Remove CDK runtime dep (#281)

* Remove CDK runtime dep

- Creating the policy statements does not require classes

* Fix the statement

packages/microapps-deployer/package.json

@@ -20,7 +20,6 @@
   },
   "homepage": "https://github.com/pwrdrvr/microapps-core#readme",
   "dependencies": {
-    "@aws-cdk/aws-iam": "^1.111.0",
     "@aws-sdk/client-apigatewayv2": "^3.20.0",
     "@aws-sdk/client-dynamodb": "^3.20.0",
     "@aws-sdk/client-iam": "^3.20.0",

packages/microapps-deployer/src/controllers/VersionController.ts

@@ -1,5 +1,4 @@
 import crypto from 'crypto';
-import * as iamCDK from '@aws-cdk/aws-iam';
 import * as apigwy from '@aws-sdk/client-apigatewayv2';
 import * as lambda from '@aws-sdk/client-lambda';
 import * as s3 from '@aws-sdk/client-s3';
@@ -82,23 +81,25 @@ export default class VersionController {
     // Get S3 creds if requested
     if (needS3Creds) {
       // Generate a temp policy for staging bucket app prefix
-      const iamPolicyDoc = new iamCDK.PolicyDocument({
-        statements: [
-          new iamCDK.PolicyStatement({
-            effect: iamCDK.Effect.ALLOW,
-            actions: ['s3:PutObject', 's3:GetObject', 's3:AbortMultipartUpload'],
-            resources: [`arn:aws:s3:::${config.filestore.stagingBucket}/*`],
+
+      const iamPolicyDoc = {
+        Statement: [
+          {
+            Effect: 'Allow',
+            Action: ['s3:PutObject', 's3:GetObject', 's3:AbortMultipartUpload'],
+            Resource: [`arn:aws:s3:::${config.filestore.stagingBucket}/*`],
             // TODO: Add condition to limit to app prefix
-          }),
-          new iamCDK.PolicyStatement({
-            effect: iamCDK.Effect.ALLOW,
-            actions: ['s3:ListBucket'],
-            resources: [`arn:aws:s3:::${config.filestore.stagingBucket}`],
-          }),
+          },
+          {
+            Effect: 'Allow',
+            Action: ['s3:ListBucket'],
+            Resource: [`arn:aws:s3:::${config.filestore.stagingBucket}`],
+          },
         ],
-      });
+        Version: '2012-10-17',
+      };
 
-      Log.Instance.debug('Temp IAM Policy', { policy: JSON.stringify(iamPolicyDoc.toJSON()) });
+      Log.Instance.debug('Temp IAM Policy', { policy: JSON.stringify(iamPolicyDoc) });
 
       // Assume the upload role with limited S3 permissions
       const stsResult = await stsClient.send(
@@ -108,7 +109,7 @@ export default class VersionController {
           RoleSessionName: VersionController.SHA1Hash(
             VersionController.GetBucketPrefix(request, config),
           ),
-          Policy: JSON.stringify(iamPolicyDoc.toJSON()),
+          Policy: JSON.stringify(iamPolicyDoc),
         }),
       );
 

yarn.lock

@@ -25,51 +25,6 @@
   resolved "https://registry.yarnpkg.com/@aws-cdk/aws-apigatewayv2-integrations-alpha/-/aws-apigatewayv2-integrations-alpha-2.24.1-alpha.0.tgz"
   integrity sha512-/Nu2DH9suome5w7306T3tzqPMoQB3fve4xzX5VpTC798F7cQUlMqcxzyZD3s55nuRXnhRZoLdAQlwLbEUxUIxA==
 
