@aws-solutions-constructs/aws-cloudfront-s3 2.0.0-rc.1 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -5,10 +5,6 @@
5
5
 
6
6
  ![Stability: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)
7
7
 
8
- > All classes are under active development and subject to non-backward compatible changes or removal in any
9
- > future version. These are not subject to the [Semantic Versioning](https://semver.org/) model.
10
- > This means that while you may use them, you may need to update your source code when upgrading to a newer version of this package.
11
-
12
8
  ---
13
9
  <!--END STABILITY BANNER-->
14
10
 
@@ -49,11 +45,14 @@ _Parameters_
49
45
 
50
46
  | **Name** | **Type** | **Description** |
51
47
  |:-------------|:----------------|-----------------|
52
- |existingBucketInterface?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Existing instance of S3 Bucket object or interface. If this is provided, then also providing bucketProps will cause an error. |
48
+ |existingBucketObj?|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Existing instance of S3 Bucket object or interface. If this is provided, then also providing bucketProps will cause an error. |
53
49
  |bucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Bucket.|
54
50
  |cloudFrontDistributionProps?|[`cloudfront.DistributionProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.DistributionProps.html)|Optional user provided props to override the default props for CloudFront Distribution|
55
51
  |insertHttpSecurityHeaders?|`boolean`|Optional user provided props to turn on/off the automatic injection of best practice HTTP security headers in all responses from CloudFront|
52
+ |originPath?|`string`|Optional user provided props to provide an[originPath](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront-origins.S3OriginProps.html#originpath) that CloudFront appends to the origin domain name when CloudFront requests content from the origin. The string should start with a `/`, for example: `/production`. Default value is `'/'`|
56
53
  |loggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the S3 Logging Bucket.|
54
+ |cloudFrontLoggingBucketProps?|[`s3.BucketProps`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.BucketProps.html)|Optional user provided props to override the default props for the CloudFront Logging Bucket.|
55
+ |logS3AccessLogs?| boolean|Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true|
57
56
 
58
57
  ## Pattern Properties
59
58
 
@@ -63,7 +62,7 @@ _Parameters_
63
62
  |cloudFrontFunction?|[`cloudfront.Function`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-cloudfront.Function.html)|Returns an instance of the Cloudfront function created by the pattern.|
64
63
  |cloudFrontLoggingBucket|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/aws-s3-readme.html)|Returns an instance of the logging bucket for CloudFront WebDistribution.|
65
64
  |s3BucketInterface|[`s3.IBucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.IBucket.html)|Returns an instance of s3.IBucket created by the construct|
66
- |s3Bucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.Bucket.html)|Returns an instance of s3.Bucket created by the construct. IMPORTANT: If existingBucketInterface was provided in Pattern Construct Props, this property will be `undefined`|
65
+ |s3Bucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.Bucket.html)|Returns an instance of s3.Bucket created by the construct. IMPORTANT: If existingBucketObj was provided in Pattern Construct Props, this property will be `undefined`|
67
66
  |s3LoggingBucket?|[`s3.Bucket`](https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-s3.Bucket.html)|Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket.|
68
67
 
69
68
  ## Default settings
@@ -73,6 +72,7 @@ Out of the box implementation of the Construct without any override will set the
73
72
  ### Amazon CloudFront
74
73
  * Configure Access logging for CloudFront WebDistribution
75
74
  * Enable automatic injection of best practice HTTP security headers in all responses from CloudFront WebDistribution
75
+ * CloudFront originPath set to `'/'`
76
76
 
77
77
  ### Amazon S3 Bucket
78
78
  * Configure Access logging for S3 Bucket
package/lib/index.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  /**
2
- * Copyright 2021 Amazon.com, Inc. or its affiliates. All Rights Reserved.
2
+ * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
3
  *
4
4
  * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
5
  * with the License. A copy of the License is located at
@@ -22,7 +22,7 @@ export interface CloudFrontToS3Props {
22
22
  *
23
23
  * @default - None
24
24
  */
25
- readonly existingBucketInterface?: s3.IBucket;
25
+ readonly existingBucketObj?: s3.IBucket;
26
26
  /**
27
27
  * Optional user provided props to override the default props for the S3 Bucket.
28
28
  *
@@ -41,12 +41,34 @@ export interface CloudFrontToS3Props {
41
41
  * @default - true
42
42
  */
43
43
  readonly insertHttpSecurityHeaders?: boolean;
44
+ /**
45
+ * Optional user provided props to provide an originPath that CloudFront appends to the origin domain name when CloudFront requests content from the origin.
46
+ *
47
+ * The string should start with a `/`, for example `/production`.
48
+ *
49
+ * @dafault = '/'
50
+ */
51
+ readonly originPath?: string;
44
52
  /**
45
53
  * Optional user provided props to override the default props for the S3 Logging Bucket.
46
54
  *
47
55
  * @default - Default props are used
48
56
  */
49
57
  readonly loggingBucketProps?: s3.BucketProps;
58
+ /**
59
+ * Optional user provided props to override the default props for the CloudFront Logging Bucket.
60
+ *
61
+ * @default - Default props are used
62
+ */
63
+ readonly cloudFrontLoggingBucketProps?: s3.BucketProps;
64
+ /**
65
+ * Whether to turn on Access Logs for the S3 bucket with the associated storage costs.
66
+ *
67
+ * Enabling Access Logging is a best practice.
