diff --git a/packages/@aws-cdk/aws-apigateway/test/domains.test.ts b/packages/@aws-cdk/aws-apigateway/test/domains.test.ts index 7ad0f4224d70b..7b8817df48853 100644 --- a/packages/@aws-cdk/aws-apigateway/test/domains.test.ts +++ b/packages/@aws-cdk/aws-apigateway/test/domains.test.ts @@ -388,7 +388,7 @@ describe('domains', () => { test('accepts a mutual TLS configuration', () => { const stack = new Stack(); - const bucket = Bucket.fromBucketName(stack, 'testBucket', 'exampleBucket'); + const bucket = Bucket.fromBucketName(stack, 'testBucket', 'example-bucket'); new apigw.DomainName(stack, 'another-domain', { domainName: 'example.com', mtls: { @@ -402,14 +402,14 @@ describe('domains', () => { 'DomainName': 'example.com', 'EndpointConfiguration': { 'Types': ['REGIONAL'] }, 'RegionalCertificateArn': 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d', - 'MutualTlsAuthentication': { 'TruststoreUri': 's3://exampleBucket/someca.pem' }, + 'MutualTlsAuthentication': { 'TruststoreUri': 's3://example-bucket/someca.pem' }, }); }); test('mTLS should allow versions to be set on the s3 bucket', () => { const stack = new Stack(); - const bucket = Bucket.fromBucketName(stack, 'testBucket', 'exampleBucket'); + const bucket = Bucket.fromBucketName(stack, 'testBucket', 'example-bucket'); new apigw.DomainName(stack, 'another-domain', { domainName: 'example.com', certificate: acm.Certificate.fromCertificateArn(stack, 'cert2', 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d'), @@ -423,7 +423,7 @@ describe('domains', () => { 'DomainName': 'example.com', 'EndpointConfiguration': { 'Types': ['REGIONAL'] }, 'RegionalCertificateArn': 'arn:aws:acm:us-east-1:1111111:certificate/11-3336f1-44483d-adc7-9cd375c5169d', - 'MutualTlsAuthentication': { 'TruststoreUri': 's3://exampleBucket/someca.pem', 'TruststoreVersion': 'version' }, + 'MutualTlsAuthentication': { 'TruststoreUri': 's3://example-bucket/someca.pem', 'TruststoreVersion': 'version' }, }); }); diff --git a/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts b/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts index c00f01d43acc4..89bd89d84c31c 100644 --- a/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts +++ b/packages/@aws-cdk/aws-cloudtrail/test/cloudtrail.test.ts @@ -131,13 +131,13 @@ describe('cloudtrail', () => { test('with imported s3 bucket', () => { // GIVEN const stack = getTestStack(); - const bucket = s3.Bucket.fromBucketName(stack, 'S3', 'SomeBucket'); + const bucket = s3.Bucket.fromBucketName(stack, 'S3', 'somebucket'); // WHEN new Trail(stack, 'Trail', { bucket }); expect(stack).toHaveResource('AWS::CloudTrail::Trail', { - S3BucketName: 'SomeBucket', + S3BucketName: 'somebucket', }); }); diff --git a/packages/@aws-cdk/aws-codebuild/test/project.test.ts b/packages/@aws-cdk/aws-codebuild/test/project.test.ts index 08fbe3e8f8768..0041d1651ec9d 100644 --- a/packages/@aws-cdk/aws-codebuild/test/project.test.ts +++ b/packages/@aws-cdk/aws-codebuild/test/project.test.ts @@ -673,7 +673,7 @@ describe('Environment', () => { test('logs config - s3', () => { // GIVEN const stack = new cdk.Stack(); - const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket', 'MyBucketName'); + const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket', 'mybucketname'); // WHEN new codebuild.Project(stack, 'Project', { @@ -693,7 +693,7 @@ describe('Environment', () => { expect(stack).toHaveResourceLike('AWS::CodeBuild::Project', { LogsConfig: objectLike({ S3Logs: { - Location: 'MyBucketName/my-logs', + Location: 'mybucketname/my-logs', Status: 'ENABLED', }, }), @@ -703,7 +703,7 @@ describe('Environment', () => { test('logs config - cloudWatch and s3', () => { // GIVEN const