UNPKG

@gammarers/aws-secure-frontend-web-app-cloudfront-distribution

Version:

AWS CloudFront distribution for frontend web app (spa) optimized.

github.com/gammarers/aws-secure-frontend-web-app-cloudfront-distribution

gammarers/aws-secure-frontend-web-app-cloudfront-distribution

94 lines 12.4 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
"use strict"; var _a; Object.defineProperty(exports, "__esModule", { value: true }); exports.SecureFrontendWebAppCloudFrontDistribution = void 0; const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti"); const cdk = require("aws-cdk-lib"); const cloudfront = require("aws-cdk-lib/aws-cloudfront"); const origins = require("aws-cdk-lib/aws-cloudfront-origins"); class SecureFrontendWebAppCloudFrontDistribution extends cloudfront.Distribution { // eslint-disable-next-line max-len constructor(scope, id, props) { super(scope, id, { enabled: true, comment: props.comment, defaultRootObject: 'index.html', certificate: props.certificate, domainNames: [props.domainName], minimumProtocolVersion: cloudfront.SecurityPolicyProtocol.TLS_V1_2_2021, sslSupportMethod: cloudfront.SSLMethod.SNI, httpVersion: cloudfront.HttpVersion.HTTP2_AND_3, // webAclId: props.wafAclId, logBucket: props.accessLogBucket, logFilePrefix: props.accessLogBucket ? `${props.domainName}/` : undefined, defaultBehavior: { allowedMethods: cloudfront.AllowedMethods.ALLOW_GET_HEAD_OPTIONS, cachedMethods: cloudfront.CachedMethods.CACHE_GET_HEAD_OPTIONS, cachePolicy: cloudfront.CachePolicy.CACHING_OPTIMIZED, compress: true, viewerProtocolPolicy: cloudfront.ViewerProtocolPolicy.HTTPS_ONLY, origin: origins.S3BucketOrigin.withOriginAccessControl(props.originBucket), responseHeadersPolicy: new cloudfront.ResponseHeadersPolicy(scope, 'ResponseHeadersPolicy', { //responseHeadersPolicyName: , comment: 'A default policy', securityHeadersBehavior: { //contentSecurityPolicy: { contentSecurityPolicy: 'default-src https:;', override: true }, contentTypeOptions: { override: true }, frameOptions: { frameOption: cloudfront.HeadersFrameOption.SAMEORIGIN, override: true, }, referrerPolicy: { referrerPolicy: cloudfront.HeadersReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN, override: true, }, strictTransportSecurity: { accessControlMaxAge: cdk.Duration.seconds(31536000), // 1 year preload: true, includeSubdomains: true, override: true, }, xssProtection: { protection: true, modeBlock: true, override: true, }, }, customHeadersBehavior: { customHeaders: [ { header: 'Cache-Control', value: 'no-cache, no-store, private', override: true, }, { header: 'pragma', value: 'no-cache', override: true, }, ], }, }), }, errorResponses: [ { ttl: cdk.Duration.seconds(300), httpStatus: 403, responseHttpStatus: 200, responsePagePath: '/index.html', }, { ttl: cdk.Duration.seconds(300), httpStatus: 404, responseHttpStatus: 200, responsePagePath: '/index.html', }, ], priceClass: cloudfront.PriceClass.PRICE_CLASS_ALL, }); } } exports.SecureFrontendWebAppCloudFrontDistribution = SecureFrontendWebAppCloudFrontDistribution; _a = JSII_RTTI_SYMBOL_1; SecureFrontendWebAppCloudFrontDistribution[_a] = { fqn: "@gammarers/aws-secure-frontend-web-app-cloudfront-distribution.SecureFrontendWebAppCloudFrontDistribution", version: "2.0.13" }; //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFBQSxtQ0FBbUM7QUFFbkMseURBQXlEO0FBQ3pELDhEQUE4RDtBQVk5RCxNQUFhLDBDQUEyQyxTQUFRLFVBQVUsQ0FBQyxZQUFZO0lBRXJGLG1DQUFtQztJQUNuQyxZQUFZLEtBQWdCLEVBQUUsRUFBVSxFQUFFLEtBQXNEO1FBQzlGLEtBQUssQ0FBQyxLQUFLLEVBQUUsRUFBRSxFQUFFO1lBQ2YsT0FBTyxFQUFFLElBQUk7WUFDYixPQUFPLEVBQUUsS0FBSyxDQUFDLE9BQU87WUFDdEIsaUJBQWlCLEVBQUUsWUFBWTtZQUMvQixXQUFXLEVBQUUsS0FBSyxDQUFDLFdBQVc7WUFDOUIsV0FBVyxFQUFFLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQztZQUMvQixzQkFBc0IsRUFBRSxVQUFVLENBQUMsc0JBQXNCLENBQUMsYUFBYTtZQUN2RSxnQkFBZ0IsRUFBRSxVQUFVLENBQUMsU0FBUyxDQUFDLEdBQUc7WUFDMUMsV0FBVyxFQUFFLFVBQVUsQ0FBQyxXQUFXLENBQUMsV0FBVztZQUMvQyw0QkFBNEI7WUFDNUIsU0FBUyxFQUFFLEtBQUssQ0FBQyxlQUFlO1lBQ2hDLGFBQWEsRUFBRSxLQUFLLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxHQUFHLEtBQUssQ0FBQyxVQUFVLEdBQUcsQ0FBQyxDQUFDLENBQUMsU0FBUztZQUN6RSxlQUFlLEVBQUU7Z0JBQ2YsY0FBYyxFQUFFLFVBQVUsQ0FBQyxjQUFjLENBQUMsc0JBQXNCO2dCQUNoRSxhQUFhLEVBQUUsVUFBVSxDQUFDLGFBQWEsQ0FBQyxzQkFBc0I7Z0JBQzlELFdBQVcsRUFBRSxVQUFVLENBQUMsV0FBVyxDQUFDLGlCQUFpQjtnQkFDckQsUUFBUSxFQUFFLElBQUk7Z0JBQ2Qsb0JBQW9CLEVBQUUsVUFBVSxDQUFDLG9CQUFvQixDQUFDLFVBQVU7Z0JBQ2hFLE1BQU0sRUFBRSxPQUFPLENBQUMsY0FBYyxDQUFDLHVCQUF1QixDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUM7Z0JBQzFFLHFCQUFxQixFQUFFLElBQUksVUFBVSxDQUFDLHFCQUFxQixDQUFDLEtBQUssRUFBRSx1QkFBdUIsRUFBRTtvQkFDMUYsOEJBQThCO29CQUM5QixPQUFPLEVBQUUsa0JBQWtCO29CQUMzQix1QkFBdUIsRUFBRTt3QkFDdkIsMEZBQTBGO3dCQUMxRixrQkFBa0IsRUFBRSxFQUFFLFFBQVEsRUFBRSxJQUFJLEVBQUU7d0JBQ3RDLFlBQVksRUFBRTs0QkFDWixXQUFXLEVBQUUsVUFBVSxDQUFDLGtCQUFrQixDQUFDLFVBQVU7NEJBQ3JELFFBQVEsRUFBRSxJQUFJO3lCQUNmO3dCQUNELGNBQWMsRUFBRTs0QkFDZCxjQUFjLEVBQUUsVUFBVSxDQUFDLHFCQUFxQixDQUFDLCtCQUErQjs0QkFDaEYsUUFBUSxFQUFFLElBQUk7eUJBQ2Y7d0JBQ0QsdUJBQXVCLEVBQUU7NEJBQ3ZCLG1CQUFtQixFQUFFLEdBQUcsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxFQUFFLFNBQVM7NEJBQzlELE9BQU8sRUFBRSxJQUFJOzRCQUNiLGlCQUFpQixFQUFFLElBQUk7NEJBQ3ZCLFFBQVEsRUFBRSxJQUFJO3lCQUNmO3dCQUNELGFBQWEsRUFBRTs0QkFDYixVQUFVLEVBQUUsSUFBSTs0QkFDaEIsU0FBUyxFQUFFLElBQUk7NEJBQ2YsUUFBUSxFQUFFLElBQUk7eUJBQ2Y7cUJBQ0Y7b0JBQ0QscUJBQXFCLEVBQUU7d0JBQ3JCLGFBQWEsRUFBRTs0QkFDYjtnQ0FDRSxNQUFNLEVBQUUsZUFBZTtnQ0FDdkIsS0FBSyxFQUFFLDZCQUE2QjtnQ0FDcEMsUUFBUSxFQUFFLElBQUk7NkJBQ2Y7NEJBQ0Q7Z0NBQ0UsTUFBTSxFQUFFLFFBQVE7Z0NBQ2hCLEtBQUssRUFBRSxVQUFVO2dDQUNqQixRQUFRLEVBQUUsSUFBSTs2QkFDZjt5QkFDRjtxQkFDRjtpQkFDRixDQUFDO2FBQ0g7WUFDRCxjQUFjLEVBQUU7Z0JBQ2Q7b0JBQ0UsR0FBRyxFQUFFLEdBQUcsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQztvQkFDOUIsVUFBVSxFQUFFLEdBQUc7b0JBQ2Ysa0JBQWtCLEVBQUUsR0FBRztvQkFDdkIsZ0JBQWdCLEVBQUUsYUFBYTtpQkFDaEM7Z0JBQ0Q7b0JBQ0UsR0FBRyxFQUFFLEdBQUcsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQztvQkFDOUIsVUFBVSxFQUFFLEdBQUc7b0JBQ2Ysa0JBQWtCLEVBQUUsR0FBRztvQkFDdkIsZ0JBQWdCLEVBQUUsYUFBYTtpQkFDaEM7YUFDRjtZQUNELFVBQVUsRUFBRSxVQUFVLENBQUMsVUFBVSxDQUFDLGVBQWU7U0FDbEQsQ0FBQyxDQUFDO0lBQ0wsQ0FBQzs7QUFqRkgsZ0dBa0ZDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0ICogYXMgY2RrIGZyb20gJ2F3cy1jZGstbGliJztcbmltcG9ydCAqIGFzIGFjbSBmcm9tICdhd3MtY2RrLWxpYi9hd3MtY2VydGlmaWNhdGVtYW5hZ2VyJztcbmltcG9ydCAqIGFzIGNsb3VkZnJvbnQgZnJvbSAnYXdzLWNkay1saWIvYXdzLWNsb3VkZnJvbnQnO1xuaW1wb3J0ICogYXMgb3JpZ2lucyBmcm9tICdhd3MtY2RrLWxpYi9hd3MtY2xvdWRmcm9udC1vcmlnaW5zJztcbmltcG9ydCAqIGFzIHMzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1zMyc7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcblxuZXhwb3J0IGludGVyZmFjZSBTZWN1cmVGcm9udGVuZFdlYkFwcENsb3VkRnJvbnREaXN0cmlidXRpb25Qcm9wcyB7XG4gIHJlYWRvbmx5IGNvbW1lbnQ/OiBzdHJpbmc7XG4gIHJlYWRvbmx5IGRvbWFpbk5hbWU6IHN0cmluZztcbiAgcmVhZG9ubHkgY2VydGlmaWNhdGU6IGFjbS5JQ2VydGlmaWNhdGU7XG4gIHJlYWRvbmx5IG9yaWdpbkJ1Y2tldDogczMuSUJ1Y2tldDtcbiAgcmVhZG9ubHkgYWNjZXNzTG9nQnVja2V0PzogczMuSUJ1Y2tldDtcbn1cblxuZXhwb3J0IGNsYXNzIFNlY3VyZUZyb250ZW5kV2ViQXBwQ2xvdWRGcm9udERpc3RyaWJ1dGlvbiBleHRlbmRzIGNsb3VkZnJvbnQuRGlzdHJpYnV0aW9uIHtcblxuICAvLyBlc2xpbnQtZGlzYWJsZS1uZXh0LWxpbmUgbWF4LWxlblxuICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogU2VjdXJlRnJvbnRlbmRXZWJBcHBDbG91ZEZyb250RGlzdHJpYnV0aW9uUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQsIHtcbiAgICAgIGVuYWJsZWQ6IHRydWUsXG4gICAgICBjb21tZW50OiBwcm9wcy5jb21tZW50LFxuICAgICAgZGVmYXVsdFJvb3RPYmplY3Q6ICdpbmRleC5odG1sJyxcbiAgICAgIGNlcnRpZmljYXRlOiBwcm9wcy5jZXJ0aWZpY2F0ZSxcbiAgICAgIGRvbWFpbk5hbWVzOiBbcHJvcHMuZG9tYWluTmFtZV0sXG4gICAgICBtaW5pbXVtUHJvdG9jb2xWZXJzaW9uOiBjbG91ZGZyb250LlNlY3VyaXR5UG9saWN5UHJvdG9jb2wuVExTX1YxXzJfMjAyMSxcbiAgICAgIHNzbFN1cHBvcnRNZXRob2Q6IGNsb3VkZnJvbnQuU1NMTWV0aG9kLlNOSSxcbiAgICAgIGh0dHBWZXJzaW9uOiBjbG91ZGZyb250Lkh0dHBWZXJzaW9uLkhUVFAyX0FORF8zLFxuICAgICAgLy8gd2ViQWNsSWQ6IHByb3BzLndhZkFjbElkLFxuICAgICAgbG9nQnVja2V0OiBwcm9wcy5hY2Nlc3NMb2dCdWNrZXQsXG4gICAgICBsb2dGaWxlUHJlZml4OiBwcm9wcy5hY2Nlc3NMb2dCdWNrZXQgPyBgJHtwcm9wcy5kb21haW5OYW1lfS9gIDogdW5kZWZpbmVkLFxuICAgICAgZGVmYXVsdEJlaGF2aW9yOiB7XG4gICAgICAgIGFsbG93ZWRNZXRob2RzOiBjbG91ZGZyb250LkFsbG93ZWRNZXRob2RzLkFMTE9XX0dFVF9IRUFEX09QVElPTlMsXG4gICAgICAgIGNhY2hlZE1ldGhvZHM6IGNsb3VkZnJvbnQuQ2FjaGVkTWV0aG9kcy5DQUNIRV9HRVRfSEVBRF9PUFRJT05TLFxuICAgICAgICBjYWNoZVBvbGljeTogY2xvdWRmcm9udC5DYWNoZVBvbGljeS5DQUNISU5HX09QVElNSVpFRCxcbiAgICAgICAgY29tcHJlc3M6IHRydWUsXG4gICAgICAgIHZpZXdlclByb3RvY29sUG9saWN5OiBjbG91ZGZyb250LlZpZXdlclByb3RvY29sUG9saWN5LkhUVFBTX09OTFksXG4gICAgICAgIG9yaWdpbjogb3JpZ2lucy5TM0J1Y2tldE9yaWdpbi53aXRoT3JpZ2luQWNjZXNzQ29udHJvbChwcm9wcy5vcmlnaW5CdWNrZXQpLFxuICAgICAgICByZXNwb25zZUhlYWRlcnNQb2xpY3k6IG5ldyBjbG91ZGZyb250LlJlc3BvbnNlSGVhZGVyc1BvbGljeShzY29wZSwgJ1Jlc3BvbnNlSGVhZGVyc1BvbGljeScsIHtcbiAgICAgICAgICAvL3Jlc3BvbnNlSGVhZGVyc1BvbGljeU5hbWU6ICxcbiAgICAgICAgICBjb21tZW50OiAnQSBkZWZhdWx0IHBvbGljeScsXG4gICAgICAgICAgc2VjdXJpdHlIZWFkZXJzQmVoYXZpb3I6IHtcbiAgICAgICAgICAgIC8vY29udGVudFNlY3VyaXR5UG9saWN5OiB7IGNvbnRlbnRTZWN1cml0eVBvbGljeTogJ2RlZmF1bHQtc3JjIGh0dHBzOjsnLCBvdmVycmlkZTogdHJ1ZSB9LFxuICAgICAgICAgICAgY29udGVudFR5cGVPcHRpb25zOiB7IG92ZXJyaWRlOiB0cnVlIH0sXG4gICAgICAgICAgICBmcmFtZU9wdGlvbnM6IHtcbiAgICAgICAgICAgICAgZnJhbWVPcHRpb246IGNsb3VkZnJvbnQuSGVhZGVyc0ZyYW1lT3B0aW9uLlNBTUVPUklHSU4sXG4gICAgICAgICAgICAgIG92ZXJyaWRlOiB0cnVlLFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIHJlZmVycmVyUG9saWN5OiB7XG4gICAgICAgICAgICAgIHJlZmVycmVyUG9saWN5OiBjbG91ZGZyb250LkhlYWRlcnNSZWZlcnJlclBvbGljeS5TVFJJQ1RfT1JJR0lOX1dIRU5fQ1JPU1NfT1JJR0lOLFxuICAgICAgICAgICAgICBvdmVycmlkZTogdHJ1ZSxcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgICBzdHJpY3RUcmFuc3BvcnRTZWN1cml0eToge1xuICAgICAgICAgICAgICBhY2Nlc3NDb250cm9sTWF4QWdlOiBjZGsuRHVyYXRpb24uc2Vjb25kcygzMTUzNjAwMCksIC8vIDEgeWVhclxuICAgICAgICAgICAgICBwcmVsb2FkOiB0cnVlLFxuICAgICAgICAgICAgICBpbmNsdWRlU3ViZG9tYWluczogdHJ1ZSxcbiAgICAgICAgICAgICAgb3ZlcnJpZGU6IHRydWUsXG4gICAgICAgICAgICB9LFxuICAgICAgICAgICAgeHNzUHJvdGVjdGlvbjoge1xuICAgICAgICAgICAgICBwcm90ZWN0aW9uOiB0cnVlLFxuICAgICAgICAgICAgICBtb2RlQmxvY2s6IHRydWUsXG4gICAgICAgICAgICAgIG92ZXJyaWRlOiB0cnVlLFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICB9LFxuICAgICAgICAgIGN1c3RvbUhlYWRlcnNCZWhhdmlvcjoge1xuICAgICAgICAgICAgY3VzdG9tSGVhZGVyczogW1xuICAgICAgICAgICAgICB7XG4gICAgICAgICAgICAgICAgaGVhZGVyOiAnQ2FjaGUtQ29udHJvbCcsXG4gICAgICAgICAgICAgICAgdmFsdWU6ICduby1jYWNoZSwgbm8tc3RvcmUsIHByaXZhdGUnLFxuICAgICAgICAgICAgICAgIG92ZXJyaWRlOiB0cnVlLFxuICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgICB7XG4gICAgICAgICAgICAgICAgaGVhZGVyOiAncHJhZ21hJyxcbiAgICAgICAgICAgICAgICB2YWx1ZTogJ25vLWNhY2hlJyxcbiAgICAgICAgICAgICAgICBvdmVycmlkZTogdHJ1ZSxcbiAgICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIF0sXG4gICAgICAgICAgfSxcbiAgICAgICAgfSksXG4gICAgICB9LFxuICAgICAgZXJyb3JSZXNwb25zZXM6IFtcbiAgICAgICAge1xuICAgICAgICAgIHR0bDogY2RrLkR1cmF0aW9uLnNlY29uZHMoMzAwKSxcbiAgICAgICAgICBodHRwU3RhdHVzOiA0MDMsXG4gICAgICAgICAgcmVzcG9uc2VIdHRwU3RhdHVzOiAyMDAsXG4gICAgICAgICAgcmVzcG9uc2VQYWdlUGF0aDogJy9pbmRleC5odG1sJyxcbiAgICAgICAgfSxcbiAgICAgICAge1xuICAgICAgICAgIHR0bDogY2RrLkR1cmF0aW9uLnNlY29uZHMoMzAwKSxcbiAgICAgICAgICBodHRwU3RhdHVzOiA0MDQsXG4gICAgICAgICAgcmVzcG9uc2VIdHRwU3RhdHVzOiAyMDAsXG4gICAgICAgICAgcmVzcG9uc2VQYWdlUGF0aDogJy9pbmRleC5odG1sJyxcbiAgICAgICAgfSxcbiAgICAgIF0sXG4gICAgICBwcmljZUNsYXNzOiBjbG91ZGZyb250LlByaWNlQ2xhc3MuUFJJQ0VfQ0xBU1NfQUxMLFxuICAgIH0pO1xuICB9XG59Il19