.BACKEND_URL.replace("https://", "")} + package: individually: true excludeDevDependencies: true @@ -250,7 +253,39 @@ functions: - 'packages/alexa' resources: + Conditions: + IsProductionOrStaging: + Fn::Or: + - Fn::Equals: [${self:custom.stage}, production] + - Fn::Equals: [${self:custom.stage}, staging] + Resources: + FrontendDNSCertificate: + Type: AWS::CertificateManager::Certificate + Condition: IsProductionOrStaging + Properties: + DomainName: ${self:custom.frontendUrlWithoutHttps} + ValidationMethod: DNS + DomainValidationOptions: + - DomainName: ${self:custom.frontendUrlWithoutHttps} + HostedZoneId: ${self:provider.environment.HOSTED_ZONE_ID} + Tags: + - Key: Name + Value: FrontendDNSCertificate-${self:custom.stage} + + BackendDNSCertificate: + Type: AWS::CertificateManager::Certificate + Condition: IsProductionOrStaging + Properties: + DomainName: ${self:custom.backendUrlWithoutHttps} + ValidationMethod: DNS + DomainValidationOptions: + - DomainName: ${self:custom.backendUrlWithoutHttps} + HostedZoneId: ${self:provider.environment.HOSTED_ZONE_ID} + Tags: + - Key: Name + Value: BackendDNSCertificate-${self:custom.stage} + UserTable: Type: 'AWS::DynamoDB::Table' DeletionPolicy: Delete @@ -370,7 +405,6 @@ resources: Properties: DistributionConfig: PriceClass: PriceClass_100 - #CNAMEs: [ ${self:provider.environment.PRODUCTION_FE_URL} ] IPV6Enabled: true Enabled: true Comment: Frontend @@ -401,6 +435,15 @@ resources: ViewerProtocolPolicy: redirect-to-https ForwardedValues: QueryString: true + Aliases: + - ${self:provider.environment.FRONTEND_URL} + ViewerCertificate: + Fn::If: + - IsProductionOrStaging + - AcmCertificateArn: !Ref FrontendDNSCertificate + SslSupportMethod: sni-only + MinimumProtocolVersion: TLSv1.2_2018 + - Ref: AWS::NoValue BackendDistribution: Type: AWS::CloudFront::Distribution @@ -433,6 +476,15 @@ resources: ViewerProtocolPolicy: redirect-to-https ForwardedValues: QueryString: true + Aliases: + - ${self:provider.environment.BACKEND_URL} + ViewerCertificate: + Fn::If: + - IsProductionOrStaging + - AcmCertificateArn: !Ref BackendDNSCertificate + SslSupportMethod: sni-only + MinimumProtocolVersion: TLSv1.2_2018 + - Ref: AWS::NoValue OAC: Type: AWS::CloudFront::OriginAccessControl From f95bfd72b2466990efddce8ea68e2f616b58a619 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 11:53:53 +0100 Subject: [PATCH 02/17] fix: enable deployment for test --- .github/workflows/merge-to-master.yml | 1 + serverless.yml | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/merge-to-master.yml b/.github/workflows/merge-to-master.yml index d9b15fb..219ba7e 100644 --- a/.github/workflows/merge-to-master.yml +++ b/.github/workflows/merge-to-master.yml @@ -7,6 +7,7 @@ on: push: branches: - 'main' + - 'timbru31-patch-1' jobs: install: diff --git a/serverless.yml b/serverless.yml index f027112..9071a26 100644 --- a/serverless.yml +++ b/serverless.yml @@ -450,7 +450,6 @@ resources: Properties: DistributionConfig: PriceClass: PriceClass_100 - #CNAMEs: [ ${self:provider.environment.PRODUCTION_FE_URL} ] IPV6Enabled: true Enabled: true Comment: Backend From d07bd66bcda6255171d70f378b790bb5d443f3dc Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 12:14:59 +0100 Subject: [PATCH 03/17] fix: yml parsing --- serverless.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/serverless.yml b/serverless.yml index 9071a26..f21193e 100644 --- a/serverless.yml +++ b/serverless.yml @@ -256,8 +256,12 @@ resources: Conditions: IsProductionOrStaging: Fn::Or: - - Fn::Equals: [${self:custom.stage}, production] - - Fn::Equals: [${self:custom.stage}, staging] + - Fn::Equals: + - ${self:custom.stage} + - production + - Fn::Equals: + - ${self:custom.stage} + - staging Resources: FrontendDNSCertificate: From c405d1b4fc33855883effe6c8c87b5ac1da08907 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 12:29:06 +0100 Subject: [PATCH 04/17] fix: replacing --- .github/workflows/reusable-deploy-job.yml | 5 +++++ serverless.yml | 11 ++++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/.github/workflows/reusable-deploy-job.yml b/.github/workflows/reusable-deploy-job.yml index a59aa33..6f7176e 100644 --- a/.github/workflows/reusable-deploy-job.yml +++ b/.github/workflows/reusable-deploy-job.yml @@ -78,6 +78,11 @@ jobs: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-deploy-user role-session-name: github-deployment + - name: Set environment variables without https + run: | + echo "FRONTEND_URL_WITHOUT_HTTPS=$(echo ${{ secrets.FRONTEND_URL }} | sed 's/^https:\/\///')" >> $GITHUB_ENV + echo "BACKEND_URL_WITHOUT_HTTPS=$(echo ${{ secrets.BACKEND_URL }} | sed 's/^https:\/\///')" >> $GITHUB_ENV + - name: Deploy Frontend run: serverless s3sync bucket --bucket ${{ secrets.COMPANY_ABBREVIATION }}-lara-frontend-${{ inputs.target }} diff --git a/serverless.yml b/serverless.yml index f21193e..4ea4271 100644 --- a/serverless.yml +++ b/serverless.yml @@ -80,9 +80,6 @@ custom: ses: region: ${self:provider.environment.SES_REGION, self:provider.region} - frontendUrlWithoutHttps: ${self:provider.environment.FRONTEND_URL.replace("https://", "")} - backendUrlWithoutHttps: ${self:provider.environment.BACKEND_URL.replace("https://", "")} - package: individually: true excludeDevDependencies: true @@ -268,10 +265,10 @@ resources: Type: AWS::CertificateManager::Certificate Condition: IsProductionOrStaging Properties: - DomainName: ${self:custom.frontendUrlWithoutHttps} + DomainName: ${self:custom.FRONTEND_URL_WITHOUT_HTTPS} ValidationMethod: DNS DomainValidationOptions: - - DomainName: ${self:custom.frontendUrlWithoutHttps} + - DomainName: ${self:custom.FRONTEND_URL_WITHOUT_HTTPS} HostedZoneId: ${self:provider.environment.HOSTED_ZONE_ID} Tags: - Key: Name @@ -281,10 +278,10 @@ resources: Type: AWS::CertificateManager::Certificate Condition: IsProductionOrStaging Properties: - DomainName: ${self:custom.backendUrlWithoutHttps} + DomainName: ${self:custom.BACKEND_URL_WITHOUT_HTTPS} ValidationMethod: DNS DomainValidationOptions: - - DomainName: ${self:custom.backendUrlWithoutHttps} + - DomainName: ${self:custom.BACKEND_URL_WITHOUT_HTTPS} HostedZoneId: ${self:provider.environment.HOSTED_ZONE_ID} Tags: - Key: Name From ad2e400b72decb89fab89403b73954519daf6a38 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 13:20:10 +0100 Subject: [PATCH 05/17] fix: env vars --- serverless.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/serverless.yml b/serverless.yml index 4ea4271..9a6bf55 100644 --- a/serverless.yml +++ b/serverless.yml @@ -265,10 +265,10 @@ resources: Type: AWS::CertificateManager::Certificate Condition: IsProductionOrStaging Properties: - DomainName: ${self:custom.FRONTEND_URL_WITHOUT_HTTPS} + DomainName: ${self:provider.environment.FRONTEND_URL_WITHOUT_HTTPS} ValidationMethod: DNS DomainValidationOptions: - - DomainName: ${self:custom.FRONTEND_URL_WITHOUT_HTTPS} + - DomainName: ${self:provider.environment.FRONTEND_URL_WITHOUT_HTTPS} HostedZoneId: ${self:provider.environment.HOSTED_ZONE_ID} Tags: - Key: Name @@ -278,10 +278,10 @@ resources: Type: AWS::CertificateManager::Certificate Condition: IsProductionOrStaging Properties: - DomainName: ${self:custom.BACKEND_URL_WITHOUT_HTTPS} + DomainName: ${self:provider.environment.BACKEND_URL_WITHOUT_HTTPS} ValidationMethod: DNS DomainValidationOptions: - - DomainName: ${self:custom.BACKEND_URL_WITHOUT_HTTPS} + - DomainName: ${self:provider.environment.BACKEND_URL_WITHOUT_HTTPS} HostedZoneId: ${self:provider.environment.HOSTED_ZONE_ID} Tags: - Key: Name From 98f8e7dd29b910210baecc7ff231509b83e794c2 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 13:30:44 +0100 Subject: [PATCH 06/17] fix: vars --- serverless.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/serverless.yml b/serverless.yml index 9a6bf55..f9c26db 100644 --- a/serverless.yml +++ b/serverless.yml @@ -265,11 +265,11 @@ resources: Type: AWS::CertificateManager::Certificate Condition: IsProductionOrStaging Properties: - DomainName: ${self:provider.environment.FRONTEND_URL_WITHOUT_HTTPS} + DomainName: ${env:FRONTEND_URL_WITHOUT_HTTPS} ValidationMethod: DNS DomainValidationOptions: - - DomainName: ${self:provider.environment.FRONTEND_URL_WITHOUT_HTTPS} - HostedZoneId: ${self:provider.environment.HOSTED_ZONE_ID} + - DomainName: ${env:FRONTEND_URL_WITHOUT_HTTPS} + HostedZoneId: ${env:HOSTED_ZONE_ID} Tags: - Key: Name Value: FrontendDNSCertificate-${self:custom.stage} @@ -278,11 +278,11 @@ resources: Type: AWS::CertificateManager::Certificate Condition: IsProductionOrStaging Properties: - DomainName: ${self:provider.environment.BACKEND_URL_WITHOUT_HTTPS} + DomainName: ${env:BACKEND_URL_WITHOUT_HTTPS} ValidationMethod: DNS DomainValidationOptions: - - DomainName: ${self:provider.environment.BACKEND_URL_WITHOUT_HTTPS} - HostedZoneId: ${self:provider.environment.HOSTED_ZONE_ID} + - DomainName: ${env:BACKEND_URL_WITHOUT_HTTPS} + HostedZoneId: ${env:HOSTED_ZONE_ID} Tags: - Key: Name Value: BackendDNSCertificate-${self:custom.stage} From 0ac1682edd228b595e8e3cd28bdcf7cc471432c5 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 14:15:21 +0100 Subject: [PATCH 07/17] fix: adds hosted zone id var --- .github/workflows/reusable-deploy-job.