stack = new cdk.Stack(); - const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket2', 'MyBucketName'); + const bucket = s3.Bucket.fromBucketName(stack, 'LogBucket2', 'mybucketname'); const logGroup = logs.LogGroup.fromLogGroupName(stack, 'LogGroup2', 'MyLogGroupName'); // WHEN @@ -730,7 +730,7 @@ describe('Environment', () => { Status: 'ENABLED', }, S3Logs: { - Location: 'MyBucketName', + Location: 'mybucketname', Status: 'ENABLED', }, }), diff --git a/packages/@aws-cdk/aws-ec2/test/cfn-init-element.test.ts b/packages/@aws-cdk/aws-ec2/test/cfn-init-element.test.ts index 75896912f3661..8f1c4951d2bf3 100644 --- a/packages/@aws-cdk/aws-ec2/test/cfn-init-element.test.ts +++ b/packages/@aws-cdk/aws-ec2/test/cfn-init-element.test.ts @@ -664,7 +664,7 @@ describe('InitSource', () => { test('fromS3Object uses object URL', () => { // GIVEN - const bucket = s3.Bucket.fromBucketName(stack, 'bucket', 'MyBucket'); + const bucket = s3.Bucket.fromBucketName(stack, 'bucket', 'mybucket'); const source = ec2.InitSource.fromS3Object('/tmp/foo', bucket, 'myKey'); // WHEN @@ -672,7 +672,7 @@ describe('InitSource', () => { // THEN expect(rendered).toEqual({ - '/tmp/foo': expect.stringContaining('/MyBucket/myKey'), + '/tmp/foo': expect.stringContaining('/mybucket/myKey'), }); }); diff --git a/packages/@aws-cdk/aws-ec2/test/cfn-init.test.ts b/packages/@aws-cdk/aws-ec2/test/cfn-init.test.ts index 37d4fe2d72d28..2a9cce5e76719 100644 --- a/packages/@aws-cdk/aws-ec2/test/cfn-init.test.ts +++ b/packages/@aws-cdk/aws-ec2/test/cfn-init.test.ts @@ -667,7 +667,7 @@ class SingletonLocationSythesizer extends DefaultStackSynthesizer { public addFileAsset(_asset: FileAssetSource): FileAssetLocation { const httpUrl = 'https://MyBucket.s3.amazonaws.com/MyAsset'; return { - bucketName: 'MyAssetBucket', + bucketName: 'myassetbucket', objectKey: 'MyAssetFile', httpUrl, s3ObjectUrl: httpUrl, diff --git a/packages/@aws-cdk/aws-glue/test/code.test.ts b/packages/@aws-cdk/aws-glue/test/code.test.ts index 061f6d26c351f..8049bc1b29c6a 100644 --- a/packages/@aws-cdk/aws-glue/test/code.test.ts +++ b/packages/@aws-cdk/aws-glue/test/code.test.ts @@ -17,7 +17,7 @@ describe('Code', () => { let bucket: s3.IBucket; test('with valid bucket name and key and bound by job sets the right path and grants the job permissions to read from it', () => { - bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketName'); + bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketname'); script = glue.Code.fromBucket(bucket, key); new glue.Job(stack, 'Job1', { executable: glue.JobExecutable.pythonShell({ @@ -29,7 +29,7 @@ describe('Code', () => { Template.fromStack(stack).hasResourceProperties('AWS::Glue::Job', { Command: { - ScriptLocation: 's3://bucketName/script', + ScriptLocation: 's3://bucketname/script', }, }); @@ -53,7 +53,7 @@ describe('Code', () => { { Ref: 'AWS::Partition', }, - ':s3:::bucketName', + ':s3:::bucketname', ], ], }, @@ -65,7 +65,7 @@ describe('Code', () => { { Ref: 'AWS::Partition', }, - ':s3:::bucketName/script', + ':s3:::bucketname/script', ], ], }, diff --git a/packages/@aws-cdk/aws-glue/test/job-executable.test.ts b/packages/@aws-cdk/aws-glue/test/job-executable.test.ts index 481bd16dc8944..5fcf3b1487764 100644 --- a/packages/@aws-cdk/aws-glue/test/job-executable.test.ts +++ b/packages/@aws-cdk/aws-glue/test/job-executable.test.ts @@ -31,7 +31,7 @@ describe('JobExecutable', () => { beforeEach(() => { stack = new cdk.Stack(); - bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketName'); + bucket = s3.Bucket.fromBucketName(stack, 'Bucket', 'bucketname'); script = glue.Code.fromBucket(bucket, 'script.py'); }); diff --git a/packages/@aws-cdk/aws-glue/test/job.test.ts