CDK Constructs for Lambda@Edge pattern: HttpHeaders
Project description
@cloudcomponents/cdk-lambda-at-edge-pattern
CDK Constructs for Lambda@Edge pattern: HttpHeaders
Install
TypeScript/JavaScript:
npm i @cloudcomponents/cdk-lambda-at-edge-pattern
Python:
pip install cloudcomponents.cdk-lambda-at-edge-pattern
How to use
import { Construct, RemovalPolicy, Stack, StackProps } from '@aws-cdk/core';
import { StringParameter } from '@aws-cdk/aws-ssm';
import { SecurityPolicyProtocol } from '@aws-cdk/aws-cloudfront';
import { StaticWebsite } from '@cloudcomponents/cdk-static-website';
import { HttpHeaders } from '@cloudcomponents/cdk-lambda-at-edge-pattern';
export class StaticWebsiteStack extends Stack {
constructor(scope: Construct, id: string, props: StackProps) {
super(scope, id, props);
const certificateArn = StringParameter.valueFromLookup(
this,
'/certificate/cloudcomponents.org',
);
const website = new StaticWebsite(this, 'StaticWebsite', {
bucketConfiguration: {
removalPolicy: RemovalPolicy.DESTROY,
},
aliasConfiguration: {
domainName: 'cloudcomponents.org',
names: ['www.cloudcomponents.org', 'cloudcomponents.org'],
acmCertRef: certificateArn,
},
});
// A us-east-1 stack is generated under the hood
const httpHeaders = new HttpHeaders(this, 'HttpHeaders', {
httpHeaders: {
'Content-Security-Policy':
"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'",
'Strict-Transport-Security':
'max-age=31536000; includeSubdomains; preload',
'Referrer-Policy': 'same-origin',
'X-XSS-Protection': '1; mode=block',
'X-Frame-Options': 'DENY',
'X-Content-Type-Options': 'nosniff',
'Cache-Control': 'no-cache',
},
});
website.addLambdaFunctionAssociation(httpHeaders);
}
}
Cloudfront Distribution
new cloudfront.Distribution(this, 'myDist', {
defaultBehavior: {
origin: new origins.S3Origin(myBucket),
edgeLambdas: [httpHeaders],
},
});
Cloudfront WebDistribution
new cloudfront.CloudFrontWebDistribution(this, 'MyDistribution', {
originConfigs: [
{
s3OriginSource: {
s3BucketSource: sourceBucket
},
behaviors: [
{
isDefaultBehavior: true,
lambdaFunctionAssociations: [httpHeaders],
}
]
}
]
});
HttpHeaders
const httpHeaders = new HttpHeaders(this, 'HttpHeaders', {
httpHeaders: {
'Content-Security-Policy':
"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; object-src 'none'; connect-src 'self'",
'Strict-Transport-Security':
'max-age=31536000; includeSubdomains; preload',
'Referrer-Policy': 'same-origin',
'X-XSS-Protection': '1; mode=block',
'X-Frame-Options': 'DENY',
'X-Content-Type-Options': 'nosniff',
'Cache-Control': 'no-cache',
},
});
OriginMutation
https://chrisschuld.com/2020/05/gatsby-hosting-on-cloudfront/
const originMutation = new OriginMutation(stack, 'OriginMutation');
API Reference
See API.md.
Example
See more complete examples.
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for cloudcomponents.cdk-lambda-at-edge-pattern-1.50.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5cb85fad92285e2c8e3109199c1b13c970c89b2915b029d9f372b6f8a58bedf6 |
|
MD5 | e81d7fb36614583cf382c6848db410a5 |
|
BLAKE2b-256 | 4ac46166ec6550f75450d212d9dfd404c8b97fc1ad44dba8f0222ce5101d0bc7 |
Close
Hashes for cloudcomponents.cdk_lambda_at_edge_pattern-1.50.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 39f8002b1f52ce9459f1e9943360cbb7a006126c2fc838a6fbc3c2ffb24f951c |
|
MD5 | 9f16e9dd00d3a39597052370d0b98850 |
|
BLAKE2b-256 | 03afa0300cb0b2def46fbed5b13def38b0eaa19428ea1503a0d9ae62420612da |