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/reusable-deploy-job.yml b/.github/workflows/reusable-deploy-job.yml index 6f7176e..f73794d 100644 --- a/.github/workflows/reusable-deploy-job.yml +++ b/.github/workflows/reusable-deploy-job.yml @@ -47,6 +47,7 @@ jobs: SES_REGION: ${{ secrets.SES_REGION }} FRONTEND_URL: ${{ secrets.FRONTEND_URL }} BACKEND_URL: ${{ secrets.BACKEND_URL }} + HOSTED_ZONE_ID: ${{ secrets.HOSTED_ZONE_ID }} steps: - uses: actions/checkout@v4 From e39f9afbfb67c3b5114ae45ba691112dcec507d9 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 19:56:28 +0100 Subject: [PATCH 08/17] fix: create ACM in us-east-1, save arn --- packages/create-acm/package.json | 16 ++ packages/create-acm/src/handler.ts | 44 ++++ packages/create-acm/tsconfig.json | 17 ++ serverless.yml | 71 +++-- yarn.lock | 406 ++++++++++++++++++++++++++++- 5 files changed, 525 insertions(+), 29 deletions(-) create mode 100644 packages/create-acm/package.json create mode 100644 packages/create-acm/src/handler.ts create mode 100644 packages/create-acm/tsconfig.json diff --git a/packages/create-acm/package.json b/packages/create-acm/package.json new file mode 100644 index 0000000..13cacb3 --- /dev/null +++ b/packages/create-acm/package.json @@ -0,0 +1,16 @@ +{ + "name": "@lara/create-acm", + "version": "1.0.0", + "private": true, + "description": "", + "keywords": [], + "license": "MIT", + "author": "", + "scripts": {}, + "devDependencies": { + "@types/aws-lambda": "^8.10.146" + }, + "dependencies": { + "@aws-sdk/client-acm": "^3.713.0" + } +} diff --git a/packages/create-acm/src/handler.ts b/packages/create-acm/src/handler.ts new file mode 100644 index 0000000..ec7bb9e --- /dev/null +++ b/packages/create-acm/src/handler.ts @@ -0,0 +1,44 @@ +import { ACMClient, RequestCertificateCommand } from '@aws-sdk/client-acm' + +exports.handler = async (event: { + ResourceProperties: { + Region: string + DomainName: string + } +}) => { + const region = event.ResourceProperties.Region + const domainName = event.ResourceProperties.DomainName + + const acmClient = new ACMClient({ region: region }) + + try { + const command = new RequestCertificateCommand({ + DomainName: domainName, + ValidationMethod: 'DNS', + DomainValidationOptions: [ + { + DomainName: domainName, + ValidationDomain: domainName, + }, + ], + }) + + const certResponse = await acmClient.send(command) + + const certificateArn = certResponse.CertificateArn + + return { + Status: 'SUCCESS', + PhysicalResourceId: certificateArn, + Data: { + CertificateArn: certificateArn, + }, + } + } catch (error) { + console.log('Error requesting certificate:', error) + return { + Status: 'FAILED', + Reason: (error as Error).message, + } + } +} diff --git a/packages/create-acm/tsconfig.json b/packages/create-acm/tsconfig.json new file mode 100644 index 0000000..6e6cefd --- /dev/null +++ b/packages/create-acm/tsconfig.json @@ -0,0 +1,17 @@ +{ + "extends": "../../tsconfig.settings.json", + "compilerOptions": { + "keyofStringsOnly": false, + "baseUrl": ".", + "outDir": "lib", + "rootDir": "src", + "strictNullChecks": true, + "experimentalDecorators": true, + "esModuleInterop": true, + "module": "CommonJS", + "resolveJsonModule": true, + "sourceMap": false, + "inlineSources": false + }, + "include": ["src/**/*"] +} diff --git a/serverless.yml b/serverless.yml index f9c26db..0e9b9df 100644 --- a/serverless.yml +++ b/serverless.yml @@ -249,6 +249,23 @@ functions: - '.' - 'packages/alexa' + createACMInUSEast: + handler: packages/create-acm/lib/handler.handler + package: + include: + - 'packages/create-acm/**' + environment: + AWS_REGION: us-east-1 + + iamRoleStatements: + - Effect: Allow + Action: + - 'acm:RequestCertificate' + - 'acm:DescribeCertificate' + - 'route53:ListHostedZones' + - 'route53:ChangeResourceRecordSets' + Resource: '*' + resources: Conditions: IsProductionOrStaging: @@ -261,32 +278,6 @@ resources: - staging Resources: - FrontendDNSCertificate: - Type: AWS::CertificateManager::Certificate - Condition: IsProductionOrStaging - Properties: - DomainName: ${env:FRONTEND_URL_WITHOUT_HTTPS} - ValidationMethod: DNS - DomainValidationOptions: - - DomainName: ${env:FRONTEND_URL_WITHOUT_HTTPS} - HostedZoneId: ${env:HOSTED_ZONE_ID} - Tags: - - Key: Name - Value: FrontendDNSCertificate-${self:custom.stage} - - BackendDNSCertificate: - Type: AWS::CertificateManager::Certificate - Condition: IsProductionOrStaging - Properties: - DomainName: ${env:BACKEND_URL_WITHOUT_HTTPS} - ValidationMethod: DNS - DomainValidationOptions: - - DomainName: ${env:BACKEND_URL_WITHOUT_HTTPS} - HostedZoneId: ${env:HOSTED_ZONE_ID} - Tags: - - Key: Name - Value: BackendDNSCertificate-${self:custom.stage} - UserTable: Type: 'AWS::DynamoDB::Table' DeletionPolicy: Delete @@ -441,7 +432,7 @@ resources: ViewerCertificate: Fn::If: - IsProductionOrStaging - - AcmCertificateArn: !Ref FrontendDNSCertificate + - AcmCertificateArn: !GetAtt FrontendDNSCertificateARN.CertificateArn SslSupportMethod: sni-only MinimumProtocolVersion: TLSv1.2_2018 - Ref: AWS::NoValue @@ -481,7 +472,7 @@ resources: ViewerCertificate: Fn::If: - IsProductionOrStaging - - AcmCertificateArn: !Ref BackendDNSCertificate + - AcmCertificateArn: !GetAtt BackendDNSCertificateARN.CertificateArn SslSupportMethod: sni-only MinimumProtocolVersion: TLSv1.2_2018 - Ref: AWS::NoValue @@ -548,3 +539,27 @@ resources: Condition: Bool: 'aws:SecureTransport': 'false' + + createFrontendDNSCertificate: + Type: 'Custom::CreateACMCertificate' + Properties: + ServiceToken: !GetAtt createACMInUSEast.Arn + DomainName: !Sub '${env:FRONTEND_URL_WITHOUT_HTTPS}' + HostedZoneId: !Sub '${env:HOSTED_ZONE_ID}' + Region: us-east-1 + + createBackendDNSCertificate: + Type: 'Custom::CreateACMCertificate' + Properties: + ServiceToken: !GetAtt createACMInUSEast.Arn + DomainName: !Sub '${env:BACKEND_URL_WITHOUT_HTTPS}' + HostedZoneId: !Sub '${env:HOSTED_ZONE_ID}' + Region: us-east-1 + +outputs: + FrontendDNSCertificateARN: + Description: 'ARN of the ACM certificate created in the us-east-1 region (Frontend)' + Value: !GetAtt createFrontendDNSCertificate:.CertificateArn + BackendDNSCertificateARN: + Description: 'ARN of the ACM certificate created in the us-east-1 region (Backend)' + Value: !GetAtt createBackendDNSCertificate.CertificateArn diff --git a/yarn.lock b/yarn.lock index 47fb79b..9ebdaa6 100644 --- a/yarn.lock +++ b/yarn.lock @@ -259,6 +259,54 @@ "@smithy/util-utf8" "^2.0.0" tslib "^2.6.2" +"@aws-sdk/client-acm@^3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-acm/-/client-acm-3.713.0.tgz#50e5125ccfdaf4909cc4b21636f5a4d3bb111861" + integrity sha512-/4eMBaHJjBLF8iTTHOIcYag5zGtRbL4L+c4kIalWqUt3yQgclC9CRbi965RtpUaMjDLweVGsKQ6euZ2Z8bhBaw== + dependencies: + "@aws-crypto/sha256-browser" "5.2.0" + "@aws-crypto/sha256-js" "5.2.0" + "@aws-sdk/client-sso-oidc" "3.713.0" + "@aws-sdk/client-sts" "3.713.0" + "@aws-sdk/core" "3.713.0" + "@aws-sdk/credential-provider-node" "3.713.0" + "@aws-sdk/middleware-host-header" "3.713.0" + "@aws-sdk/middleware-logger" "3.713.0" + "@aws-sdk/middleware-recursion-detection" "3.713.0" + "@aws-sdk/middleware-user-agent" "3.713.0" + "@aws-sdk/region-config-resolver" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@aws-sdk/util-endpoints" "3.713.0" + "@aws-sdk/util-user-agent-browser" "3.713.0" + "@aws-sdk/util-user-agent-node" "3.713.0" + "@smithy/config-resolver" "^3.0.13" + "@smithy/core" "^2.5.5" + "@smithy/fetch-http-handler" "^4.1.2" + "@smithy/hash-node" "^3.0.11" + "@smithy/invalid-dependency" "^3.0.11" + "@smithy/middleware-content-length" "^3.0.13" + "@smithy/middleware-endpoint" "^3.2.5" + "@smithy/middleware-retry" "^3.0.30" + "@smithy/middleware-serde" "^3.0.11" + "@smithy/middleware-stack" "^3.0.11" + "@smithy/node-config-provider" "^3.1.12" + "@smithy/node-http-handler" "^3.3.2" + "@smithy/protocol-http" "^4.1.8" + "@smithy/smithy-client" "^3.5.0" + "@smithy/types" "^3.7.2" + "@smithy/url-parser" "^3.0.11" + "@smithy/util-base64" "^3.0.0" + "@smithy/util-body-length-browser" "^3.0.0" + "@smithy/util-body-length-node" "^3.0.0" + "@smithy/util-defaults-mode-browser" "^3.0.30" + "@smithy/util-defaults-mode-node" "^3.0.30" + "@smithy/util-endpoints" "^2.1.7" + "@smithy/util-middleware" "^3.0.11" + "@smithy/util-retry" "^3.0.11" + "@smithy/util-utf8" "^3.0.0" + "@smithy/util-waiter" "^3.2.0" + tslib "^2.6.2" + "@aws-sdk/client-api-gateway@^3.588.