@enfo/aws-cdkompliance/lib/cloudfront.js

Tagging and compliant resources using the CDK

"use strict";
var _a;
Object.defineProperty(exports, "__esModule", { value: true });
exports.Distribution = exports.defaultDistributionProps = void 0;
const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
const aws_cloudfront_1 = require("aws-cdk-lib/aws-cloudfront");
/**
 * Properties for a new Compliant CloudFront Distribution
 */
exports.defaultDistributionProps = {
    defaultRootObject: 'index.html',
    enableLogging: true,
    defaultBehavior: {
        viewerProtocolPolicy: aws_cloudfront_1.ViewerProtocolPolicy.REDIRECT_TO_HTTPS
    }
};
/**
 * Compliant CloudFront Distribution
 *
 * See README for usage examples
 */
class Distribution extends aws_cloudfront_1.Distribution {
    constructor(scope, id, props) {
        super(scope, id, {
            ...exports.defaultDistributionProps,
            ...props,
            defaultBehavior: {
                ...exports.defaultDistributionProps.defaultBehavior,
                ...props.defaultBehavior
            }
        });
        this.calculatedProps = {
            ...exports.defaultDistributionProps,
            ...props,
            defaultBehavior: {
                ...exports.defaultDistributionProps.defaultBehavior,
                ...props.defaultBehavior
            }
        };
        this.node.addValidation({
            validate: () => {
                return [
                    ...this.checkRootObject(),
                    ...this.checkLogging(),
                    ...this.checkWebAcl(),
                    ...this.checkProtocolPolicies()
                ];
            }
        });
    }
    checkRootObject() {
        return this.calculatedProps.defaultRootObject
            ? []
            : ['defaultRootObject must be set'];
    }
    checkLogging() {
        return this.calculatedProps.enableLogging
            ? []
            : ['logging must be enabled'];
    }
    checkWebAcl() {
        return this.calculatedProps.webAclId
            ? []
            : ['must be associated with a web acl'];
    }
    checkProtocolPolicies() {
        return [
            ...this.checkDefaultBehaviorProtocolPolicy(),
            ...this.checkAdditionalBehaviorsProtocolPolicies()
        ];
    }
    checkDefaultBehaviorProtocolPolicy() {
        return this.checkProtocolPolicy(this.calculatedProps.defaultBehavior.viewerProtocolPolicy);
    }
