search

getlift / lift

Expanding Serverless Framework beyond functions using the AWS CDK
MIT License
920 stars 112 forks source link

v3: Error: Cannot use 'publicReadAccess' property on a bucket without allowing bucket-level public access through 'blockPublicAceess' property. #395

Closed richard-stafflink closed 5 months ago

richard-stafflink commented 5 months ago

Issue description

I'm not sure the cause, as we've not updated the serverless version, we're lock it to serverless@3.38.0. And serverless-lift hasn't had an update in 7 months.

It's got to do with the call from serverless -> serverless-lift -> aws-cdk-lib

aws-cdk-lib was updated on 2024-05-31 @ 23:15 GTM, which may somewhat line up: https://github.com/aws/aws-cdk/releases/tag/v2.144.0

The error was on (you'll notice the typo blockPublicAceess ('ee' in Aceess)): https://github.com/aws/aws-cdk/blob/main/packages/aws-cdk-lib/aws-s3/lib/bucket.ts#L2004

How to Reproduce

Context

serverless.yml:

service: my-web

useDotenv: true

plugins:
  - serverless-lift

constructs:
  web:
    type: static-website
    path: dist

provider:
  name: aws
  region: ap-southeast-2
  runtime: nodejs18.x

constructs:
  web:
    type: static-website
    path: dist
    extensions:
      bucket:
        Properties:
          PublicAccessBlockConfiguration:
            BlockPublicAcls: false
          OwnershipControls:
            Rules:
              - ObjectOwnership: ObjectWriter

Additional Information

The error stack trace:

Error: Cannot use 'publicReadAccess' property on a bucket without allowing bucket-level public access through 'blockPublicAceess' property. at new Bucket (/codebuild/output/src2380560000/src/github.com/-pty-ltd/xxxx/node_modules/aws-cdk-lib/aws-s3/lib/bucket.js:1:23243) at new _StaticWebsiteAbstract (/codebuild/output/src2380560000/src/github.com/-pty-ltd/projectName/node_modules/serverless-lift/dist/src/constructs/aws/abstracts/StaticWebsiteAbstract.js:84:19) at new StaticWebsite (/codebuild/output/src2380560000/src/github.com/-pty-ltd/projectName/node_modules/serverless-lift/dist/src/constructs/aws/StaticWebsite.js:43:5) at StaticWebsite.create (/codebuild/output/src2380560000/src/github.com/-pty-ltd/projectName/node_modules/serverless-lift/dist/src/constructs/abstracts/AwsConstruct.js:79:23) at _AwsProvider.createConstruct (/codebuild/output/src2380560000/src/github.com/-pty-ltd/projectName/node_modules/serverless-lift/dist/src/providers/AwsProvider.js:90:22) at _LiftPlugin.loadConstructs (/codebuild/output/src2380560000/src/github.com/-pty-ltd/projectName/node_modules/serverless-lift/dist/src/plugin.js:201:64) at initialize (/codebuild/output/src2380560000/src/github.com/-pty-ltd/projectName/node_modules/serverless-lift/dist/src/plugin.js:101:14) at PluginManager.run (/codebuild/output/src2380560000/src/github.com/-pty-ltd/projectName/node_modules/serverless/lib/classes/plugin-manager.js:598:65) at async Serverless.run (/codebuild/output/src2380560000/src/github.com/-pty-ltd/projectName/node_modules/serverless/lib/serverless.js:179:5) at async /codebuild/output/src2380560000/src/github.com/-pty-ltd/projectName/node_modules/serverless/scripts/serverless.js:819:9

richard-stafflink commented 5 months ago

Found the issue: https://github.com/aws/aws-cdk/pull/29632/files#diff-7a80418fdfed3f2bd8a0998a84bae65bd3b18f4d1f19de0445867d37e5fcc649

image

richard-stafflink commented 5 months ago

Could be related to this issue: https://github.com/getlift/lift/issues/320

richard-stafflink commented 5 months ago

Looks like this PR fixes it: https://github.com/getlift/lift/pull/384

mnapoli commented 5 months ago

Indeed duplicates #320