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/client-api-gateway/-/client-api-gateway-3.712.0.tgz#e590800e1ca2fdc2833739e9d7a2bc5c4b1cac19" @@ -713,6 +761,51 @@ "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" +"@aws-sdk/client-sso-oidc@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.713.0.tgz#ecad5c3a64c1ba3b762b6789a53b893fb328545b" + integrity sha512-B7N1Nte4Kqn8oaqLR2qnegLZjAgylYDAYNmXDY2+f1QNLF2D3emmWu8kLvBPIxT3wj23Mt177CPcBvMMGF2+aQ== + dependencies: + "@aws-crypto/sha256-browser" "5.2.0" + "@aws-crypto/sha256-js" "5.2.0" + "@aws-sdk/core" "3.713.0" + "@aws-sdk/credential-provider-node" "3.713.0" + "@aws-sdk/middleware-host-header" "3.713.0" + "@aws-sdk/middleware-logger" "3.713.0" + "@aws-sdk/middleware-recursion-detection" "3.713.0" + "@aws-sdk/middleware-user-agent" "3.713.0" + "@aws-sdk/region-config-resolver" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@aws-sdk/util-endpoints" "3.713.0" + "@aws-sdk/util-user-agent-browser" "3.713.0" + "@aws-sdk/util-user-agent-node" "3.713.0" + "@smithy/config-resolver" "^3.0.13" + "@smithy/core" "^2.5.5" + "@smithy/fetch-http-handler" "^4.1.2" + "@smithy/hash-node" "^3.0.11" + "@smithy/invalid-dependency" "^3.0.11" + "@smithy/middleware-content-length" "^3.0.13" + "@smithy/middleware-endpoint" "^3.2.5" + "@smithy/middleware-retry" "^3.0.30" + "@smithy/middleware-serde" "^3.0.11" + "@smithy/middleware-stack" "^3.0.11" + "@smithy/node-config-provider" "^3.1.12" + "@smithy/node-http-handler" "^3.3.2" + "@smithy/protocol-http" "^4.1.8" + "@smithy/smithy-client" "^3.5.0" + "@smithy/types" "^3.7.2" + "@smithy/url-parser" "^3.0.11" + "@smithy/util-base64" "^3.0.0" + "@smithy/util-body-length-browser" "^3.0.0" + "@smithy/util-body-length-node" "^3.0.0" + "@smithy/util-defaults-mode-browser" "^3.0.30" + "@smithy/util-defaults-mode-node" "^3.0.30" + "@smithy/util-endpoints" "^2.1.7" + "@smithy/util-middleware" "^3.0.11" + "@smithy/util-retry" "^3.0.11" + "@smithy/util-utf8" "^3.0.0" + tslib "^2.6.2" + "@aws-sdk/client-sso@3.712.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.712.0.tgz#9644585700f5d96a16151bdb5387755adc524db8" @@ -757,6 +850,50 @@ "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" +"@aws-sdk/client-sso@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.713.0.tgz#265ff280f45cd540b82e4a4b202cbe2d98172894" + integrity sha512-qrgL/BILiRdv3npkJ88XxTeVPE/HPZ2gW9peyhYWP4fXCdPjpWYnAebbWBN6TqofiSlpP7xuoX8Xc1czwr90sg== + dependencies: + "@aws-crypto/sha256-browser" "5.2.0" + "@aws-crypto/sha256-js" "5.2.0" + "@aws-sdk/core" "3.713.0" + "@aws-sdk/middleware-host-header" "3.713.0" + "@aws-sdk/middleware-logger" "3.713.0" + "@aws-sdk/middleware-recursion-detection" "3.713.0" + "@aws-sdk/middleware-user-agent" "3.713.0" + "@aws-sdk/region-config-resolver" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@aws-sdk/util-endpoints" "3.713.0" + "@aws-sdk/util-user-agent-browser" "3.713.0" + "@aws-sdk/util-user-agent-node" "3.713.0" + "@smithy/config-resolver" "^3.0.13" + "@smithy/core" "^2.5.5" + "@smithy/fetch-http-handler" "^4.1.2" + "@smithy/hash-node" "^3.0.11" + "@smithy/invalid-dependency" "^3.0.11" + "@smithy/middleware-content-length" "^3.0.13" + "@smithy/middleware-endpoint" "^3.2.5" + "@smithy/middleware-retry" "^3.0.30" + "@smithy/middleware-serde" "^3.0.11" + "@smithy/middleware-stack" "^3.0.11" + "@smithy/node-config-provider" "^3.1.12" + "@smithy/node-http-handler" "^3.3.2" + "@smithy/protocol-http" "^4.1.8" + "@smithy/smithy-client" "^3.5.0" + "@smithy/types" "^3.7.2" + "@smithy/url-parser" "^3.0.11" + "@smithy/util-base64" "^3.0.0" + "@smithy/util-body-length-browser" "^3.0.0" + "@smithy/util-body-length-node" "^3.0.0" + "@smithy/util-defaults-mode-browser" "^3.0.30" + "@smithy/util-defaults-mode-node" "^3.0.30" + "@smithy/util-endpoints" "^2.1.7" + "@smithy/util-middleware" "^3.0.11" + "@smithy/util-retry" "^3.0.11" + "@smithy/util-utf8" "^3.0.0" + tslib "^2.6.2" + "@aws-sdk/client-sts@3.712.0", "@aws-sdk/client-sts@^3.410.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.712.0.tgz#455daebd946369c60c7795efbd7a6b5981d0662a" @@ -803,6 +940,52 @@ "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" +"@aws-sdk/client-sts@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.713.0.tgz#2f1b3360177001df7ae562d273ceb369f5a2e1ff" + integrity sha512-sjXy6z5bS1uspOdA0B4xQVri0XxdM24MkK0XhLoFoWAWoMlrORAMy+zW3YyU/vlsLckNYs7B4+j0P0MK35d+AQ== + dependencies: + "@aws-crypto/sha256-browser" "5.2.0" + "@aws-crypto/sha256-js" "5.2.0" + "@aws-sdk/client-sso-oidc" "3.713.0" + "@aws-sdk/core" "3.713.0" + "@aws-sdk/credential-provider-node" "3.713.0" + "@aws-sdk/middleware-host-header" "3.713.0" + "@aws-sdk/middleware-logger" "3.713.0" + "@aws-sdk/middleware-recursion-detection" "3.713.0" + "@aws-sdk/middleware-user-agent" "3.713.0" + "@aws-sdk/region-config-resolver" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@aws-sdk/util-endpoints" "3.713.0" + "@aws-sdk/util-user-agent-browser" "3.713.0" + "@aws-sdk/util-user-agent-node" "3.713.0" + "@smithy/config-resolver" "^3.0.13" + "@smithy/core" "^2.5.5" + "@smithy/fetch-http-handler" "^4.1.2" + "@smithy/hash-node" "^3.0.11" + "@smithy/invalid-dependency" "^3.0.11" + "@smithy/middleware-content-length" "^3.0.13" + "@smithy/middleware-endpoint" "^3.2.5" + "@smithy/middleware-retry" "^3.0.30" + "@smithy/middleware-serde" "^3.0.11" + "@smithy/middleware-stack" "^3.0.11" + "@smithy/node-config-provider" "^3.1.12" + "@smithy/node-http-handler" "^3.3.2" + "@smithy/protocol-http" "^4.1.8" + "@smithy/smithy-client" "^3.5.0" + "@smithy/types" "^3.7.2" + "@smithy/url-parser" "^3.0.11" + "@smithy/util-base64" "^3.0.0" + "@smithy/util-body-length-browser" "^3.0.0" + "@smithy/util-body-length-node" "^3.0.0" + "@smithy/util-defaults-mode-browser" "^3.0.30" + "@smithy/util-defaults-mode-node" "^3.0.30" + "@smithy/util-endpoints" "^2.1.7" + "@smithy/util-middleware" "^3.0.11" + "@smithy/util-retry" "^3.0.11" + "@smithy/util-utf8" "^3.0.0" + tslib "^2.6.2" + "@aws-sdk/core@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.709.0.tgz#d2b3d5b90f6614e3afc109ebdcaaedbb54c2d68b" @@ -820,6 +1003,23 @@ fast-xml-parser "4.4.1" tslib "^2.6.2" +"@aws-sdk/core@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.713.0.tgz#7938561d078d36af301aec6b69b9d4b38ab7ce30" + integrity sha512-7Xq7LY6Q3eITvlqR1bP3cJu3RvTt4eb+WilK85eezPemi9589o6MNL0lu4nL0i+OdgPWw4x9z9WArRwXhHTreg== + dependencies: + "@aws-sdk/types" "3.713.0" + "@smithy/core" "^2.5.5" + "@smithy/node-config-provider" "^3.1.12" + "@smithy/property-provider" "^3.1.11" + "@smithy/protocol-http" "^4.1.8" + "@smithy/signature-v4" "^4.2.4" + "@smithy/smithy-client" "^3.5.0" + "@smithy/types" "^3.7.2" + "@smithy/util-middleware" "^3.0.11" + fast-xml-parser "4.4.1" + tslib "^2.6.2" + "@aws-sdk/credential-provider-env@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.709.0.tgz#a7f75375d8a413f9ab2bc42f743b943da6d3362d" @@ -831,6 +1031,17 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/credential-provider-env@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.713.0.tgz#cbc92ac14ec49dbf040ce3a7a5aff90c081bb338" + integrity sha512-B5+AbvN8qr5jmaiFdErtHlhdZtfMCP7JB1nwdi9LTsZLVP8BhFXnOYlIE7z6jq8GRkDBHybTxovKWzSfI0gg+w== + dependencies: + "@aws-sdk/core" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@smithy/property-provider" "^3.1.11" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/credential-provider-http@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-http/-/credential-provider-http-3.709.0.tgz#a378cbcc4cf373cc277944f1e84e9952f3884f5d" @@ -847,6 +1058,22 @@ "@smithy/util-stream" "^3.3.2" tslib "^2.6.2" +"@aws-sdk/credential-provider-http@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-http/-/credential-provider-http-3.713.0.tgz#b60841a33fee49e3236ba7c1769206d0913531d1" + integrity sha512-VarD43CV9Bn+yNCZZb17xMiSjX/FRdU3wN2Aw/jP6ZE3/d87J9L7fxRRFmt4FAgLg35MJbooDGT9heycwg/WWw== + dependencies: + "@aws-sdk/core" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@smithy/fetch-http-handler" "^4.1.2" + "@smithy/node-http-handler" "^3.3.2" + "@smithy/property-provider" "^3.1.11" + "@smithy/protocol-http" "^4.1.8" + "@smithy/smithy-client" "^3.5.0" + "@smithy/types" "^3.7.2" + "@smithy/util-stream" "^3.3.2" + tslib "^2.6.2" + "@aws-sdk/credential-provider-ini@3.712.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.712.0.tgz#21d94d3fbaf5cece29bc62d56cf7f0dfb8b7d25e" @@ -865,6 +1092,24 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/credential-provider-ini@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.713.0.tgz#1f1fc895a6f95b737c0c6a480df57bb9d759b754" + integrity sha512-6oQuPjYONMCWTWhq5yV61OziX2KeU+nhTsdk+Zh4RiuaTkRRNTLnMAVA/VoG1FG8cnQbZJDFezh58nzlBTWHdw== + dependencies: + "@aws-sdk/core" "3.713.0" + "@aws-sdk/credential-provider-env" "3.713.0" + "@aws-sdk/credential-provider-http" "3.713.0" + "@aws-sdk/credential-provider-process" "3.713.0" + "@aws-sdk/credential-provider-sso" "3.713.0" + "@aws-sdk/credential-provider-web-identity" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@smithy/credential-provider-imds" "^3.2.8" + "@smithy/property-provider" "^3.1.11" + "@smithy/shared-ini-file-loader" "^3.1.12" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/credential-provider-node@3.712.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.712.0.tgz#6f017382b1182578cf62798310f42264b652e36e" @@ -883,6 +1128,24 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/credential-provider-node@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.713.0.tgz#2ea4437d00ddb5a4437505f24236f2ce9101dd77" + integrity sha512-uIRHrhqcjcc+fUcid7Dey7mXRYfntPcA2xzebOnIK5hGBNwfQHpRG3RAlEB8K864psqW+j+XxvjoRHx9trL5Zg== + dependencies: + "@aws-sdk/credential-provider-env" "3.713.0" + "@aws-sdk/credential-provider-http" "3.713.0" + "@aws-sdk/credential-provider-ini" "3.713.0" + "@aws-sdk/credential-provider-process" "3.713.0" + "@aws-sdk/credential-provider-sso" "3.713.0" + "@aws-sdk/credential-provider-web-identity" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@smithy/credential-provider-imds" "^3.2.8" + "@smithy/property-provider" "^3.1.11" + "@smithy/shared-ini-file-loader" "^3.1.12" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/credential-provider-process@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.709.0.tgz#2521f810590f0874c54cc842d3d56f455a728325" @@ -895,6 +1158,18 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/credential-provider-process@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.713.0.tgz#f282e970524b84d809c3312d93b8ed03611aa39c" + integrity sha512-adVC8iz8uHmhVmZaYGj4Ab8rLz+hmnR6rOeMQ6wVbCAnWDb2qoahb+vLZ9sW9yMCVRqiDWeVK7lsa0MDRCM1sw== + dependencies: + "@aws-sdk/core" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@smithy/property-provider" "^3.1.11" + "@smithy/shared-ini-file-loader" "^3.1.12" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/credential-provider-sso@3.712.