Empty us east 1 deployment bucket upon stack delete (#243)

ottokruse · web-flow · commit 53014854b137 · 2023-08-04T08:17:57.000+02:00
* Delete objects in deployment bucket upon stack delete

* Version bump for release
diff --git a/example-serverless-app-reuse/reuse-auth-only.yaml b/example-serverless-app-reuse/reuse-auth-only.yaml
@@ -32,7 +32,7 @@ Parameters:
   SemanticVersion:
     Type: String
     Description: Semantic version of the back end
-    Default: 2.1.6
+    Default: 2.1.7
 
   HttpHeaders:
     Type: String
diff --git a/example-serverless-app-reuse/reuse-complete-cdk.ts b/example-serverless-app-reuse/reuse-complete-cdk.ts
@@ -19,7 +19,7 @@ const authAtEdge = new sam.CfnApplication(stack, "AuthorizationAtEdge", {
   location: {
     applicationId:
       "arn:aws:serverlessrepo:us-east-1:520945424137:applications/cloudfront-authorization-at-edge",
-    semanticVersion: "2.1.6",
+    semanticVersion: "2.1.7",
   },
   parameters: {
     EmailAddress: "johndoe@example.com",
diff --git a/example-serverless-app-reuse/reuse-complete.yaml b/example-serverless-app-reuse/reuse-complete.yaml
@@ -12,7 +12,7 @@ Resources:
     Properties:
       Location:
         ApplicationId: arn:aws:serverlessrepo:us-east-1:520945424137:applications/cloudfront-authorization-at-edge
-        SemanticVersion: 2.1.6
+        SemanticVersion: 2.1.7
   AlanTuring:
     Type: AWS::Cognito::UserPoolUser
     Properties:
diff --git a/example-serverless-app-reuse/reuse-with-existing-user-pool.yaml b/example-serverless-app-reuse/reuse-with-existing-user-pool.yaml
@@ -75,7 +75,7 @@ Resources:
     Properties:
       Location:
         ApplicationId: arn:aws:serverlessrepo:us-east-1:520945424137:applications/cloudfront-authorization-at-edge
-        SemanticVersion: 2.1.6
+        SemanticVersion: 2.1.7
       Parameters:
         UserPoolArn: !GetAtt UserPool.Arn
         UserPoolClientId: !Ref UserPoolClient
diff --git a/src/cfn-custom-resources/us-east-1-lambda-stack/index.ts b/src/cfn-custom-resources/us-east-1-lambda-stack/index.ts
@@ -128,6 +128,12 @@ async function ensureUsEast1LambdaStack(props: {
       .catch(() => ({ Stacks: undefined }));
     if (stacks?.length) {
       console.log("Deleting us-east-1 stack ...");
+      const deploymentBucket = stacks[0].Outputs?.find(
+        (output) => output.OutputKey === "DeploymentBucket"
+      )?.OutputValue;
+      if (deploymentBucket) {
+        await emptyBucket({ bucket: deploymentBucket });
+      }
       await CFN_CLIENT_US_EAST_1.deleteStack({
         StackName: props.stackName,
       }).promise();
@@ -412,6 +418,33 @@ async function copyLambdaCodeToUsEast1(props: {
   return props;
 }
 
+async function emptyBucket(props: { bucket: string }) {
+  const params: S3.ListObjectsV2Request = {
+    Bucket: props.bucket,
+  };
+  do {
+    console.log(`Listing objects in bucket ${props.bucket} ...`);
+    const { Contents: s3objects, NextContinuationToken } =
+      await S3_CLIENT_US_EAST_1.listObjectsV2(params).promise();
+
+    if (!s3objects?.length) break;
+    console.log(`Deleting ${s3objects.length} S3 objects ...`);
+
+    const { Errors: errors } = await S3_CLIENT_US_EAST_1.deleteObjects({
+      Bucket: props.bucket,
+      Delete: {
+        Objects: s3objects.filter((o) => !!o.Key).map((o) => ({ Key: o.Key! })),
+      },
+    }).promise();
+
+    if (errors?.length) {
+      console.log("Failed to delete objects:", JSON.stringify(errors));
+    }
+
+    params.ContinuationToken = NextContinuationToken;
+  } while (params.ContinuationToken);
+}
+
 export const handler: CloudFormationCustomResourceHandler = async (event) => {
   console.log(JSON.stringify(event, undefined, 4));
   const { StackId: stackId, RequestType: requestType } = event;
diff --git a/template.yaml b/template.yaml
@@ -27,7 +27,7 @@ Metadata:
         "amplify",
       ]
     HomePageUrl: https://github.com/aws-samples/cloudfront-authorization-at-edge
-    SemanticVersion: 2.1.6
+    SemanticVersion: 2.1.7
     SourceCodeUrl: https://github.com/aws-samples/cloudfront-authorization-at-edge
 
 Parameters:
@@ -150,7 +150,7 @@ Parameters:
   Version:
     Type: String
     Description: "Changing this parameter after initial deployment forces redeployment of Lambda@Edge functions"
-    Default: "2.1.6"
+    Default: "2.1.7"
   LogLevel:
     Type: String
     Description: "Use for development: setting to a value other than none turns on logging at that level. Warning! This will log sensitive data, use for development only"
@@ -423,6 +423,8 @@ Resources:
                 - s3:PutObject
                 - s3:CreateBucket
                 - s3:DeleteBucket
+                - s3:DeleteObject
+                - s3:ListBucket
               Resource: !Sub "arn:${AWS::Partition}:s3:::*-authedgedeploymentbucket-*"
             - Effect: Allow
               Action: lambda:GetFunction
