Merge pull request #288 from gammarers/feature/add-log-bucket-type

feat: add log bucket type

Author: yicr

.projen/deps.json

@@ -5,8 +5,8 @@ const project = new awscdk.AwsCdkConstructLibrary({
   authorAddress: '[email protected]',
   authorOrganization: true,
   cdkVersion: '2.189.1',
-  typescriptVersion: '5.7.x',
-  jsiiVersion: '5.7.x',
+  typescriptVersion: '5.8.x',
+  jsiiVersion: '5.8.x',
   defaultReleaseBranch: 'main',
   name: '@gammarers/aws-secure-log-bucket',
   description: 'secure multiple transition phases in a single lifecycle policy bucket.',
@@ -15,7 +15,7 @@ const project = new awscdk.AwsCdkConstructLibrary({
   repositoryUrl: 'https://github.com/gammarers/aws-secure-log-bucket.git',
   majorVersion: 2,
   deps: [
-    '@gammarers/aws-secure-bucket@^2.3.6',
+    '@gammarers/aws-secure-bucket@^2.4.1',
   ],
   //  peerDeps: [
   //    '@gammarers/aws-secure-bucket@^2.3.6',

.projenrc.ts

@@ -15,11 +15,18 @@ secure multiple transition phases in a single lifecycle policy bucket.
 
 The storage class will be changed with the following lifecycle configuration.
 
-| Storage Class       | Defaul transition after days | 
-| ------------------- |------------------------------| 
-| INFREQUENT_ACCESS   | 400 days                     |
-| GLACIER             | 720 days                     |
-| DEEP_ARCHIVE        | 980 days                     |
+| Storage Class       | Default transition after days |
+| ------------------- |------------------------------ |
+| INFREQUENT_ACCESS   | 400 days                      |
+| GLACIER             | 720 days                      |
+| DEEP_ARCHIVE        | 980 days                      |
+
+## Additional Properties
+
+| **Name** | **Type** | **Default** | **Description** |
+| --- | --- | --- | --- |
+| logBucketType | SecureLogBucketType | SecureLogBucketType.NORMAL | The type of the bucket. Available types: NORMAL, VPC_FLOW_LOG |
+| vpcFlowLog | VPCFlowLog | - | **⚠️ Deprecated**: This property is deprecated. Use the `logBucketType` property instead. Configuration for VPC Flow Log bucket settings. |
 
 ## Install
 
@@ -30,21 +37,12 @@ The storage class will be changed with the following lifecycle configuration.
 ```shell
 npm install @gammarers/aws-secure-log-bucket
 ```
+
 #### install by yarn
 
 ```shell
 yarn add @gammarers/aws-secure-log-bucket
 ```
-#### install by pnpm
-
-```shell
-pnpm add @gammarers/aws-secure-log-bucket
-```
-#### install by bun
-
-```shell
-bun add @gammarers/aws-secure-log-bucket
-```
 
 ### Python
 
@@ -74,13 +72,11 @@ new SecureLogBucket(stack, 'SecureLogBucket');
 import { SecureLogBucket } from '@gammarers/aws-secure-log-bucket';
 
 new SecureLogBucket(stack, 'SecureFlowLogBucket', {
-  vpcFlowLog: {
-    enable: true,
-    bucketObjectKeyPrefix: [
-      'example-prefix-a',
-      'example-prefix-b',
-    ],
-  },
+  logBucketType: SecureLogBucketType.VPC_FLOW_LOG,
+  bucketObjectKeyPrefix: [
+    'example-prefix-a',
+    'example-prefix-b',
+  ],
 });
 ```
 

API.md

@@ -20,11 +20,59 @@ export interface VPCFlowLog {
   readonly bucketObjectKeyPrefix?: string[];
 }
 
-export interface SecureLogBucketProps extends SecureBucketProps {
+export enum SecureLogBucketType {
+  NORMAL = 'normal',
+  VPC_FLOW_LOG = 'vpc-flow-log',
+}
+
+// -- delivery.logs.amazonaws.com
+// VPC Flow Logs
+// Network Load Balancer (NLB) Access Logs
+// Route 53 Resolver Query Logs
+// AWS Network Firewall Logs
+// Verified Access Logs
+// VPC Lattice Access Logs
+// Global Accelerator Flow Logs
+// Site-to-Site VPN Logs
+
+// logging.s3.amazonaws.com
+// S3 Access Logs
+
+// logs.<Region>.amazonaws.com
+// CloudWatch Logs Export (CreateExportTask)
+
+interface SecureBaseLogBucketProps extends SecureBucketProps {
+
   readonly lifecycleStorageClassTransition?: LifecycleStorageClassTransition;
+
+  /**
+   * @deprecated This property is deprecated. Use the bucketType property instead.
+   */
   readonly vpcFlowLog?: VPCFlowLog;
 }
 
+export interface SecureNormalLogBucketProps extends SecureBaseLogBucketProps {
+
+  /**
+   * The type of the bucket.
+   * @default SecureLogBucketType.NORMAL
+   */
+  readonly logBucketType?: SecureLogBucketType.NORMAL | undefined;
+}
+
+export interface SecureVpcFlowLogBucketProps extends SecureBaseLogBucketProps {
+  /**
+   * The type of the bucket.
+   */
+  readonly logBucketType: SecureLogBucketType.VPC_FLOW_LOG;
+  /**
+   * The prefix of the bucket object key.
+   */
+  readonly bucketObjectKeyPrefix?: string[];
+}
+
+export type SecureLogBucketProps = SecureNormalLogBucketProps | SecureVpcFlowLogBucketProps;
+
 const TRANSITION_INFREQUENT_ACCESS_DEFAULT_DAYS: number = 400;
 const TRANSITION_GLACIER_DEFAULT_DAYS: number = 720;
 const TRANSITION_DEEP_ARCHIVE_DEFAULT_DAYS: number = 980;
@@ -98,8 +146,14 @@ export class SecureLogBucket extends SecureBucket {
     // 👇 Get current account
     const account = cdk.Stack.of(this).account;
 
-    if (props?.vpcFlowLog) {
-      const enable = props.vpcFlowLog.enable ?? false;
+    if (props?.vpcFlowLog || props?.logBucketType === SecureLogBucketType.VPC_FLOW_LOG) {
+      const enable = (() => {
+        if (props?.logBucketType === SecureLogBucketType.VPC_FLOW_LOG) {
+          return true;
+        }
+        return props?.vpcFlowLog?.enable ?? false;
+      })();
+
       if (enable) {
         // 👇バケットACLアクセス権
         this.addToResourcePolicy(new iam.PolicyStatement({
@@ -120,7 +174,15 @@ export class SecureLogBucket extends SecureBucket {
           ],
           //resources: [`${this.bucketArn}/AWSLogs/${account}/*`],
           resources: (() => {
-            const objectKeyPrefix = props.vpcFlowLog.bucketObjectKeyPrefix;
+            const objectKeyPrefix = (() => {
+              if (props?.vpcFlowLog) {
+                return props.vpcFlowLog.bucketObjectKeyPrefix;
+              }
+              if (props?.logBucketType === SecureLogBucketType.VPC_FLOW_LOG) {
+                return props.bucketObjectKeyPrefix;
+              }
+              return undefined;
+            })();
             if (objectKeyPrefix) {
               const resources: Array<string> = [];
               for (const keyPrefix of objectKeyPrefix) {