68
+ *
69
+ * @default - true
70
+ */
71
+ readonly logS3AccessLogs?: boolean;
50
72
  }
51
73
  export declare class CloudFrontToS3 extends Construct {
52
74
  readonly cloudFrontWebDistribution: cloudfront.Distribution;
package/lib/index.js CHANGED
@@ -3,6 +3,7 @@ var _a;
3
3
  Object.defineProperty(exports, "__esModule", { value: true });
4
4
  exports.CloudFrontToS3 = void 0;
5
5
  const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
6
+ // Note: To ensure CDKv2 compatibility, keep the import statement for Construct separate
6
7
  const constructs_1 = require("constructs");
7
8
  const defaults = require("@aws-solutions-constructs/core");
8
9
  class CloudFrontToS3 extends constructs_1.Construct {
@@ -17,21 +18,24 @@ class CloudFrontToS3 extends constructs_1.Construct {
17
18
  constructor(scope, id, props) {
18
19
  super(scope, id);
19
20
  defaults.CheckProps(props);
20
- if (!props.existingBucketInterface) {
21
+ let bucket;
22
+ if (!props.existingBucketObj) {
21
23
  [this.s3Bucket, this.s3LoggingBucket] = defaults.buildS3Bucket(this, {
22
24
  bucketProps: props.bucketProps,
23
- loggingBucketProps: props.loggingBucketProps
25
+ loggingBucketProps: props.loggingBucketProps,
26
+ logS3AccessLogs: props.logS3AccessLogs
24
27
  });
25
- this.s3BucketInterface = this.s3Bucket;
28
+ bucket = this.s3Bucket;
26
29
  }
27
30
  else {
28
- this.s3BucketInterface = props.existingBucketInterface;
31
+ bucket = props.existingBucketObj;
29
32
  }
33
+ this.s3BucketInterface = bucket;
30
34
  [this.cloudFrontWebDistribution, this.cloudFrontFunction, this.cloudFrontLoggingBucket] =
31
- defaults.CloudFrontDistributionForS3(this, this.s3BucketInterface, props.cloudFrontDistributionProps, props.insertHttpSecurityHeaders);
35
+ defaults.CloudFrontDistributionForS3(this, this.s3BucketInterface, props.cloudFrontDistributionProps, props.insertHttpSecurityHeaders, props.originPath, props.cloudFrontLoggingBucketProps);
32
36
  }
33
37
  }
34
38
  exports.CloudFrontToS3 = CloudFrontToS3;
35
39
  _a = JSII_RTTI_SYMBOL_1;
36
- CloudFrontToS3[_a] = { fqn: "@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3", version: "2.0.0-rc.1" };
37
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQWlCQSwyQ0FBdUM7QUFDdkMsMkRBQTJEO0FBZ0IzRCxNQUFhLGNBQWUsU0FBUSxzQkFBUzs7Ozs7Ozs7O0lBU3hDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBMEI7UUFDbEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqQixRQUFRLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRTNCLElBQUksQ0FBQyxLQUFLLENBQUMsdUJBQXVCLEVBQUU7WUFDbEMsQ0FBQyxJQUFJLENBQUMsUUFBUSxFQUFFLElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxRQUFRLENBQUMsYUFBYSxDQUFDLElBQUksRUFBRTtnQkFDbkUsV0FBVyxFQUFFLEtBQUssQ0FBQyxXQUFXO2dCQUM5QixrQkFBa0IsRUFBRSxLQUFLLENBQUMsa0JBQWtCO2FBQzdDLENBQUMsQ0FBQztZQUNILElBQUksQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDO1NBQ3hDO2FBQU07WUFDTCxJQUFJLENBQUMsaUJBQWlCLEdBQUcsS0FBSyxDQUFDLHVCQUF1QixDQUFDO1NBQ3hEO1FBRUQsQ0FBQyxJQUFJLENBQUMseUJBQXlCLEVBQUUsSUFBSSxDQUFDLGtCQUFrQixFQUFFLElBQUksQ0FBQyx1QkFBdUIsQ0FBQztZQUNuRixRQUFRLENBQUMsMkJBQTJCLENBQUMsSUFBSSxFQUFFLElBQUksQ0FBQyxpQkFBaUIsRUFDL0QsS0FBSyxDQUFDLDJCQUEyQixFQUFFLEtBQUssQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO0lBQzVFLENBQUM7O0FBMUJOLHdDQTJCQyIsInNvdXJjZXNDb250ZW50IjpbIi8qKlxuICogIENvcHlyaWdodCAyMDIxIEFtYXpvbi5jb20sIEluYy4gb3IgaXRzIGFmZmlsaWF0ZXMuIEFsbCBSaWdodHMgUmVzZXJ2ZWQuXG4gKlxuICogIExpY2Vuc2VkIHVuZGVyIHRoZSBBcGFjaGUgTGljZW5zZSwgVmVyc2lvbiAyLjAgKHRoZSBcIkxpY2Vuc2VcIikuIFlvdSBtYXkgbm90IHVzZSB0aGlzIGZpbGUgZXhjZXB0IGluIGNvbXBsaWFuY2VcbiAqICB3aXRoIHRoZSBMaWNlbnNlLiBBIGNvcHkgb2YgdGhlIExpY2Vuc2UgaXMgbG9jYXRlZCBhdFxuICpcbiAqICAgICAgaHR0cDovL3d3dy5hcGFjaGUub3JnL2xpY2Vuc2VzL0xJQ0VOU0UtMi4wXG4gKlxuICogIG9yIGluIHRoZSAnbGljZW5zZScgZmlsZSBhY2NvbXBhbnlpbmcgdGhpcyBmaWxlLiBUaGlzIGZpbGUgaXMgZGlzdHJpYnV0ZWQgb24gYW4gJ0FTIElTJyBCQVNJUywgV0lUSE9VVCBXQVJSQU5USUVTXG4gKiAgT1IgQ09ORElUSU9OUyBPRiBBTlkgS0lORCwgZXhwcmVzcyBvciBpbXBsaWVkLiBTZWUgdGhlIExpY2Vuc2UgZm9yIHRoZSBzcGVjaWZpYyBsYW5ndWFnZSBnb3Zlcm5pbmcgcGVybWlzc2lvbnNcbiAqICBhbmQgbGltaXRhdGlvbnMgdW5kZXIgdGhlIExpY2Vuc2UuXG4gKi9cblxuaW1wb3J0ICogYXMgY2xvdWRmcm9udCBmcm9tICdhd3MtY2RrLWxpYi9hd3MtY2xvdWRmcm9udCc7XG5pbXBvcnQgKiBhcyBzMyBmcm9tICdhd3MtY2RrLWxpYi9hd3MtczMnO1xuLy8gTm90ZTogVG8gZW5zdXJlIENES3YyIGNvbXBhdGliaWxpdHksIGtlZXAgdGhlIGltcG9ydCBzdGF0ZW1lbnQgZm9yIENvbnN0cnVjdCBzZXBhcmF0ZVxuaW1wb3J0IHsgIH0gZnJvbSAnYXdzLWNkay1saWInO1xuaW1wb3J0IHsgQ29uc3RydWN0IH0gZnJvbSAnY29uc3RydWN0cyc7XG5pbXBvcnQgKiBhcyBkZWZhdWx0cyBmcm9tICdAYXdzLXNvbHV0aW9ucy1jb25zdHJ1Y3RzL2NvcmUnO1xuXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG5leHBvcnQgaW50ZXJmYWNlIENsb3VkRnJvbnRUb1MzUHJvcHMge1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFxuICAgcmVhZG9ubHkgZXhpc3RpbmdCdWNrZXRJbnRlcmZhY2U/OiBzMy5JQnVja2V0LFxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbiAgIHJlYWRvbmx5IGJ1Y2tldFByb3BzPzogczMuQnVja2V0UHJvcHMsXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gICByZWFkb25seSBjbG91ZEZyb250RGlzdHJpYnV0aW9uUHJvcHM/OiBjbG91ZGZyb250LkRpc3RyaWJ1dGlvblByb3BzIHwgYW55LFxuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFxuICAgcmVhZG9ubHkgaW5zZXJ0SHR0cFNlY3VyaXR5SGVhZGVycz86IGJvb2xlYW47XG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gICAgcmVhZG9ubHkgbG9nZ2luZ0J1Y2tldFByb3BzPzogczMuQnVja2V0UHJvcHNcbiB9XG5cbmV4cG9ydCBjbGFzcyBDbG91ZEZyb250VG9TMyBleHRlbmRzIENvbnN0cnVjdCB7XG4gICAgIHB1YmxpYyByZWFkb25seSBjbG91ZEZyb250V2ViRGlzdHJpYnV0aW9uOiBjbG91ZGZyb250LkRpc3RyaWJ1dGlvbjtcbiAgICAgcHVibGljIHJlYWRvbmx5IGNsb3VkRnJvbnRGdW5jdGlvbj86IGNsb3VkZnJvbnQuRnVuY3Rpb247XG4gICAgIHB1YmxpYyByZWFkb25seSBjbG91ZEZyb250TG9nZ2luZ0J1Y2tldD86IHMzLkJ1Y2tldDtcbiAgICAgcHVibGljIHJlYWRvbmx5IHMzQnVja2V0SW50ZXJmYWNlOiBzMy5JQnVja2V0O1xuICAgICBwdWJsaWMgcmVhZG9ubHkgczNCdWNrZXQ/OiBzMy5CdWNrZXQ7XG4gICAgIHB1YmxpYyByZWFkb25seSBzM0xvZ2dpbmdCdWNrZXQ/OiBzMy5CdWNrZXQ7XG5cbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFxuICAgICBjb25zdHJ1Y3RvcihzY29wZTogQ29uc3RydWN0LCBpZDogc3RyaW5nLCBwcm9wczogQ2xvdWRGcm9udFRvUzNQcm9wcykge1xuICAgICAgIHN1cGVyKHNjb3BlLCBpZCk7XG4gICAgICAgZGVmYXVsdHMuQ2hlY2tQcm9wcyhwcm9wcyk7XG5cbiAgICAgICBpZiAoIXByb3BzLmV4aXN0aW5nQnVja2V0SW50ZXJmYWNlKSB7XG4gICAgICAgICBbdGhpcy5zM0J1Y2tldCwgdGhpcy5zM0xvZ2dpbmdCdWNrZXRdID0gZGVmYXVsdHMuYnVpbGRTM0J1Y2tldCh0aGlzLCB7XG4gICAgICAgICAgIGJ1Y2tldFByb3BzOiBwcm9wcy5idWNrZXRQcm9wcyxcbiAgICAgICAgICAgbG9nZ2luZ0J1Y2tldFByb3BzOiBwcm9wcy5sb2dnaW5nQnVja2V0UHJvcHNcbiAgICAgICAgIH0pO1xuICAgICAgICAgdGhpcy5zM0J1Y2tldEludGVyZmFjZSA9IHRoaXMuczNCdWNrZXQ7XG4gICAgICAgfSBlbHNlIHtcbiAgICAgICAgIHRoaXMuczNCdWNrZXRJbnRlcmZhY2UgPSBwcm9wcy5leGlzdGluZ0J1Y2tldEludGVyZmFjZTtcbiAgICAgICB9XG5cbiAgICAgICBbdGhpcy5jbG91ZEZyb250V2ViRGlzdHJpYnV0aW9uLCB0aGlzLmNsb3VkRnJvbnRGdW5jdGlvbiwgdGhpcy5jbG91ZEZyb250TG9nZ2luZ0J1Y2tldF0gPVxuICAgICAgICAgICBkZWZhdWx0cy5DbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzModGhpcywgdGhpcy5zM0J1Y2tldEludGVyZmFjZSxcbiAgICAgICAgICAgICBwcm9wcy5jbG91ZEZyb250RGlzdHJpYnV0aW9uUHJvcHMsIHByb3BzLmluc2VydEh0dHBTZWN1cml0eUhlYWRlcnMpO1xuICAgICB9XG59XG4iXX0=
40
