CDK Constructs for AWS Cloudfront to AWS S3 integration.
Project description
aws-cloudfront-s3 module
---Reference Documentation: | https://docs.aws.amazon.com/solutions/latest/constructs/ |
---|
Language | Package |
---|---|
Python | aws_solutions_constructs.aws_cloudfront_s3 |
Typescript | @aws-solutions-constructs/aws-cloudfront-s3 |
Java | software.amazon.awsconstructs.services.cloudfronts3 |
Overview
This AWS Solutions Construct provisions an Amazon CloudFront Distribution that serves objects from an AWS S3 Bucket via an Origin Access Control (OAC).
Here is a minimal deployable pattern definition:
Typescript
import { Construct } from 'constructs';
import { Stack, StackProps } from 'aws-cdk-lib';
import { CloudFrontToS3 } from '@aws-solutions-constructs/aws-cloudfront-s3';
new CloudFrontToS3(this, 'test-cloudfront-s3', {});
Python
from aws_solutions_constructs.aws_cloudfront_s3 import CloudFrontToS3
from aws_cdk import Stack
from constructs import Construct
CloudFrontToS3(self, 'test-cloudfront-s3')
Java
import software.constructs.Construct;
import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awsconstructs.services.cloudfronts3.*;
new CloudFrontToS3(this, "test-cloudfront-s3", new CloudFrontToS3Props.Builder()
.build());
Pattern Construct Props
Name | Type | Description |
---|---|---|
existingBucketObj? | s3.IBucket |
Existing instance of S3 Bucket object or interface. If this is provided, then also providing bucketProps will cause an error. |
bucketProps? | s3.BucketProps |
Optional user provided props to override the default props for the S3 Bucket. |
cloudFrontDistributionProps? | cloudfront.DistributionProps |
Optional user provided props to override the default props for CloudFront Distribution |
insertHttpSecurityHeaders? | boolean |
Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront |
responseHeadersPolicyProps? | cloudfront.ResponseHeadersPolicyProps |
Optional user provided configuration that cloudfront applies to all http responses. |
originPath? | string |
Optional user provided props to provide anoriginPath that CloudFront appends to the origin domain name when CloudFront requests content from the origin. The string should start with a / , for example: /production . Default value is '/' |
loggingBucketProps? | s3.BucketProps |
Optional user provided props to override the default props for the S3 Logging Bucket. |
cloudFrontLoggingBucketProps? | s3.BucketProps |
Optional user provided props to override the default props for the CloudFront Logging Bucket. |
logS3AccessLogs? | boolean | Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true |
Pattern Properties
Name | Type | Description |
---|---|---|
cloudFrontWebDistribution | cloudfront.Distribution |
Returns an instance of cloudfront.Distribution created by the construct. |
cloudFrontFunction? | cloudfront.Function |
Returns an instance of the Cloudfront function created by the construct. |
cloudFrontLoggingBucket | s3.Bucket |
Returns an instance of the logging bucket for the CloudFront Distribution. |
s3BucketInterface | s3.IBucket |
Returns an instance of s3.IBucket created by the construct. |
s3Bucket? | s3.Bucket |
Returns an instance of s3.Bucket created by the construct. IMPORTANT: If existingBucketObj was provided in Pattern Construct Props, this property will be undefined |
s3LoggingBucket? | s3.Bucket |
Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket. |
originAccessControl? | cloudfront.CfnOriginAccessControl |
Returns an instance of cloudfront.CfnOriginAccessControl created by the construct. |
Default settings
Out of the box implementation of the Construct without any override will set the following defaults:
Amazon CloudFront
- Configure Access logging for CloudFront Distribution
- Enable automatic injection of best practice HTTP security headers in all responses from CloudFront Distribution
- CloudFront originPath set to
'/'
Amazon S3 Bucket
- Configure Access logging for S3 Bucket
- Enable server-side encryption for S3 Bucket using AWS managed KMS Key
- Enforce encryption of data in transit
- Turn on the versioning for S3 Bucket
- Don't allow public access for S3 Bucket
- Retain the S3 Bucket when deleting the CloudFormation stack
- Applies Lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
Architecture
© Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for aws-solutions-constructs.aws-cloudfront-s3-2.57.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0db2151550d582a49f66e52790f8ac4bb941449bdeda19cd7ec41ff31ed9361d |
|
MD5 | cc62c05718c379bcdc4283731acb646e |
|
BLAKE2b-256 | 6b9c811ef62614c24fb2f0fb07fa7579853235c539e341d4ba6db535f76afca9 |
Close
Hashes for aws_solutions_constructs.aws_cloudfront_s3-2.57.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5f300462f25d3d12a3584a498c0ae1272f0969514183d8042cd96a61ae3be7bf |
|
MD5 | 2a41b281683b08e502249a01677344ca |
|
BLAKE2b-256 | ff6d1821bc94740eaba53d1772ea44d4d06ae7280256d901cb8d648d7d79882f |