b/packages/@aws-cdk/aws-glue/test/job.test.ts index 625e4743570fd..c338b4d09cb42 100644 --- a/packages/@aws-cdk/aws-glue/test/job.test.ts +++ b/packages/@aws-cdk/aws-glue/test/job.test.ts @@ -55,7 +55,7 @@ describe('Job', () => { describe('new', () => { const className = 'com.amazon.test.ClassName'; - const codeBucketName = 'bucketName'; + const codeBucketName = 'bucketname'; const codeBucketAccessStatement = { Action: [ 's3:GetObject*', @@ -166,7 +166,7 @@ describe('Job', () => { Template.fromStack(stack).hasResourceProperties('AWS::Glue::Job', { Command: { Name: 'glueetl', - ScriptLocation: 's3://bucketName/script', + ScriptLocation: 's3://bucketname/script', }, Role: { 'Fn::GetAtt': [ @@ -383,7 +383,7 @@ describe('Job', () => { }); describe('with bucket provided', () => { - const sparkUIBucketName = 'sparkBucketName'; + const sparkUIBucketName = 'sparkbucketname'; let sparkUIBucket: s3.IBucket; beforeEach(() => { @@ -420,7 +420,7 @@ describe('Job', () => { { Ref: 'AWS::Partition', }, - ':s3:::sparkBucketName', + ':s3:::sparkbucketname', ], ], }, @@ -432,7 +432,7 @@ describe('Job', () => { { Ref: 'AWS::Partition', }, - ':s3:::sparkBucketName/*', + ':s3:::sparkbucketname/*', ], ], }, @@ -460,7 +460,7 @@ describe('Job', () => { }); describe('with bucket and path provided', () => { - const sparkUIBucketName = 'sparkBucketName'; + const sparkUIBucketName = 'sparkbucketname'; const prefix = 'some/path/'; let sparkUIBucket: s3.IBucket; @@ -516,7 +516,7 @@ describe('Job', () => { Template.fromStack(stack).hasResourceProperties('AWS::Glue::Job', { Command: { Name: 'glueetl', - ScriptLocation: 's3://bucketName/script', + ScriptLocation: 's3://bucketname/script', }, Role: { 'Fn::GetAtt': [ @@ -614,7 +614,7 @@ describe('Job', () => { GlueVersion: '2.0', Command: { Name: 'glueetl', - ScriptLocation: 's3://bucketName/script', + ScriptLocation: 's3://bucketname/script', PythonVersion: '3', }, Role: { @@ -625,9 +625,9 @@ describe('Job', () => { }, DefaultArguments: { '--job-language': 'python', - '--extra-jars': 's3://bucketName/file1.jar,s3://bucketName/file2.jar', - '--extra-py-files': 's3://bucketName/file1.py,s3://bucketName/file2.py', - '--extra-files': 's3://bucketName/file1.txt,s3://bucketName/file2.txt', + '--extra-jars': 's3://bucketname/file1.jar,s3://bucketname/file2.jar', + '--extra-py-files': 's3://bucketname/file1.py,s3://bucketname/file2.py', + '--extra-files': 's3://bucketname/file1.txt,s3://bucketname/file2.txt', '--user-jars-first': 'true', }, }); @@ -649,7 +649,7 @@ describe('Job', () => { GlueVersion: '2.0', Command: { Name: 'gluestreaming', - ScriptLocation: 's3://bucketName/script', + ScriptLocation: 's3://bucketname/script', }, Role: { 'Fn::GetAtt': [ @@ -660,8 +660,8 @@ describe('Job', () => { DefaultArguments: { '--job-language': 'scala', '--class': 'com.amazon.test.ClassName', - '--extra-jars': 's3://bucketName/file1.jar,s3://bucketName/file2.jar', - '--extra-files': 's3://bucketName/file1.txt,s3://bucketName/file2.txt', + '--extra-jars': 's3://bucketname/file1.jar,s3://bucketname/file2.jar', + '--extra-files': 's3://bucketname/file1.txt,s3://bucketname/file2.txt', '--user-jars-first': 'true', }, }); diff --git a/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts b/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts index 43922fb54cc5d..2bfe968f99279 100644 --- a/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts +++ b/packages/@aws-cdk/aws-s3-notifications/test/notifications.test.ts @@ -336,7 +336,7 @@ describe('CloudWatch Events', () => { test('onCloudTrailPutObject contains the Bucket ARN itself when path is undefined', () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { - bucketName: 'MyBucket', + bucketName: 'mybucket', }); bucket.onCloudTrailPutObject('PutRule', { target: { @@ -363,7 +363,7 @@ describe('CloudWatch Events', () => { { 'Ref': 'AWS::Partition', }, - ':s3:::MyBucket', + ':s3:::mybucket', ], ], }, @@ -378,7 +378,7 @@ describe('CloudWatch Events', () => { test("onCloudTrailPutObject contains the path when it's provided", () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { - bucketName: 'MyBucket', + bucketName: 'mybucket', }); bucket.onCloudTrailPutObject('PutRule', { target: { @@ -406,7 +406,7 @@ describe('CloudWatch Events', () => { { 'Ref': 'AWS::Partition', }, - ':s3:::MyBucket/my/path.zip', + ':s3:::mybucket/my/path.zip', ], ], }, @@ -421,7 +421,7 @@ describe('CloudWatch Events', () => { test('onCloudTrailWriteObject matches on events CompleteMultipartUpload, CopyObject, and PutObject', () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { - bucketName: 'MyBucket', + bucketName: 'mybucket', }); bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', { target: { @@ -449,7 +449,7 @@ describe('CloudWatch Events', () => { test('onCloudTrailWriteObject matches on the requestParameter bucketName when the path is not provided', () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { - bucketName: 'MyBucket', + bucketName: 'mybucket', }); bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', { target: { @@ -476,7 +476,7 @@ describe('CloudWatch Events', () => { test('onCloudTrailWriteObject matches on the requestParameters bucketName and key when the path is provided', () => { const stack = new cdk.Stack(); const bucket = s3.Bucket.fromBucketAttributes(stack, 'Bucket', { - bucketName: 'MyBucket', + bucketName: 'mybucket', }); bucket.onCloudTrailWriteObject('OnCloudTrailWriteObjectRule', { target: { diff --git a/packages/@aws-cdk/aws-s3/lib/bucket.ts b/packages/@aws-cdk/aws-s3/lib/bucket.ts index 67037f874bc3e..157aa31a3ed5f 100644 --- a/packages/@aws-cdk/aws-s3/lib/bucket.ts +++ b/packages/@aws-cdk/aws-s3/lib/bucket.ts @@ -1396,6 +1396,7 @@ export class Bucket extends BucketBase { if (!bucketName) { throw new Error('Bucket name is required'); } + Bucket.validateBucketName(bucketName); const newUrlFormat = attrs.bucketWebsiteNewUrlFormat === undefined ? false @@ -1434,6 +1435,52 @@ export class Bucket extends BucketBase { }); } + /** + * Thrown an exception if the given bucket name is not valid. + * + * @param physicalName name of the bucket. + */ + public static validateBucketName(physicalName: string): void { + const bucketName = physicalName; + if (!bucketName || Token.isUnresolved(bucketName)) { + // the name is a late-bound value, not a defined string, + // so skip validation + return; + } + + const errors: string[] = []; + + // Rules codified from https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html + if (bucketName.length < 3 || bucketName.length > 63) { + errors.push('Bucket name must be at least 3 and no more than 63 characters'); + } + const charsetMatch = bucketName.match(/[^a-z0-9.-]/); + if (charsetMatch) { + errors.push('Bucket name must only contain lowercase characters and the symbols, period (.) and dash (-) ' + + `(offset: ${charsetMatch.index})`); + } + if (!/[a-z0-9]/.test(bucketName.charAt(0))) { + errors.push('Bucket name must start and end with a lowercase character or number ' + + '(offset: 0)'); + } + if (!/[a-z0-9]/.test(bucketName.charAt(bucketName.length - 1))) { + errors.push('Bucket name must start and end with a lowercase character or number ' + + `(offset: ${bucketName.length - 1})`); + } + const consecSymbolMatch = bucketName.match(/\.-|-\.|\.