UNPKG

aws-cdk-lib

Version:

Version 2 of the AWS Cloud Development Kit library

github.com/aws/aws-cdk

aws/aws-cdk

2 lines (1 loc) 4.41 kB
1
2
"use strict";var _a;Object.defineProperty(exports,"__esModule",{value:!0}),exports.FunctionUrlOrigin=void 0;var jsiiDeprecationWarnings=()=>{var tmp=require("../../.warnings.jsii.js");return jsiiDeprecationWarnings=()=>tmp,tmp};const JSII_RTTI_SYMBOL_1=Symbol.for("jsii.rtti");var utils_1=()=>{var tmp=require("./private/utils");return utils_1=()=>tmp,tmp},cloudfront=()=>{var tmp=require("../../aws-cloudfront");return cloudfront=()=>tmp,tmp},lambda=()=>{var tmp=require("../../aws-lambda");return lambda=()=>tmp,tmp},cdk=()=>{var tmp=require("../../core");return cdk=()=>tmp,tmp};class FunctionUrlOrigin extends cloudfront().OriginBase{static withOriginAccessControl(lambdaFunctionUrl,props){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_lambda_IFunctionUrl(lambdaFunctionUrl),jsiiDeprecationWarnings().aws_cdk_lib_aws_cloudfront_origins_FunctionUrlOriginWithOACProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,this.withOriginAccessControl),error}return new FunctionUrlOriginWithOAC(lambdaFunctionUrl,props)}constructor(lambdaFunctionUrl,props={}){try{jsiiDeprecationWarnings().aws_cdk_lib_aws_lambda_IFunctionUrl(lambdaFunctionUrl),jsiiDeprecationWarnings().aws_cdk_lib_aws_cloudfront_origins_FunctionUrlOriginProps(props)}catch(error){throw process.env.JSII_DEBUG!=="1"&&error.name==="DeprecationError"&&Error.captureStackTrace(error,FunctionUrlOrigin),error}const domainName=cdk().Fn.select(2,cdk().Fn.split("/",lambdaFunctionUrl.url));super(domainName,props),this.props=props,(0,utils_1().validateSecondsInRangeOrUndefined)("readTimeout",1,180,props.readTimeout),(0,utils_1().validateSecondsInRangeOrUndefined)("keepaliveTimeout",1,180,props.keepaliveTimeout)}renderCustomOriginConfig(){return{originSslProtocols:[cloudfront().OriginSslPolicy.TLS_V1_2],originProtocolPolicy:cloudfront().OriginProtocolPolicy.HTTPS_ONLY,originReadTimeout:this.props.readTimeout?.toSeconds(),originKeepaliveTimeout:this.props.keepaliveTimeout?.toSeconds()}}}exports.FunctionUrlOrigin=FunctionUrlOrigin,_a=JSII_RTTI_SYMBOL_1,FunctionUrlOrigin[_a]={fqn:"aws-cdk-lib.aws_cloudfront_origins.FunctionUrlOrigin",version:"2.185.0"};class FunctionUrlOriginWithOAC extends cloudfront().OriginBase{constructor(lambdaFunctionUrl,props={}){const domainName=cdk().Fn.select(2,cdk().Fn.split("/",lambdaFunctionUrl.url));super(domainName,props),this.functionUrl=lambdaFunctionUrl,this.originAccessControl=props?.originAccessControl,this.props=props,(0,utils_1().validateSecondsInRangeOrUndefined)("readTimeout",1,180,props.readTimeout),(0,utils_1().validateSecondsInRangeOrUndefined)("keepaliveTimeout",1,180,props.keepaliveTimeout)}renderCustomOriginConfig(){return{originSslProtocols:[cloudfront().OriginSslPolicy.TLS_V1_2],originProtocolPolicy:cloudfront().OriginProtocolPolicy.HTTPS_ONLY,originReadTimeout:this.props.readTimeout?.toSeconds(),originKeepaliveTimeout:this.props.keepaliveTimeout?.toSeconds()}}bind(scope,options){const originBindConfig=super.bind(scope,options);return this.originAccessControl||(this.originAccessControl=new(cloudfront()).FunctionUrlOriginAccessControl(scope,"FunctionUrlOriginAccessControl")),this.validateAuthType(scope),this.addInvokePermission(scope,options),{...originBindConfig,originProperty:{...originBindConfig.originProperty,originAccessControlId:this.originAccessControl?.originAccessControlId}}}addInvokePermission(scope,options){const distributionId=options.distributionId;new(lambda()).CfnPermission(scope,`InvokeFromApiFor${options.originId}`,{principal:"cloudfront.amazonaws.com",action:"lambda:InvokeFunctionUrl",functionName:this.functionUrl.functionArn,sourceArn:`arn:${cdk().Aws.PARTITION}:cloudfront::${cdk().Aws.ACCOUNT_ID}:distribution/${distributionId}`})}validateAuthType(scope){const originAccessControlConfig=(this.originAccessControl?.node.children.find(child=>child instanceof cloudfront().CfnOriginAccessControl)).originAccessControlConfig,isAlwaysSigning=originAccessControlConfig.signingBehavior===cloudfront().SigningBehavior.ALWAYS&&originAccessControlConfig.signingProtocol===cloudfront().SigningProtocol.SIGV4,isAuthTypeIsNone=this.functionUrl.authType!==lambda().FunctionUrlAuthType.AWS_IAM;if(isAlwaysSigning&&isAuthTypeIsNone)throw new(cdk()).ValidationError("The authType of the Function URL must be set to AWS_IAM when origin access control signing method is SIGV4_ALWAYS.",scope)}}