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.712.0.tgz#d29c8c14e2460a817ed2eb7ad5d205d7914817af" @@ -909,6 +1184,20 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/credential-provider-sso@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.713.0.tgz#3564ee0dd295be1a78efd0682c0a2b28adef5858" + integrity sha512-67QzqZJ6i04ZJVRB4WTUfU3QWJgr9fmv9JdqiLl63GTfz2KGOMwmojbi4INJ9isq4rDVUycdHsgl1Mhe6eDXJg== + dependencies: + "@aws-sdk/client-sso" "3.713.0" + "@aws-sdk/core" "3.713.0" + "@aws-sdk/token-providers" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@smithy/property-provider" "^3.1.11" + "@smithy/shared-ini-file-loader" "^3.1.12" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/credential-provider-web-identity@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.709.0.tgz#c2b03541cb57ae4c7d6abdca98f99a6a56833ea6" @@ -920,6 +1209,17 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/credential-provider-web-identity@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.713.0.tgz#9ade55a6687d5d890909ec399cf39b248a9a8380" + integrity sha512-hz2Ru+xKYQupxyYb8KCCmH6qhzn4MSkocFbnBxevlQMYbugi80oaQtpmkj2ovrKCY2ktD4ufhC/8UZJMFGjAqw== + dependencies: + "@aws-sdk/core" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@smithy/property-provider" "^3.1.11" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/endpoint-cache@3.693.0": version "3.693.0" resolved "https://registry.yarnpkg.com/@aws-sdk/endpoint-cache/-/endpoint-cache-3.693.0.tgz#4b3f0bbc16dc2907e1b977e3d8ddfc7ba008fd12" @@ -1004,6 +1304,16 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/middleware-host-header@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-host-header/-/middleware-host-header-3.713.0.tgz#a433971526d402f918b3af6f853203091ffaf273" + integrity sha512-T1cRV9hs9WKwb2porR4QmW76ScCHqbdsrAAH+/2fR8IVRpFRU0BMnwrpSrRr7ujj6gqWQRQ97JLL+GpqpY3/ag== + dependencies: + "@aws-sdk/types" "3.713.0" + "@smithy/protocol-http" "^4.1.8" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/middleware-location-constraint@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.709.0.tgz#4437d3d3cfbbdfca60664b1f237d600b94fd06a5" @@ -1022,6 +1332,15 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/middleware-logger@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-logger/-/middleware-logger-3.713.0.tgz#fb81f8d35bae4920cde260d913051f0bd3500b58" + integrity sha512-mpTK7ost3lQt08YhTsf+C4uEAwg3Xu1LKxexlIZGXucCB6AqBKpP7e86XzpFFAtuRgEfTJVbW+Gqna8LM+yXoA== + dependencies: + "@aws-sdk/types" "3.713.0" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/middleware-recursion-detection@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.709.0.tgz#d7dc253d4858d496caeb12dd6cddd87b250fb98b" @@ -1032,6 +1351,16 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/middleware-recursion-detection@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.713.0.tgz#ec7831a4e5799589df6cb3143eea2a3d227d7b54" + integrity sha512-6vgQw92yvKR8MNsSXJE4seZhMSPVuyuBLuX81DWPr1pak/RpuUzn96CSYCTAYoCtf5vJgNseIcPfKQLkRYmBzg== + dependencies: + "@aws-sdk/types" "3.713.0" + "@smithy/protocol-http" "^4.1.8" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/middleware-sdk-api-gateway@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-api-gateway/-/middleware-sdk-api-gateway-3.709.0.tgz#b6da87a8bbf1c2175ac4b166a1a00c59ee71845c" @@ -1084,6 +1413,19 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/middleware-user-agent@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.713.0.tgz#94183750cdddb78197c1f693ad6b81f29757cde3" + integrity sha512-MYg2N9EUXQ4Kf0+rk7qCHPLbxRPAeWrxJXp8xDxSBiDPf0hcbCtT+cXXB6qWVrnp+OuacoUDrur3h604sp47Aw== + dependencies: + "@aws-sdk/core" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@aws-sdk/util-endpoints" "3.713.0" + "@smithy/core" "^2.5.5" + "@smithy/protocol-http" "^4.1.8" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/region-config-resolver@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/region-config-resolver/-/region-config-resolver-3.709.0.tgz#64547b333842e5804e1793e4d6d29578c0b34a68" @@ -1096,6 +1438,18 @@ "@smithy/util-middleware" "^3.0.11" tslib "^2.6.2" +"@aws-sdk/region-config-resolver@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/region-config-resolver/-/region-config-resolver-3.713.0.tgz#65117f0fa20da726a616880fef0933855f00d8b9" + integrity sha512-SsIxxUFgYSHXchkyal+Vg+tZUFyBR0NPy/3GEYZ8geJqVfgb/4SHCIfkLMcU0qPUKlRfkJF7FPdgO24sfLiopA== + dependencies: + "@aws-sdk/types" "3.713.0" + "@smithy/node-config-provider" "^3.1.12" + "@smithy/types" "^3.7.2" + "@smithy/util-config-provider" "^3.0.0" + "@smithy/util-middleware" "^3.0.11" + tslib "^2.6.2" + "@aws-sdk/signature-v4-multi-region@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.709.0.tgz#0c6f9d3e2978158163b63a4085356616237223c9" @@ -1119,6 +1473,17 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/token-providers@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.713.0.tgz#95f7554847b99bdce13a0f4333be7d3a4af6c223" + integrity sha512-KNL+XaU0yR6qFDtceHe/ycEz0kHyDWNd2pbL3clFWzeVQXYs8+dYDEXA17MJPVyg7oh4wRdu0ymwQsBMl2wYAA== + dependencies: + "@aws-sdk/types" "3.713.0" + "@smithy/property-provider" "^3.1.11" + "@smithy/shared-ini-file-loader" "^3.1.12" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/types@3.709.0", "@aws-sdk/types@^3.222.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.709.0.tgz#f8d7ab07e253d3ed0e3b360e09fc67c7430a73b9" @@ -1127,6 +1492,14 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/types@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.713.0.tgz#8d857b1b72a76c58129f305a24ce8d5b261385bc" + integrity sha512-AMSYVKi1MxrJqGGbjcFC7/4g8E+ZHGfg/eW0+GXQJmsVjMjccHtU+s1dYloX4KEDgrY42QPep+dpSVRR4W7U1Q== + dependencies: + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/util-arn-parser@3.693.0": version "3.693.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-arn-parser/-/util-arn-parser-3.693.0.tgz#8dae27eb822ab4f88be28bb3c0fc11f1f13d3948" @@ -1151,6 +1524,16 @@ "@smithy/util-endpoints" "^2.1.7" tslib "^2.6.2" +"@aws-sdk/util-endpoints@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-endpoints/-/util-endpoints-3.713.0.tgz#1784bd80f21883776255eae4c90274a1c7f5b0da" + integrity sha512-fbHDhiPTqfmkWzxZgWy+GFpdfiWJa1kNLWJCF4+yaF7iOZz0eyHoBX3iaTf20V2SUU8D2td/qkwTF+cpSZTZVw== + dependencies: + "@aws-sdk/types" "3.713.0" + "@smithy/types" "^3.7.2" + "@smithy/util-endpoints" "^2.1.7" + tslib "^2.6.2" + "@aws-sdk/util-locate-window@^3.0.0": version "3.693.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-locate-window/-/util-locate-window-3.693.0.tgz#1160f6d055cf074ca198eb8ecf89b6311537ad6c" @@ -1168,6 +1551,16 @@ bowser "^2.11.0" tslib "^2.6.2" +"@aws-sdk/util-user-agent-browser@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.713.0.tgz#91568a89076f1f0ecaa7608cfbb3a0f0d11c89bf" + integrity sha512-ioLAF8aIlcVhdizFVNuogMK5u3Js04rpGFvsbZANa1SJ9pK2UsKznnzinJT4e4ongy55g6LSZkWlF79VjG/Yfw== + dependencies: + "@aws-sdk/types" "3.713.0" + "@smithy/types" "^3.7.2" + bowser "^2.11.0" + tslib "^2.6.2" + "@aws-sdk/util-user-agent-node@3.712.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.712.0.tgz#7634627775e0993eace70dea1dd915122f1a053f" @@ -1179,6 +1572,17 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" +"@aws-sdk/util-user-agent-node@3.713.0": + version "3.713.0" + resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.713.0.tgz#98e283719bb0f74bca4ffadfc8835f28a0ee5511" + integrity sha512-dIunWBB7zRLvLVzNoBjap8YWrOhkwdFEjDWx9NleD+8ufpCFq5gEm8PJ0JP6stUgG5acTmafdzH7NgMyaeEexA== + dependencies: + "@aws-sdk/middleware-user-agent" "3.713.0" + "@aws-sdk/types" "3.713.0" + "@smithy/node-config-provider" "^3.1.12" + "@smithy/types" "^3.7.2" + tslib "^2.6.2" + "@aws-sdk/xml-builder@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/xml-builder/-/xml-builder-3.709.0.tgz#5841faa1e78afcea064557a1a56709978b325758" @@ -4773,7 +5177,7 @@ dependencies: "@types/node" "*" -"@types/aws-lambda@^8.10.122", "@types/aws-lambda@^8.10.76": +"@types/aws-lambda@^8.10.122", "@types/aws-lambda@^8.10.146", "@types/aws-lambda@^8.10.76": version "8.10.146" resolved "https://registry.yarnpkg.com/@types/aws-lambda/-/aws-lambda-8.10.146.tgz#05f9968d8cd9719a0a86526baf889c25761f60b8" integrity sha512-3BaDXYTh0e6UCJYL/jwV/3+GRslSc08toAiZSmleYtkAUyV5rtvdPYxrG/88uqvTuT6sb27WE9OS90ZNTIuQ0g== From 29901067b7b94323eb423c4a005460751139b623 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 20:08:19 +0100 Subject: [PATCH 09/17] Revert "fix: create ACM in us-east-1, save arn" This reverts commit e39f9afbfb67c3b5114ae45ba691112dcec507d9. --- packages/create-acm/package.json | 16 -- packages/create-acm/src/handler.ts | 44 ---- packages/create-acm/tsconfig.json | 17 -- serverless.yml | 71 ++--- yarn.lock | 406 +---------------------------- 5 files changed, 29 insertions(+), 525 deletions(-) delete mode 100644 packages/create-acm/package.json delete mode 100644 packages/create-acm/src/handler.ts delete mode 100644 packages/create-acm/tsconfig.json diff --git a/packages/create-acm/package.json b/packages/create-acm/package.json deleted file mode 100644 index 13cacb3..0000000 --- a/packages/create-acm/package.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "name": "@lara/create-acm", - "version": "1.0.0", - "private": true, - "description": "", - "keywords": [], - "license": "MIT", - "author": "", - "scripts": {}, - "devDependencies": { - "@types/aws-lambda": "^8.10.146" - }, - "dependencies": { - "@aws-sdk/client-acm": "^3.713.0" - } -} diff --git a/packages/create-acm/src/handler.ts b/packages/create-acm/src/handler.ts deleted file mode 100644 index ec7bb9e..0000000 --- a/packages/create-acm/src/handler.ts +++ /dev/null @@ -1,44 +0,0 @@ -import { ACMClient, RequestCertificateCommand } from '@aws-sdk/client-acm' - -exports.handler = async (event: { - ResourceProperties: { - Region: string - DomainName: string - } -}) => { - const region = event.ResourceProperties.Region - const domainName = event.ResourceProperties.DomainName - - const acmClient = new ACMClient({ region: region }) - - try { - const command = new RequestCertificateCommand({ - DomainName: domainName, - ValidationMethod: 'DNS', - DomainValidationOptions: [ - { - DomainName: domainName, - ValidationDomain: domainName, - }, - ], - }) - - const certResponse = await acmClient.send(command) - - const certificateArn = certResponse.CertificateArn - - return { - Status: 'SUCCESS', - PhysicalResourceId: certificateArn, - Data: { - CertificateArn: certificateArn, - }, - } - } catch (error) { - console.log('Error requesting certificate:', error) - return { - Status: 'FAILED', - Reason: (error as Error).message, - } - } -} diff --git a/packages/create-acm/tsconfig.json b/packages/create-acm/tsconfig.json deleted file mode 100644 index 6e6cefd..0000000 --- a/packages/create-acm/tsconfig.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "extends": "../../tsconfig.settings.json", - "compilerOptions": { - "keyofStringsOnly": false, - "baseUrl": ".", - "outDir": "lib", - "rootDir": "src", - "strictNullChecks": true, - "experimentalDecorators": true, - "esModuleInterop": true, - "module": "CommonJS", - "resolveJsonModule": true, - "sourceMap": false, - "inlineSources": false - }, - "include": ["src/**/*"] -} diff --git a/serverless.yml b/serverless.yml index 0e9b9df..f9c26db 100644 --- a/serverless.yml +++ b/serverless.yml @@ -249,23 +249,6 @@ functions: - '.' - 'packages/alexa' - createACMInUSEast: - handler: packages/create-acm/lib/handler.handler - package: - include: - - 'packages/create-acm/**' - environment: - AWS_REGION: us-east-1 - - iamRoleStatements: - - Effect: Allow - Action: - - 'acm:RequestCertificate' - - 'acm:DescribeCertificate' - - 'route53:ListHostedZones' - - 'route53:ChangeResourceRecordSets' - Resource: '*' - resources: Conditions: IsProductionOrStaging: @@ -278,6 +261,32 @@ resources: - staging Resources: + FrontendDNSCertificate: + Type: AWS::CertificateManager::Certificate + Condition: IsProductionOrStaging + Properties: + DomainName: ${env:FRONTEND_URL_WITHOUT_HTTPS} + ValidationMethod: DNS + DomainValidationOptions: + - DomainName: ${env:FRONTEND_URL_WITHOUT_HTTPS} + HostedZoneId: ${env:HOSTED_ZONE_ID} + Tags: + - Key: Name + Value: FrontendDNSCertificate-${self:custom.stage} + + BackendDNSCertificate: + Type: AWS::CertificateManager::Certificate + Condition: IsProductionOrStaging + Properties: + DomainName: ${env:BACKEND_URL_WITHOUT_HTTPS} + ValidationMethod: DNS + DomainValidationOptions: + - DomainName: ${env:BACKEND_URL_WITHOUT_HTTPS} + HostedZoneId: ${env:HOSTED_ZONE_ID} + Tags: + - Key: Name + Value: BackendDNSCertificate-${self:custom.stage} + UserTable: Type: 'AWS::DynamoDB::Table' DeletionPolicy: Delete @@ -432,7 +441,7 @@ resources: ViewerCertificate: Fn::If: - IsProductionOrStaging - - AcmCertificateArn: !GetAtt FrontendDNSCertificateARN.CertificateArn + - AcmCertificateArn: !Ref FrontendDNSCertificate SslSupportMethod: sni-only MinimumProtocolVersion: TLSv1.2_2018 - Ref: AWS::NoValue @@ -472,7 +481,7 @@ resources: ViewerCertificate: Fn::If: - IsProductionOrStaging - - AcmCertificateArn: !GetAtt BackendDNSCertificateARN.CertificateArn + - AcmCertificateArn: !Ref BackendDNSCertificate SslSupportMethod: sni-only MinimumProtocolVersion: TLSv1.2_2018 - Ref: AWS::NoValue @@ -539,27 +548,3 @@ resources: Condition: Bool: 'aws:SecureTransport': 'false' - - createFrontendDNSCertificate: - Type: 'Custom::CreateACMCertificate' - Properties: - ServiceToken: !GetAtt createACMInUSEast.Arn - DomainName: !Sub '${env:FRONTEND_URL_WITHOUT_HTTPS}' - HostedZoneId: !Sub '${env:HOSTED_ZONE_ID}' - Region: us-east-1 - - createBackendDNSCertificate: - Type: 'Custom::CreateACMCertificate' - Properties: - ServiceToken: !GetAtt createACMInUSEast.Arn - DomainName: !Sub '${env:BACKEND_URL_WITHOUT_HTTPS}' - HostedZoneId: !Sub '${env:HOSTED_ZONE_ID}' - Region: us-east-1 - -outputs: - FrontendDNSCertificateARN: - Description: 'ARN of the ACM certificate created in the us-east-1 region (Frontend)' - Value: !GetAtt createFrontendDNSCertificate:.CertificateArn - BackendDNSCertificateARN: - Description: 'ARN of the ACM certificate created in the us-east-1 region (Backend)' - Value: !GetAtt createBackendDNSCertificate.CertificateArn diff --git a/yarn.lock b/yarn.lock index 9ebdaa6..47fb79b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -259,54 +259,6 @@ "@smithy/util-utf8" "^2.0.0" tslib "^2.6.2" -"@aws-sdk/client-acm@^3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-acm/-/client-acm-3.713.0.tgz#50e5125ccfdaf4909cc4b21636f5a4d3bb111861" - integrity sha512-/4eMBaHJjBLF8iTTHOIcYag5zGtRbL4L+c4kIalWqUt3yQgclC9CRbi965RtpUaMjDLweVGsKQ6euZ2Z8bhBaw== - dependencies: - "@aws-crypto/sha256-browser" "5.2.0" - "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/client-sso-oidc" "3.713.0" - "@aws-sdk/client-sts" "3.713.0" - "@aws-sdk/core" "3.713.0" - "@aws-sdk/credential-provider-node" "3.713.0" - "@aws-sdk/middleware-host-header" "3.713.0" - "@aws-sdk/middleware-logger" "3.713.0" - "@aws-sdk/middleware-recursion-detection" "3.713.0" - "@aws-sdk/middleware-user-agent" "3.713.0" - "@aws-sdk/region-config-resolver" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@aws-sdk/util-endpoints" "3.713.0" - "@aws-sdk/util-user-agent-browser" "3.713.0" - "@aws-sdk/util-user-agent-node" "3.713.0" - "@smithy/config-resolver" "^3.0.13" - "@smithy/core" "^2.5.5" - "@smithy/fetch-http-handler" "^4.1.2" - "@smithy/hash-node" "^3.0.11" - "@smithy/invalid-dependency" "^3.0.11" - "@smithy/middleware-content-length" "^3.0.13" - "@smithy/middleware-endpoint" "^3.2.5" - "@smithy/middleware-retry" "^3.0.30" - "@smithy/middleware-serde" "^3.0.11" - "@smithy/middleware-stack" "^3.0.11" - "@smithy/node-config-provider" "^3.1.12" - "@smithy/node-http-handler" "^3.3.2" - "@smithy/protocol-http" "^4.1.8" - "@smithy/smithy-client" "^3.5.0" - "@smithy/types" "^3.7.2" - "@smithy/url-parser" "^3.0.11" - "@smithy/util-base64" "^3.0.0" - "@smithy/util-body-length-browser" "^3.0.0" - "@smithy/util-body-length-node" "^3.0.0" - "@smithy/util-defaults-mode-browser" "^3.0.30" - "@smithy/util-defaults-mode-node" "^3.0.30" - "@smithy/util-endpoints" "^2.1.7" - "@smithy/util-middleware" "^3.0.11" - "@smithy/util-retry" "^3.0.11" - "@smithy/util-utf8" "^3.0.0" - "@smithy/util-waiter" "^3.2.0" - tslib "^2.6.2" - "@aws-sdk/client-api-gateway@^3.588.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/client-api-gateway/-/client-api-gateway-3.712.0.tgz#e590800e1ca2fdc2833739e9d7a2bc5c4b1cac19" @@ -761,51 +713,6 @@ "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@aws-sdk/client-sso-oidc@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso-oidc/-/client-sso-oidc-3.713.0.tgz#ecad5c3a64c1ba3b762b6789a53b893fb328545b" - integrity sha512-B7N1Nte4Kqn8oaqLR2qnegLZjAgylYDAYNmXDY2+f1QNLF2D3emmWu8kLvBPIxT3wj23Mt177CPcBvMMGF2+aQ== - dependencies: - "@aws-crypto/sha256-browser" "5.2.0" - "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/core" "3.713.0" - "@aws-sdk/credential-provider-node" "3.713.0" - "@aws-sdk/middleware-host-header" "3.713.0" - "@aws-sdk/middleware-logger" "3.713.0" - "@aws-sdk/middleware-recursion-detection" "3.713.0" - "@aws-sdk/middleware-user-agent" "3.713.0" - "@aws-sdk/region-config-resolver" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@aws-sdk/util-endpoints" "3.713.0" - "@aws-sdk/util-user-agent-browser" "3.713.0" - "@aws-sdk/util-user-agent-node" "3.713.0" - "@smithy/config-resolver" "^3.0.13" - "@smithy/core" "^2.5.5" - "@smithy/fetch-http-handler" "^4.1.2" - "@smithy/hash-node" "^3.0.11" - "@smithy/invalid-dependency" "^3.0.11" - "@smithy/middleware-content-length" "^3.0.13" - "@smithy/middleware-endpoint" "^3.2.5" - "@smithy/middleware-retry" "^3.0.30" - "@smithy/middleware-serde" "^3.0.11" - "@smithy/middleware-stack" "^3.0.11" - "@smithy/node-config-provider" "^3.1.12" - "@smithy/node-http-handler" "^3.3.2" - "@smithy/protocol-http" "^4.1.8" - "@smithy/smithy-client" "^3.5.0" - "@smithy/types" "^3.7.2" - "@smithy/url-parser" "^3.0.11" - "@smithy/util-base64" "^3.0.0" - "@smithy/util-body-length-browser" "^3.0.0" - "@smithy/util-body-length-node" "^3.0.0" - "@smithy/util-defaults-mode-browser" "^3.0.30" - "@smithy/util-defaults-mode-node" "^3.0.30" - "@smithy/util-endpoints" "^2.1.7" - "@smithy/util-middleware" "^3.0.11" - "@smithy/util-retry" "^3.0.11" - "@smithy/util-utf8" "^3.0.0" - tslib "^2.6.2" - "@aws-sdk/client-sso@3.712.