\./); + if (consecSymbolMatch) { + errors.push('Bucket name must not have dash next to period, or period next to dash, or consecutive periods ' + + `(offset: ${consecSymbolMatch.index})`); + } + if (/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(bucketName)) { + errors.push('Bucket name must not resemble an IP address'); + } + + if (errors.length > 0) { + throw new Error(`Invalid S3 bucket name (value: ${bucketName})${EOL}${errors.join(EOL)}`); + } + } + public readonly bucketArn: string; public readonly bucketName: string; public readonly bucketDomainName: string; @@ -1462,7 +1509,7 @@ export class Bucket extends BucketBase { const { bucketEncryption, encryptionKey } = this.parseEncryption(props); - this.validateBucketName(this.physicalName); + Bucket.validateBucketName(this.physicalName); const websiteConfiguration = this.renderWebsiteConfiguration(props); this.isWebsite = (websiteConfiguration !== undefined); @@ -1600,47 +1647,6 @@ export class Bucket extends BucketBase { this.addToResourcePolicy(statement); } - private validateBucketName(physicalName: string): void { - const bucketName = physicalName; - if (!bucketName || Token.isUnresolved(bucketName)) { - // the name is a late-bound value, not a defined string, - // so skip validation - return; - } - - const errors: string[] = []; - - // Rules codified from https://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html - if (bucketName.length < 3 || bucketName.length > 63) { - errors.push('Bucket name must be at least 3 and no more than 63 characters'); - } - const charsetMatch = bucketName.match(/[^a-z0-9.-]/); - if (charsetMatch) { - errors.push('Bucket name must only contain lowercase characters and the symbols, period (.) and dash (-) ' - + `(offset: ${charsetMatch.index})`); - } - if (!/[a-z0-9]/.test(bucketName.charAt(0))) { - errors.push('Bucket name must start and end with a lowercase character or number ' - + '(offset: 0)'); - } - if (!/[a-z0-9]/.test(bucketName.charAt(bucketName.length - 1))) { - errors.push('Bucket name must start and end with a lowercase character or number ' - + `(offset: ${bucketName.length - 1})`); - } - const consecSymbolMatch = bucketName.match(/\.-|-\.|\.\./); - if (consecSymbolMatch) { - errors.push('Bucket name must not have dash next to period, or period next to dash, or consecutive periods ' - + `(offset: ${consecSymbolMatch.index})`); - } - if (/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(bucketName)) { - errors.push('Bucket name must not resemble an IP address'); - } - - if (errors.length > 0) { - throw new Error(`Invalid S3 bucket name (value: ${bucketName})${EOL}${errors.join(EOL)}`); - } - } - /** * Set up key properties and return the Bucket encryption property from the * user's configuration. diff --git a/packages/@aws-cdk/aws-s3/test/bucket.test.ts b/packages/@aws-cdk/aws-s3/test/bucket.test.ts index 3ef166722c1b6..67d263aa60ea5 100644 --- a/packages/@aws-cdk/aws-s3/test/bucket.test.ts +++ b/packages/@aws-cdk/aws-s3/test/bucket.test.ts @@ -3,9 +3,9 @@ import { EOL } from 'os'; import { ResourcePart, SynthUtils, arrayWith, objectLike } from '@aws-cdk/assert-internal'; import * as iam from '@aws-cdk/aws-iam'; import * as kms from '@aws-cdk/aws-kms'; +import { testFutureBehavior, testLegacyBehavior } from '@aws-cdk/cdk-build-tools/lib/feature-flag'; import * as cdk from '@aws-cdk/core'; import * as cxapi from '@aws-cdk/cx-api'; -import { testFutureBehavior, testLegacyBehavior } from '@aws-cdk/cdk-build-tools/lib/feature-flag'; import * as s3 from '../lib'; // to make it easy to copy & paste from output: @@ -103,8 +103,6 @@ describe('bucket', () => { expect(() => new s3.Bucket(stack, 'MyBucket2', { bucketName: '124.pp--33', })).not.toThrow(); - - }); test('bucket validation skips tokenized values', () => { @@ -746,14 +744,24 @@ describe('bucket', () => { }); const bucket = s3.Bucket.fromBucketAttributes(stack, 'ImportedBucket', { - bucketName: 'myBucket', + bucketName: 'mybucket', region: 'eu-west-1', }); - expect(bucket.bucketRegionalDomainName).toEqual(`myBucket.s3.eu-west-1.