UNPKG

@aws-solutions-constructs/core

Version:

Core CDK Construct for patterns library

github.com/awslabs/aws-solutions-constructs

awslabs/aws-solutions-constructs

70 lines 10.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
"use strict"; /** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance * with the License. A copy of the License is located at * * http://www.apache.org/licenses/LICENSE-2.0 * * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions * and limitations under the License. */ Object.defineProperty(exports, "__esModule", { value: true }); exports.S3OacOrigin = void 0; /* * The functions found here in the core library are for internal use and can be changed * or removed outside of a major release. We recommend against calling them directly from client code. */ const cloudfront = require("aws-cdk-lib/aws-cloudfront"); const aws_cloudfront_origins_1 = require("aws-cdk-lib/aws-cloudfront-origins"); const utils_1 = require("./utils"); /** * A custom implementation of S3Origin that allows an origin access control (OAC) to be used instead of * an origin access identity (OAI), which is currently the only option supported by default CDK. */ class S3OacOrigin { constructor(bucket, props) { if (bucket.isWebsite) { // If the bucket is configured for website hosting, set up an HttpOrigin to support legacy clients (0, utils_1.printWarning)(`Bucket ${bucket.bucketName} is being provided as a source but currently has website hosting enabled. This requires both the bucket and its objects to be public. AWS strongly recommends against configuring buckets and objects for public access. As an alternative, we recommend turning off website hosting settings on the bucket, which will result in an origin access control (OAC) being provisioned through which CloudFront can securely serve assets from the bucket.`); this.origin = new aws_cloudfront_origins_1.HttpOrigin(bucket.bucketWebsiteDomainName, { protocolPolicy: cloudfront.OriginProtocolPolicy.HTTP_ONLY, // S3 only supports HTTP for website buckets ...props }); } else { if (!props.originAccessControl) { throw new Error(`"props.originAccessControl" is undefined. An origin access control must be provided when using a bucket that does not have website hosting enabled.