update to v1.5.1 open-source release (#192)

Author: simonkrol

.gitignore

@@ -19,7 +19,6 @@
 # misc
 **/npm-debug.log
 **/testem.log
-**/package-lock.json
 **/.vscode/settings.json
 **/__pycache__
 # System Files

CHANGELOG.md

@@ -4,22 +4,41 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.5.1] - 2023-04-13
+### Security:
+- Enable versioning/encryption on logging bucket 
+
+### Bug Fixes:
+- Enable Amazon S3 ACLs on logging bucket
+- Include package-lock.json to prevent incompatibilities with future package versions
+
 ## [1.5.0] - 2022-10-17
+### New:
 - Paginated response for list filesystems that allows greater than 10 EFS filesystems to be displayed
 - AppRegistry Integration
+- File manager lambda creation now checks for valid security group rules
+
+### Changes:
+- Code refactoring to reduce cognitive complexity
 - Buildspec upgrades
 - Unit tests to 80% overall coverage
-- Code refactoring to reduce cognitive complexity
-- File manager lambda creation now checks for valid security group rules
+
+### Documentation:
 - Misc documentation
 
 ## [1.4.1] - 2022-08-24
+### Changes:
 - Python version bump to handle 3.6 EOL
 
 ## [1.4.0] - 2021-07-08
-- General bug fixes 
+### Changes:
 - Code refactoring to support pylint
 - cfn-lint / bandit code cleanup
+
+### Bug Fixes:
+- General bug fixes 
+
+### Documentation:
 - Misc documentation
 
 ## [1.3.0] - 2021-06-01

deployment/build-s3-dist.sh

@@ -83,6 +83,7 @@ parse_params() {
   # default values of variables set from params
   flag=0
   param=''
+  use_solution_builder_pipeline=false
 
   while :; do
     case "${1-}" in
@@ -104,6 +105,10 @@ parse_params() {
       region="${2}"
       shift
       ;;
+    --use_solution_builder_pipeline)
+      use_solution_builder_pipeline=true
+      shift
+      ;;
     -?*) die "Unknown option: $1" ;;
     *) break ;;
     esac
@@ -127,6 +132,7 @@ msg "- Template bucket: ${global_bucket}"
 msg "- Code bucket: ${regional_bucket}-${region}"
 msg "- Version: ${version}"
 msg "- Region: ${region}"
+msg "- Use Solution Builder Pipeline: ${use_solution_builder_pipeline}"
 
 
 echo ""
@@ -348,9 +354,9 @@ echo "Cleaning up website helper function"
 rm -rf ./dist
 
 
-# Skip copy dist to S3 if building for solution builder because
+# Skip copy dist to S3 if building for solution builder or nightswatch because
 # that pipeline takes care of copying the dist in another script.
-if [ "$global_bucket" != "solutions-features-reference" ] && [ "$global_bucket" != "solutions-reference" ] && [ "$global_bucket" != "solutions-test-reference" ]; then
+if [ $use_solution_builder_pipeline = false ]; then
 
     echo "------------------------------------------------------------------------------"
     echo "Validate user is valid owner of S3 bucket"

deployment/efs-file-manager-auth.yaml

@@ -90,7 +90,7 @@ Resources:
           - - index
             - .handler
         Role: !GetAtt CognitoRoleMapperLambdaExecutionRole.Arn
-        Runtime: python3.7
+        Runtime: python3.9
         Timeout: 30
 
   CognitoRoleMapperLambdaExecutionRole:

deployment/efs-file-manager-web.yaml

@@ -43,12 +43,20 @@ Resources:
             reason: "Logs bucket is private and does not require a bucket policy"
     Properties:
       AccessControl: LogDeliveryWrite
+      OwnershipControls:
+        Rules:
+          - ObjectOwnership: ObjectWriter
+      BucketEncryption:
+        ServerSideEncryptionConfiguration:
+          - ServerSideEncryptionByDefault:
+              SSEAlgorithm: AES256
+      VersioningConfiguration: 
+        Status: Enabled
 
   EFSFileSimpleWebsiteBucket:
     Type: AWS::S3::Bucket
     DeletionPolicy: Retain
     Properties:
-      AccessControl: LogDeliveryWrite
       BucketEncryption:
         ServerSideEncryptionConfiguration:
           - ServerSideEncryptionByDefault:

source/api/chalicelib/file-manager-ap-lambda.template

@@ -248,7 +248,7 @@ Resources:
       MemorySize: 512
       PackageType: "Zip"
       Role: !GetAtt ManagedAccessPointFunctionRole.Arn
-      Runtime: "python3.8"
+      Runtime: "python3.9"
       Timeout: 60
       VpcConfig:
         SecurityGroupIds: