CDK Constructs for Lambda@Edge pattern: HttpHeaders
Project description
@cloudcomponents/cdk-lambda-at-edge-pattern
CDK Constructs for Lambda@Edge pattern: HttpHeaders
Install
TypeScript/JavaScript:
npm i @cloudcomponents/cdk-lambda-at-edge-pattern
Python:
pip install cloudcomponents.cdk-lambda-at-edge-pattern
How to use
import { Construct, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core';
import { StringParameter } from '@aws-cdk/aws-ssm';
import { SecurityPolicyProtocol } from '@aws-cdk/aws-cloudfront';
import { StaticWebsite } from '@cloudcomponents/cdk-static-website';
import { HttpHeaders } from '@cloudcomponents/cdk-lambda-at-edge-pattern';
export class StaticWebsiteStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const certificateArn = StringParameter.valueFromLookup(
this,
'/certificate/cloudcomponents.org',
);
const website = new StaticWebsite(this, 'StaticWebsite', {
bucketConfiguration: {
removalPolicy: RemovalPolicy.DESTROY,
},
aliasConfiguration: {
domainName: 'cloudcomponents.org',
names: ['www.cloudcomponents.org', 'cloudcomponents.org'],
acmCertRef: certificateArn,
},
});
// A us-east-1 stack is generated under the hood
const httpHeaders = new HttpHeaders(this, 'HttpHeaders', {
httpHeaders: {
'Content-Security-Policy':
"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'",
'Strict-Transport-Security':
'max-age=31536000; includeSubdomains; preload',
'Referrer-Policy': 'same-origin',
'X-XSS-Protection': '1; mode=block',
'X-Frame-Options': 'DENY',
'X-Content-Type-Options': 'nosniff',
'Cache-Control': 'no-cache',
},
});
website.addLambdaFunctionAssociation(httpHeaders);
}
}
Cloudfront Distribution
new cloudfront.Distribution(this, 'myDist', {
defaultBehavior: {
origin: new origins.S3Origin(myBucket),
edgeLambdas: [httpHeaders],
},
});
Cloudfront WebDistribution
new cloudfront.CloudFrontWebDistribution(this, 'MyDistribution', {
originConfigs: [
{
s3OriginSource: {
s3BucketSource: sourceBucket
},
behaviors: [
{
isDefaultBehavior: true,
lambdaFunctionAssociations: [httpHeaders],
}
]
}
]
});
HttpHeaders
const httpHeaders = new HttpHeaders(this, 'HttpHeaders', {
httpHeaders: {
'Content-Security-Policy':
"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'",
'Strict-Transport-Security':
'max-age=31536000; includeSubdomains; preload',
'Referrer-Policy': 'same-origin',
'X-XSS-Protection': '1; mode=block',
'X-Frame-Options': 'DENY',
'X-Content-Type-Options': 'nosniff',
'Cache-Control': 'no-cache',
},
});
OriginMutation
https://chrisschuld.com/2020/05/gatsby-hosting-on-cloudfront/
const originMutation = new OriginMutation(stack, 'OriginMutation');
API Reference
See API.md.
Example
See more complete examples.
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for cloudcomponents.cdk-lambda-at-edge-pattern-1.49.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6445d3914ddcadc3dc6e952e5f619f67abd3e32f2408c8b729fc446c770e4cdd |
|
MD5 | 7929aae77bfe8dc902f232e7affb5214 |
|
BLAKE2b-256 | 2a7ade207cad7448666633a964471bbf8f9bbce4ee6e4f6e9d2ca6c0eb63e040 |
Close
Hashes for cloudcomponents.cdk_lambda_at_edge_pattern-1.49.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0aa3e9c125a6f758885877a1ca83d890a3a25eea1f93629ff34afadbf6325cab |
|
MD5 | dc165e3744baa93475ca5bcfd72f2c71 |
|
BLAKE2b-256 | 34a44d3ca48513039f1b8f1093d77f1912dc261282b25273ce9da8ea2ad8ab23 |