`); } // If else, set up the origin access control this.origin = new S3OacBucketOrigin(bucket, props.originAccessControl); } } bind(scope, options) { return this.origin.bind(scope, options); } } exports.S3OacOrigin = S3OacOrigin; /** * An origin specific to a S3 bucket (not configured for website hosting). */ class S3OacBucketOrigin extends cloudfront.OriginBase { constructor(bucket, originAccessControl) { super(bucket.bucketRegionalDomainName); this.originAccessControl = originAccessControl; } bind(scope, options) { return super.bind(scope, options); } renderS3OriginConfig() { return { originAccessIdentity: '' }; } } //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiczMtb2FjLW9yaWdpbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbInMzLW9hYy1vcmlnaW4udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBOzs7Ozs7Ozs7OztHQVdHOzs7QUFFSDs7O0dBR0c7QUFFSCx5REFBeUQ7QUFFekQsK0VBQWdFO0FBQ2hFLG1DQUF1QztBQWN2Qzs7O0dBR0c7QUFDSCxNQUFhLFdBQVc7SUFHdEIsWUFBWSxNQUFrQixFQUFFLEtBQXVCO1FBQ3JELElBQUksTUFBTSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ3JCLGtHQUFrRztZQUNsRyxJQUFBLG9CQUFZLEVBQUMsVUFBVSxNQUFNLENBQUMsVUFBVTs7OztzQ0FJUixDQUFDLENBQUM7WUFDbEMsSUFBSSxDQUFDLE1BQU0sR0FBRyxJQUFJLG1DQUFVLENBQUMsTUFBTSxDQUFDLHVCQUF1QixFQUFFO2dCQUMzRCxjQUFjLEVBQUUsVUFBVSxDQUFDLG9CQUFvQixDQUFDLFNBQVMsRUFBRSw0Q0FBNEM7Z0JBQ3ZHLEdBQUcsS0FBSzthQUNULENBQUMsQ0FBQztRQUNMLENBQUM7YUFBTSxDQUFDO1lBQ04sSUFBSSxDQUFDLEtBQUssQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO2dCQUMvQixNQUFNLElBQUksS0FBSyxDQUFDOzZEQUNxQyxDQUFDLENBQUM7WUFDekQsQ0FBQztZQUNELDRDQUE0QztZQUM1QyxJQUFJLENBQUMsTUFBTSxHQUFHLElBQUksaUJBQWlCLENBQUMsTUFBTSxFQUFFLEtBQUssQ0FBQyxtQkFBb0IsQ0FBQyxDQUFDO1FBQzFFLENBQUM7SUFDSCxDQUFDO0lBRU0sSUFBSSxDQUFDLEtBQWdCLEVBQUUsT0FBcUM7UUFDakUsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDMUMsQ0FBQztDQUNGO0FBNUJELGtDQTRCQztBQUVEOztHQUVHO0FBQ0gsTUFBTSxpQkFBa0IsU0FBUSxVQUFVLENBQUMsVUFBVTtJQUduRCxZQUFZLE1BQWtCLEVBQUUsbUJBQXNEO1FBQ3BGLEtBQUssQ0FBQyxNQUFNLENBQUMsd0JBQXdCLENBQUMsQ0FBQztRQUN2QyxJQUFJLENBQUMsbUJBQW1CLEdBQUcsbUJBQW1CLENBQUM7SUFDakQsQ0FBQztJQUVNLElBQUksQ0FBQyxLQUFnQixFQUFFLE9BQXFDO1FBQ2pFLE9BQU8sS0FBSyxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVTLG9CQUFvQjtRQUM1QixPQUFPLEVBQUUsb0JBQW9CLEVBQUUsRUFBRSxFQUFFLENBQUM7SUFDdEMsQ0FBQztDQUNGIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuLypcbiAqICBUaGUgZnVuY3Rpb25zIGZvdW5kIGhlcmUgaW4gdGhlIGNvcmUgbGlicmFyeSBhcmUgZm9yIGludGVybmFsIHVzZSBhbmQgY2FuIGJlIGNoYW5nZWRcbiAqICBvciByZW1vdmVkIG91dHNpZGUgb2YgYSBtYWpvciByZWxlYXNlLiBXZSByZWNvbW1lbmQgYWdhaW5zdCBjYWxsaW5nIHRoZW0gZGlyZWN0bHkgZnJvbSBjbGllbnQgY29kZS5cbiAqL1xuXG5pbXBvcnQgKiBhcyBjbG91ZGZyb250IGZyb20gJ2F3cy1jZGstbGliL2F3cy1jbG91ZGZyb250JztcbmltcG9ydCAqIGFzIHMzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1zMyc7XG5pbXBvcnQgeyBIdHRwT3JpZ2luIH0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWNsb3VkZnJvbnQtb3JpZ2lucyc7XG5pbXBvcnQgeyBwcmludFdhcm5pbmcgfSBmcm9tICcuL3V0aWxzJztcbi8vIE5vdGU6IFRvIGVuc3VyZSBDREt2MiBjb21wYXRpYmlsaXR5LCBrZWVwIHRoZSBpbXBvcnQgc3RhdGVtZW50IGZvciBDb25zdHJ1Y3Qgc2VwYXJhdGVcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnO1xuXG4vKipcbiAqIFByb3BlcnRpZXMgdG8gdXNlIHRvIGN1c3RvbWl6ZSBhbiBTMyBPcmlnaW4uXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgUzNPYWNPcmlnaW5Qcm9wcyBleHRlbmRzIGNsb3VkZnJvbnQuT3JpZ2luUHJvcHMge1xuICAvKipcbiAgICogVGhlIG9yaWdpbiBhY2Nlc3MgY29udHJvbCB0aGF0IHdpbGwgYmUgdXNlZCB3aGVuIGNhbGxpbmcgeW91ciBTMyBidWNrZXQuXG4gICAqL1xuICByZWFkb25seSBvcmlnaW5BY2Nlc3NDb250cm9sPzogY2xvdWRmcm9udC5DZm5PcmlnaW5BY2Nlc3NDb250cm9sO1xufVxuXG4vKipcbiAqIEEgY3VzdG9tIGltcGxlbWVudGF0aW9uIG9mIFMzT3JpZ2luIHRoYXQgYWxsb3dzIGFuIG9yaWdpbiBhY2Nlc3MgY29udHJvbCAoT0FDKSB0byBiZSB1c2VkIGluc3RlYWQgb2ZcbiAqIGFuIG9yaWdpbiBhY2Nlc3MgaWRlbnRpdHkgKE9BSSksIHdoaWNoIGlzIGN1cnJlbnRseSB0aGUgb25seSBvcHRpb24gc3VwcG9ydGVkIGJ5IGRlZmF1bHQgQ0RLLlxuICovXG5leHBvcnQgY2xhc3MgUzNPYWNPcmlnaW4gaW1wbGVtZW50cyBjbG91ZGZyb250LklPcmlnaW4ge1xuICBwcml2YXRlIHJlYWRvbmx5IG9yaWdpbjogY2xvdWRmcm9udC5JT3JpZ2luO1xuXG4gIGNvbnN0cnVjdG9yKGJ1Y2tldDogczMuSUJ1Y2tldCwgcHJvcHM6IFMzT2FjT3JpZ2luUHJvcHMpIHtcbiAgICBpZiAoYnVja2V0LmlzV2Vic2l0ZSkge1xuICAgICAgLy8gSWYgdGhlIGJ1Y2tldCBpcyBjb25maWd1cmVkIGZvciB3ZWJzaXRlIGhvc3RpbmcsIHNldCB1cCBhbiBIdHRwT3JpZ2luIHRvIHN1cHBvcnQgbGVnYWN5IGNsaWVudHNcbiAgICAgIHByaW50V2FybmluZyhgQnVja2V0ICR7YnVja2V0LmJ1Y2tldE5hbWV9IGlzIGJlaW5nIHByb3ZpZGVkIGFzIGEgc291cmNlIGJ1dCBjdXJyZW50bHkgaGFzIHdlYnNpdGUgaG9zdGluZyBlbmFibGVkLlxuICAgICAgICBUaGlzIHJlcXVpcmVzIGJvdGggdGhlIGJ1Y2tldCBhbmQgaXRzIG9iamVjdHMgdG8gYmUgcHVibGljLiBBV1Mgc3Ryb25nbHkgcmVjb21tZW5kcyBhZ2FpbnN0IGNvbmZpZ3VyaW5nIGJ1Y2tldHNcbiAgICAgICAgYW5kIG9iamVjdHMgZm9yIHB1YmxpYyBhY2Nlc3MuIEFzIGFuIGFsdGVybmF0aXZlLCB3ZSByZWNvbW1lbmQgdHVybmluZyBvZmYgd2Vic2l0ZSBob3N0aW5nIHNldHRpbmdzIG9uIHRoZSBidWNrZXQsXG4gICAgICAgIHdoaWNoIHdpbGwgcmVzdWx0IGluIGFuIG9yaWdpbiBhY2Nlc3MgY29udHJvbCAoT0FDKSBiZWluZyBwcm92aXNpb25lZCB0aHJvdWdoIHdoaWNoIENsb3VkRnJvbnQgY2FuIHNlY3VyZWx5XG4gICAgICAgIHNlcnZlIGFzc2V0cyBmcm9tIHRoZSBidWNrZXQuYCk7XG4gICAgICB0aGlzLm9yaWdpbiA9IG5ldyBIdHRwT3JpZ2luKGJ1Y2tldC5idWNrZXRXZWJzaXRlRG9tYWluTmFtZSwge1xuICAgICAgICBwcm90b2NvbFBvbGljeTogY2xvdWRmcm9udC5PcmlnaW5Qcm90b2NvbFBvbGljeS5IVFRQX09OTFksIC8vIFMzIG9ubHkgc3VwcG9ydHMgSFRUUCBmb3Igd2Vic2l0ZSBidWNrZXRzXG4gICAgICAgIC4uLnByb3BzXG4gICAgICB9KTtcbiAgICB9IGVsc2Uge1xuICAgICAgaWYgKCFwcm9wcy5vcmlnaW5BY2Nlc3NDb250cm9sKSB7XG4gICAgICAgIHRocm93IG5ldyBFcnJvcihgXCJwcm9wcy5vcmlnaW5BY2Nlc3NDb250cm9sXCIgaXMgdW5kZWZpbmVkLiBBbiBvcmlnaW4gYWNjZXNzIGNvbnRyb2wgbXVzdCBiZSBwcm92aWRlZCB3aGVuIHVzaW5nIGFcbiAgICAgICAgICBidWNrZXQgdGhhdCBkb2VzIG5vdCBoYXZlIHdlYnNpdGUgaG9zdGluZyBlbmFibGVkLmApO1xuICAgICAgfVxuICAgICAgLy8gSWYgZWxzZSwgc2V0IHVwIHRoZSBvcmlnaW4gYWNjZXNzIGNvbnRyb2xcbiAgICAgIHRoaXMub3JpZ2luID0gbmV3IFMzT2FjQnVja2V0T3JpZ2luKGJ1Y2tldCwgcHJvcHMub3JpZ2luQWNjZXNzQ29udHJvbCEpO1xuICAgIH1cbiAgfVxuXG4gIHB1YmxpYyBiaW5kKHNjb3BlOiBDb25zdHJ1Y3QsIG9wdGlvbnM6IGNsb3VkZnJvbnQuT3JpZ2luQmluZE9wdGlvbnMpOiBjbG91ZGZyb250Lk9yaWdpbkJpbmRDb25maWcge1xuICAgIHJldHVybiB0aGlzLm9yaWdpbi5iaW5kKHNjb3BlLCBvcHRpb25zKTtcbiAgfVxufVxuXG4vKipcbiAqIEFuIG9yaWdpbiBzcGVjaWZpYyB0byBhIFMzIGJ1Y2tldCAobm90IGNvbmZpZ3VyZWQgZm9yIHdlYnNpdGUgaG9zdGluZykuXG4gKi9cbmNsYXNzIFMzT2FjQnVja2V0T3JpZ2luIGV4dGVuZHMgY2xvdWRmcm9udC5PcmlnaW5CYXNlIHtcbiAgcHVibGljIG9yaWdpbkFjY2Vzc0NvbnRyb2whOiBjbG91ZGZyb250LkNmbk9yaWdpbkFjY2Vzc0NvbnRyb2w7XG5cbiAgY29uc3RydWN0b3IoYnVja2V0OiBzMy5JQnVja2V0LCBvcmlnaW5BY2Nlc3NDb250cm9sOiBjbG91ZGZyb250LkNmbk9yaWdpbkFjY2Vzc0NvbnRyb2wpIHtcbiAgICBzdXBlcihidWNrZXQuYnVja2V0UmVnaW9uYWxEb21haW5OYW1lKTtcbiAgICB0aGlzLm9yaWdpbkFjY2Vzc0NvbnRyb2wgPSBvcmlnaW5BY2Nlc3NDb250cm9sO1xuICB9XG5cbiAgcHVibGljIGJpbmQoc2NvcGU6IENvbnN0cnVjdCwgb3B0aW9uczogY2xvdWRmcm9udC5PcmlnaW5CaW5kT3B0aW9ucyk6IGNsb3VkZnJvbnQuT3JpZ2luQmluZENvbmZpZyB7XG4gICAgcmV0dXJuIHN1cGVyLmJpbmQoc2NvcGUsIG9wdGlvbnMpO1xuICB9XG5cbiAgcHJvdGVjdGVkIHJlbmRlclMzT3JpZ2luQ29uZmlnKCk6IGNsb3VkZnJvbnQuQ2ZuRGlzdHJpYnV0aW9uLlMzT3JpZ2luQ29uZmlnUHJvcGVydHkgfCB1bmRlZmluZWQge1xuICAgIHJldHVybiB7IG9yaWdpbkFjY2Vzc0lkZW50aXR5OiAnJyB9O1xuICB9XG59XG4iXX0=