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.712.0.tgz#9644585700f5d96a16151bdb5387755adc524db8" @@ -850,50 +757,6 @@ "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@aws-sdk/client-sso@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-sso/-/client-sso-3.713.0.tgz#265ff280f45cd540b82e4a4b202cbe2d98172894" - integrity sha512-qrgL/BILiRdv3npkJ88XxTeVPE/HPZ2gW9peyhYWP4fXCdPjpWYnAebbWBN6TqofiSlpP7xuoX8Xc1czwr90sg== - dependencies: - "@aws-crypto/sha256-browser" "5.2.0" - "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/core" "3.713.0" - "@aws-sdk/middleware-host-header" "3.713.0" - "@aws-sdk/middleware-logger" "3.713.0" - "@aws-sdk/middleware-recursion-detection" "3.713.0" - "@aws-sdk/middleware-user-agent" "3.713.0" - "@aws-sdk/region-config-resolver" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@aws-sdk/util-endpoints" "3.713.0" - "@aws-sdk/util-user-agent-browser" "3.713.0" - "@aws-sdk/util-user-agent-node" "3.713.0" - "@smithy/config-resolver" "^3.0.13" - "@smithy/core" "^2.5.5" - "@smithy/fetch-http-handler" "^4.1.2" - "@smithy/hash-node" "^3.0.11" - "@smithy/invalid-dependency" "^3.0.11" - "@smithy/middleware-content-length" "^3.0.13" - "@smithy/middleware-endpoint" "^3.2.5" - "@smithy/middleware-retry" "^3.0.30" - "@smithy/middleware-serde" "^3.0.11" - "@smithy/middleware-stack" "^3.0.11" - "@smithy/node-config-provider" "^3.1.12" - "@smithy/node-http-handler" "^3.3.2" - "@smithy/protocol-http" "^4.1.8" - "@smithy/smithy-client" "^3.5.0" - "@smithy/types" "^3.7.2" - "@smithy/url-parser" "^3.0.11" - "@smithy/util-base64" "^3.0.0" - "@smithy/util-body-length-browser" "^3.0.0" - "@smithy/util-body-length-node" "^3.0.0" - "@smithy/util-defaults-mode-browser" "^3.0.30" - "@smithy/util-defaults-mode-node" "^3.0.30" - "@smithy/util-endpoints" "^2.1.7" - "@smithy/util-middleware" "^3.0.11" - "@smithy/util-retry" "^3.0.11" - "@smithy/util-utf8" "^3.0.0" - tslib "^2.6.2" - "@aws-sdk/client-sts@3.712.0", "@aws-sdk/client-sts@^3.410.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.712.0.tgz#455daebd946369c60c7795efbd7a6b5981d0662a" @@ -940,52 +803,6 @@ "@smithy/util-utf8" "^3.0.0" tslib "^2.6.2" -"@aws-sdk/client-sts@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/client-sts/-/client-sts-3.713.0.tgz#2f1b3360177001df7ae562d273ceb369f5a2e1ff" - integrity sha512-sjXy6z5bS1uspOdA0B4xQVri0XxdM24MkK0XhLoFoWAWoMlrORAMy+zW3YyU/vlsLckNYs7B4+j0P0MK35d+AQ== - dependencies: - "@aws-crypto/sha256-browser" "5.2.0" - "@aws-crypto/sha256-js" "5.2.0" - "@aws-sdk/client-sso-oidc" "3.713.0" - "@aws-sdk/core" "3.713.0" - "@aws-sdk/credential-provider-node" "3.713.0" - "@aws-sdk/middleware-host-header" "3.713.0" - "@aws-sdk/middleware-logger" "3.713.0" - "@aws-sdk/middleware-recursion-detection" "3.713.0" - "@aws-sdk/middleware-user-agent" "3.713.0" - "@aws-sdk/region-config-resolver" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@aws-sdk/util-endpoints" "3.713.0" - "@aws-sdk/util-user-agent-browser" "3.713.0" - "@aws-sdk/util-user-agent-node" "3.713.0" - "@smithy/config-resolver" "^3.0.13" - "@smithy/core" "^2.5.5" - "@smithy/fetch-http-handler" "^4.1.2" - "@smithy/hash-node" "^3.0.11" - "@smithy/invalid-dependency" "^3.0.11" - "@smithy/middleware-content-length" "^3.0.13" - "@smithy/middleware-endpoint" "^3.2.5" - "@smithy/middleware-retry" "^3.0.30" - "@smithy/middleware-serde" "^3.0.11" - "@smithy/middleware-stack" "^3.0.11" - "@smithy/node-config-provider" "^3.1.12" - "@smithy/node-http-handler" "^3.3.2" - "@smithy/protocol-http" "^4.1.8" - "@smithy/smithy-client" "^3.5.0" - "@smithy/types" "^3.7.2" - "@smithy/url-parser" "^3.0.11" - "@smithy/util-base64" "^3.0.0" - "@smithy/util-body-length-browser" "^3.0.0" - "@smithy/util-body-length-node" "^3.0.0" - "@smithy/util-defaults-mode-browser" "^3.0.30" - "@smithy/util-defaults-mode-node" "^3.0.30" - "@smithy/util-endpoints" "^2.1.7" - "@smithy/util-middleware" "^3.0.11" - "@smithy/util-retry" "^3.0.11" - "@smithy/util-utf8" "^3.0.0" - tslib "^2.6.2" - "@aws-sdk/core@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.709.0.tgz#d2b3d5b90f6614e3afc109ebdcaaedbb54c2d68b" @@ -1003,23 +820,6 @@ fast-xml-parser "4.4.1" tslib "^2.6.2" -"@aws-sdk/core@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/core/-/core-3.713.0.tgz#7938561d078d36af301aec6b69b9d4b38ab7ce30" - integrity sha512-7Xq7LY6Q3eITvlqR1bP3cJu3RvTt4eb+WilK85eezPemi9589o6MNL0lu4nL0i+OdgPWw4x9z9WArRwXhHTreg== - dependencies: - "@aws-sdk/types" "3.713.0" - "@smithy/core" "^2.5.5" - "@smithy/node-config-provider" "^3.1.12" - "@smithy/property-provider" "^3.1.11" - "@smithy/protocol-http" "^4.1.8" - "@smithy/signature-v4" "^4.2.4" - "@smithy/smithy-client" "^3.5.0" - "@smithy/types" "^3.7.2" - "@smithy/util-middleware" "^3.0.11" - fast-xml-parser "4.4.1" - tslib "^2.6.2" - "@aws-sdk/credential-provider-env@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.709.0.tgz#a7f75375d8a413f9ab2bc42f743b943da6d3362d" @@ -1031,17 +831,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/credential-provider-env@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-env/-/credential-provider-env-3.713.0.tgz#cbc92ac14ec49dbf040ce3a7a5aff90c081bb338" - integrity sha512-B5+AbvN8qr5jmaiFdErtHlhdZtfMCP7JB1nwdi9LTsZLVP8BhFXnOYlIE7z6jq8GRkDBHybTxovKWzSfI0gg+w== - dependencies: - "@aws-sdk/core" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@smithy/property-provider" "^3.1.11" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/credential-provider-http@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-http/-/credential-provider-http-3.709.0.tgz#a378cbcc4cf373cc277944f1e84e9952f3884f5d" @@ -1058,22 +847,6 @@ "@smithy/util-stream" "^3.3.2" tslib "^2.6.2" -"@aws-sdk/credential-provider-http@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-http/-/credential-provider-http-3.713.0.tgz#b60841a33fee49e3236ba7c1769206d0913531d1" - integrity sha512-VarD43CV9Bn+yNCZZb17xMiSjX/FRdU3wN2Aw/jP6ZE3/d87J9L7fxRRFmt4FAgLg35MJbooDGT9heycwg/WWw== - dependencies: - "@aws-sdk/core" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@smithy/fetch-http-handler" "^4.1.2" - "@smithy/node-http-handler" "^3.3.2" - "@smithy/property-provider" "^3.1.11" - "@smithy/protocol-http" "^4.1.8" - "@smithy/smithy-client" "^3.5.0" - "@smithy/types" "^3.7.2" - "@smithy/util-stream" "^3.3.2" - tslib "^2.6.2" - "@aws-sdk/credential-provider-ini@3.712.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.712.0.tgz#21d94d3fbaf5cece29bc62d56cf7f0dfb8b7d25e" @@ -1092,24 +865,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/credential-provider-ini@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.713.0.tgz#1f1fc895a6f95b737c0c6a480df57bb9d759b754" - integrity sha512-6oQuPjYONMCWTWhq5yV61OziX2KeU+nhTsdk+Zh4RiuaTkRRNTLnMAVA/VoG1FG8cnQbZJDFezh58nzlBTWHdw== - dependencies: - "@aws-sdk/core" "3.713.0" - "@aws-sdk/credential-provider-env" "3.713.0" - "@aws-sdk/credential-provider-http" "3.713.0" - "@aws-sdk/credential-provider-process" "3.713.0" - "@aws-sdk/credential-provider-sso" "3.713.0" - "@aws-sdk/credential-provider-web-identity" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@smithy/credential-provider-imds" "^3.2.8" - "@smithy/property-provider" "^3.1.11" - "@smithy/shared-ini-file-loader" "^3.1.12" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/credential-provider-node@3.712.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.712.0.tgz#6f017382b1182578cf62798310f42264b652e36e" @@ -1128,24 +883,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/credential-provider-node@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-node/-/credential-provider-node-3.713.0.tgz#2ea4437d00ddb5a4437505f24236f2ce9101dd77" - integrity sha512-uIRHrhqcjcc+fUcid7Dey7mXRYfntPcA2xzebOnIK5hGBNwfQHpRG3RAlEB8K864psqW+j+XxvjoRHx9trL5Zg== - dependencies: - "@aws-sdk/credential-provider-env" "3.713.0" - "@aws-sdk/credential-provider-http" "3.713.0" - "@aws-sdk/credential-provider-ini" "3.713.0" - "@aws-sdk/credential-provider-process" "3.713.0" - "@aws-sdk/credential-provider-sso" "3.713.0" - "@aws-sdk/credential-provider-web-identity" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@smithy/credential-provider-imds" "^3.2.8" - "@smithy/property-provider" "^3.1.11" - "@smithy/shared-ini-file-loader" "^3.1.12" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/credential-provider-process@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.709.0.tgz#2521f810590f0874c54cc842d3d56f455a728325" @@ -1158,18 +895,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/credential-provider-process@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-process/-/credential-provider-process-3.713.0.tgz#f282e970524b84d809c3312d93b8ed03611aa39c" - integrity sha512-adVC8iz8uHmhVmZaYGj4Ab8rLz+hmnR6rOeMQ6wVbCAnWDb2qoahb+vLZ9sW9yMCVRqiDWeVK7lsa0MDRCM1sw== - dependencies: - "@aws-sdk/core" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@smithy/property-provider" "^3.1.11" - "@smithy/shared-ini-file-loader" "^3.1.12" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/credential-provider-sso@3.712.