diff --git a/packages/prerender-fargate/index.ts b/packages/prerender-fargate/index.ts index ea3f8229..e00f084e 100644 --- a/packages/prerender-fargate/index.ts +++ b/packages/prerender-fargate/index.ts @@ -1,4 +1,9 @@ import { PrerenderFargate } from "./lib/prerender-fargate"; import { PrerenderFargateOptions } from "./lib/prerender-fargate-options"; +import { PrerenderTokenUrlAssociationOptions } from "./lib/recaching/prerender-tokens"; -export { PrerenderFargate, PrerenderFargateOptions }; +export { + PrerenderFargate, + PrerenderFargateOptions, + PrerenderTokenUrlAssociationOptions, +}; diff --git a/packages/prerender-fargate/lib/prerender-fargate-options.ts b/packages/prerender-fargate/lib/prerender-fargate-options.ts index e71f728f..a90a320c 100644 --- a/packages/prerender-fargate/lib/prerender-fargate-options.ts +++ b/packages/prerender-fargate/lib/prerender-fargate-options.ts @@ -1,4 +1,4 @@ -import { PrerenderTokenUrlAssociationProps } from "./recaching/prerender-tokens"; +import { PrerenderTokenUrlAssociationOptions } from "./recaching/prerender-tokens"; /** * Options for configuring the Prerender Fargate construct. @@ -77,5 +77,5 @@ export interface PrerenderFargateOptions { * } * ``` */ - tokenUrlAssociation?: PrerenderTokenUrlAssociationProps; + tokenUrlAssociation?: PrerenderTokenUrlAssociationOptions; } diff --git a/packages/prerender-fargate/lib/prerender-fargate.ts b/packages/prerender-fargate/lib/prerender-fargate.ts index bd8e0b49..2868112e 100644 --- a/packages/prerender-fargate/lib/prerender-fargate.ts +++ b/packages/prerender-fargate/lib/prerender-fargate.ts @@ -6,7 +6,6 @@ import { Certificate } from "aws-cdk-lib/aws-certificatemanager"; import { HostedZone } from "aws-cdk-lib/aws-route53"; import { Bucket, BlockPublicAccess } from "aws-cdk-lib/aws-s3"; import * as ecrAssets from "aws-cdk-lib/aws-ecr-assets"; -import { AccessKey, User } from "aws-cdk-lib/aws-iam"; import { Duration, RemovalPolicy, Stack } from "aws-cdk-lib"; import * as path from "path"; import { PrerenderTokenUrlAssociation } from "./recaching/prerender-tokens"; @@ -115,15 +114,6 @@ export class PrerenderFargate extends Construct { blockPublicAccess: BlockPublicAccess.BLOCK_ALL, }); - // Configure access to the bucket for the container - const user = new User(this, "PrerenderAccess"); - this.bucket.grantReadWrite(user); - - const accessKey = new AccessKey(this, "PrerenderAccessKey", { - user: user, - serial: 1, - }); - const vpcLookup = vpcId ? { vpcId: vpcId } : { isDefault: true }; const vpc = ec2.Vpc.fromLookup(this, "vpc", vpcLookup); @@ -165,8 +155,6 @@ export class PrerenderFargate extends Construct { containerPort: 3000, environment: { S3_BUCKET_NAME: this.bucket.bucketName, - AWS_ACCESS_KEY_ID: accessKey.accessKeyId, - AWS_SECRET_ACCESS_KEY: accessKey.secretAccessKey.unsafeUnwrap(), AWS_REGION: Stack.of(this).region, ENABLE_REDIRECT_CACHE: enableRedirectCache || "false", TOKEN_LIST: tokenList.toString(), @@ -189,6 +177,9 @@ export class PrerenderFargate extends Construct { } ); + // Grant S3 Bucket access to the task role + this.bucket.grantReadWrite(fargateService.taskDefinition.taskRole); + // As the prerender service will return a 401 on all unauthorised requests // It should be considered healthy when receiving a 401 response fargateService.targetGroup.configureHealthCheck({ diff --git a/packages/prerender-fargate/lib/recaching/prerender-tokens.ts b/packages/prerender-fargate/lib/recaching/prerender-tokens.ts index 0153f4c5..ff36d3b0 100644 --- a/packages/prerender-fargate/lib/recaching/prerender-tokens.ts +++ b/packages/prerender-fargate/lib/recaching/prerender-tokens.ts @@ -12,7 +12,7 @@ interface TokenUrlAssociation { /** * Interface for associating a token with a URL for prerendering. */ -export interface PrerenderTokenUrlAssociationProps extends StackProps { +export interface PrerenderTokenUrlAssociationOptions extends StackProps { /** * Object containing the token and its associated URL. * ### Example @@ -46,7 +46,7 @@ export class PrerenderTokenUrlAssociation extends Stack { constructor( scope: Construct, id: string, - props: PrerenderTokenUrlAssociationProps + props: PrerenderTokenUrlAssociationOptions ) { super(scope, id, props);