${stack.urlSuffix}`); - expect(bucket.bucketWebsiteDomainName).toEqual(`myBucket.s3-website-eu-west-1.${stack.urlSuffix}`); + expect(bucket.bucketRegionalDomainName).toEqual(`mybucket.s3.eu-west-1.${stack.urlSuffix}`); + expect(bucket.bucketWebsiteDomainName).toEqual(`mybucket.s3-website-eu-west-1.${stack.urlSuffix}`); + + }); + + test('import needs to specify a valid bucket name', () => { + const stack = new cdk.Stack(undefined, undefined, { + env: { region: 'us-east-1' }, + }); + expect(() => s3.Bucket.fromBucketAttributes(stack, 'MyBucket3', { + bucketName: 'arn:aws:s3:::example-com', + })).toThrow(); }); }); @@ -2129,11 +2137,11 @@ describe('bucket', () => { const stack = new cdk.Stack(); // WHEN - const bucket = s3.Bucket.fromBucketArn(stack, 'my-bucket', 'arn:aws:s3:::my_corporate_bucket'); + const bucket = s3.Bucket.fromBucketArn(stack, 'my-bucket', 'arn:aws:s3:::my-corporate-bucket'); // THEN - expect(bucket.bucketName).toEqual('my_corporate_bucket'); - expect(bucket.bucketArn).toEqual('arn:aws:s3:::my_corporate_bucket'); + expect(bucket.bucketName).toEqual('my-corporate-bucket'); + expect(bucket.bucketArn).toEqual('arn:aws:s3:::my-corporate-bucket'); }); diff --git a/packages/@aws-cdk/pipelines/test/compliance/synths.test.ts b/packages/@aws-cdk/pipelines/test/compliance/synths.test.ts index 4b5a072099469..acbce1d765f36 100644 --- a/packages/@aws-cdk/pipelines/test/compliance/synths.test.ts +++ b/packages/@aws-cdk/pipelines/test/compliance/synths.test.ts @@ -748,7 +748,7 @@ behavior('Pipeline action contains a hash that changes as the buildspec changes' behavior('Synth CodeBuild project role can be granted permissions', (suite) => { let bucket: s3.IBucket; beforeEach(() => { - bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::ThisParticularBucket'); + bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); }); @@ -787,7 +787,7 @@ behavior('Synth CodeBuild project role can be granted permissions', (suite) => { PolicyDocument: { Statement: Match.arrayWith([Match.objectLike({ Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Resource: ['arn:aws:s3:::ThisParticularBucket', 'arn:aws:s3:::ThisParticularBucket/*'], + Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], })]), }, }); diff --git a/packages/@aws-cdk/pipelines/test/compliance/validations.test.ts b/packages/@aws-cdk/pipelines/test/compliance/validations.test.ts index 7a6a562a8707a..c61cd40474388 100644 --- a/packages/@aws-cdk/pipelines/test/compliance/validations.test.ts +++ b/packages/@aws-cdk/pipelines/test/compliance/validations.test.ts @@ -463,7 +463,7 @@ behavior('can add policy statements to shell script action', (suite) => { behavior('can grant permissions to shell script action', (suite) => { let bucket: s3.IBucket; beforeEach(() => { - bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::ThisParticularBucket'); + bucket = s3.Bucket.fromBucketArn(pipelineStack, 'Bucket', 'arn:aws:s3:::this-particular-bucket'); }); suite.legacy(() => { @@ -505,7 +505,7 @@ behavior('can grant permissions to shell script action', (suite) => { PolicyDocument: { Statement: Match.arrayWith([Match.objectLike({ Action: ['s3:GetObject*', 's3:GetBucket*', 's3:List*'], - Resource: ['arn:aws:s3:::ThisParticularBucket', 'arn:aws:s3:::ThisParticularBucket/*'], + Resource: ['arn:aws:s3:::this-particular-bucket', 'arn:aws:s3:::this-particular-bucket/*'], })]), }, });