+ CloudFrontToS3[_a] = { fqn: "@aws-solutions-constructs/aws-cloudfront-s3.CloudFrontToS3", version: "2.2.0" };
41
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyJpbmRleC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7OztBQWVBLHdGQUF3RjtBQUN4RiwyQ0FBdUM7QUFDdkMsMkRBQTJEO0FBc0IzRCxNQUFhLGNBQWUsU0FBUSxzQkFBUzs7Ozs7Ozs7O0lBUzNDLFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBMEI7UUFDbEUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqQixRQUFRLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRTNCLElBQUksTUFBa0IsQ0FBQztRQUV2QixJQUFJLENBQUMsS0FBSyxDQUFDLGlCQUFpQixFQUFFO1lBQzVCLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRSxJQUFJLENBQUMsZUFBZSxDQUFDLEdBQUcsUUFBUSxDQUFDLGFBQWEsQ0FBQyxJQUFJLEVBQUU7Z0JBQ25FLFdBQVcsRUFBRSxLQUFLLENBQUMsV0FBVztnQkFDOUIsa0JBQWtCLEVBQUUsS0FBSyxDQUFDLGtCQUFrQjtnQkFDNUMsZUFBZSxFQUFFLEtBQUssQ0FBQyxlQUFlO2FBQ3ZDLENBQUMsQ0FBQztZQUNILE1BQU0sR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDO1NBQ3hCO2FBQU07WUFDTCxNQUFNLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDO1NBQ2xDO1FBRUQsSUFBSSxDQUFDLGlCQUFpQixHQUFHLE1BQU0sQ0FBQztRQUVoQyxDQUFDLElBQUksQ0FBQyx5QkFBeUIsRUFBRSxJQUFJLENBQUMsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLHVCQUF1QixDQUFDO1lBQ3JGLFFBQVEsQ0FBQywyQkFBMkIsQ0FBQyxJQUFJLEVBQUUsSUFBSSxDQUFDLGlCQUFpQixFQUMvRCxLQUFLLENBQUMsMkJBQTJCLEVBQUUsS0FBSyxDQUFDLHlCQUF5QixFQUFFLEtBQUssQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLDRCQUE0QixDQUFDLENBQUM7SUFDaEksQ0FBQzs7QUEvQkgsd0NBaUNDIiwic291cmNlc0NvbnRlbnQiOlsiLyoqXG4gKiAgQ29weXJpZ2h0IDIwMjIgQW1hem9uLmNvbSwgSW5jLiBvciBpdHMgYWZmaWxpYXRlcy4gQWxsIFJpZ2h0cyBSZXNlcnZlZC5cbiAqXG4gKiAgTGljZW5zZWQgdW5kZXIgdGhlIEFwYWNoZSBMaWNlbnNlLCBWZXJzaW9uIDIuMCAodGhlIFwiTGljZW5zZVwiKS4gWW91IG1heSBub3QgdXNlIHRoaXMgZmlsZSBleGNlcHQgaW4gY29tcGxpYW5jZVxuICogIHdpdGggdGhlIExpY2Vuc2UuIEEgY29weSBvZiB0aGUgTGljZW5zZSBpcyBsb2NhdGVkIGF0XG4gKlxuICogICAgICBodHRwOi8vd3d3LmFwYWNoZS5vcmcvbGljZW5zZXMvTElDRU5TRS0yLjBcbiAqXG4gKiAgb3IgaW4gdGhlICdsaWNlbnNlJyBmaWxlIGFjY29tcGFueWluZyB0aGlzIGZpbGUuIFRoaXMgZmlsZSBpcyBkaXN0cmlidXRlZCBvbiBhbiAnQVMgSVMnIEJBU0lTLCBXSVRIT1VUIFdBUlJBTlRJRVNcbiAqICBPUiBDT05ESVRJT05TIE9GIEFOWSBLSU5ELCBleHByZXNzIG9yIGltcGxpZWQuIFNlZSB0aGUgTGljZW5zZSBmb3IgdGhlIHNwZWNpZmljIGxhbmd1YWdlIGdvdmVybmluZyBwZXJtaXNzaW9uc1xuICogIGFuZCBsaW1pdGF0aW9ucyB1bmRlciB0aGUgTGljZW5zZS5cbiAqL1xuXG5pbXBvcnQgKiBhcyBjbG91ZGZyb250IGZyb20gJ2F3cy1jZGstbGliL2F3cy1jbG91ZGZyb250JztcbmltcG9ydCAqIGFzIHMzIGZyb20gJ2F3cy1jZGstbGliL2F3cy1zMyc7XG4vLyBOb3RlOiBUbyBlbnN1cmUgQ0RLdjIgY29tcGF0aWJpbGl0eSwga2VlcCB0aGUgaW1wb3J0IHN0YXRlbWVudCBmb3IgQ29uc3RydWN0IHNlcGFyYXRlXG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tICdjb25zdHJ1Y3RzJztcbmltcG9ydCAqIGFzIGRlZmF1bHRzIGZyb20gJ0Bhd3Mtc29sdXRpb25zLWNvbnN0cnVjdHMvY29yZSc7XG5cbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbmV4cG9ydCBpbnRlcmZhY2UgQ2xvdWRGcm9udFRvUzNQcm9wcyB7XG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFxuICByZWFkb25seSBleGlzdGluZ0J1Y2tldE9iaj86IHMzLklCdWNrZXQsXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbiAgcmVhZG9ubHkgYnVja2V0UHJvcHM/OiBzMy5CdWNrZXRQcm9wcyxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IGNsb3VkRnJvbnREaXN0cmlidXRpb25Qcm9wcz86IGNsb3VkZnJvbnQuRGlzdHJpYnV0aW9uUHJvcHMgfCBhbnksXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IGluc2VydEh0dHBTZWN1cml0eUhlYWRlcnM/OiBib29sZWFuO1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbiAgcmVhZG9ubHkgb3JpZ2luUGF0aD86IHN0cmluZyxcbiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IGxvZ2dpbmdCdWNrZXRQcm9wcz86IHMzLkJ1Y2tldFByb3BzXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgXG4gIHJlYWRvbmx5IGNsb3VkRnJvbnRMb2dnaW5nQnVja2V0UHJvcHM/OiBzMy5CdWNrZXRQcm9wc1xuICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIFxuICByZWFkb25seSBsb2dTM0FjY2Vzc0xvZ3M/OiBib29sZWFuO1xufVxuXG5leHBvcnQgY2xhc3MgQ2xvdWRGcm9udFRvUzMgZXh0ZW5kcyBDb25zdHJ1Y3Qge1xuICBwdWJsaWMgcmVhZG9ubHkgY2xvdWRGcm9udFdlYkRpc3RyaWJ1dGlvbjogY2xvdWRmcm9udC5EaXN0cmlidXRpb247XG4gIHB1YmxpYyByZWFkb25seSBjbG91ZEZyb250RnVuY3Rpb24/OiBjbG91ZGZyb250LkZ1bmN0aW9uO1xuICBwdWJsaWMgcmVhZG9ubHkgY2xvdWRGcm9udExvZ2dpbmdCdWNrZXQ/OiBzMy5CdWNrZXQ7XG4gIHB1YmxpYyByZWFkb25seSBzM0J1Y2tldEludGVyZmFjZTogczMuSUJ1Y2tldDtcbiAgcHVibGljIHJlYWRvbmx5IHMzQnVja2V0PzogczMuQnVja2V0O1xuICBwdWJsaWMgcmVhZG9ubHkgczNMb2dnaW5nQnVja2V0PzogczMuQnVja2V0O1xuXG4gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBcbiAgY29uc3RydWN0b3Ioc2NvcGU6IENvbnN0cnVjdCwgaWQ6IHN0cmluZywgcHJvcHM6IENsb3VkRnJvbnRUb1MzUHJvcHMpIHtcbiAgICBzdXBlcihzY29wZSwgaWQpO1xuICAgIGRlZmF1bHRzLkNoZWNrUHJvcHMocHJvcHMpO1xuXG4gICAgbGV0IGJ1Y2tldDogczMuSUJ1Y2tldDtcblxuICAgIGlmICghcHJvcHMuZXhpc3RpbmdCdWNrZXRPYmopIHtcbiAgICAgIFt0aGlzLnMzQnVja2V0LCB0aGlzLnMzTG9nZ2luZ0J1Y2tldF0gPSBkZWZhdWx0cy5idWlsZFMzQnVja2V0KHRoaXMsIHtcbiAgICAgICAgYnVja2V0UHJvcHM6IHByb3BzLmJ1Y2tldFByb3BzLFxuICAgICAgICBsb2dnaW5nQnVja2V0UHJvcHM6IHByb3BzLmxvZ2dpbmdCdWNrZXRQcm9wcyxcbiAgICAgICAgbG9nUzNBY2Nlc3NMb2dzOiBwcm9wcy5sb2dTM0FjY2Vzc0xvZ3NcbiAgICAgIH0pO1xuICAgICAgYnVja2V0ID0gdGhpcy5zM0J1Y2tldDtcbiAgICB9IGVsc2Uge1xuICAgICAgYnVja2V0ID0gcHJvcHMuZXhpc3RpbmdCdWNrZXRPYmo7XG4gICAgfVxuXG4gICAgdGhpcy5zM0J1Y2tldEludGVyZmFjZSA9IGJ1Y2tldDtcblxuICAgIFt0aGlzLmNsb3VkRnJvbnRXZWJEaXN0cmlidXRpb24sIHRoaXMuY2xvdWRGcm9udEZ1bmN0aW9uLCB0aGlzLmNsb3VkRnJvbnRMb2dnaW5nQnVja2V0XSA9XG4gICAgICBkZWZhdWx0cy5DbG91ZEZyb250RGlzdHJpYnV0aW9uRm9yUzModGhpcywgdGhpcy5zM0J1Y2tldEludGVyZmFjZSxcbiAgICAgICAgcHJvcHMuY2xvdWRGcm9udERpc3RyaWJ1dGlvblByb3BzLCBwcm9wcy5pbnNlcnRIdHRwU2VjdXJpdHlIZWFkZXJzLCBwcm9wcy5vcmlnaW5QYXRoLCBwcm9wcy5jbG91ZEZyb250TG9nZ2luZ0J1Y2tldFByb3BzKTtcbiAgfVxuXG59XG4iXX0=
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aws-solutions-constructs/aws-cloudfront-s3",
3
- "version": "2.0.0-rc.1",
3
+ "version": "2.2.0",
4
4
  "description": "CDK Constructs for AWS Cloudfront to AWS S3 integration.",
5
5
  "main": "lib/index.js",
6
6
  "types": "lib/index.d.ts",
@@ -41,8 +41,8 @@
41
41
  }
42
42
  },
43
43
  "dotnet": {
44
- "namespace": "Amazon.Constructs.AWS.CloudfrontS3",
45
- "packageId": "Amazon.Constructs.AWS.CloudfrontS3",
44
+ "namespace": "Amazon.SolutionsConstructs.AWS.CloudfrontS3",
45
+ "packageId": "Amazon.SolutionsConstructs.AWS.CloudfrontS3",
46
46
  "signAssembly": true,
47
47
  "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png"
48
48
  },
@@ -53,13 +53,13 @@
53
53
  }
54
54
  },
55
55
  "dependencies": {
56
- "@aws-solutions-constructs/core": "2.0.0-rc.1"
56
+ "@aws-solutions-constructs/core": "2.2.0"
57
57
  },
58
58
  "devDependencies": {
59
- "@aws-cdk/assert": "2.0.0-rc.23",
60
- "@types/jest": "^26.0.22",
59
+ "@aws-cdk/assert": "2.4.0",
60
+ "@types/jest": "^27.4.0",
61
61
  "@types/node": "^10.3.0",
62
- "aws-cdk-lib": "2.0.0-rc.23",
62
+ "aws-cdk-lib": "2.4.0",
63
63
  "constructs": "^10.0.0"
64
64
  },
65
65
  "jest": {
@@ -77,8 +77,8 @@
77
77
  ]
78
78
  },
79
79
  "peerDependencies": {
80
- "@aws-solutions-constructs/core": "2.0.0-rc.1",
81
- "aws-cdk-lib": "^2.0.0-rc.23",
80
+ "@aws-solutions-constructs/core": "2.2.0",
81
+ "aws-cdk-lib": "^2.4.0",
82
82
  "constructs": "^10.0.0"
83
83
  },
84
