CDK Constructs for AWS Cloudfront to AWS S3 integration.
Project description
aws-cloudfront-s3 module
---
| Reference Documentation: | https://docs.aws.amazon.com/solutions/latest/constructs/ |
|---|
| Language | Package |
|---|---|
 Python |
aws_solutions_constructs.aws_cloudfront_s3 |
 Typescript |
@aws-solutions-constructs/aws-cloudfront-s3 |
 Java |
software.amazon.awsconstructs.services.cloudfronts3 |
Overview
This AWS Solutions Construct provisions an Amazon CloudFront Distribution that serves objects from an AWS S3 Bucket via an Origin Access Control (OAC).
Here is a minimal deployable pattern definition:
Typescript
import { Construct } from 'constructs';
import { Stack, StackProps } from 'aws-cdk-lib';
import { CloudFrontToS3 } from '@aws-solutions-constructs/aws-cloudfront-s3';
new CloudFrontToS3(this, 'test-cloudfront-s3', {});
Python
from aws_solutions_constructs.aws_cloudfront_s3 import CloudFrontToS3
from aws_cdk import Stack
from constructs import Construct
CloudFrontToS3(self, 'test-cloudfront-s3')
Java
import software.constructs.Construct;
import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awsconstructs.services.cloudfronts3.*;
new CloudFrontToS3(this, "test-cloudfront-s3", new CloudFrontToS3Props.Builder()
.build());
Pattern Construct Props
| Name | Type | Description |
|---|---|---|
| existingBucketObj? | s3.IBucket |
Existing instance of S3 Bucket object or interface. If this is provided, then also providing bucketProps will cause an error. |
| bucketProps? | s3.BucketProps |
Optional user provided props to override the default props for the S3 Bucket. |
| cloudFrontDistributionProps? | cloudfront.DistributionProps |
Optional user provided props to override the default props for CloudFront Distribution |
| insertHttpSecurityHeaders? | boolean |
Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront |
| responseHeadersPolicyProps? | cloudfront.ResponseHeadersPolicyProps |
Optional user provided configuration that cloudfront applies to all http responses. |
| originPath? | string |
Optional user provided props to provide anoriginPath that CloudFront appends to the origin domain name when CloudFront requests content from the origin. The string should start with a /, for example: /production. Default value is '/' |
| loggingBucketProps? | s3.BucketProps |
Optional user provided props to override the default props for the S3 Logging Bucket. |
| cloudFrontLoggingBucketProps? | s3.BucketProps |
Optional user provided props to override the default props for the CloudFront Logging Bucket. |
| logS3AccessLogs? | boolean | Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true |
Pattern Properties
| Name | Type | Description |
|---|---|---|
| cloudFrontWebDistribution | cloudfront.Distribution |
Returns an instance of cloudfront.Distribution created by the construct. |
| cloudFrontFunction? | cloudfront.Function |
Returns an instance of the Cloudfront function created by the construct. |
| cloudFrontLoggingBucket | s3.Bucket |
Returns an instance of the logging bucket for the CloudFront Distribution. |
| s3BucketInterface | s3.IBucket |
Returns an instance of s3.IBucket created by the construct. |
| s3Bucket? | s3.Bucket |
Returns an instance of s3.Bucket created by the construct. IMPORTANT: If existingBucketObj was provided in Pattern Construct Props, this property will be undefined |
| s3LoggingBucket? | s3.Bucket |
Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket. |
| originAccessControl? | cloudfront.CfnOriginAccessControl |
Returns an instance of cloudfront.CfnOriginAccessControl created by the construct. |
Default settings
Out of the box implementation of the Construct without any override will set the following defaults:
Amazon CloudFront
- Configure Access logging for CloudFront Distribution
- Enable automatic injection of best practice HTTP security headers in all responses from CloudFront Distribution
- CloudFront originPath set to
'/'
Amazon S3 Bucket
- Configure Access logging for S3 Bucket
- Enable server-side encryption for S3 Bucket using AWS managed KMS Key
- Enforce encryption of data in transit
- Turn on the versioning for S3 Bucket
- Don't allow public access for S3 Bucket
- Retain the S3 Bucket when deleting the CloudFormation stack
- Applies Lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
Architecture
© Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for aws-solutions-constructs.aws-cloudfront-s3-2.48.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | fb55408306337556a46825cea2159466a64acfb72182b60aec2a745a434aea0e |
|
| MD5 | 26c4ca315191c3d8bec6156a046d245f |
|
| BLAKE2b-256 | 08fc6c029b2f4a84cc1954188b5fbb147b97ad2c526eb24c06f1705b3d795a51 |
Close
Hashes for aws_solutions_constructs.aws_cloudfront_s3-2.48.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 1c0835f6d46220c4a59afdc7c23e796b33c12343b3b023c974f0d3353da320ff |
|
| MD5 | 553f86b05ce0da4f8f8d47795c017167 |
|
| BLAKE2b-256 | 24118117c8d73983954dc159ba23bf5749557304c2eb6249c0be8b52bdd2c83f |