    checkAdditionalBehaviorsProtocolPolicies() {
        if (!this.calculatedProps.additionalBehaviors) {
            return [];
        }
        return Object.values(this.calculatedProps.additionalBehaviors).map((behavior) => {
            return this.checkProtocolPolicy(behavior.viewerProtocolPolicy);
        }).flat();
    }
    checkProtocolPolicy(policy) {
        return policy !== undefined && policy !== aws_cloudfront_1.ViewerProtocolPolicy.ALLOW_ALL
            ? []
            : ['ViewerProtocolPolicy must not be undefined nor "ALLOW_ALL"'];
    }
}
exports.Distribution = Distribution;
_a = JSII_RTTI_SYMBOL_1;
Distribution[_a] = { fqn: "@enfo/aws-cdkompliance.Distribution", version: "1.1.0" };
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xvdWRmcm9udC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbImNsb3VkZnJvbnQudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSwrREFLbUM7QUFHbkM7O0dBRUc7QUFDVSxRQUFBLHdCQUF3QixHQUFHO0lBQ3RDLGlCQUFpQixFQUFFLFlBQVk7SUFDL0IsYUFBYSxFQUFFLElBQUk7SUFDbkIsZUFBZSxFQUFFO1FBQ2Ysb0JBQW9CLEVBQUUscUNBQW9CLENBQUMsaUJBQWlCO0tBQzdEO0NBQ0YsQ0FBQTtBQUVEOzs7O0dBSUc7QUFDSCxNQUFhLFlBQWEsU0FBUSw2QkFBYztJQUU5QyxZQUFhLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQXdCO1FBQ2pFLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFO1lBQ2YsR0FBRyxnQ0FBd0I7WUFDM0IsR0FBRyxLQUFLO1lBQ1IsZUFBZSxFQUFFO2dCQUNmLEdBQUcsZ0NBQXdCLENBQUMsZUFBZTtnQkFDM0MsR0FBRyxLQUFLLENBQUMsZUFBZTthQUN6QjtTQUNGLENBQUMsQ0FBQTtRQUNGLElBQUksQ0FBQyxlQUFlLEdBQUc7WUFDckIsR0FBRyxnQ0FBd0I7WUFDM0IsR0FBRyxLQUFLO1lBQ1IsZUFBZSxFQUFFO2dCQUNmLEdBQUcsZ0NBQXdCLENBQUMsZUFBZTtnQkFDM0MsR0FBRyxLQUFLLENBQUMsZUFBZTthQUN6QjtTQUNGLENBQUE7UUFFRCxJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQztZQUN0QixRQUFRLEVBQUUsR0FBRyxFQUFFO2dCQUNiLE9BQU87b0JBQ0wsR0FBRyxJQUFJLENBQUMsZUFBZSxFQUFFO29CQUN6QixHQUFHLElBQUksQ0FBQyxZQUFZLEVBQUU7b0JBQ3RCLEdBQUcsSUFBSSxDQUFDLFdBQVcsRUFBRTtvQkFDckIsR0FBRyxJQUFJLENBQUMscUJBQXFCLEVBQUU7aUJBQ2hDLENBQUE7WUFDSCxDQUFDO1NBQ0YsQ0FBQyxDQUFBO0lBQ0osQ0FBQztJQUVTLGVBQWU7UUFDdkIsT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDLGlCQUFpQjtZQUMzQyxDQUFDLENBQUMsRUFBRTtZQUNKLENBQUMsQ0FBQyxDQUFDLCtCQUErQixDQUFDLENBQUE7SUFDdkMsQ0FBQztJQUVTLFlBQVk7UUFDcEIsT0FBTyxJQUFJLENBQUMsZUFBZSxDQUFDLGFBQWE7WUFDdkMsQ0FBQyxDQUFDLEVBQUU7WUFDSixDQUFDLENBQUMsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFBO0lBQ2pDLENBQUM7SUFFUyxXQUFXO1FBQ25CLE9BQU8sSUFBSSxDQUFDLGVBQWUsQ0FBQyxRQUFRO1lBQ2xDLENBQUMsQ0FBQyxFQUFFO1lBQ0osQ0FBQyxDQUFDLENBQUMsbUNBQW1DLENBQUMsQ0FBQTtJQUMzQyxDQUFDO0lBRVMscUJBQXFCO1FBQzdCLE9BQU87WUFDTCxHQUFHLElBQUksQ0FBQyxrQ0FBa0MsRUFBRTtZQUM1QyxHQUFHLElBQUksQ0FBQyx3Q0FBd0MsRUFBRTtTQUNuRCxDQUFBO0lBQ0gsQ0FBQztJQUVTLGtDQUFrQztRQUMxQyxPQUFPLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLGVBQWUsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFBO0lBQzVGLENBQUM7SUFFUyx3Q0FBd0M7UUFDaEQsSUFBSSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsbUJBQW1CLEVBQUU7WUFDN0MsT0FBTyxFQUFFLENBQUE7U0FDVjtRQUNELE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLG1CQUFtQixDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsUUFBeUIsRUFBWSxFQUFFO1lBQ3pHLE9BQU8sSUFBSSxDQUFDLG1CQUFtQixDQUFDLFFBQVEsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFBO1FBQ2hFLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFBO0lBQ1gsQ0FBQztJQUVTLG1CQUFtQixDQUFFLE1BQXdDO1FBQ3JFLE9BQU8sTUFBTSxLQUFLLFNBQVMsSUFBSSxNQUFNLEtBQUsscUNBQW9CLENBQUMsU0FBUztZQUN0RSxDQUFDLENBQUMsRUFBRTtZQUNKLENBQUMsQ0FBQyxDQUFDLDREQUE0RCxDQUFDLENBQUE7SUFDcEUsQ0FBQzs7QUExRUgsb0NBMkVDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHtcbiAgQmVoYXZpb3JPcHRpb25zLFxuICBEaXN0cmlidXRpb24gYXMgQ0ZEaXN0cmlidXRpb24sXG4gIERpc3RyaWJ1dGlvblByb3BzLFxuICBWaWV3ZXJQcm90b2NvbFBvbGljeVxufSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtY2xvdWRmcm9udCdcbmltcG9ydCB7IENvbnN0cnVjdCB9IGZyb20gJ2NvbnN0cnVjdHMnXG5cbi8qKlxuICogUHJvcGVydGllcyBmb3IgYSBuZXcgQ29tcGxpYW50IENsb3VkRnJvbnQgRGlzdHJpYnV0aW9uXG4gKi9cbmV4cG9ydCBjb25zdCBkZWZhdWx0RGlzdHJpYnV0aW9uUHJvcHMgPSB7XG4gIGRlZmF1bHRSb290T2JqZWN0OiAnaW5kZXguaHRtbCcsXG4gIGVuYWJsZUxvZ2dpbmc6IHRydWUsXG4gIGRlZmF1bHRCZWhhdmlvcjoge1xuICAgIHZpZXdlclByb3RvY29sUG9saWN5OiBWaWV3ZXJQcm90b2NvbFBvbGljeS5SRURJUkVDVF9UT19IVFRQU1xuICB9XG59XG5cbi8qKlxuICogQ29tcGxpYW50IENsb3VkRnJvbnQgRGlzdHJpYnV0aW9uXG4gKlxuICogU2VlIFJFQURNRSBmb3IgdXNhZ2UgZXhhbXBsZXNcbiAqL1xuZXhwb3J0IGNsYXNzIERpc3RyaWJ1dGlvbiBleHRlbmRzIENGRGlzdHJpYnV0aW9uIHtcbiAgcHJvdGVjdGVkIGNhbGN1bGF0ZWRQcm9wczogRGlzdHJpYnV0aW9uUHJvcHNcbiAgY29uc3RydWN0b3IgKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBEaXN0cmlidXRpb25Qcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCwge1xuICAgICAgLi4uZGVmYXVsdERpc3RyaWJ1dGlvblByb3BzLFxuICAgICAgLi4ucHJvcHMsXG4gICAgICBkZWZhdWx0QmVoYXZpb3I6IHtcbiAgICAgICAgLi4uZGVmYXVsdERpc3RyaWJ1dGlvblByb3BzLmRlZmF1bHRCZWhhdmlvcixcbiAgICAgICAgLi4ucHJvcHMuZGVmYXVsdEJlaGF2aW9yXG4gICAgICB9XG4gICAgfSlcbiAgICB0aGlzLmNhbGN1bGF0ZWRQcm9wcyA9IHtcbiAgICAgIC4uLmRlZmF1bHREaXN0cmlidXRpb25Qcm9wcyxcbiAgICAgIC4uLnByb3BzLFxuICAgICAgZGVmYXVsdEJlaGF2aW9yOiB7XG4gICAgICAgIC4uLmRlZmF1bHREaXN0cmlidXRpb25Qcm9wcy5kZWZhdWx0QmVoYXZpb3IsXG4gICAgICAgIC4uLnByb3BzLmRlZmF1bHRCZWhhdmlvclxuICAgICAgfVxuICAgIH1cblxuICAgIHRoaXMubm9kZS5hZGRWYWxpZGF0aW9uKHtcbiAgICAgIHZhbGlkYXRlOiAoKSA9PiB7XG4gICAgICAgIHJldHVybiBbXG4gICAgICAgICAgLi4udGhpcy5jaGVja1Jvb3RPYmplY3QoKSxcbiAgICAgICAgICAuLi50aGlzLmNoZWNrTG9nZ2luZygpLFxuICAgICAgICAgIC4uLnRoaXMuY2hlY2tXZWJBY2woKSxcbiAgICAgICAgICAuLi50aGlzLmNoZWNrUHJvdG9jb2xQb2xpY2llcygpXG4gICAgICAgIF1cbiAgICAgIH1cbiAgICB9KVxuICB9XG5cbiAgcHJvdGVjdGVkIGNoZWNrUm9vdE9iamVjdCAoKTogc3RyaW5nW10ge1xuICAgIHJldHVybiB0aGlzLmNhbGN1bGF0ZWRQcm9wcy5kZWZhdWx0Um9vdE9iamVjdFxuICAgICAgPyBbXVxuICAgICAgOiBbJ2RlZmF1bHRSb290T2JqZWN0IG11c3QgYmUgc2V0J11cbiAgfVxuXG4gIHByb3RlY3RlZCBjaGVja0xvZ2dpbmcgKCk6IHN0cmluZ1tdIHtcbiAgICByZXR1cm4gdGhpcy5jYWxjdWxhdGVkUHJvcHMuZW5hYmxlTG9nZ2luZ1xuICAgICAgPyBbXVxuICAgICAgOiBbJ2xvZ2dpbmcgbXVzdCBiZSBlbmFibGVkJ11cbiAgfVxuXG4gIHByb3RlY3RlZCBjaGVja1dlYkFjbCAoKTogc3RyaW5nW10ge1xuICAgIHJldHVybiB0aGlzLmNhbGN1bGF0ZWRQcm9wcy53ZWJBY2xJZFxuICAgICAgPyBbXVxuICAgICAgOiBbJ211c3QgYmUgYXNzb2NpYXRlZCB3aXRoIGEgd2ViIGFjbCddXG4gIH1cblxuICBwcm90ZWN0ZWQgY2hlY2tQcm90b2NvbFBvbGljaWVzICgpOiBzdHJpbmdbXSB7XG4gICAgcmV0dXJuIFtcbiAgICAgIC4uLnRoaXMuY2hlY2tEZWZhdWx0QmVoYXZpb3JQcm90b2NvbFBvbGljeSgpLFxuICAgICAgLi4udGhpcy5jaGVja0FkZGl0aW9uYWxCZWhhdmlvcnNQcm90b2NvbFBvbGljaWVzKClcbiAgICBdXG4gIH1cblxuICBwcm90ZWN0ZWQgY2hlY2tEZWZhdWx0QmVoYXZpb3JQcm90b2NvbFBvbGljeSAoKTogc3RyaW5nW10ge1xuICAgIHJldHVybiB0aGlzLmNoZWNrUHJvdG9jb2xQb2xpY3kodGhpcy5jYWxjdWxhdGVkUHJvcHMuZGVmYXVsdEJlaGF2aW9yLnZpZXdlclByb3RvY29sUG9saWN5KVxuICB9XG5cbiAgcHJvdGVjdGVkIGNoZWNrQWRkaXRpb25hbEJlaGF2aW9yc1Byb3RvY29sUG9saWNpZXMgKCk6IHN0cmluZ1tdIHtcbiAgICBpZiAoIXRoaXMuY2FsY3VsYXRlZFByb3BzLmFkZGl0aW9uYWxCZWhhdmlvcnMpIHtcbiAgICAgIHJldHVybiBbXVxuICAgIH1cbiAgICByZXR1cm4gT2JqZWN0LnZhbHVlcyh0aGlzLmNhbGN1bGF0ZWRQcm9wcy5hZGRpdGlvbmFsQmVoYXZpb3JzKS5tYXAoKGJlaGF2aW9yOiBCZWhhdmlvck9wdGlvbnMpOiBzdHJpbmdbXSA9PiB7XG4gICAgICByZXR1cm4gdGhpcy5jaGVja1Byb3RvY29sUG9saWN5KGJlaGF2aW9yLnZpZXdlclByb3RvY29sUG9saWN5KVxuICAgIH0pLmZsYXQoKVxuICB9XG5cbiAgcHJvdGVjdGVkIGNoZWNrUHJvdG9jb2xQb2xpY3kgKHBvbGljeTogVmlld2VyUHJvdG9jb2xQb2xpY3kgfCB1bmRlZmluZWQpOiBzdHJpbmdbXSB7XG4gICAgcmV0dXJuIHBvbGljeSAhPT0gdW5kZWZpbmVkICYmIHBvbGljeSAhPT0gVmlld2VyUHJvdG9jb2xQb2xpY3kuQUxMT1dfQUxMXG4gICAgICA/IFtdXG4gICAgICA6IFsnVmlld2VyUHJvdG9jb2xQb2xpY3kgbXVzdCBub3QgYmUgdW5kZWZpbmVkIG5vciBcIkFMTE9XX0FMTFwiJ11cbiAgfVxufVxuIl19