Merge pull request #74 from codeforjapan/fix/#50

ayuki-joto · web-flow · commit bb113fe1a2e7 · 2025-08-14T15:23:36.000+09:00
Fix/#50
diff --git a/bin/decidim-cfj-cdk.ts b/bin/decidim-cfj-cdk.ts
@@ -35,7 +35,8 @@ const cloudfrontEnv = {
 new S3Stack(app, `${ stage }${ serviceName }S3Stack`, {
   stage,
   env,
-  serviceName
+  serviceName,
+  bucketName: config.s3Bucket
 })
 
 const network = new NetworkStack(app, `${ stage }${ serviceName }NetworkStack`, {
@@ -81,7 +82,8 @@ const service = new DecidimStack(app, `${ stage }${ serviceName }Stack`, {
   securityGroupForAlb: network.sgForAlb,
   domain: config.domain,
   rds: rds.rds.dbInstanceEndpointAddress,
-  cache: elastiCache.redis.attrPrimaryEndPointAddress
+  cache: elastiCache.redis.attrPrimaryEndPointAddress,
+  bucketName: config.s3Bucket,
 })
 service.addDependency(network)
 
diff --git a/config/dev.json b/config/dev.json
@@ -1,7 +1,7 @@
 {
   "rds": {
     "snapshot": true,
-    "snapshotIdentifier": "decidim-master-2025-06-24",
+    "snapshotIdentifier": "decidim-master-2025-08-11",
     "instanceType": "t3.micro",
     "deletionProtection": false,
     "allocatedStorage": 20,
@@ -15,6 +15,8 @@
     "region": "ap-northeast-1"
   },
 
+  "s3Bucket": "dev-v300-decidim",
+
   "cacheNodeType": "cache.t3.medium",
   "engineVersion": "6.x",
   "numCacheNodes": 1,
diff --git a/config/prd-v0292.json b/config/prd-v0292.json
@@ -15,6 +15,8 @@
     "region": "ap-northeast-1"
   },
 
+  "s3Bucket": "prd-v0292-decidim",
+
   "cacheNodeType": "cache.t3.medium",
   "engineVersion": "6.x",
   "numCacheNodes": 3,
diff --git a/config/staging.json b/config/staging.json
@@ -15,6 +15,8 @@
     "region": "ap-northeast-1"
   },
 
+  "s3Bucket": "staging-decidim",
+
   "cacheNodeType": "cache.t2.micro",
   "engineVersion": "6.x",
   "numCacheNodes": 1,
diff --git a/lib/config.ts b/lib/config.ts
@@ -47,6 +47,8 @@ export interface Config {
     region: string;
   };
 
+  s3Bucket: string
+
   // rds
   rds: RdsConfig
 
diff --git a/lib/decidim-stack.ts b/lib/decidim-stack.ts
@@ -21,7 +21,7 @@ import { ApplicationTargetGroup, ListenerCertificate } from "aws-cdk-lib/aws-ela
 import { Repository } from 'aws-cdk-lib/aws-ecr';
 import { DockerImageAsset, Platform } from 'aws-cdk-lib/aws-ecr-assets';
 import { DockerImageName, ECRDeployment } from 'cdk-ecr-deployment';
-import { capacityProviderStrategy } from "../lib/config";
+import { capacityProviderStrategy } from "./config";
 import path = require('path');
 import { EcsTask } from "aws-cdk-lib/aws-events-targets";
 import { Rule, Schedule } from 'aws-cdk-lib/aws-events';
@@ -44,7 +44,8 @@ export interface DecidimStackProps extends BaseStackProps {
     certificates: string[]
     fargateCapacityProvider: capacityProviderStrategy
     fargateSpotCapacityProvider: capacityProviderStrategy
-  }
+  },
+  bucketName: string,
 }
 
 export class DecidimStack extends cdk.Stack {
@@ -60,7 +61,7 @@ export class DecidimStack extends cdk.Stack {
 
     const ECSExecPolicyStatement = new aws_iam.PolicyStatement({
       sid: 'allowS3access',
-      resources: [`arn:aws:s3:::${ props.stage }-${ props.serviceName }-bucket*`],
+      resources: [`arn:aws:s3:::${ props.bucketName }*`],
       actions: ['s3:*'],
     });
 
@@ -128,7 +129,7 @@ export class DecidimStack extends cdk.Stack {
       SMTP_USERNAME: ssm.StringParameter.valueForTypedStringParameterV2(this, `/decidim-cfj/${ props.stage }/SMTP_USERNAME`),
       SMTP_PASSWORD: ssm.StringParameter.valueForTypedStringParameterV2(this, `/decidim-cfj/${ props.stage }/SMTP_PASSWORD`),
       SMTP_DOMAIN: props.ecs.smtpDomain,
-      AWS_BUCKET_NAME: `${ props.stage }-${ props.serviceName }-bucket`,
+      AWS_BUCKET_NAME: `${ props.bucketName }-bucket`,
       DECIDIM_COMMENTS_LIMIT: "30",
       SLACK_API_TOKEN: ssm.StringParameter.valueForTypedStringParameterV2(this, `/decidim-cfj/${ props.stage }/SLACK_API_TOKEN`),
       AWS_XRAY_TRACING_NAME: `decidim-app${ props.stage }`,
@@ -314,7 +315,7 @@ export class DecidimStack extends cdk.Stack {
 
     // ALB Log
     const logBucket = new aws_s3.Bucket(this, `${ props.stage }AlbLogBucket`, {
-      bucketName: `${ props.stage }-${ props.serviceName }-alb-logs`,
+      bucketName: `${ props.bucketName }-alb-logs`,
       removalPolicy: RemovalPolicy.DESTROY,
       autoDeleteObjects: true,
     })
diff --git a/lib/s3-stack.ts b/lib/s3-stack.ts
@@ -3,14 +3,18 @@ import { Construct } from "constructs";
 import { BaseStackProps } from "./props";
 import { HttpMethods } from "aws-cdk-lib/aws-s3";
 
+export interface S3StackProps extends BaseStackProps {
+  bucketName: string
+}
+
 export class S3Stack extends Stack {
   public readonly bucket: aws_s3.Bucket
 
-  constructor(scope: Construct, id: string, props: BaseStackProps) {
+  constructor(scope: Construct, id: string, props: S3StackProps) {
     super(scope, id, props);
 
     const bucket = new aws_s3.Bucket(this, 'createBucket', {
-      bucketName: `${ props.stage }-${ props.serviceName }-bucket`,
+      bucketName: `${ props.bucketName }-bucket`,
       versioned: props.stage === 'prd-v0292',
       removalPolicy: RemovalPolicy.DESTROY,
       autoDeleteObjects: true,
diff --git a/test/__snapshots__/decidim-cfj-cdk.test.ts.snap b/test/__snapshots__/decidim-cfj-cdk.test.ts.snap
@@ -197,7 +197,7 @@ exports[`DecidimStack Created 1`] = `
             {
               "Action": "s3:*",
               "Effect": "Allow",
-              "Resource": "arn:aws:s3:::staging-decidim-bucket*",
+              "Resource": "arn:aws:s3:::staging-decidim*",
               "Sid": "allowS3access",
             },
             {
diff --git a/test/decidim-cfj-cdk.test.ts b/test/decidim-cfj-cdk.test.ts
@@ -22,15 +22,11 @@ test('DecidimStack Created', () => {
         region: config.aws.region
     }
 
-    const cloudfrontEnv = {
-        account: config.aws.accountId,
-        region: 'us-east-1'
-    }
-
     new S3Stack(app, `${ stage }${ serviceName }S3Stack`, {
         stage,
         env,
-        serviceName
+        serviceName,
+        bucketName: config.s3Bucket
     })
 
     const network = new NetworkStack(app, `${ stage }${ serviceName }NetworkStack`, {
@@ -76,7 +72,8 @@ test('DecidimStack Created', () => {
         securityGroupForAlb: network.sgForAlb,
         domain: config.domain,
         rds: rds.rds.dbInstanceEndpointAddress,
-        cache: elastiCache.redis.attrReaderEndPointAddress
+        cache: elastiCache.redis.attrReaderEndPointAddress,
+        bucketName: config.s3Bucket
     };
     const stack = new DecidimStack(app, 'DecidimStack', props);
 
diff --git a/test/s3-stack.test.ts b/test/s3-stack.test.ts
@@ -2,7 +2,6 @@ import * as cdk from 'aws-cdk-lib';
 import { Template } from 'aws-cdk-lib/assertions';
 
 import { Config, getConfig } from "../lib/config";
-import { NetworkStack } from "../lib/network";
 import { S3Stack } from "../lib/s3-stack";
 
 test('S3Stack Created', () => {
@@ -20,7 +19,8 @@ test('S3Stack Created', () => {
     const s3stack = new S3Stack(app, `${ stage }${ serviceName }S3Stack`, {
         stage,
         env,
-        serviceName
+        serviceName,
+        bucketName: config.s3Bucket,
     })
 
     const template = Template.fromStack(s3stack);

Original file line number	Diff line number	Diff line change
@@ -197,7 +197,7 @@ exports[`DecidimStack Created 1`] = `
`197`	`197`	`{`
`198`	`198`	`"Action": "s3:*",`
`199`	`199`	`"Effect": "Allow",`
`200`		`- "Resource": "arn:aws:s3:::staging-decidim-bucket*",`
	`200`	`+ "Resource": "arn:aws:s3:::staging-decidim*",`
`201`	`201`	`"Sid": "allowS3access",`
`202`	`202`	`},`
`203`	`203`	`{`