84
  "keywords": [
@@ -0,0 +1,13 @@
1
+ /**
2
+ * Copyright 2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
3
+ *
4
+ * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance
5
+ * with the License. A copy of the License is located at
6
+ *
7
+ * http://www.apache.org/licenses/LICENSE-2.0
8
+ *
9
+ * or in the 'license' file accompanying this file. This file is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES
10
+ * OR CONDITIONS OF ANY KIND, express or implied. See the License for the specific language governing permissions
11
+ * and limitations under the License.
12
+ */
13
+ export {};
@@ -0,0 +1,422 @@
1
+ {
2
+ "Description": "Integration Test for originPath with aws-cloudfront-s3",
3
+ "Resources": {
4
+ "testcloudfronts3S3LoggingBucket90D239DD": {
5
+ "Type": "AWS::S3::Bucket",
6
+ "Properties": {
7
+ "AccessControl": "LogDeliveryWrite",
8
+ "BucketEncryption": {
9
+ "ServerSideEncryptionConfiguration": [
10
+ {
11
+ "ServerSideEncryptionByDefault": {
12
+ "SSEAlgorithm": "AES256"
13
+ }
14
+ }
15
+ ]
16
+ },
17
+ "PublicAccessBlockConfiguration": {
18
+ "BlockPublicAcls": true,
19
+ "BlockPublicPolicy": true,
20
+ "IgnorePublicAcls": true,
21
+ "RestrictPublicBuckets": true
22
+ },
23
+ "VersioningConfiguration": {
24
+ "Status": "Enabled"
25
+ }
26
+ },
27
+ "UpdateReplacePolicy": "Retain",
28
+ "DeletionPolicy": "Retain",
29
+ "Metadata": {
30
+ "cfn_nag": {
31
+ "rules_to_suppress": [
32
+ {
33
+ "id": "W35",
34
+ "reason": "This S3 bucket is used as the access logging bucket for another bucket"
35
+ }
36
+ ]
37
+ }
38
+ }
39
+ },
40
+ "testcloudfronts3S3LoggingBucketPolicy529D4CFF": {
41
+ "Type": "AWS::S3::BucketPolicy",
42
+ "Properties": {
43
+ "Bucket": {
44
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
45
+ },
46
+ "PolicyDocument": {
47
+ "Statement": [
48
+ {
49
+ "Action": "s3:*",
50
+ "Condition": {
51
+ "Bool": {
52
+ "aws:SecureTransport": "false"
53
+ }
54
+ },
55
+ "Effect": "Deny",
56
+ "Principal": {
57
+ "AWS": "*"
58
+ },
59
+ "Resource": [
60
+ {
61
+ "Fn::GetAtt": [
62
+ "testcloudfronts3S3LoggingBucket90D239DD",
63
+ "Arn"
64
+ ]
65
+ },
66
+ {
67
+ "Fn::Join": [
68
+ "",
69
+ [
70
+ {
71
+ "Fn::GetAtt": [
72
+ "testcloudfronts3S3LoggingBucket90D239DD",
73
+ "Arn"
74
+ ]
75
+ },
76
+ "/*"
77
+ ]
78
+ ]
79
+ }
80
+ ]
81
+ }
82
+ ],
83
+ "Version": "2012-10-17"
84
+ }
85
+ }
86
+ },
87
+ "testcloudfronts3S3BucketE0C5F76E": {
88
+ "Type": "AWS::S3::Bucket",
89
+ "Properties": {
90
+ "BucketEncryption": {
91
+ "ServerSideEncryptionConfiguration": [
92
+ {
93
+ "ServerSideEncryptionByDefault": {
94
+ "SSEAlgorithm": "AES256"
95
+ }
96
+ }
97
+ ]
98
+ },
99
+ "LifecycleConfiguration": {
100
+ "Rules": [
101
+ {
102
+ "NoncurrentVersionTransitions": [
103
+ {
104
+ "StorageClass": "GLACIER",
105
+ "TransitionInDays": 90
106
+ }
107
+ ],
108
+ "Status": "Enabled"
109
+ }
110
+ ]
111
+ },
112
+ "LoggingConfiguration": {
113
+ "DestinationBucketName": {
114
+ "Ref": "testcloudfronts3S3LoggingBucket90D239DD"
115
+ }
116
+ },
117
+ "PublicAccessBlockConfiguration": {
118
+ "BlockPublicAcls": true,
119
+ "BlockPublicPolicy": true,
120
+ "IgnorePublicAcls": true,
121
+ "RestrictPublicBuckets": true
122
+ },
123
+ "VersioningConfiguration": {
124
+ "Status": "Enabled"
125
+ }
126
+ },
127
+ "UpdateReplacePolicy": "Retain",
128
+ "DeletionPolicy": "Retain"
129
+ },
130
+ "testcloudfronts3S3BucketPolicy250F1F61": {
131
+ "Type": "AWS::S3::BucketPolicy",
132
+ "Properties": {
133
+ "Bucket": {
134
+ "Ref": "testcloudfronts3S3BucketE0C5F76E"
135
+ },
136
+ "PolicyDocument": {
137
+ "Statement": [
138
+ {
139
+ "Action": "s3:*",
140
+ "Condition": {
141
+ "Bool": {
142
+ "aws:SecureTransport": "false"
143
+ }
144
+ },
145
+ "Effect": "Deny",
146
+ "Principal": {
147
+ "AWS": "*"
148
+ },
149
+ "Resource": [
150
+ {
151
+ "Fn::GetAtt": [
152
+ "testcloudfronts3S3BucketE0C5F76E",
153
+ "Arn"
154
+ ]
155
+ },
156
+ {
157
+ "Fn::Join": [
158
+ "",
159
+ [
160
+ {
161
+ "Fn::GetAtt": [
162
+ "testcloudfronts3S3BucketE0C5F76E",
163
+ "Arn"
164
+ ]
165
+ },
166
+ "/*"
167
+ ]
168
+ ]
169
+ }
170
+ ]
171
+ },
172
+ {
173
+ "Action": "s3:GetObject",
174
+ "Effect": "Allow",
175
+ "Principal": {
176
+ "CanonicalUser": {
177
+ "Fn::GetAtt": [
178
+ "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058",
179
+ "S3CanonicalUserId"
180
+ ]
181
+ }
182
+ },
183
+ "Resource": {
184
+ "Fn::Join": [
185
+ "",
186
+ [
187
+ {
188
+ "Fn::GetAtt": [
189
+ "testcloudfronts3S3BucketE0C5F76E",
190
+ "Arn"
191
+ ]
192
+ },
193
+ "/*"
194
+ ]
195
+ ]
196
+ }
197
+ }
198
+ ],
199
+ "Version": "2012-10-17"
200
+ }
201
+ },
202
+ "Metadata": {
203
+ "cfn_nag": {
204
+ "rules_to_suppress": [
205
+ {
206
+ "id": "F16",
207
+ "reason": "Public website bucket policy requires a wildcard principal"
208
+ }
209
+ ]
210
+ }
211
+ }
212
+ },
213
+ "testcloudfronts3SetHttpSecurityHeaders6C5A1E69": {
214
+ "Type": "AWS::CloudFront::Function",
215
+ "Properties": {
216
+ "Name": "SetHttpSecurityHeadersc824484dfea4176847245e871498ffd7e454223fe4",
217
+ "AutoPublish": true,
218
+ "FunctionCode": "function handler(event) { var response = event.response; var headers = response.headers; headers['strict-transport-security'] = { value: 'max-age=63072000; includeSubdomains; preload'}; headers['content-security-policy'] = { value: \"default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'\"}; headers['x-content-type-options'] = { value: 'nosniff'}; headers['x-frame-options'] = {value: 'DENY'}; headers['x-xss-protection'] = {value: '1; mode=block'}; return response; }",
219
+ "FunctionConfig": {
220
+ "Comment": "SetHttpSecurityHeadersc824484dfea4176847245e871498ffd7e454223fe4",
221
+ "Runtime": "cloudfront-js-1.0"
222
+ }
223
+ }
224
+ },
225
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8": {
226
+ "Type": "AWS::S3::Bucket",
227
+ "Properties": {
228
+ "AccessControl": "LogDeliveryWrite",
229
+ "BucketEncryption": {
230
+ "ServerSideEncryptionConfiguration": [
231
+ {
232
+ "ServerSideEncryptionByDefault": {
233
+ "SSEAlgorithm": "AES256"
234
+ }
235
+ }
236
+ ]
237
+ },
238
+ "PublicAccessBlockConfiguration": {
239
+ "BlockPublicAcls": true,
240
+ "BlockPublicPolicy": true,
241
+ "IgnorePublicAcls": true,
242
+ "RestrictPublicBuckets": true
243
+ },
244
+ "VersioningConfiguration": {
245
+ "Status": "Enabled"
246
+ }
247
+ },
248
+ "UpdateReplacePolicy": "Retain",
249
+ "DeletionPolicy": "Retain",
250
+ "Metadata": {
251
+ "cfn_nag": {
252
+ "rules_to_suppress": [
253
+ {
254
+ "id": "W35",
255
+ "reason": "This S3 bucket is used as the access logging bucket for CloudFront Distribution"
256
+ }
257
+ ]
258
+ }
259
+ }
260
+ },
261
+ "testcloudfronts3CloudfrontLoggingBucketPolicyDF55851B": {
262
+ "Type": "AWS::S3::BucketPolicy",
263
+ "Properties": {
264
+ "Bucket": {
265
+ "Ref": "testcloudfronts3CloudfrontLoggingBucket985C0FE8"
266
+ },
267
+ "PolicyDocument": {
268
+ "Statement": [
269
+ {
270
+ "Action": "s3:*",
271
+ "Condition": {