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.712.0.tgz#d29c8c14e2460a817ed2eb7ad5d205d7914817af" @@ -1184,20 +909,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/credential-provider-sso@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.713.0.tgz#3564ee0dd295be1a78efd0682c0a2b28adef5858" - integrity sha512-67QzqZJ6i04ZJVRB4WTUfU3QWJgr9fmv9JdqiLl63GTfz2KGOMwmojbi4INJ9isq4rDVUycdHsgl1Mhe6eDXJg== - dependencies: - "@aws-sdk/client-sso" "3.713.0" - "@aws-sdk/core" "3.713.0" - "@aws-sdk/token-providers" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@smithy/property-provider" "^3.1.11" - "@smithy/shared-ini-file-loader" "^3.1.12" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/credential-provider-web-identity@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.709.0.tgz#c2b03541cb57ae4c7d6abdca98f99a6a56833ea6" @@ -1209,17 +920,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/credential-provider-web-identity@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.713.0.tgz#9ade55a6687d5d890909ec399cf39b248a9a8380" - integrity sha512-hz2Ru+xKYQupxyYb8KCCmH6qhzn4MSkocFbnBxevlQMYbugi80oaQtpmkj2ovrKCY2ktD4ufhC/8UZJMFGjAqw== - dependencies: - "@aws-sdk/core" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@smithy/property-provider" "^3.1.11" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/endpoint-cache@3.693.0": version "3.693.0" resolved "https://registry.yarnpkg.com/@aws-sdk/endpoint-cache/-/endpoint-cache-3.693.0.tgz#4b3f0bbc16dc2907e1b977e3d8ddfc7ba008fd12" @@ -1304,16 +1004,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/middleware-host-header@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-host-header/-/middleware-host-header-3.713.0.tgz#a433971526d402f918b3af6f853203091ffaf273" - integrity sha512-T1cRV9hs9WKwb2porR4QmW76ScCHqbdsrAAH+/2fR8IVRpFRU0BMnwrpSrRr7ujj6gqWQRQ97JLL+GpqpY3/ag== - dependencies: - "@aws-sdk/types" "3.713.0" - "@smithy/protocol-http" "^4.1.8" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/middleware-location-constraint@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-location-constraint/-/middleware-location-constraint-3.709.0.tgz#4437d3d3cfbbdfca60664b1f237d600b94fd06a5" @@ -1332,15 +1022,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/middleware-logger@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-logger/-/middleware-logger-3.713.0.tgz#fb81f8d35bae4920cde260d913051f0bd3500b58" - integrity sha512-mpTK7ost3lQt08YhTsf+C4uEAwg3Xu1LKxexlIZGXucCB6AqBKpP7e86XzpFFAtuRgEfTJVbW+Gqna8LM+yXoA== - dependencies: - "@aws-sdk/types" "3.713.0" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/middleware-recursion-detection@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.709.0.tgz#d7dc253d4858d496caeb12dd6cddd87b250fb98b" @@ -1351,16 +1032,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/middleware-recursion-detection@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.713.0.tgz#ec7831a4e5799589df6cb3143eea2a3d227d7b54" - integrity sha512-6vgQw92yvKR8MNsSXJE4seZhMSPVuyuBLuX81DWPr1pak/RpuUzn96CSYCTAYoCtf5vJgNseIcPfKQLkRYmBzg== - dependencies: - "@aws-sdk/types" "3.713.0" - "@smithy/protocol-http" "^4.1.8" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/middleware-sdk-api-gateway@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-sdk-api-gateway/-/middleware-sdk-api-gateway-3.709.0.tgz#b6da87a8bbf1c2175ac4b166a1a00c59ee71845c" @@ -1413,19 +1084,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/middleware-user-agent@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.713.0.tgz#94183750cdddb78197c1f693ad6b81f29757cde3" - integrity sha512-MYg2N9EUXQ4Kf0+rk7qCHPLbxRPAeWrxJXp8xDxSBiDPf0hcbCtT+cXXB6qWVrnp+OuacoUDrur3h604sp47Aw== - dependencies: - "@aws-sdk/core" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@aws-sdk/util-endpoints" "3.713.0" - "@smithy/core" "^2.5.5" - "@smithy/protocol-http" "^4.1.8" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/region-config-resolver@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/region-config-resolver/-/region-config-resolver-3.709.0.tgz#64547b333842e5804e1793e4d6d29578c0b34a68" @@ -1438,18 +1096,6 @@ "@smithy/util-middleware" "^3.0.11" tslib "^2.6.2" -"@aws-sdk/region-config-resolver@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/region-config-resolver/-/region-config-resolver-3.713.0.tgz#65117f0fa20da726a616880fef0933855f00d8b9" - integrity sha512-SsIxxUFgYSHXchkyal+Vg+tZUFyBR0NPy/3GEYZ8geJqVfgb/4SHCIfkLMcU0qPUKlRfkJF7FPdgO24sfLiopA== - dependencies: - "@aws-sdk/types" "3.713.0" - "@smithy/node-config-provider" "^3.1.12" - "@smithy/types" "^3.7.2" - "@smithy/util-config-provider" "^3.0.0" - "@smithy/util-middleware" "^3.0.11" - tslib "^2.6.2" - "@aws-sdk/signature-v4-multi-region@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.709.0.tgz#0c6f9d3e2978158163b63a4085356616237223c9" @@ -1473,17 +1119,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/token-providers@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/token-providers/-/token-providers-3.713.0.tgz#95f7554847b99bdce13a0f4333be7d3a4af6c223" - integrity sha512-KNL+XaU0yR6qFDtceHe/ycEz0kHyDWNd2pbL3clFWzeVQXYs8+dYDEXA17MJPVyg7oh4wRdu0ymwQsBMl2wYAA== - dependencies: - "@aws-sdk/types" "3.713.0" - "@smithy/property-provider" "^3.1.11" - "@smithy/shared-ini-file-loader" "^3.1.12" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/types@3.709.0", "@aws-sdk/types@^3.222.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.709.0.tgz#f8d7ab07e253d3ed0e3b360e09fc67c7430a73b9" @@ -1492,14 +1127,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/types@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/types/-/types-3.713.0.tgz#8d857b1b72a76c58129f305a24ce8d5b261385bc" - integrity sha512-AMSYVKi1MxrJqGGbjcFC7/4g8E+ZHGfg/eW0+GXQJmsVjMjccHtU+s1dYloX4KEDgrY42QPep+dpSVRR4W7U1Q== - dependencies: - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/util-arn-parser@3.693.0": version "3.693.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-arn-parser/-/util-arn-parser-3.693.0.tgz#8dae27eb822ab4f88be28bb3c0fc11f1f13d3948" @@ -1524,16 +1151,6 @@ "@smithy/util-endpoints" "^2.1.7" tslib "^2.6.2" -"@aws-sdk/util-endpoints@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/util-endpoints/-/util-endpoints-3.713.0.tgz#1784bd80f21883776255eae4c90274a1c7f5b0da" - integrity sha512-fbHDhiPTqfmkWzxZgWy+GFpdfiWJa1kNLWJCF4+yaF7iOZz0eyHoBX3iaTf20V2SUU8D2td/qkwTF+cpSZTZVw== - dependencies: - "@aws-sdk/types" "3.713.0" - "@smithy/types" "^3.7.2" - "@smithy/util-endpoints" "^2.1.7" - tslib "^2.6.2" - "@aws-sdk/util-locate-window@^3.0.0": version "3.693.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-locate-window/-/util-locate-window-3.693.0.tgz#1160f6d055cf074ca198eb8ecf89b6311537ad6c" @@ -1551,16 +1168,6 @@ bowser "^2.11.0" tslib "^2.6.2" -"@aws-sdk/util-user-agent-browser@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.713.0.tgz#91568a89076f1f0ecaa7608cfbb3a0f0d11c89bf" - integrity sha512-ioLAF8aIlcVhdizFVNuogMK5u3Js04rpGFvsbZANa1SJ9pK2UsKznnzinJT4e4ongy55g6LSZkWlF79VjG/Yfw== - dependencies: - "@aws-sdk/types" "3.713.0" - "@smithy/types" "^3.7.2" - bowser "^2.11.0" - tslib "^2.6.2" - "@aws-sdk/util-user-agent-node@3.712.0": version "3.712.0" resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.712.0.tgz#7634627775e0993eace70dea1dd915122f1a053f" @@ -1572,17 +1179,6 @@ "@smithy/types" "^3.7.2" tslib "^2.6.2" -"@aws-sdk/util-user-agent-node@3.713.0": - version "3.713.0" - resolved "https://registry.yarnpkg.com/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.713.0.tgz#98e283719bb0f74bca4ffadfc8835f28a0ee5511" - integrity sha512-dIunWBB7zRLvLVzNoBjap8YWrOhkwdFEjDWx9NleD+8ufpCFq5gEm8PJ0JP6stUgG5acTmafdzH7NgMyaeEexA== - dependencies: - "@aws-sdk/middleware-user-agent" "3.713.0" - "@aws-sdk/types" "3.713.0" - "@smithy/node-config-provider" "^3.1.12" - "@smithy/types" "^3.7.2" - tslib "^2.6.2" - "@aws-sdk/xml-builder@3.709.0": version "3.709.0" resolved "https://registry.yarnpkg.com/@aws-sdk/xml-builder/-/xml-builder-3.709.0.tgz#5841faa1e78afcea064557a1a56709978b325758" @@ -5177,7 +4773,7 @@ dependencies: "@types/node" "*" -"@types/aws-lambda@^8.10.122", "@types/aws-lambda@^8.10.146", "@types/aws-lambda@^8.10.76": +"@types/aws-lambda@^8.10.122", "@types/aws-lambda@^8.10.76": version "8.10.146" resolved "https://registry.yarnpkg.com/@types/aws-lambda/-/aws-lambda-8.10.146.tgz#05f9968d8cd9719a0a86526baf889c25761f60b8" integrity sha512-3BaDXYTh0e6UCJYL/jwV/3+GRslSc08toAiZSmleYtkAUyV5rtvdPYxrG/88uqvTuT6sb27WE9OS90ZNTIuQ0g== From 387bdd6fa4c0c77f3da1acb45087be3b9915cb56 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 20:13:43 +0100 Subject: [PATCH 10/17] fix: pass in cert arn --- .github/workflows/reusable-deploy-job.yml | 7 ++---- serverless.yml | 30 ++--------------------- 2 files changed, 4 insertions(+), 33 deletions(-) diff --git a/.github/workflows/reusable-deploy-job.yml b/.github/workflows/reusable-deploy-job.yml index f73794d..fd05a71 100644 --- a/.github/workflows/reusable-deploy-job.yml +++ b/.github/workflows/reusable-deploy-job.yml @@ -48,6 +48,8 @@ jobs: FRONTEND_URL: ${{ secrets.FRONTEND_URL }} BACKEND_URL: ${{ secrets.BACKEND_URL }} HOSTED_ZONE_ID: ${{ secrets.HOSTED_ZONE_ID }} + FRONTEND_CERTIFICATE_ARN: ${{ secrets.FRONTEND_CERTIFICATE_ARN }} + BACKEND_CERTIFICATE_ARN: ${{ secrets.BACKEND_CERTIFICATE_ARN }} steps: - uses: actions/checkout@v4 @@ -79,11 +81,6 @@ jobs: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-deploy-user role-session-name: github-deployment - - name: Set environment variables without https - run: | - echo "FRONTEND_URL_WITHOUT_HTTPS=$(echo ${{ secrets.FRONTEND_URL }} | sed 's/^https:\/\///')" >> $GITHUB_ENV - echo "BACKEND_URL_WITHOUT_HTTPS=$(echo ${{ secrets.BACKEND_URL }} | sed 's/^https:\/\///')" >> $GITHUB_ENV - - name: Deploy Frontend run: serverless s3sync bucket --bucket ${{ secrets.COMPANY_ABBREVIATION }}-lara-frontend-${{ inputs.target }} diff --git a/serverless.yml b/serverless.yml index f9c26db..2bad956 100644 --- a/serverless.yml +++ b/serverless.yml @@ -261,32 +261,6 @@ resources: - staging Resources: - FrontendDNSCertificate: - Type: AWS::CertificateManager::Certificate - Condition: IsProductionOrStaging - Properties: - DomainName: ${env:FRONTEND_URL_WITHOUT_HTTPS} - ValidationMethod: DNS - DomainValidationOptions: - - DomainName: ${env:FRONTEND_URL_WITHOUT_HTTPS} - HostedZoneId: ${env:HOSTED_ZONE_ID} - Tags: - - Key: Name - Value: FrontendDNSCertificate-${self:custom.stage} - - BackendDNSCertificate: - Type: AWS::CertificateManager::Certificate - Condition: IsProductionOrStaging - Properties: - DomainName: ${env:BACKEND_URL_WITHOUT_HTTPS} - ValidationMethod: DNS - DomainValidationOptions: - - DomainName: ${env:BACKEND_URL_WITHOUT_HTTPS} - HostedZoneId: ${env:HOSTED_ZONE_ID} - Tags: - - Key: Name - Value: BackendDNSCertificate-${self:custom.stage} - UserTable: Type: 'AWS::DynamoDB::Table' DeletionPolicy: Delete @@ -441,7 +415,7 @@ resources: ViewerCertificate: Fn::If: - IsProductionOrStaging - - AcmCertificateArn: !Ref FrontendDNSCertificate + - AcmCertificateArn: ${self:provider.environment.FRONTEND_CERTIFICATE_ARN} SslSupportMethod: sni-only MinimumProtocolVersion: TLSv1.2_2018 - Ref: AWS::NoValue @@ -481,7 +455,7 @@ resources: ViewerCertificate: Fn::If: - IsProductionOrStaging - - AcmCertificateArn: !Ref BackendDNSCertificate + - AcmCertificateArn: ${self:provider.environment.BACKEND_CERTIFICATE_ARN} SslSupportMethod: sni-only MinimumProtocolVersion: TLSv1.2_2018 - Ref: AWS::NoValue From e5e391607ec04dc0106b3db714e5bc8845c717b9 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 20:26:47 +0100 Subject: [PATCH 11/17] fix: adds missing .env examples --- .env.example | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.env.example b/.env.example index eaa8ac1..c83bdf0 100644 --- a/.env.example +++ b/.env.example @@ -27,3 +27,6 @@ ALEXA_AMAZON_CLIENT_SECRET = secret LARA_SECRET = secret STAGE = dev + +FRONTEND_CERTIFICATE_ARN = arn:aws:acm:eu-west-1:123456789012:certificate/12345678-1234-1234-1234-123456789012 +BACKEND_CERTIFICATE_ARN = arn:aws:acm:eu-west-1:123456789012:certificate/12345678-1234-1234-1234-123456789012 From 4f5732d0eea0316b8fe5c853c7e84dbac9ff4d84 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 21:00:16 +0100 Subject: [PATCH 12/17] fix: alias names --- .github/workflows/reusable-deploy-job.yml | 5 +++++ serverless.yml | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-deploy-job.yml b/.github/workflows/reusable-deploy-job.yml index fd05a71..f91644b 100644 --- a/.github/workflows/reusable-deploy-job.yml +++ b/.github/workflows/reusable-deploy-job.yml @@ -81,6 +81,11 @@ jobs: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-deploy-user role-session-name: github-deployment + - name: Set environment variables without https + run: | + echo "FRONTEND_URL_WITHOUT_HTTPS=$(echo ${{ secrets.FRONTEND_URL }} | sed 's/^https:\/\///')" >> $GITHUB_ENV + echo "BACKEND_URL_WITHOUT_HTTPS=$(echo ${{ secrets.BACKEND_URL }} | sed 's/^https:\/\///')" >> $GITHUB_ENV + - name: Deploy Frontend run: serverless s3sync bucket --bucket ${{ secrets.COMPANY_ABBREVIATION }}-lara-frontend-${{ inputs.target }} diff --git a/serverless.yml b/serverless.yml index 2bad956..3739aa4 100644 --- a/serverless.yml +++ b/serverless.yml @@ -411,7 +411,7 @@ resources: ForwardedValues: QueryString: true Aliases: - - ${self:provider.environment.FRONTEND_URL} + - ${env:FRONTEND_URL_WITHOUT_HTTPS} ViewerCertificate: Fn::If: - IsProductionOrStaging @@ -451,7 +451,7 @@ resources: ForwardedValues: QueryString: true Aliases: - - ${self:provider.environment.BACKEND_URL} + - ${env:BACKEND_URL_WITHOUT_HTTPS} ViewerCertificate: Fn::If: - IsProductionOrStaging From f82dd3c1a6e6d7900a81ae6d2aac663f73e213af Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 21:18:38 +0100 Subject: [PATCH 13/17] fix: adds missing A records --- serverless.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/serverless.yml b/serverless.yml index 3739aa4..0a8ff34 100644 --- a/serverless.yml +++ b/serverless.yml @@ -460,6 +460,26 @@ resources: MinimumProtocolVersion: TLSv1.2_2018 - Ref: AWS::NoValue + FrontendAliasRecord: + Type: AWS::Route53::RecordSet + Properties: + HostedZoneId: ${env:HOSTED_ZONE_ID} + Name: ${env:FRONTEND_URL_WITHOUT_HTTPS} + Type: A + AliasTarget: + DNSName: !GetAtt FrontendDistribution.DomainName + HostedZoneId: Z2FDTNDATAQYW2 + + BackendAliasRecord: + Type: AWS::Route53::RecordSet + Properties: + HostedZoneId: ${env:HOSTED_ZONE_ID} + Name: ${env:BACKEND_URL_WITHOUT_HTTPS} + Type: A + AliasTarget: + DNSName: !GetAtt BackendDistribution.DomainName + HostedZoneId: Z2FDTNDATAQYW2 + OAC: Type: AWS::CloudFront::OriginAccessControl Properties: From 893acbed1bcbb7dd026bd52e9a588b83e75ad74b Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 22:19:35 +0100 Subject: [PATCH 14/17] fix: TLS, cors --- serverless.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/serverless.yml b/serverless.yml index 0a8ff34..ea7f1ea 100644 --- a/serverless.yml +++ b/serverless.yml @@ -410,6 +410,7 @@ resources: ViewerProtocolPolicy: redirect-to-https ForwardedValues: QueryString: true + ResponseHeadersPolicyId: e61eb60c-9c35-4d20-a928-2b84e02af89c Aliases: - ${env:FRONTEND_URL_WITHOUT_HTTPS} ViewerCertificate: @@ -417,7 +418,7 @@ resources: - IsProductionOrStaging - AcmCertificateArn: ${self:provider.environment.FRONTEND_CERTIFICATE_ARN} SslSupportMethod: sni-only - MinimumProtocolVersion: TLSv1.2_2018 + MinimumProtocolVersion: TLSv1.2_2021 - Ref: AWS::NoValue BackendDistribution: @@ -435,7 +436,7 @@ resources: HTTPSPort: 443 OriginProtocolPolicy: https-only OriginSSLProtocols: - - TLSv1 + - TLSv1.2 HttpVersion: http2 DefaultCacheBehavior: AllowedMethods: @@ -450,6 +451,7 @@ resources: ViewerProtocolPolicy: redirect-to-https ForwardedValues: QueryString: true + ResponseHeadersPolicyId: e61eb60c-9c35-4d20-a928-2b84e02af89c Aliases: - ${env:BACKEND_URL_WITHOUT_HTTPS} ViewerCertificate: @@ -457,7 +459,7 @@ resources: - IsProductionOrStaging - AcmCertificateArn: ${self:provider.environment.BACKEND_CERTIFICATE_ARN} SslSupportMethod: sni-only - MinimumProtocolVersion: TLSv1.2_2018 + MinimumProtocolVersion: TLSv1.2_2021 - Ref: AWS::NoValue FrontendAliasRecord: From 12fdc264f29477a44f53c52a8814dbd4f93f7fd4 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Tue, 17 Dec 2024 22:35:32 +0100 Subject: [PATCH 15/17] fix: missing origin path --- serverless.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/serverless.yml b/serverless.yml index ea7f1ea..186b764 100644 --- a/serverless.yml +++ b/serverless.yml @@ -437,6 +437,7 @@ resources: OriginProtocolPolicy: https-only OriginSSLProtocols: - TLSv1.2 + OriginPath: '/${self:custom.stage}' HttpVersion: http2 DefaultCacheBehavior: AllowedMethods: From e8db74cec02d5c687ee8dc19c3df94458e09d763 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Wed, 18 Dec 2024 10:26:47 +0100 Subject: [PATCH 16/17] fix: bucket policy --- serverless.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/serverless.yml b/serverless.yml index 186b764..d16de42 100644 --- a/serverless.yml +++ b/serverless.yml @@ -492,8 +492,8 @@ resources: SigningBehavior: no-override SigningProtocol: sigv4 - PolicyForCloudFrontPrivateContent: - Type: 'AWS::S3::BucketPolicy' + FrontendBucketPolicy: + Type: AWS::S3::BucketPolicy Properties: Bucket: !Ref FrontendBucket PolicyDocument: @@ -509,14 +509,6 @@ resources: Condition: StringEquals: aws:SourceArn: !Sub 'arn:aws:cloudfront::${AWS::AccountId}:distribution/${FrontendDistribution.Id}' - - FrontendBucketPolicy: - Type: AWS::S3::BucketPolicy - Properties: - Bucket: !Ref FrontendBucket - PolicyDocument: - Version: '2012-10-17' - Statement: - Sid: 'AllowSSLRequestsOnly' Effect: Deny Principal: '*' From 9adb01f6d69a7d0603d4f5cc8c1fad73d697b343 Mon Sep 17 00:00:00 2001 From: Tim Brust Date: Thu, 7 Aug 2025 10:14:54 +0200 Subject: [PATCH 17/17] fix: remove debug statement --- .github/workflows/merge-to-master.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/merge-to-master.yml b/.github/workflows/merge-to-master.yml index 219ba7e..d9b15fb 100644 --- a/.github/workflows/merge-to-master.yml +++ b/.github/workflows/merge-to-master.yml @@ -7,7 +7,6 @@ on: push: branches: - 'main' - - 'timbru31-patch-1' jobs: install: