UNPKG

@aws-solutions-constructs/aws-cloudfront-s3

Version:

CDK Constructs for AWS Cloudfront to AWS S3 integration.

github.com/awslabs/aws-solutions-constructs

awslabs/aws-solutions-constructs

120 lines (119 loc) 5.23 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance * with the License. A copy of the License is located at * * http://www.apache.org/licenses/LICENSE-2.0 * * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions * and limitations under the License. */ import * as cloudfront from 'aws-cdk-lib/aws-cloudfront'; import * as s3 from 'aws-cdk-lib/aws-s3'; import { Construct } from 'constructs'; /** * @summary The properties for the CloudFrontToS3 Construct */ export interface CloudFrontToS3Props { /** * Optional user provided props to override the default props * * @default - Default props are used */ readonly cloudFrontDistributionProps?: cloudfront.DistributionProps | any; /** * Optional user provided props to turn on/off the automatic injection of best practice HTTP * security headers in all responses from cloudfront. * Turning this on will inject default headers and is mutually exclusive with passing custom security headers * via the responseHeadersPolicyProps parameter. * * @default - true */ readonly insertHttpSecurityHeaders?: boolean; /** * Optional user provided configuration that cloudfront applies to all http responses. * Can be used to pass a custom ResponseSecurityHeadersBehavior, ResponseCustomHeadersBehavior or * ResponseHeadersCorsBehavior to the cloudfront distribution. * * Passing a custom ResponseSecurityHeadersBehavior is mutually exclusive with turning on the default security headers * via `insertHttpSecurityHeaders` prop. Will throw an error if both `insertHttpSecurityHeaders` is set to `true` * and ResponseSecurityHeadersBehavior is passed. * * @default - undefined */ readonly responseHeadersPolicyProps?: cloudfront.ResponseHeadersPolicyProps; /** * Optional user provided props to provide an originPath that CloudFront appends to the * origin domain name when CloudFront requests content from the origin. * The string should start with a `/`, for example `/production`. * @default = '/' */ readonly originPath?: string; /** * Optional - existing instance of S3 Bucket. If this is provided, then also providing bucketProps is an error. * * @default - None */ readonly existingBucketObj?: s3.IBucket; /** * Optional user provided props to override the default props for the S3 Content Bucket, providing both this and `existingBucketObj` * will cause an error. Note - to log S3 access for this bucket to an existing S3 bucket, put the existing log bucket in bucketProps: * `serverAccessLogsBucket` * * @default - Default props are used */ readonly bucketProps?: s3.BucketProps; /** * Optional - Whether to maintain access logs for the S3 Content bucket * * @default - true */ readonly logS3AccessLogs?: boolean; /** * Optional user provided props to override the default props for the S3 Content Bucket Access Log Bucket. * * @default - Default props are used */ readonly loggingBucketProps?: s3.BucketProps; /** * Optional user provided props to override the default props for the CloudFront Log Bucket. * * @default - Default props are used */ readonly cloudFrontLoggingBucketProps?: s3.BucketProps; /** * Optional - Whether to maintain access logs for the CloudFront Logging bucket. Specifying false for this * while providing info about the log bucket will cause an error. * * @default - true */ readonly logCloudFrontAccessLog?: boolean; /** * Optional user provided props to override the default props for the CloudFront Log Bucket Access Log bucket. * Providing both this and `existingcloudFrontLoggingBucketAccessLogBucket` will cause an error * * @default - Default props are used */ readonly cloudFrontLoggingBucketAccessLogBucketProps?: s3.BucketProps; } export declare class CloudFrontToS3 extends Construct { readonly cloudFrontWebDistribution: cloudfront.Distribution; readonly cloudFrontFunction?: cloudfront.Function; readonly cloudFrontLoggingBucket?: s3.Bucket; readonly cloudFrontLoggingBucketAccessLogBucket?: s3.Bucket; readonly s3BucketInterface: s3.IBucket; readonly s3Bucket?: s3.Bucket; readonly s3LoggingBucket?: s3.Bucket; readonly originAccessControl?: cloudfront.CfnOriginAccessControl; /** * @summary Constructs a new instance of the CloudFrontToS3 class. * @param {Construct} scope - represents the scope for all the resources. * @param {string} id - this is a a scope-unique id. * @param {CloudFrontToS3Props} props - user provided props for the construct * @since 0.8.0 * @access public */ constructor(scope: Construct, id: string, props: CloudFrontToS3Props); }