chore: wip

chrisbbreuer · chrisbbreuer · commit 12a4243855ae · 2023-10-21T15:43:48.000-07:00
diff --git a/.stacks/core/cloud/src/cloud.ts b/.stacks/core/cloud/src/cloud.ts
@@ -351,9 +351,8 @@ export class StacksCloud extends Stack {
     if (config.cloud.cdn?.enableLogging) {
       logBucket = new s3.Bucket(this, 'LogBucket', {
         bucketName: `${this.appName}-logs-${appEnv}-${timestamp}`,
-        removalPolicy: RemovalPolicy.RETAIN, // removed via buddy cloud:cleanup because oddly the files in the bucket don't get auto-deleted
-        // removalPolicy: RemovalPolicy.DESTROY,
-        // autoDeleteObjects: true,
+        removalPolicy: RemovalPolicy.DESTROY,
+        autoDeleteObjects: true,
         blockPublicAccess: new s3.BlockPublicAccess({
           blockPublicAcls: false,
           ignorePublicAcls: true,
@@ -370,7 +369,7 @@ export class StacksCloud extends Stack {
     // Daily 35 day retention
     const vault = new backup.BackupVault(this, 'BackupVault', {
       backupVaultName: `${this.appName}-${appEnv}-daily-backup-vault-${timestamp}`,
-      // encryptionKey: this.storage?.encryptionKey,
+      encryptionKey: this.storage?.emailBucket?.encryptionKey,
     })
     const plan = backup.BackupPlan.daily35DayRetention(this, 'BackupPlan', vault)
 
@@ -757,6 +756,7 @@ export class StacksCloud extends Stack {
     })
 
     const ruleName = 'Inbound'
+    // const receiptRule = new ses.CfnReceiptRule(this, 'SESReceiptRule', {
     new ses.CfnReceiptRule(this, 'SESReceiptRule', {
       ruleSetName: ruleSet.ref,
       rule: {
@@ -766,7 +766,7 @@ export class StacksCloud extends Stack {
           {
             s3Action: {
               bucketName: this.storage.emailBucket.bucketName,
-              // kmsKeyArn: this.storage.emailBucket.encryptionKey?.keyArn,
+              kmsKeyArn: this.storage.emailBucket.encryptionKey?.keyArn,
               objectKeyPrefix: 'tmp/email_in',
             },
           },
@@ -804,10 +804,10 @@ export class StacksCloud extends Stack {
         'kms:Decrypt',
         'kms:GenerateDataKey',
       ],
-      resources: ['*'],
+      resources: [this.storage.emailBucket.encryptionKey?.keyArn || '*'],
       conditions: {
         StringEquals: {
-          'aws:SourceAccount': this.account,
+          'aws:SourceAccount': Stack.of(this).account,
         },
         ArnLike: {
           'aws:SourceArn': `arn:aws:ses:${this.region}:${Stack.of(this).account}:receipt-rule-set/${ruleSetName}:receipt-rule/${ruleName}`,
@@ -1195,7 +1195,7 @@ export class StacksCloud extends Stack {
         versioned: true,
         removalPolicy: RemovalPolicy.DESTROY,
         autoDeleteObjects: true,
-        encryption: s3.BucketEncryption.S3_MANAGED,
+        encryption: s3.BucketEncryption.KMS_MANAGED,
         enforceSSL: true,
         publicReadAccess: false,
         blockPublicAccess: {
@@ -1223,7 +1223,7 @@ export class StacksCloud extends Stack {
         versioned: true,
         removalPolicy: RemovalPolicy.DESTROY,
         autoDeleteObjects: true,
-        // encryption: s3.BucketEncryption.S3_MANAGED,
+        encryption: s3.BucketEncryption.KMS_MANAGED,
         lifecycleRules: [
           {
             id: '24h',
diff --git a/.stacks/ide/dictionary.txt b/.stacks/ide/dictionary.txt
@@ -241,6 +241,7 @@ tsup
 typecheck
 typesense
 unconfig
+undeploys
 unhead
 unimport
 unocss
diff --git a/README.md b/README.md
@@ -231,6 +231,7 @@ buddy deploy # select a specific deployment (follow CLI prompts)
 # buddy deploy:functions # deploys functions to AWS (or other configured provider)
 # buddy deploy:views # deploys views to AWS (or other configured provider)
 # buddy deploy:all # deploys all your code
+buddy undeploy # be careful: "undeploys" removes/deletes your deployed resources
 
 buddy cloud:cleanup # removes cloud setup
 buddy cloud:remove # removes cloud setup
diff --git a/bun.lockb b/bun.lockb