272
+ "Bool": {
273
+ "aws:SecureTransport": "false"
274
+ }
275
+ },
276
+ "Effect": "Deny",
277
+ "Principal": {
278
+ "AWS": "*"
279
+ },
280
+ "Resource": [
281
+ {
282
+ "Fn::GetAtt": [
283
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
284
+ "Arn"
285
+ ]
286
+ },
287
+ {
288
+ "Fn::Join": [
289
+ "",
290
+ [
291
+ {
292
+ "Fn::GetAtt": [
293
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
294
+ "Arn"
295
+ ]
296
+ },
297
+ "/*"
298
+ ]
299
+ ]
300
+ }
301
+ ]
302
+ }
303
+ ],
304
+ "Version": "2012-10-17"
305
+ }
306
+ }
307
+ },
308
+ "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058": {
309
+ "Type": "AWS::CloudFront::CloudFrontOriginAccessIdentity",
310
+ "Properties": {
311
+ "CloudFrontOriginAccessIdentityConfig": {
312
+ "Comment": "Identity for customoriginPathtestcloudfronts3CloudFrontDistributionOrigin1B44CC042"
313
+ }
314
+ }
315
+ },
316
+ "testcloudfronts3CloudFrontDistribution0565DEE8": {
317
+ "Type": "AWS::CloudFront::Distribution",
318
+ "Properties": {
319
+ "DistributionConfig": {
320
+ "DefaultCacheBehavior": {
321
+ "CachePolicyId": "658327ea-f89d-4fab-a63d-7e88639e58f6",
322
+ "Compress": true,
323
+ "FunctionAssociations": [
324
+ {
325
+ "EventType": "viewer-response",
326
+ "FunctionARN": {
327
+ "Fn::GetAtt": [
328
+ "testcloudfronts3SetHttpSecurityHeaders6C5A1E69",
329
+ "FunctionARN"
330
+ ]
331
+ }
332
+ }
333
+ ],
334
+ "TargetOriginId": "customoriginPathtestcloudfronts3CloudFrontDistributionOrigin1B44CC042",
335
+ "ViewerProtocolPolicy": "redirect-to-https"
336
+ },
337
+ "DefaultRootObject": "index.html",
338
+ "Enabled": true,
339
+ "HttpVersion": "http2",
340
+ "IPV6Enabled": true,
341
+ "Logging": {
342
+ "Bucket": {
343
+ "Fn::GetAtt": [
344
+ "testcloudfronts3CloudfrontLoggingBucket985C0FE8",
345
+ "RegionalDomainName"
346
+ ]
347
+ }
348
+ },
349
+ "Origins": [
350
+ {
351
+ "DomainName": {
352
+ "Fn::GetAtt": [
353
+ "testcloudfronts3S3BucketE0C5F76E",
354
+ "RegionalDomainName"
355
+ ]
356
+ },
357
+ "Id": "customoriginPathtestcloudfronts3CloudFrontDistributionOrigin1B44CC042",
358
+ "OriginPath": "/testPath",
359
+ "S3OriginConfig": {
360
+ "OriginAccessIdentity": {
361
+ "Fn::Join": [
362
+ "",
363
+ [
364
+ "origin-access-identity/cloudfront/",
365
+ {
366
+ "Ref": "testcloudfronts3CloudFrontDistributionOrigin1S3Origin4695F058"
367
+ }
368
+ ]
369
+ ]
370
+ }
371
+ }
372
+ }
373
+ ]
374
+ }
375
+ },
376
+ "Metadata": {
377
+ "cfn_nag": {
378
+ "rules_to_suppress": [
379
+ {
380
+ "id": "W70",
381
+ "reason": "Since the distribution uses the CloudFront domain name, CloudFront automatically sets the security policy to TLSv1 regardless of the value of MinimumProtocolVersion"
382
+ }
383
+ ]
384
+ }
385
+ }
386
+ }
387
+ },
388
+ "Parameters": {
389
+ "BootstrapVersion": {
390
+ "Type": "AWS::SSM::Parameter::Value<String>",
391
+ "Default": "/cdk-bootstrap/hnb659fds/version",
392
+ "Description": "Version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. [cdk:skip]"
393
+ }
394
+ },
395
+ "Rules": {
396
+ "CheckBootstrapVersion": {
397
+ "Assertions": [
398
+ {
399
+ "Assert": {
400
+ "Fn::Not": [
401
+ {
402
+ "Fn::Contains": [
403
+ [
404
+ "1",
405
+ "2",
406
+ "3",
407
+ "4",
408
+ "5"
409
+ ],
410
+ {
411
+ "Ref": "BootstrapVersion"
412
+ }
413
+ ]
414
+ }
415
+ ]
416
+ },
417
+ "AssertDescription": "CDK bootstrap stack version 6 required. Please run 'cdk bootstrap' with a recent version of the CDK CLI."
418
+ }
419
+ ]
420
+ }
421
+ }
422
+ }