-"@aws-cdk/aws-iam@^1.111.0":
-  version "1.156.1"
-  resolved "https://registry.yarnpkg.com/@aws-cdk/aws-iam/-/aws-iam-1.156.1.tgz"
-  integrity sha512-vxGGnIklGjLA+Z5KNVTHY5awQvLTRpTVEvftFA6K3X5xdiE4Xrbp44LAe+2iUAZ3kftcCwz7Hd3Z4qQ6B5ILUw==
-  dependencies:
-    "@aws-cdk/core" "1.156.1"
-    "@aws-cdk/cx-api" "1.156.1"
-    "@aws-cdk/region-info" "1.156.1"
-    constructs "^3.3.69"
-
-"@aws-cdk/[email protected]":
-  version "1.156.1"
-  resolved "https://registry.yarnpkg.com/@aws-cdk/cloud-assembly-schema/-/cloud-assembly-schema-1.156.1.tgz"
-  integrity sha512-ahfBwr3D5opDTtnbd9+IZjQnTbPcloqPtyzMfIJe8awlNPa2x7y+0gqevH5SwObIn+i27NB0ZI6L5UjAlrIZng==
-  dependencies:
-    jsonschema "^1.4.0"
-    semver "^7.3.7"
-
-"@aws-cdk/[email protected]":
-  version "1.156.1"
-  resolved "https://registry.yarnpkg.com/@aws-cdk/core/-/core-1.156.1.tgz"
-  integrity sha512-TNTkbkAFqpoHdHOihqWcc4uicKnvwmggKMxCf95tknnjrVezwoCCr7vNNbOX6SUEUc/9KTuyszQdaBxLRM8+xw==
-  dependencies:
-    "@aws-cdk/cloud-assembly-schema" "1.156.1"
-    "@aws-cdk/cx-api" "1.156.1"
-    "@aws-cdk/region-info" "1.156.1"
-    "@balena/dockerignore" "^1.0.2"
-    constructs "^3.3.69"
-    fs-extra "^9.1.0"
-    ignore "^5.2.0"
-    minimatch "^3.1.2"
-
-"@aws-cdk/[email protected]":
-  version "1.156.1"
-  resolved "https://registry.yarnpkg.com/@aws-cdk/cx-api/-/cx-api-1.156.1.tgz"
-  integrity sha512-xfz4QclTynPavSWiWUBpxqoMpCz01oFPlcnwtVWrMCSJuR9qLyXmpXmvBwGTPJ4FGY0xUNgluWe5/Bm8s4PcTQ==
-  dependencies:
-    "@aws-cdk/cloud-assembly-schema" "1.156.1"
-    semver "^7.3.7"
-
-"@aws-cdk/[email protected]":
-  version "1.156.1"
-  resolved "https://registry.yarnpkg.com/@aws-cdk/region-info/-/region-info-1.156.1.tgz"
-  integrity sha512-+LjfeJRFM7K9TzWzCIuWABDsf/KyCBNkCbwHmQXd+ORnrWffQU6u0CcQlq1E0ZHfIlHt+tFPIUx9XHa+FH4CUw==
-
 "@aws-crypto/[email protected]":
   version "2.0.0"
   resolved "https://registry.yarnpkg.com/@aws-crypto/crc32/-/crc32-2.0.0.tgz"
@@ -2337,9 +2292,9 @@
     constructs "^10.0.5"
 
 "@pwrdrvr/microapps-app-release-cdk@^0.4.3":
-  version "0.4.3"
-  resolved "https://registry.yarnpkg.com/@pwrdrvr/microapps-app-release-cdk/-/microapps-app-release-cdk-0.4.3.tgz#6b4f76930614410ae29d9a79676e36f1569b4440"
-  integrity sha512-VlFH5WsOL8SVwlOIZ3B+p40GIAOf7En8syOddov0bKhHe9B/e8hL23AQmOyK8hc860Y934/Jgbt6iHsaQ/FR+Q==
+  version "0.4.5"
+  resolved "https://registry.yarnpkg.com/@pwrdrvr/microapps-app-release-cdk/-/microapps-app-release-cdk-0.4.5.tgz#1ab0ca8f1ea2944fb03d4265d006124850c1060a"
+  integrity sha512-TuRqkwuqJG1Q4P1tadbbUdlMNlmVOVRWwCHN1Xz+a2vnria/KrrLnxTru/BOq0PGQ3H8Qbl9e00X9uFniuOdXA==
   dependencies:
     aws-cdk-lib "^2.8.0"
     constructs "^10.0.5"
@@ -3775,7 +3730,7 @@ console-control-strings@^1.1.0:
   resolved "https://registry.yarnpkg.com/console-control-strings/-/console-control-strings-1.1.0.tgz"
   integrity sha1-PXz0Rk22RG6mRL9LOVB/mFEAjo4=
 
-[email protected], constructs@^10.0.5, constructs@^3.3.69:
+[email protected], constructs@^10.0.5:
   version "10.0.5"
   resolved "https://registry.yarnpkg.com/constructs/-/constructs-10.0.5.tgz"
   integrity sha512-IwOwekzrASFC3qt4ozCtV09rteAIAesuCGsW0p+uBfqHd2XcvA5CXqJjgf4eUqm6g8e/noXlVCMDWwC8GaLtrg==